pb1947
-
Posts
19 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by pb1947
-
-
About time they put more bridges across the Cann River 
lol, I am more closer to the Tambo River
-
Hi Exile360, And thank you for your fast response, I cannot do this anyway as I already have a licence for MBAM on this system and the free version on the notebook. As I have had MBAM Pro for sometime now on my desktop, I have after several infiltrations realised its worth. The notebook is a later addition and I have to do a separate registration. The only reason I asked this question was to be suggestive. It can not be the money side for me as I am definitely going to upgrade my notebook to MBAM Pro as well (and that does not bother me).
When I looked at MBAM's website I noticed it had a header for home user's and another for businesses, and the multiple licences were under businesses only.
I only did the post to be suggestive and my reasons are as the post 2 posts above. After all this, I would like to suggest that MBAM website make home users more aware you can do this.
Cheers Pete
-
Hi Porthos,
I am curious as to why you asked???
Never the less, 1- It would mean one less form to fill in 2- It would mean one less Visa card transaction to make. 3- it would mean one less Visa transaction fee 4- The less forms and transaction fees that are filled out means less chance of being phished. 5- Everytime I enter my Credit Card details on the net I cringe with fear of being ripped off, so the least I have to do it the better. 6- Not to mention convenience as I have already said that
lol, here is a few reasons for starters. Cheers Pete
-
A Blonde lady was walking along the river trying to find a bridge to get to the other side,
She spots another blonde walking on the other side of the river,
She then cups her hands to her mouth and yells out to her
"how do you get to the other side"
The blonde on the other side hears this and yells back
"You are on the other side"
groan, sorry folks, I thought it was funny
-
hi everyone im not sure this is the place to post this but i was recently on ebay trying to get a cheaper price for malwarebytes and i think i was duked into buying illegal keys , i have reported the guy to ebay and i am now on my way to get a full refund. i would like to know where to report the kety too so malwarebytes can black list them . thank you everyone will anyone private mesage me on who to report the keys too
You would be wasting your time with ebay, I have bought their attention to illegal software that is consistently sold on their sites and guess what? the same software is still being sold by the same sellers. As mine was Microsoft products I sent my illegal copies to local Microsoft authentication centre. I was totally looked after by being issued with genuine product. The first thing Microsoft said is that keys come in a genuine package and are given no other way. Never the less I too was duped like you.You are better off reporting to the OEM manufacturers as they will definitely take an action
-
My query was more for convenience than cost, thanks Pete
-
Hi and thanks Gringo, It has been a long haul but worth it, the things I have gained out of our session is familiarity and complacency can be a thing to be very wary of when using computers/internet. One tends to take for granted that because one researches and pays top dollar that they have the best virus protection. In the past I have used fully registered versions of Norton,Macafee,NOD eset, Kaspersky and currently AVG2012, not to mention countless anti spyware/malware programs such as Spybot, no-adaware and countless others.
Three years ago I had bad Infections and I was that impressed with MBAM (MalewareBytes) that I brought the pro registration, and once again this program has proved its worth. This program seems to pick up the viruses/malwares first then the resident programs as mentioned above seem to wake and say "hey we have viruses" after MBAM does the hard yards
I am definitely interested in your recommendations for protection and with this alone you have shown me that I can protect my systems for very little expense. It was MalwareBytes that first alerted me to my infections not my resident anti virus program and as far as I am concerned It has been useless as teats on a bull in respect to my recent infections. But having said that I can see that they have their uses and each in different ways to others as far as protection is concerned.
I have also chatted with the younger generation that uses this system, but in all fairness it is hard to chastise them for what I would have done at their age. I think the only way to get around this is separate systems and let them fix their own, and having said that I too am guilty of breaching the protocol of avoiding infections.
I cannot express my gratitude enough to you for your work in guiding me to rid my system of the infections and crap, and a lot of that I didn't realise I had.
many THANKS Gringo for resolving my problems, cheers Pete
ps my next move is a very worthy donation to the cause
-
Whew, Hi and thanks again Gringo, This took over 6 hours to get to this report, after 3 hours of scanning eset crashed due to a thunderstorm and a micro power out. Did it all again and here it is. Sure hope there are some false positives amongst all this in the attached report
cheers Pete
C:\Documents and Settings\peter smith\My Documents\Downloads\Angry_Birds_-_2011_-_PC_-_Cracked.exe Win32/Adware.1ClickDownload.G application
C:\Documents and Settings\peter smith\My Documents\Downloads\cnet_wrar401_exe.exe a variant of Win32/InstallCore.D application
C:\Documents and Settings\peter smith\My Documents\Downloads\Nazis.at.the.Center.of.the.Earth.2012.BRRip.XviD.Ac3.exe Win32/Adware.1ClickDownload.B application
C:\Documents and Settings\peter smith\My Documents\Downloads\sd-setup (1).exe a variant of Win32/ELEX application
C:\Documents and Settings\peter smith\My Documents\Downloads\sd-setup.exe a variant of Win32/ELEX application
C:\Downloads\new\cbsidlm-tr1_7-Aveyond_Gates_of_Night-SEO2-10976663.exe Win32/DownloadAdmin.D application
C:\Downloads\new\software\defragsetup.exe a variant of Win32/Toolbar.Widgi application
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\cdrom.sys.vir Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP740\A0465244.exe probably a variant of Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP740\A0465248.dll a variant of Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP759\A0470813.exe a variant of Win32/SweetIM.B application
C:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP759\A0471057.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP759\A0471141.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP759\A0471189.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{34EA6B75-DFBF-4096-926B-8BB79104CBDA}\RP760\A0471262.sys Win32/Sirefef.DA trojan
-
<p> </p>
<div>
<div>Hi Gringo don't you sleep?? lol, thanks once again for your help</div>
<div>cheers Pete</div>
<div> </div>
<div>Malwarebytes Anti-Malware (PRO) 1.65.1.1000</div>
<div>www.malwarebytes.org</div>
<div> </div>
<div>Database version: v2012.11.07.10</div>
<div> </div>
<div>Windows XP Service Pack 3 x86 NTFS</div>
<div>Internet Explorer 8.0.6001.18702</div>
<div>peter smith :: PB1947 [administrator]</div>
<div> </div>
<div>Protection: Disabled</div>
<div> </div>
<div>8/11/2012 12:18:58 PM</div>
<div>mbam-log-2012-11-08 (12-18-58).txt</div>
<div> </div>
<div>Scan type: Quick scan</div>
<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div>
<div>Scan options disabled: P2P</div>
<div>Objects scanned: 262818</div>
<div>Time elapsed: 4 minute(s), 52 second(s)</div>
<div> </div>
<div>Memory Processes Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Memory Modules Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Registry Keys Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Registry Values Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Registry Data Items Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Folders Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>Files Detected: 0</div>
<div>(No malicious items detected)</div>
<div> </div>
<div>(end)</div>
<div> </div>
</div>
<div> </div>
<div>Logfile of Trend Micro HijackThis v2.0.4</div>
<div>Scan saved at 12:33:35 PM, on 8/11/2012</div>
<div>Platform: Windows XP SP3 (WinNT 5.01.2600)</div>
<div>MSIE: Internet Explorer v8.00 (8.00.6001.18702)</div>
<div>Boot mode: Normal</div>
<div> </div>
<div>Running processes:</div>
<div>C:\windows\System32\smss.exe</div>
<div>C:\windows\system32\winlogon.exe</div>
<div>C:\windows\system32\services.exe</div>
<div>C:\windows\system32\lsass.exe</div>
<div>C:\windows\system32\nvsvc32.exe</div>
<div>C:\windows\system32\svchost.exe</div>
<div>C:\windows\System32\svchost.exe</div>
<div>C:\windows\system32\svchost.exe</div>
<div>C:\windows\system32\spoolsv.exe</div>
<div>C:\Program Files\Creative\Shared Files\CTAudSvc.exe</div>
<div>C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe</div>
<div>C:\windows\Explorer.EXE</div>
<div>C:\windows\vVX3000.exe</div>
<div>C:\windows\system32\CTXFIHLP.EXE</div>
<div>C:\Program Files\AVG\AVG2012\avgtray.exe</div>
<div>C:\Program Files\iTunes\iTunesHelper.exe</div>
<div>C:\Program Files\Common Files\Java\Java Update\jusched.exe</div>
<div>C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe</div>
<div>C:\Program Files\Windows Desktop Search\WindowsSearch.exe</div>
<div>C:\Documents and Settings\peter smith\Start Menu\Programs\Startup\hpqtra08.exe</div>
<div>C:\Program Files\MagicDisc\MagicDisc.exe</div>
<div>C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div>
<div>C:\Program Files\AVG\AVG2012\avgfws.exe</div>
<div>C:\Program Files\AVG\AVG2012\avgwdsvc.exe</div>
<div>C:\Program Files\Bonjour\mDNSResponder.exe</div>
<div>C:\windows\system32\CTsvcCDA.exe</div>
<div>C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe</div>
<div>C:\Program Files\AVG\AVG2012\avgnsx.exe</div>
<div>C:\Program Files\AVG\AVG2012\avgemcx.exe</div>
<div>C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe</div>
<div>C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE</div>
<div>C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe</div>
<div>C:\Program Files\Microsoft LifeCam\MSCamS32.exe</div>
<div>C:\Program Files\AVG\AVG2012\avgrsx.exe</div>
<div>C:\Program Files\Nero\Update\NASvc.exe</div>
<div>C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe</div>
<div>C:\Program Files\AVG\AVG2012\avgcsrvx.exe</div>
<div>C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe</div>
<div>C:\windows\System32\svchost.exe</div>
<div>C:\windows\system32\IoctlSvc.exe</div>
<div>C:\windows\System32\svchost.exe</div>
<div>C:\windows\system32\PnkBstrA.exe</div>
<div>C:\windows\system32\PnkBstrB.exe</div>
<div>C:\windows\system32\svchost.exe</div>
<div>C:\Program Files\UPHClean\uphclean.exe</div>
<div>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</div>
<div>C:\windows\system32\SearchIndexer.exe</div>
<div>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe</div>
<div>C:\Program Files\AVG\AVG2012\avgidsagent.exe</div>
<div>C:\windows\system32\svchost.exe</div>
<div>C:\Program Files\iPod\bin\iPodService.exe</div>
<div>C:\windows\SYSTEM32\CTXFISPI.EXE</div>
<div>C:\windows\system32\svchost.exe</div>
<div>C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe</div>
<div>C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe</div>
<div>C:\Program Files\AVG\AVG2012\avgcsrvx.exe</div>
<div>C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe</div>
<div>C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe</div>
<div>C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe</div>
<div>C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe</div>
<div>C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe</div>
<div>C:\Program Files\Java\jre7\bin\jqs.exe</div>
<div>C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe</div>
<div>C:\Downloads\new\HijackThis.exe</div>
<div> </div>
<div>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.bigpond.com/home/index.jsp</div>
<div>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157</div>
<div>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896</div>
<div>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896</div>
<div>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157</div>
<div>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*</div>
<div>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll</div>
<div>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll</div>
<div>O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll</div>
<div>O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll</div>
<div>O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL</div>
<div>O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll</div>
<div>O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll</div>
<div>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll</div>
<div>O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll</div>
<div>O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll</div>
<div>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll</div>
<div>O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\peter smith\Application Data\FlashGetBHO\FlashGetBHO3.dll</div>
<div>O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL</div>
<div>O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll</div>
<div>O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll</div>
<div>O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"</div>
<div>O4 - HKLM\..\Run: [VX3000] C:\windows\vVX3000.exe</div>
<div>O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"</div>
<div>O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe</div>
<div>O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe</div>
<div>O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE</div>
<div>O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices</div>
<div>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"</div>
<div>O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"</div>
<div>O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart</div>
<div>O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"</div>
<div>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup</div>
<div>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime</div>
<div>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"</div>
<div>O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"</div>
<div>O4 - HKUS\S-1-5-21-1409082233-1708537768-1801674531-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')</div>
<div>O4 - HKUS\S-1-5-21-1409082233-1708537768-1801674531-1010\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'UpdatusUser')</div>
<div>O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')</div>
<div>O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')</div>
<div>O4 - Startup: hpqtra08.exe</div>
<div>O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe</div>
<div>O4 - Startup: PowerReg Scheduler.exe</div>
<div>O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe</div>
<div>O8 - Extra context menu item: Download All By FlashGet3 - C:\Documents and Settings\peter smith\Application Data\FlashGetBHO\GetAllUrl.htm</div>
<div>O8 - Extra context menu item: Download By FlashGet3 - C:\Documents and Settings\peter smith\Application Data\FlashGetBHO\GetUrl.htm</div>
<div>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000</div>
<div>O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html</div>
<div>O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105</div>
<div>O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll</div>
<div>O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll</div>
<div>O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll</div>
<div>O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll</div>
<div>O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll</div>
<div>O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll</div>
<div>O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll</div>
<div>O9 - Extra button: FreshDownload - {87989A8E-F587-43A4-9315-34A4E4F4B3F9} - C:\windows\system32\shdocvw.dll</div>
<div>O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll</div>
<div>O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll</div>
<div>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe</div>
<div>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe</div>
<div>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe</div>
<div>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe</div>
<div>O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB</div>
<div>O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab</div>
<div>O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx</div>
<div>O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab</div>
<div>O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab</div>
<div>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243504952390</div>
<div>O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab</div>
<div>O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab</div>
<div>O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab</div>
<div>O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/en_big-city-adventure-sydney-australia/online/JBGamePlayer.cab</div>
<div>O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx</div>
<div>O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - </div>
<div>O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab</div>
<div>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab</div>
<div>O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab</div>
<div>O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll</div>
<div>O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll</div>
<div>O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL</div>
<div>O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL</div>
<div>O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll</div>
<div>O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll</div>
<div>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</div>
<div>O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe</div>
<div>O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe</div>
<div>O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe</div>
<div>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe</div>
<div>O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe</div>
<div>O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\windows\system32\CTsvcCDA.exe</div>
<div>O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe</div>
<div>O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe</div>
<div>O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe</div>
<div>O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe</div>
<div>O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe</div>
<div>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe</div>
<div>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe</div>
<div>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe</div>
<div>O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe</div>
<div>O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe</div>
<div>O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe</div>
<div>O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe</div>
<div>O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe</div>
<div>O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe</div>
<div>O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)</div>
<div>O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe</div>
<div>O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe</div>
<div>O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\windows\system32\IoctlSvc.exe</div>
<div>O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe</div>
<div>O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe</div>
<div>O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe</div>
<div>O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe</div>
<div>O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe</div>
<div>O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Program Files\UPHClean\uphclean.exe</div>
<div> </div>
<div>--</div>
<div>End of file - 17161 bytes</div>
<div> </div>
-
Hi Gringo, Like the other day, I left system running while having breakfast and came back to find thisAVG flag :- Threat detected - c:\System Volume Information\_restore{34EA6B75-DFBF-4096-8BB79104CBDA}\A0471057.sys
Threat Name:- Trojan horse Rootkit-Pakes.CD
Process name :- C:\WINDOWS\system32\svchost.exe
Process ID:1724
This time I ignored the AVG action and will wait for your reply. Cheers Pete
-
HI Gringo and thanks once again for your support. This went again with hiccups. The AVG real time scanners flag came up again, I ignored this flag and combofix did its own thing. A flag again came up pev application error, Also a file was deleted from my AVG privacy protection, this does not bother me as I have full registered version and will re-install later.
cheers Pete
ComboFix 12-11-06.03 - peter smith 08/11/2012 9:53.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3068.2237 [GMT 11:00]
Running from: c:\documents and settings\peter smith\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-10-07 to 2012-11-07 )))))))))))))))))))))))))))))))
.
.
2012-11-05 20:47 . 2008-04-14 12:00 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2012-11-05 20:47 . 2008-04-14 12:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-11-04 22:42 . 2012-11-04 22:42 161 ----a-w- c:\windows\DeleteOnReboot.bat
2012-11-03 04:37 . 2003-10-01 02:48 33280 ----a-w- c:\program files\Microsoft Games\Halo\trainer.exe
2012-11-03 04:18 . 2012-11-03 04:32 -------- d-----w- C:\Halo
2012-11-02 03:53 . 2012-11-02 03:53 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2012-11-01 10:30 . 2012-11-01 10:30 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2012-10-31 08:27 . 2012-11-03 22:01 -------- d-----w- C:\extract
2012-10-29 23:35 . 2012-11-01 10:25 -------- d-----w- c:\program files\Aveyond - Gates of Night
2012-10-27 00:10 . 2012-10-29 23:35 -------- d-----w- c:\documents and settings\peter smith\Application Data\Aveyond 3
2012-10-26 23:46 . 2012-10-26 23:46 441 ----a-w- c:\program files\2710201210460739.bat
2012-10-26 13:47 . 2012-10-26 13:47 -------- d-----w- c:\documents and settings\peter smith\Local Settings\Application Data\Buried In Time
2012-10-26 12:40 . 2012-10-26 12:40 -------- d-----w- c:\documents and settings\peter smith\Application Data\Mud Puddle Games
2012-10-23 12:56 . 2012-10-23 12:56 -------- d-----w- c:\program files\Common Files\Java
2012-10-23 12:56 . 2012-10-23 12:56 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-20 23:11 . 2012-10-20 23:11 -------- d-----w- c:\documents and settings\peter smith\Application Data\Oberon Media
2012-10-20 23:11 . 2012-10-20 23:11 -------- d-----w- c:\program files\Common Files\Oberon Media
2012-10-20 23:09 . 2012-10-20 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon Media
2012-10-20 23:09 . 2012-10-27 00:09 -------- d-----w- c:\program files\Oberon Media
2012-10-20 23:09 . 2012-10-27 00:09 -------- d-----w- c:\program files\MSN Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-23 12:56 . 2012-02-24 02:22 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-23 12:56 . 2011-09-21 07:55 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-23 12:56 . 2010-05-08 15:01 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-29 08:54 . 2010-04-04 08:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:14 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 05:43 . 2012-02-21 19:25 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-21 13:33 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-03 18:21 . 2011-08-27 05:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-05 570664]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-07 13879192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\peter smith\Start Menu\Programs\Startup\
hpqtra08.exe [2008-3-25 214360]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-8-5 576000]
PowerReg Scheduler.exe [2012-8-5 256000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ComproRemote.lnk]
backup=c:\windows\pss\ComproRemote.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ComproSchedulerDTV.lnk]
backup=c:\windows\pss\ComproSchedulerDTV.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-10-17 01:29 1353080 ----a-w- c:\program files\Steam\steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead 2\\bin\\SDKLauncher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 5:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31/01/2012 5:46 AM 31952]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/07/2010 2:06 PM 64288]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [18/04/2012 5:07 PM 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [18/04/2012 5:07 PM 12464]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2/02/2012 10:24 PM 14776]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22/02/2012 6:25 AM 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [22/02/2012 6:25 AM 301920]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [28/10/2009 11:02 PM 98392]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [13/06/2012 4:48 AM 2321560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 5:53 AM 193288]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [19/09/2011 3:58 PM 87368]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [3/11/2012 10:33 PM 399432]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [7/12/2011 8:00 AM 214896]
R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [25/11/2011 5:32 PM 687400]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [26/06/2010 4:07 AM 35088]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/01/2012 8:52 PM 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 2:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 2:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 2:32 PM 17232]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [4/06/2009 3:46 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [4/06/2009 3:46 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [4/06/2009 3:46 AM 72728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/04/2010 7:47 PM 22856]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [16/11/2009 10:22 AM 47360]
R3 VMHybrid;VMHybrid service;c:\windows\system32\drivers\VMHybrid.sys [1/09/2008 3:05 AM 1060224]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13/08/2012 4:24 AM 5167736]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/04/2010 7:47 PM 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 2:28 PM 160944]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/01/2012 8:52 PM 30944]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 ComproHID;VideoMate Root Enumerated Hid Device;c:\windows\system32\drivers\ComproHID.sys [22/05/2009 8:41 PM 7040]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [18/07/2009 11:58 AM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [4/06/2009 3:46 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [4/06/2009 3:46 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [4/06/2009 3:46 AM 72728]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 10:09 PM 267568]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [21/08/2009 3:14 PM 36928]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]
.
2012-11-03 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2009-12-20 06:29]
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 04:12]
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 04:12]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1708537768-1801674531-1003Core.job
- c:\documents and settings\peter smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-12 15:32]
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1708537768-1801674531-1003UA.job
- c:\documents and settings\peter smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-12 15:32]
.
2009-10-24 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]
.
2012-11-04 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2012-11-07 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2012-11-04 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2012-11-07 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-03 03:26]
.
2012-11-07 c:\windows\Tasks\User_Feed_Synchronization-{FDA492B4-C921-4A9E-B111-88B14DFCFF35}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 17:31]
.
.
------- Supplementary Scan -------
.
ustart page = hxxp://go.bigpond.com/home/index.jsp
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download All By FlashGet3 - c:\documents and settings\peter smith\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\documents and settings\peter smith\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{87989A8E-F587-43A4-9315-34A4E4F4B3F9}
TCP: DhcpNameServer = 10.0.0.138
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://games.bigfishgames.com/en_big-city-adventure-sydney-australia/online/JBGamePlayer.cab
FF - ProfilePath - c:\documents and settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-07-11 00:24; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-08 10:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,ad,8f,d6,8b,c3,82,4d,96,33,cd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,ad,8f,d6,8b,c3,82,4d,96,33,cd,\
.
[HKEY_USERS\S-1-5-21-1409082233-1708537768-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1409082233-1708537768-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:f1,3c,38,84,87,bb,a7,a4,1c,62,51,97,01,ca,87,81,86,31,d3,f5,91,
2d,83,dc,48,58,1e,97,ca,d9,3d,ce,86,16,ab,21,c2,f6,a5,5b,0e,bb,39,cc,7d,b2,\
"rkeysecu"=hex:db,d3,f3,66,ca,d9,a8,34,d6,90,2e,e1,52,d1,8b,ab
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\08\00\05\05,,?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4648)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-11-08 10:06:32
ComboFix-quarantined-files.txt 2012-11-07 23:06
ComboFix2.txt 2012-11-06 22:58
.
Pre-Run: 97,621,241,856 bytes free
Post-Run: 97,584,295,936 bytes free
.
- - End Of File - - 2F238C528E203DE8AE4C8388573380A3
-
Hi Gringo and thanks again for your attention.
System has been very quiet and is running good
Cheers Pete
02:06:58.0078 4836 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
02:07:00.0093 4836 ============================================================
02:07:00.0093 4836 Current date / time: 2012/11/08 02:07:00.0093
02:07:00.0093 4836 SystemInfo:
02:07:00.0093 4836
02:07:00.0093 4836 OS Version: 5.1.2600 ServicePack: 3.0
02:07:00.0093 4836 Product type: Workstation
02:07:00.0093 4836 ComputerName: PB1947
02:07:00.0093 4836 UserName: peter smith
02:07:00.0093 4836 Windows directory: C:\windows
02:07:00.0093 4836 System windows directory: C:\windows
02:07:00.0093 4836 Processor architecture: Intel x86
02:07:00.0093 4836 Number of processors: 4
02:07:00.0093 4836 Page size: 0x1000
02:07:00.0093 4836 Boot type: Normal boot
02:07:00.0093 4836 ============================================================
02:07:02.0796 4836 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:07:02.0812 4836 ============================================================
02:07:02.0812 4836 \Device\Harddisk0\DR0:
02:07:02.0828 4836 MBR partitions:
02:07:02.0828 4836 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
02:07:02.0843 4836 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3A380DBF, BlocksNum 0x3A380D41
02:07:02.0843 4836 ============================================================
02:07:03.0187 4836 D: <-> \Device\Harddisk0\DR0\Partition2
02:07:03.0281 4836 C: <-> \Device\Harddisk0\DR0\Partition1
02:07:03.0281 4836 ============================================================
02:07:03.0281 4836 Initialize success
02:07:03.0281 4836 ============================================================
02:07:15.0328 3936 ============================================================
02:07:15.0328 3936 Scan started
02:07:15.0328 3936 Mode: Manual;
02:07:15.0328 3936 ============================================================
02:07:16.0671 3936 ================ Scan system memory ========================
02:07:16.0671 3936 System memory - ok
02:07:16.0671 3936 ================ Scan services =============================
02:07:16.0796 3936 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\windows\System32\6to4svc.dll
02:07:16.0796 3936 6to4 - ok
02:07:16.0812 3936 Abiosdsk - ok
02:07:16.0812 3936 abp480n5 - ok
02:07:16.0875 3936 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
02:07:16.0875 3936 ACPI - ok
02:07:16.0921 3936 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\windows\system32\drivers\ACPIEC.sys
02:07:16.0921 3936 ACPIEC - ok
02:07:16.0921 3936 adpu160m - ok
02:07:16.0953 3936 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\windows\system32\drivers\aec.sys
02:07:16.0953 3936 aec - ok
02:07:16.0984 3936 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\windows\System32\drivers\afd.sys
02:07:16.0984 3936 AFD - ok
02:07:16.0984 3936 Aha154x - ok
02:07:16.0984 3936 aic78u2 - ok
02:07:17.0000 3936 aic78xx - ok
02:07:17.0031 3936 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\windows\system32\alrsvc.dll
02:07:17.0046 3936 Alerter - ok
02:07:17.0062 3936 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\windows\System32\alg.exe
02:07:17.0062 3936 ALG - ok
02:07:17.0078 3936 AliIde - ok
02:07:17.0078 3936 amsint - ok
02:07:17.0171 3936 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:07:17.0187 3936 Apple Mobile Device - ok
02:07:17.0203 3936 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\windows\System32\appmgmts.dll
02:07:17.0203 3936 AppMgmt - ok
02:07:17.0218 3936 asc - ok
02:07:17.0218 3936 asc3350p - ok
02:07:17.0218 3936 asc3550 - ok
02:07:17.0312 3936 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
02:07:17.0312 3936 aspnet_state - ok
02:07:17.0328 3936 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
02:07:17.0328 3936 AsyncMac - ok
02:07:17.0343 3936 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\windows\system32\DRIVERS\atapi.sys
02:07:17.0343 3936 atapi - ok
02:07:17.0343 3936 Atdisk - ok
02:07:17.0390 3936 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\windows\system32\DRIVERS\atksgt.sys
02:07:17.0390 3936 atksgt - ok
02:07:17.0421 3936 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\windows\system32\DRIVERS\atmarpc.sys
02:07:17.0421 3936 Atmarpc - ok
02:07:17.0437 3936 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\windows\System32\audiosrv.dll
02:07:17.0437 3936 AudioSrv - ok
02:07:17.0468 3936 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\windows\system32\DRIVERS\audstub.sys
02:07:17.0484 3936 audstub - ok
02:07:17.0515 3936 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwdx C:\windows\system32\DRIVERS\avgfwdx.sys
02:07:17.0515 3936 Avgfwdx - ok
02:07:17.0515 3936 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd C:\windows\system32\DRIVERS\avgfwdx.sys
02:07:17.0515 3936 Avgfwfd - ok
02:07:17.0593 3936 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files\AVG\AVG2012\avgfws.exe
02:07:17.0609 3936 avgfws - ok
02:07:17.0718 3936 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
02:07:17.0890 3936 AVGIDSAgent - ok
02:07:17.0921 3936 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdriverx.sys
02:07:17.0937 3936 AVGIDSDriver - ok
02:07:17.0937 3936 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\windows\system32\DRIVERS\avgidsfilterx.sys
02:07:17.0937 3936 AVGIDSFilter - ok
02:07:17.0953 3936 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\windows\system32\DRIVERS\avgidshx.sys
02:07:17.0953 3936 AVGIDSHX - ok
02:07:17.0953 3936 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\windows\system32\DRIVERS\avgidsshimx.sys
02:07:17.0968 3936 AVGIDSShim - ok
02:07:17.0984 3936 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\windows\system32\DRIVERS\avgldx86.sys
02:07:17.0984 3936 Avgldx86 - ok
02:07:17.0984 3936 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\windows\system32\DRIVERS\avgmfx86.sys
02:07:17.0984 3936 Avgmfx86 - ok
02:07:18.0000 3936 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\windows\system32\DRIVERS\avgrkx86.sys
02:07:18.0000 3936 Avgrkx86 - ok
02:07:18.0015 3936 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\windows\system32\DRIVERS\avgtdix.sys
02:07:18.0015 3936 Avgtdix - ok
02:07:18.0031 3936 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
02:07:18.0031 3936 avgwd - ok
02:07:18.0078 3936 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\windows\system32\drivers\Beep.sys
02:07:18.0078 3936 Beep - ok
02:07:18.0125 3936 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\windows\system32\qmgr.dll
02:07:18.0281 3936 BITS - ok
02:07:18.0343 3936 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
02:07:18.0343 3936 Bonjour Service - ok
02:07:18.0359 3936 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\windows\System32\browser.dll
02:07:18.0375 3936 Browser - ok
02:07:18.0375 3936 BTCFilterService - ok
02:07:18.0375 3936 catchme - ok
02:07:18.0406 3936 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\windows\system32\drivers\cbidf2k.sys
02:07:18.0406 3936 cbidf2k - ok
02:07:18.0421 3936 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\windows\system32\DRIVERS\CCDECODE.sys
02:07:18.0421 3936 CCDECODE - ok
02:07:18.0437 3936 cd20xrnt - ok
02:07:18.0437 3936 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\windows\system32\drivers\Cdaudio.sys
02:07:18.0437 3936 Cdaudio - ok
02:07:18.0453 3936 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\windows\system32\drivers\Cdfs.sys
02:07:18.0453 3936 Cdfs - ok
02:07:18.0531 3936 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\windows\system32\DRIVERS\cdrom.sys
02:07:18.0562 3936 Cdrom - ok
02:07:18.0562 3936 Changer - ok
02:07:18.0578 3936 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\windows\system32\cisvc.exe
02:07:18.0578 3936 CiSvc - ok
02:07:18.0609 3936 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\windows\system32\clipsrv.exe
02:07:18.0609 3936 ClipSrv - ok
02:07:18.0640 3936 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:07:18.0656 3936 clr_optimization_v2.0.50727_32 - ok
02:07:18.0671 3936 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:07:18.0734 3936 clr_optimization_v4.0.30319_32 - ok
02:07:18.0734 3936 CmdIde - ok
02:07:18.0765 3936 [ A70069CDAB2A033DACF4914F49542550 ] ComproHID C:\windows\system32\DRIVERS\ComproHID.sys
02:07:18.0765 3936 ComproHID - ok
02:07:18.0765 3936 COMSysApp - ok
02:07:18.0781 3936 Cpqarray - ok
02:07:18.0828 3936 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
02:07:18.0828 3936 Creative Audio Engine Licensing Service - ok
02:07:18.0859 3936 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\windows\system32\CTsvcCDA.exe
02:07:18.0859 3936 Creative Service for CDROM Access - ok
02:07:18.0875 3936 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\windows\System32\cryptsvc.dll
02:07:18.0875 3936 CryptSvc - ok
02:07:18.0921 3936 [ 134CDD242AF1AE9961F065FBA3508A7B ] CT20XUT C:\windows\system32\drivers\CT20XUT.SYS
02:07:18.0921 3936 CT20XUT - ok
02:07:18.0937 3936 [ 134CDD242AF1AE9961F065FBA3508A7B ] CT20XUT.SYS C:\windows\System32\drivers\CT20XUT.SYS
02:07:18.0937 3936 CT20XUT.SYS - ok
02:07:18.0984 3936 [ 93439BAF09CE3C6D4CE55DA5B07D1B6A ] ctac32k C:\windows\system32\drivers\ctac32k.sys
02:07:18.0984 3936 ctac32k - ok
02:07:19.0000 3936 [ 6AB74512F09D673452D63DDEC9014DB5 ] ctaud2k C:\windows\system32\drivers\ctaud2k.sys
02:07:19.0000 3936 ctaud2k - ok
02:07:19.0078 3936 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
02:07:19.0093 3936 CTAudSvcService - ok
02:07:19.0125 3936 [ 788DB5D99B2CA44FF61D8ED7B3C67C2E ] ctdvda2k C:\windows\system32\drivers\ctdvda2k.sys
02:07:19.0140 3936 ctdvda2k - ok
02:07:19.0171 3936 [ 3A9AD039D94BE8D955AD0B2CB207378D ] CTEXFIFX C:\windows\system32\drivers\CTEXFIFX.SYS
02:07:19.0203 3936 CTEXFIFX - ok
02:07:19.0234 3936 [ 3A9AD039D94BE8D955AD0B2CB207378D ] CTEXFIFX.SYS C:\windows\System32\drivers\CTEXFIFX.SYS
02:07:19.0250 3936 CTEXFIFX.SYS - ok
02:07:19.0265 3936 [ 4602AD8C8E1B285E1A23A957F487DA86 ] CTHWIUT C:\windows\system32\drivers\CTHWIUT.SYS
02:07:19.0281 3936 CTHWIUT - ok
02:07:19.0281 3936 [ 4602AD8C8E1B285E1A23A957F487DA86 ] CTHWIUT.SYS C:\windows\System32\drivers\CTHWIUT.SYS
02:07:19.0281 3936 CTHWIUT.SYS - ok
02:07:19.0281 3936 [ D42B84671F2193330215D3C375A2E948 ] ctprxy2k C:\windows\system32\drivers\ctprxy2k.sys
02:07:19.0281 3936 ctprxy2k - ok
02:07:19.0328 3936 [ 974CFCBE3206367BEC1D527D9DADE998 ] ctsfm2k C:\windows\system32\drivers\ctsfm2k.sys
02:07:19.0328 3936 ctsfm2k - ok
02:07:19.0328 3936 dac2w2k - ok
02:07:19.0328 3936 dac960nt - ok
02:07:19.0390 3936 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\windows\system32\rpcss.dll
02:07:19.0406 3936 DcomLaunch - ok
02:07:19.0437 3936 [ 74C1305F6F784A725B0A40D693FF4A09 ] DeviceMonitorService C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
02:07:19.0437 3936 DeviceMonitorService - ok
02:07:19.0453 3936 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\windows\System32\dhcpcsvc.dll
02:07:19.0453 3936 Dhcp - ok
02:07:19.0453 3936 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\windows\system32\DRIVERS\disk.sys
02:07:19.0453 3936 Disk - ok
02:07:19.0468 3936 dmadmin - ok
02:07:19.0500 3936 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\windows\system32\drivers\dmboot.sys
02:07:19.0515 3936 dmboot - ok
02:07:19.0531 3936 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\windows\system32\drivers\dmio.sys
02:07:19.0546 3936 dmio - ok
02:07:19.0562 3936 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\windows\system32\drivers\dmload.sys
02:07:19.0562 3936 dmload - ok
02:07:19.0562 3936 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\windows\System32\dmserver.dll
02:07:19.0562 3936 dmserver - ok
02:07:19.0593 3936 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\windows\system32\drivers\DMusic.sys
02:07:19.0593 3936 DMusic - ok
02:07:19.0609 3936 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\windows\System32\dnsrslvr.dll
02:07:19.0609 3936 Dnscache - ok
02:07:19.0625 3936 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\windows\System32\dot3svc.dll
02:07:19.0625 3936 Dot3svc - ok
02:07:19.0625 3936 dpti2o - ok
02:07:19.0640 3936 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
02:07:19.0656 3936 drmkaud - ok
02:07:19.0656 3936 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\windows\System32\eapsvc.dll
02:07:19.0656 3936 EapHost - ok
02:07:19.0656 3936 [ 04AFE5C11777E33178EC11E1FAC47B07 ] emupia C:\windows\system32\drivers\emupia2k.sys
02:07:19.0671 3936 emupia - ok
02:07:19.0671 3936 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\windows\System32\ersvc.dll
02:07:19.0671 3936 ERSvc - ok
02:07:19.0703 3936 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\windows\system32\services.exe
02:07:19.0703 3936 Eventlog - ok
02:07:19.0718 3936 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
02:07:19.0734 3936 EventSystem - ok
02:07:19.0750 3936 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\windows\system32\drivers\Fastfat.sys
02:07:19.0750 3936 Fastfat - ok
02:07:19.0781 3936 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll
02:07:19.0781 3936 FastUserSwitchingCompatibility - ok
02:07:19.0796 3936 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\windows\system32\DRIVERS\fdc.sys
02:07:19.0796 3936 Fdc - ok
02:07:19.0812 3936 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\windows\system32\drivers\Fips.sys
02:07:19.0812 3936 Fips - ok
02:07:19.0812 3936 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\windows\system32\drivers\Flpydisk.sys
02:07:19.0812 3936 Flpydisk - ok
02:07:19.0843 3936 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
02:07:19.0843 3936 FltMgr - ok
02:07:19.0875 3936 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:07:19.0906 3936 FontCache3.0.0.0 - ok
02:07:19.0906 3936 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\windows\system32\DRIVERS\fssfltr_tdi.sys
02:07:19.0921 3936 fssfltr - ok
02:07:20.0000 3936 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
02:07:20.0015 3936 fsssvc - ok
02:07:20.0015 3936 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
02:07:20.0015 3936 Fs_Rec - ok
02:07:20.0031 3936 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\windows\system32\DRIVERS\ftdisk.sys
02:07:20.0031 3936 Ftdisk - ok
02:07:20.0062 3936 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\windows\system32\Drivers\GEARAspiWDM.sys
02:07:20.0062 3936 GEARAspiWDM - ok
02:07:20.0078 3936 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\windows\system32\DRIVERS\msgpc.sys
02:07:20.0078 3936 Gpc - ok
02:07:20.0171 3936 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
02:07:20.0171 3936 gupdate - ok
02:07:20.0171 3936 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
02:07:20.0171 3936 gupdatem - ok
02:07:20.0234 3936 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
02:07:20.0234 3936 gusvc - ok
02:07:20.0312 3936 [ 41FCE1833D8F659ACC56CB0EE43B2CED ] ha20x2k C:\windows\system32\drivers\ha20x2k.sys
02:07:20.0328 3936 ha20x2k - ok
02:07:20.0343 3936 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
02:07:20.0359 3936 HDAudBus - ok
02:07:20.0421 3936 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:07:20.0421 3936 helpsvc - ok
02:07:20.0437 3936 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\windows\System32\hidserv.dll
02:07:20.0437 3936 HidServ - ok
02:07:20.0468 3936 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
02:07:20.0468 3936 HidUsb - ok
02:07:20.0484 3936 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\windows\System32\kmsvc.dll
02:07:20.0484 3936 hkmsvc - ok
02:07:20.0484 3936 hpn - ok
02:07:20.0609 3936 [ E4E285A3766B4A57401FEEAF66CB07B5 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
02:07:20.0640 3936 hpqcxs08 - ok
02:07:20.0640 3936 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
02:07:20.0640 3936 hpqddsvc - ok
02:07:20.0671 3936 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\windows\system32\DRIVERS\HPZid412.sys
02:07:20.0687 3936 HPZid412 - ok
02:07:20.0703 3936 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\windows\system32\DRIVERS\HPZipr12.sys
02:07:20.0703 3936 HPZipr12 - ok
02:07:20.0718 3936 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\windows\system32\DRIVERS\HPZius12.sys
02:07:20.0734 3936 HPZius12 - ok
02:07:20.0781 3936 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\windows\system32\Drivers\HTTP.sys
02:07:20.0781 3936 HTTP - ok
02:07:20.0812 3936 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\windows\System32\w3ssl.dll
02:07:20.0812 3936 HTTPFilter - ok
02:07:20.0812 3936 i2omgmt - ok
02:07:20.0828 3936 i2omp - ok
02:07:20.0875 3936 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
02:07:20.0875 3936 i8042prt - ok
02:07:20.0953 3936 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:07:20.0953 3936 IDriverT - ok
02:07:21.0000 3936 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:07:21.0015 3936 idsvc - ok
02:07:21.0046 3936 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\windows\system32\DRIVERS\imapi.sys
02:07:21.0046 3936 Imapi - ok
02:07:21.0046 3936 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\windows\system32\imapi.exe
02:07:21.0062 3936 ImapiService - ok
02:07:21.0062 3936 ini910u - ok
02:07:21.0187 3936 [ 12A9DAFE2266B6FA6DDBCE1847347751 ] IntcAzAudAddService C:\windows\system32\drivers\RtkHDAud.sys
02:07:21.0281 3936 IntcAzAudAddService - ok
02:07:21.0281 3936 IntelIde - ok
02:07:21.0312 3936 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
02:07:21.0312 3936 intelppm - ok
02:07:21.0328 3936 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\windows\system32\drivers\ip6fw.sys
02:07:21.0328 3936 Ip6Fw - ok
02:07:21.0359 3936 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
02:07:21.0359 3936 IpFilterDriver - ok
02:07:21.0359 3936 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\windows\system32\DRIVERS\ipinip.sys
02:07:21.0359 3936 IpInIp - ok
02:07:21.0390 3936 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\windows\system32\DRIVERS\ipnat.sys
02:07:21.0390 3936 IpNat - ok
02:07:21.0421 3936 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
02:07:21.0437 3936 iPod Service - ok
02:07:21.0453 3936 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\windows\system32\DRIVERS\ipsec.sys
02:07:21.0468 3936 IPSec - ok
02:07:21.0500 3936 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\windows\system32\DRIVERS\irenum.sys
02:07:21.0515 3936 IRENUM - ok
02:07:21.0531 3936 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
02:07:21.0531 3936 isapnp - ok
02:07:21.0609 3936 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
02:07:21.0625 3936 JavaQuickStarterService - ok
02:07:21.0640 3936 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
02:07:21.0640 3936 Kbdclass - ok
02:07:21.0656 3936 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
02:07:21.0656 3936 kbdhid - ok
02:07:21.0671 3936 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\windows\system32\drivers\kmixer.sys
02:07:21.0671 3936 kmixer - ok
02:07:21.0687 3936 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\windows\system32\drivers\KSecDD.sys
02:07:21.0703 3936 KSecDD - ok
02:07:21.0718 3936 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\windows\System32\srvsvc.dll
02:07:21.0718 3936 LanmanServer - ok
02:07:21.0765 3936 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\windows\System32\wkssvc.dll
02:07:21.0812 3936 lanmanworkstation - ok
02:07:21.0812 3936 Lavasoft Kernexplorer - ok
02:07:21.0828 3936 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\windows\system32\DRIVERS\Lbd.sys
02:07:21.0828 3936 Lbd - ok
02:07:21.0828 3936 lbrtfdc - ok
02:07:21.0875 3936 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\windows\system32\DRIVERS\lirsgt.sys
02:07:21.0875 3936 lirsgt - ok
02:07:21.0921 3936 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\windows\System32\lmhsvc.dll
02:07:21.0921 3936 LmHosts - ok
02:07:22.0000 3936 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
02:07:22.0015 3936 MatSvc - ok
02:07:22.0031 3936 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
02:07:22.0031 3936 MBAMProtector - ok
02:07:22.0093 3936 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
02:07:22.0093 3936 MBAMScheduler - ok
02:07:22.0125 3936 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
02:07:22.0140 3936 MBAMService - ok
02:07:22.0171 3936 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\windows\system32\DRIVERS\mcdbus.sys
02:07:22.0171 3936 mcdbus - ok
02:07:22.0234 3936 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
02:07:22.0250 3936 MDM - ok
02:07:22.0265 3936 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\windows\System32\msgsvc.dll
02:07:22.0265 3936 Messenger - ok
02:07:22.0312 3936 Microsoft SharePoint Workspace Audit Service - ok
02:07:22.0343 3936 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\windows\system32\drivers\mnmdd.sys
02:07:22.0343 3936 mnmdd - ok
02:07:22.0375 3936 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
02:07:22.0375 3936 mnmsrvc - ok
02:07:22.0390 3936 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\windows\system32\drivers\Modem.sys
02:07:22.0406 3936 Modem - ok
02:07:22.0406 3936 motccgp - ok
02:07:22.0406 3936 motccgpfl - ok
02:07:22.0421 3936 motmodem - ok
02:07:22.0484 3936 [ 9DFD34E6841C460B5D992A1C5327AE69 ] MotoHelper C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
02:07:22.0515 3936 MotoHelper - ok
02:07:22.0515 3936 MotoSwitchService - ok
02:07:22.0515 3936 Motousbnet - ok
02:07:22.0531 3936 motusbdevice - ok
02:07:22.0546 3936 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\windows\system32\DRIVERS\mouclass.sys
02:07:22.0562 3936 Mouclass - ok
02:07:22.0593 3936 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
02:07:22.0593 3936 mouhid - ok
02:07:22.0609 3936 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\windows\system32\drivers\MountMgr.sys
02:07:22.0609 3936 MountMgr - ok
02:07:22.0625 3936 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\windows\system32\DRIVERS\MPE.sys
02:07:22.0625 3936 MPE - ok
02:07:22.0625 3936 mraid35x - ok
02:07:22.0656 3936 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\windows\system32\DRIVERS\mrxdav.sys
02:07:22.0656 3936 MRxDAV - ok
02:07:22.0671 3936 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\windows\system32\DRIVERS\mrxsmb.sys
02:07:22.0671 3936 MRxSmb - ok
02:07:22.0718 3936 [ 641199534871783DD74138FE0BCFDAE7 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
02:07:22.0734 3936 MSCamSvc - ok
02:07:22.0750 3936 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
02:07:22.0765 3936 MSDTC - ok
02:07:22.0781 3936 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\windows\system32\drivers\Msfs.sys
02:07:22.0781 3936 Msfs - ok
02:07:22.0781 3936 MSIServer - ok
02:07:22.0828 3936 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
02:07:22.0828 3936 MSKSSRV - ok
02:07:22.0828 3936 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
02:07:22.0828 3936 MSPCLOCK - ok
02:07:22.0843 3936 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\windows\system32\drivers\MSPQM.sys
02:07:22.0843 3936 MSPQM - ok
02:07:22.0890 3936 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
02:07:22.0890 3936 mssmbios - ok
02:07:22.0906 3936 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\windows\system32\drivers\MSTEE.sys
02:07:22.0906 3936 MSTEE - ok
02:07:22.0921 3936 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\windows\system32\drivers\Mup.sys
02:07:22.0921 3936 Mup - ok
02:07:22.0937 3936 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\windows\system32\DRIVERS\NABTSFEC.sys
02:07:22.0937 3936 NABTSFEC - ok
02:07:22.0984 3936 [ 0102140028FAD045756796E1C685D695 ] napagent C:\windows\System32\qagentrt.dll
02:07:23.0000 3936 napagent - ok
02:07:23.0062 3936 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
02:07:23.0078 3936 NAUpdate - ok
02:07:23.0093 3936 [ 0AE25530894A934C6CA600865C6E9D7C ] NBVol C:\windows\system32\DRIVERS\NBVol.sys
02:07:23.0093 3936 NBVol - ok
02:07:23.0093 3936 [ 1DDCEF3039C9D90AF3529DEE6699967D ] NBVolUp C:\windows\system32\DRIVERS\NBVolUp.sys
02:07:23.0093 3936 NBVolUp - ok
02:07:23.0109 3936 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\windows\system32\drivers\NDIS.sys
02:07:23.0125 3936 NDIS - ok
02:07:23.0125 3936 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\windows\system32\DRIVERS\NdisIP.sys
02:07:23.0125 3936 NdisIP - ok
02:07:23.0140 3936 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
02:07:23.0140 3936 NdisTapi - ok
02:07:23.0187 3936 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
02:07:23.0187 3936 Ndisuio - ok
02:07:23.0187 3936 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
02:07:23.0187 3936 NdisWan - ok
02:07:23.0203 3936 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\windows\system32\drivers\NDProxy.sys
02:07:23.0203 3936 NDProxy - ok
02:07:23.0281 3936 [ 78073F606AE3B24F6C1F555759AA8511 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
02:07:23.0312 3936 Nero BackItUp Scheduler 3 - ok
02:07:23.0343 3936 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
02:07:23.0343 3936 Net Driver HPZ12 - ok
02:07:23.0343 3936 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
02:07:23.0359 3936 NetBIOS - ok
02:07:23.0375 3936 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\windows\system32\DRIVERS\netbt.sys
02:07:23.0375 3936 NetBT - ok
02:07:23.0406 3936 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\windows\system32\netdde.exe
02:07:23.0406 3936 NetDDE - ok
02:07:23.0406 3936 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\windows\system32\netdde.exe
02:07:23.0406 3936 NetDDEdsdm - ok
02:07:23.0421 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\windows\system32\lsass.exe
02:07:23.0437 3936 Netlogon - ok
02:07:23.0437 3936 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\windows\System32\netman.dll
02:07:23.0437 3936 Netman - ok
02:07:23.0468 3936 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:07:23.0500 3936 NetTcpPortSharing - ok
02:07:23.0546 3936 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\windows\System32\mswsock.dll
02:07:23.0546 3936 Nla - ok
02:07:23.0625 3936 [ 62F68443D244024845B875B44D76A92F ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
02:07:23.0640 3936 NMIndexingService - ok
02:07:23.0687 3936 [ 28E36E677849174C910FAAEAD3E60E9E ] nmwcd C:\windows\system32\drivers\ccdcmb.sys
02:07:23.0687 3936 nmwcd - ok
02:07:23.0687 3936 [ 3823DEB17F9F6775DE0187A98FA0536D ] nmwcdc C:\windows\system32\drivers\ccdcmbo.sys
02:07:23.0687 3936 nmwcdc - ok
02:07:23.0718 3936 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\windows\system32\drivers\npf.sys
02:07:23.0734 3936 NPF - ok
02:07:23.0734 3936 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\windows\system32\drivers\Npfs.sys
02:07:23.0734 3936 Npfs - ok
02:07:23.0734 3936 npggsvc - ok
02:07:23.0765 3936 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\windows\system32\drivers\Ntfs.sys
02:07:23.0781 3936 Ntfs - ok
02:07:23.0781 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\windows\system32\lsass.exe
02:07:23.0781 3936 NtLmSsp - ok
02:07:23.0812 3936 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\windows\system32\ntmssvc.dll
02:07:23.0812 3936 NtmsSvc - ok
02:07:23.0828 3936 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\windows\system32\drivers\Null.sys
02:07:23.0828 3936 Null - ok
02:07:24.0015 3936 [ 7D08E0BC44B14EC0FB144FF1DE05B724 ] nv C:\windows\system32\DRIVERS\nv4_mini.sys
02:07:24.0171 3936 nv - ok
02:07:24.0218 3936 [ 50ACB7253D1104E5917E15A0670D63D5 ] NVHDA C:\windows\system32\drivers\nvhda32.sys
02:07:24.0218 3936 NVHDA - ok
02:07:24.0265 3936 [ B3B259E5CF0B7BC98313F03A80975B04 ] NVSvc C:\windows\system32\nvsvc32.exe
02:07:24.0265 3936 NVSvc - ok
02:07:24.0375 3936 [ 844A25C9E3076EDEF2B12E0BEDED755D ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
02:07:24.0421 3936 nvUpdatusService - ok
02:07:24.0453 3936 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\windows\system32\DRIVERS\nwlnkflt.sys
02:07:24.0453 3936 NwlnkFlt - ok
02:07:24.0468 3936 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\windows\system32\DRIVERS\nwlnkfwd.sys
02:07:24.0468 3936 NwlnkFwd - ok
02:07:24.0515 3936 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:07:24.0515 3936 ose - ok
02:07:24.0671 3936 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:07:24.0734 3936 osppsvc - ok
02:07:24.0765 3936 [ 11B3328D84ED6C11BAF4F4F115459AB6 ] ossrv C:\windows\system32\drivers\ctoss2k.sys
02:07:24.0765 3936 ossrv - ok
02:07:24.0781 3936 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\windows\system32\DRIVERS\parport.sys
02:07:24.0781 3936 Parport - ok
02:07:24.0781 3936 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\windows\system32\drivers\PartMgr.sys
02:07:24.0781 3936 PartMgr - ok
02:07:24.0828 3936 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\windows\system32\drivers\ParVdm.sys
02:07:24.0828 3936 ParVdm - ok
02:07:24.0859 3936 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\windows\system32\DRIVERS\pccsmcfd.sys
02:07:24.0859 3936 pccsmcfd - ok
02:07:24.0875 3936 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\windows\system32\DRIVERS\pci.sys
02:07:24.0875 3936 PCI - ok
02:07:24.0875 3936 PCIDump - ok
02:07:24.0890 3936 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\windows\system32\DRIVERS\pciide.sys
02:07:24.0890 3936 PCIIde - ok
02:07:24.0921 3936 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\windows\system32\drivers\Pcmcia.sys
02:07:24.0937 3936 Pcmcia - ok
02:07:24.0953 3936 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\windows\system32\Drivers\pcouffin.sys
02:07:24.0968 3936 pcouffin - ok
02:07:24.0968 3936 PDCOMP - ok
02:07:24.0968 3936 PDFRAME - ok
02:07:24.0968 3936 PDRELI - ok
02:07:24.0984 3936 PDRFRAME - ok
02:07:25.0000 3936 perc2 - ok
02:07:25.0000 3936 perc2hib - ok
02:07:25.0062 3936 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\windows\system32\IoctlSvc.exe
02:07:25.0062 3936 PLFlash DeviceIoControl Service - ok
02:07:25.0078 3936 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\windows\system32\services.exe
02:07:25.0078 3936 PlugPlay - ok
02:07:25.0093 3936 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
02:07:25.0093 3936 Pml Driver HPZ12 - ok
02:07:25.0125 3936 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\windows\system32\PnkBstrA.exe
02:07:25.0156 3936 PnkBstrA - ok
02:07:25.0187 3936 [ 27F1BE4A53441C9F1F48B9ADC145B0A5 ] PnkBstrB C:\windows\system32\PnkBstrB.exe
02:07:25.0187 3936 PnkBstrB - ok
02:07:25.0187 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\windows\system32\lsass.exe
02:07:25.0187 3936 PolicyAgent - ok
02:07:25.0203 3936 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
02:07:25.0203 3936 PptpMiniport - ok
02:07:25.0218 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\windows\system32\lsass.exe
02:07:25.0218 3936 ProtectedStorage - ok
02:07:25.0218 3936 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\windows\system32\DRIVERS\psched.sys
02:07:25.0218 3936 PSched - ok
02:07:25.0656 3936 [ 0C234A4A2FBAB98E5E1BAFAF3E3E403A ] PsSdk41 C:\windows\system32\Drivers\pssdk41.sys
02:07:25.0656 3936 PsSdk41 - ok
02:07:25.0671 3936 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\windows\system32\DRIVERS\ptilink.sys
02:07:25.0671 3936 Ptilink - ok
02:07:25.0687 3936 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\windows\system32\Drivers\PxHelp20.sys
02:07:25.0687 3936 PxHelp20 - ok
02:07:25.0703 3936 ql1080 - ok
02:07:25.0703 3936 Ql10wnt - ok
02:07:25.0703 3936 ql12160 - ok
02:07:25.0718 3936 ql1240 - ok
02:07:25.0718 3936 ql1280 - ok
02:07:25.0750 3936 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
02:07:25.0750 3936 RasAcd - ok
02:07:25.0781 3936 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\windows\System32\rasauto.dll
02:07:25.0781 3936 RasAuto - ok
02:07:25.0781 3936 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
02:07:25.0781 3936 Rasl2tp - ok
02:07:25.0796 3936 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\windows\System32\rasmans.dll
02:07:25.0796 3936 RasMan - ok
02:07:25.0796 3936 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
02:07:25.0796 3936 RasPppoe - ok
02:07:25.0796 3936 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\windows\system32\DRIVERS\raspti.sys
02:07:25.0796 3936 Raspti - ok
02:07:25.0812 3936 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\windows\system32\DRIVERS\rdbss.sys
02:07:25.0812 3936 Rdbss - ok
02:07:25.0828 3936 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
02:07:25.0828 3936 RDPCDD - ok
02:07:25.0875 3936 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\windows\system32\DRIVERS\rdpdr.sys
02:07:25.0890 3936 rdpdr - ok
02:07:25.0906 3936 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
02:07:25.0921 3936 RDPWD - ok
02:07:25.0921 3936 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
02:07:25.0921 3936 RDSessMgr - ok
02:07:25.0937 3936 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\windows\system32\DRIVERS\redbook.sys
02:07:25.0937 3936 redbook - ok
02:07:25.0968 3936 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\windows\System32\mprdim.dll
02:07:25.0984 3936 RemoteAccess - ok
02:07:26.0000 3936 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\windows\system32\regsvc.dll
02:07:26.0015 3936 RemoteRegistry - ok
02:07:26.0031 3936 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
02:07:26.0031 3936 rpcapd - ok
02:07:26.0046 3936 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\windows\system32\locator.exe
02:07:26.0046 3936 RpcLocator - ok
02:07:26.0078 3936 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\windows\System32\rpcss.dll
02:07:26.0093 3936 RpcSs - ok
02:07:26.0125 3936 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\windows\system32\rsvp.exe
02:07:26.0125 3936 RSVP - ok
02:07:26.0156 3936 [ B52B25F41BF3511071A0E7D10D659C56 ] RTLE8023xp C:\windows\system32\DRIVERS\Rtenicxp.sys
02:07:26.0171 3936 RTLE8023xp - ok
02:07:26.0171 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\windows\system32\lsass.exe
02:07:26.0171 3936 SamSs - ok
02:07:26.0218 3936 [ C1AE5D1F53285D79A0B73A62AF20734F ] SBRE C:\windows\system32\drivers\SBREdrv.sys
02:07:26.0218 3936 SBRE - ok
02:07:26.0234 3936 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\windows\System32\SCardSvr.exe
02:07:26.0234 3936 SCardSvr - ok
02:07:26.0265 3936 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\windows\system32\schedsvc.dll
02:07:26.0265 3936 Schedule - ok
02:07:26.0281 3936 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\windows\system32\DRIVERS\secdrv.sys
02:07:26.0281 3936 Secdrv - ok
02:07:26.0296 3936 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\windows\System32\seclogon.dll
02:07:26.0296 3936 seclogon - ok
02:07:26.0296 3936 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\windows\system32\sens.dll
02:07:26.0312 3936 SENS - ok
02:07:26.0328 3936 [ 6CE397C482BEDE91A38E56A8C4A0DC6D ] Ser2pl C:\windows\system32\DRIVERS\ser2pl.sys
02:07:26.0328 3936 Ser2pl - ok
02:07:26.0359 3936 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\windows\system32\DRIVERS\serenum.sys
02:07:26.0359 3936 serenum - ok
02:07:26.0359 3936 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\windows\system32\DRIVERS\serial.sys
02:07:26.0359 3936 Serial - ok
02:07:26.0453 3936 [ 5BF59C6BC737BAAF541168E5CB2EC1D9 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
02:07:26.0468 3936 ServiceLayer - ok
02:07:26.0484 3936 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\windows\system32\drivers\Sfloppy.sys
02:07:26.0484 3936 Sfloppy - ok
02:07:26.0546 3936 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\windows\System32\ipnathlp.dll
02:07:26.0562 3936 SharedAccess - ok
02:07:26.0578 3936 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\windows\System32\shsvcs.dll
02:07:26.0578 3936 ShellHWDetection - ok
02:07:26.0578 3936 Simbad - ok
02:07:26.0625 3936 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
02:07:26.0625 3936 SkypeUpdate - ok
02:07:26.0656 3936 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\windows\system32\DRIVERS\SLIP.sys
02:07:26.0656 3936 SLIP - ok
02:07:26.0703 3936 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\windows\system32\Drivers\SmartDefragDriver.sys
02:07:26.0703 3936 SmartDefragDriver - ok
02:07:26.0703 3936 Sparrow - ok
02:07:26.0750 3936 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\windows\system32\drivers\splitter.sys
02:07:26.0750 3936 splitter - ok
02:07:26.0765 3936 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\windows\system32\spoolsv.exe
02:07:26.0765 3936 Spooler - ok
02:07:26.0781 3936 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\windows\system32\DRIVERS\sr.sys
02:07:26.0781 3936 sr - ok
02:07:26.0812 3936 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\windows\system32\srsvc.dll
02:07:26.0812 3936 srservice - ok
02:07:26.0859 3936 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\windows\system32\DRIVERS\srv.sys
02:07:26.0859 3936 Srv - ok
02:07:26.0875 3936 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
02:07:26.0875 3936 SSDPSRV - ok
02:07:26.0906 3936 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\windows\system32\wiaservc.dll
02:07:26.0906 3936 stisvc - ok
02:07:26.0921 3936 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\windows\system32\DRIVERS\StreamIP.sys
02:07:26.0921 3936 streamip - ok
02:07:26.0953 3936 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\windows\system32\DRIVERS\swenum.sys
02:07:26.0953 3936 swenum - ok
02:07:26.0968 3936 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\windows\system32\drivers\swmidi.sys
02:07:26.0968 3936 swmidi - ok
02:07:26.0968 3936 SwPrv - ok
02:07:26.0968 3936 symc810 - ok
02:07:27.0000 3936 symc8xx - ok
02:07:27.0000 3936 sym_hi - ok
02:07:27.0000 3936 sym_u3 - ok
02:07:27.0015 3936 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\windows\system32\drivers\sysaudio.sys
02:07:27.0015 3936 sysaudio - ok
02:07:27.0031 3936 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\windows\system32\smlogsvc.exe
02:07:27.0031 3936 SysmonLog - ok
02:07:27.0046 3936 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\windows\System32\tapisrv.dll
02:07:27.0046 3936 TapiSrv - ok
02:07:27.0078 3936 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\windows\system32\DRIVERS\tcpip.sys
02:07:27.0093 3936 Tcpip - ok
02:07:27.0109 3936 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\windows\system32\DRIVERS\tcpip6.sys
02:07:27.0109 3936 Tcpip6 - ok
02:07:27.0140 3936 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\windows\system32\drivers\TDPIPE.sys
02:07:27.0140 3936 TDPIPE - ok
02:07:27.0156 3936 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\windows\system32\drivers\TDTCP.sys
02:07:27.0156 3936 TDTCP - ok
02:07:27.0156 3936 [ 88155247177638048422893737429D9E ] TermDD C:\windows\system32\DRIVERS\termdd.sys
02:07:27.0156 3936 TermDD - ok
02:07:27.0187 3936 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\windows\System32\termsrv.dll
02:07:27.0187 3936 TermService - ok
02:07:27.0187 3936 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\windows\System32\shsvcs.dll
02:07:27.0187 3936 Themes - ok
02:07:27.0218 3936 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
02:07:27.0218 3936 TlntSvr - ok
02:07:27.0218 3936 TosIde - ok
02:07:27.0250 3936 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\windows\system32\trkwks.dll
02:07:27.0250 3936 TrkWks - ok
02:07:27.0281 3936 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\windows\system32\DRIVERS\tunmp.sys
02:07:27.0281 3936 tunmp - ok
02:07:27.0296 3936 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\windows\system32\drivers\Udfs.sys
02:07:27.0296 3936 Udfs - ok
02:07:27.0296 3936 ultra - ok
02:07:27.0328 3936 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\windows\system32\DRIVERS\update.sys
02:07:27.0343 3936 Update - ok
02:07:27.0359 3936 [ 325FB38C323C63C7F57885B4DFB1B91E ] UPHClean C:\Program Files\UPHClean\uphclean.exe
02:07:27.0359 3936 UPHClean - ok
02:07:27.0375 3936 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\windows\System32\upnphost.dll
02:07:27.0390 3936 upnphost - ok
02:07:27.0437 3936 [ B1B8BEE26227DAD9835019201552CB05 ] upperdev C:\windows\system32\DRIVERS\usbser_lowerflt.sys
02:07:27.0437 3936 upperdev - ok
02:07:27.0453 3936 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\windows\System32\ups.exe
02:07:27.0453 3936 UPS - ok
02:07:27.0453 3936 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys
02:07:27.0468 3936 USBAAPL - ok
02:07:27.0484 3936 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\windows\system32\drivers\usbaudio.sys
02:07:27.0484 3936 usbaudio - ok
02:07:27.0515 3936 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
02:07:27.0515 3936 usbccgp - ok
02:07:27.0546 3936 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
02:07:27.0562 3936 usbehci - ok
02:07:27.0562 3936 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
02:07:27.0562 3936 usbhub - ok
02:07:27.0562 3936 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
02:07:27.0578 3936 usbprint - ok
02:07:27.0578 3936 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
02:07:27.0578 3936 usbscan - ok
02:07:27.0625 3936 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\windows\system32\drivers\usbser.sys
02:07:27.0625 3936 usbser - ok
02:07:27.0625 3936 [ 98E1FF1D732C6C7200B6C59D4FF8C1C3 ] UsbserFilt C:\windows\system32\DRIVERS\usbser_lowerfltj.sys
02:07:27.0625 3936 UsbserFilt - ok
02:07:27.0671 3936 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
02:07:27.0671 3936 USBSTOR - ok
02:07:27.0671 3936 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
02:07:27.0671 3936 usbuhci - ok
02:07:27.0671 3936 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\windows\System32\drivers\vga.sys
02:07:27.0687 3936 VgaSave - ok
02:07:27.0687 3936 ViaIde - ok
02:07:27.0734 3936 [ 210235B818921866A0BC1ECA1BE07EDA ] VMHybrid C:\windows\system32\DRIVERS\VMHybrid.sys
02:07:27.0765 3936 VMHybrid - ok
02:07:27.0781 3936 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\windows\system32\drivers\VolSnap.sys
02:07:27.0781 3936 VolSnap - ok
02:07:27.0796 3936 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\windows\System32\vssvc.exe
02:07:27.0796 3936 VSS - ok
02:07:27.0859 3936 [ 42870675B4D84ACD81A9DA69B83F14C5 ] VX3000 C:\windows\system32\DRIVERS\VX3000.sys
02:07:27.0890 3936 VX3000 - ok
02:07:27.0953 3936 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\windows\system32\w32time.dll
02:07:27.0953 3936 W32Time - ok
02:07:27.0968 3936 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
02:07:27.0968 3936 Wanarp - ok
02:07:27.0984 3936 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\windows\system32\Drivers\wdf01000.sys
02:07:28.0000 3936 Wdf01000 - ok
02:07:28.0000 3936 WDICA - ok
02:07:28.0031 3936 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\windows\system32\drivers\wdmaud.sys
02:07:28.0031 3936 wdmaud - ok
02:07:28.0046 3936 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\windows\System32\webclnt.dll
02:07:28.0046 3936 WebClient - ok
02:07:28.0125 3936 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\windows\system32\wbem\WMIsvc.dll
02:07:28.0125 3936 winmgmt - ok
02:07:28.0171 3936 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\windows\system32\WsmSvc.dll
02:07:28.0203 3936 WinRM - ok
02:07:28.0250 3936 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:07:28.0281 3936 wlidsvc - ok
02:07:28.0312 3936 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\windows\system32\MsPMSNSv.dll
02:07:28.0328 3936 WmdmPmSN - ok
02:07:28.0375 3936 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\windows\System32\advapi32.dll
02:07:28.0375 3936 Wmi - ok
02:07:28.0390 3936 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:07:28.0390 3936 WmiApSrv - ok
02:07:28.0437 3936 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
02:07:28.0468 3936 WMPNetworkSvc - ok
02:07:28.0531 3936 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:07:28.0562 3936 WPFFontCache_v0400 - ok
02:07:28.0593 3936 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\windows\System32\drivers\ws2ifsl.sys
02:07:28.0609 3936 WS2IFSL - ok
02:07:28.0640 3936 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\windows\system32\wscsvc.dll
02:07:28.0640 3936 wscsvc - ok
02:07:28.0640 3936 WSearch - ok
02:07:28.0656 3936 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\windows\system32\DRIVERS\WSTCODEC.SYS
02:07:28.0656 3936 WSTCODEC - ok
02:07:28.0703 3936 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\windows\system32\wuauserv.dll
02:07:28.0718 3936 wuauserv - ok
02:07:28.0734 3936 [ 6FF66513D372D479EF1810223C8D20CE ] WudfPf C:\windows\system32\DRIVERS\WudfPf.sys
02:07:28.0750 3936 WudfPf - ok
02:07:28.0750 3936 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WudfRd C:\windows\system32\DRIVERS\wudfrd.sys
02:07:28.0750 3936 WudfRd - ok
02:07:28.0765 3936 [ 575A4190D989F64732119E4114045A4F ] WudfSvc C:\windows\System32\WUDFSvc.dll
02:07:28.0765 3936 WudfSvc - ok
02:07:28.0781 3936 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\windows\System32\wzcsvc.dll
02:07:28.0796 3936 WZCSVC - ok
02:07:28.0796 3936 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\windows\System32\xmlprov.dll
02:07:28.0812 3936 xmlprov - ok
02:07:28.0812 3936 ================ Scan global ===============================
02:07:28.0859 3936 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\windows\system32\basesrv.dll
02:07:28.0875 3936 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll
02:07:28.0906 3936 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll
02:07:28.0937 3936 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\windows\system32\services.exe
02:07:28.0937 3936 [Global] - ok
02:07:28.0937 3936 ================ Scan MBR ==================================
02:07:28.0953 3936 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
02:07:29.0078 3936 \Device\Harddisk0\DR0 - ok
02:07:29.0078 3936 ================ Scan VBR ==================================
02:07:29.0093 3936 [ 262C7F1C2807B1CC91717751F15C91BB ] \Device\Harddisk0\DR0\Partition1
02:07:29.0093 3936 \Device\Harddisk0\DR0\Partition1 - ok
02:07:29.0109 3936 [ A9C19AA60E85E91C3C126C03A4AB0EB5 ] \Device\Harddisk0\DR0\Partition2
02:07:29.0109 3936 \Device\Harddisk0\DR0\Partition2 - ok
02:07:29.0109 3936 ============================================================
02:07:29.0109 3936 Scan finished
02:07:29.0109 3936 ============================================================
02:07:29.0125 0932 Detected object count: 0
02:07:29.0125 0932 Actual detected object count: 0
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-08 02:18:27
-----------------------------
02:18:27.984 OS Version: Windows 5.1.2600 Service Pack 3
02:18:27.984 Number of processors: 4 586 0x1707
02:18:27.984 ComputerName: PB1947 UserName:
02:18:30.312 Initialize success
02:23:12.187 AVAST engine defs: 12110700
02:23:25.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
02:23:25.515 Disk 0 Vendor: ST31000333AS CC1H Size: 953869MB BusType: 3
02:23:25.515 Disk 0 MBR read successfully
02:23:25.515 Disk 0 MBR scan
02:23:25.531 Disk 0 Windows XP default MBR code
02:23:25.531 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
02:23:25.531 Disk 0 Partition - 00 0F Extended LBA 476929 MB offset 976752000
02:23:25.546 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476929 MB offset 976752063
02:23:25.562 Disk 0 scanning sectors +1953504000
02:23:25.640 Disk 0 scanning C:\windows\system32\drivers
02:23:36.265 Service scanning
02:23:53.515 Modules scanning
02:23:57.218 Disk 0 trace - called modules:
02:23:57.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
02:23:57.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b22aab8]
02:23:57.250 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000086[0x8b1c49e8]
02:23:57.250 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8b238d98]
02:24:02.906 AVAST engine scan C:\windows
02:24:14.140 AVAST engine scan C:\windows\system32
02:27:30.718 AVAST engine scan C:\windows\system32\drivers
02:27:55.500 AVAST engine scan C:\Documents and Settings\peter smith
02:35:53.734 AVAST engine scan C:\Documents and Settings\All Users
02:39:17.671 Scan finished successfully
02:40:22.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\peter smith\Desktop\MBR.dat"
02:40:22.781 The log file has been saved successfully to "C:\Documents and Settings\peter smith\Desktop\aswMBR.txt"
-
Hi and thanks for a brilliant malware program and I have Malware Pro. Does Malwarebytes have, and if not, do they intend to have an offer for the use of a dual licence for the home users.
This day and age many people like myself have a Desktop for home use and a Laptop with WiFi for roam use. Some businesses are now doing this ie Nero and AVG.
Cheers Pete
-
Hi Gringo and thank you, your time is appreciated.
I followed your instructions re safe mode, but not without hiccups. In safe mode combofix still flagged me that AVG2012 real time shields were still active.
I ignored this as I did a barefoot safe mode boot. while running combofix I got flagged again :- pev-application error - Memory at 0x006f0072 could not be read while I was pondering this, combofix ran on again and continued to finish and the attached log was provided.
I then rebooted to normal and after breakfast I came back and the system had an AVG flag that it had detected a trojan the following is the AVG flag info:-
File name - c:\system volume information\_restore{34ea6b75-dfbf-4096-962b-86b79104cbda}\rp759\a0471039.sys
Threat Name - Trojan Horse Rootkit - Pakes.CD
Process Name - c:\windows\system32\svhost.exe
Process ID -1704
Cheers Pete
ComboFix 12-11-05.03 - Administrator 07/11/2012 9:37.2.4 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3068.2740 [GMT 11:00]
Running from: c:\downloads\new\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB28281$\2509306838
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Herofy
c:\documents and settings\All Users\Application Data\Herofy\save.aps
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\peter smith\Application Data\.#
c:\documents and settings\peter smith\Application Data\inst.exe
c:\documents and settings\peter smith\Application Data\log.txt
c:\documents and settings\peter smith\Application Data\vso_ts_preview.xml
c:\documents and settings\peter smith\My Documents\~WRL3877.tmp
c:\windows\$NtUninstallKB28281$
c:\windows\$NtUninstallKB28281$\3496787477\@
c:\windows\$NtUninstallKB28281$\3496787477\Desktop.ini
c:\windows\$NtUninstallKB28281$\3496787477\L\00000004.@
c:\windows\$NtUninstallKB28281$\3496787477\L\201d3dde
c:\windows\$NtUninstallKB28281$\3496787477\L\vxpsorii
c:\windows\$NtUninstallKB28281$\3496787477\U\00000004.@
c:\windows\$NtUninstallKB28281$\3496787477\U\00000008.@
c:\windows\$NtUninstallKB28281$\3496787477\U\000000cb.@
c:\windows\$NtUninstallKB28281$\3496787477\U\80000000.@
c:\windows\$NtUninstallKB28281$\3496787477\U\80000032.@
c:\windows\desktop
c:\windows\desktop\185.85_desktop_winxp_32bit_english_whql.exe.FDPART
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab
c:\windows\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\ST6UNST.000
c:\windows\system32\AutoRun.inf
c:\windows\system32\avgfwdx.dll
c:\windows\system32\ctfmon_D.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-11-05 20:47 . 2008-04-14 12:00 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2012-11-05 20:47 . 2008-04-14 12:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-11-04 22:42 . 2012-11-04 22:42 161 ----a-w- c:\windows\DeleteOnReboot.bat
2012-11-03 04:37 . 2003-10-01 02:48 33280 ----a-w- c:\program files\Microsoft Games\Halo\trainer.exe
2012-11-03 04:18 . 2012-11-03 04:32 -------- d-----w- C:\Halo
2012-11-02 03:53 . 2012-11-02 03:53 -------- d-sh--w- c:\documents and settings\NetworkService\IECompatCache
2012-11-01 10:30 . 2012-11-01 10:30 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2012-10-31 08:27 . 2012-11-03 22:01 -------- d-----w- C:\extract
2012-10-29 23:35 . 2012-11-01 10:25 -------- d-----w- c:\program files\Aveyond - Gates of Night
2012-10-27 00:10 . 2012-10-29 23:35 -------- d-----w- c:\documents and settings\peter smith\Application Data\Aveyond 3
2012-10-26 23:46 . 2012-10-26 23:46 441 ----a-w- c:\program files\2710201210460739.bat
2012-10-26 13:47 . 2012-10-26 13:47 -------- d-----w- c:\documents and settings\peter smith\Local Settings\Application Data\Buried In Time
2012-10-26 12:40 . 2012-10-26 12:40 -------- d-----w- c:\documents and settings\peter smith\Application Data\Mud Puddle Games
2012-10-23 12:56 . 2012-10-23 12:56 -------- d-----w- c:\program files\Common Files\Java
2012-10-23 12:56 . 2012-10-23 12:56 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-20 23:11 . 2012-10-20 23:11 -------- d-----w- c:\documents and settings\peter smith\Application Data\Oberon Media
2012-10-20 23:11 . 2012-10-20 23:11 -------- d-----w- c:\program files\Common Files\Oberon Media
2012-10-20 23:09 . 2012-10-20 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon Media
2012-10-20 23:09 . 2012-10-27 00:09 -------- d-----w- c:\program files\Oberon Media
2012-10-20 23:09 . 2012-10-27 00:09 -------- d-----w- c:\program files\MSN Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-23 12:56 . 2012-02-24 02:22 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-23 12:56 . 2011-09-21 07:55 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-23 12:56 . 2010-05-08 15:01 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-29 08:54 . 2010-04-04 08:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:14 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 05:43 . 2012-02-21 19:25 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-21 13:33 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-03 18:21 . 2011-08-27 05:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-05 570664]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-03-07 13879192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\peter smith\Start Menu\Programs\Startup\
hpqtra08.exe [2008-3-25 214360]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-8-5 576000]
PowerReg Scheduler.exe [2012-8-5 256000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ComproRemote.lnk]
backup=c:\windows\pss\ComproRemote.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ComproSchedulerDTV.lnk]
backup=c:\windows\pss\ComproSchedulerDTV.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-10-17 01:29 1353080 ----a-w- c:\program files\Steam\steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 5:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31/01/2012 5:46 AM 31952]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/07/2010 2:06 PM 64288]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [18/04/2012 5:07 PM 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [18/04/2012 5:07 PM 12464]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2/02/2012 10:24 PM 14776]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [28/10/2009 11:02 PM 98392]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22/02/2012 6:25 AM 237408]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [22/02/2012 6:25 AM 301920]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [13/06/2012 4:48 AM 2321560]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13/08/2012 4:24 AM 5167736]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 5:53 AM 193288]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [19/09/2011 3:58 PM 87368]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [3/11/2012 10:33 PM 399432]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/04/2010 7:47 PM 676936]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [7/12/2011 8:00 AM 214896]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [25/11/2011 5:32 PM 687400]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [26/06/2010 4:07 AM 35088]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 2:28 PM 160944]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/01/2012 8:52 PM 30944]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/01/2012 8:52 PM 30944]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 2:32 PM 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 2:32 PM 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 2:32 PM 17232]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 ComproHID;VideoMate Root Enumerated Hid Device;c:\windows\system32\drivers\ComproHID.sys [22/05/2009 8:41 PM 7040]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [18/07/2009 11:58 AM 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [4/06/2009 3:46 AM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [4/06/2009 3:46 AM 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [4/06/2009 3:46 AM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [4/06/2009 3:46 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [4/06/2009 3:46 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [4/06/2009 3:46 AM 72728]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 10:09 PM 267568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/04/2010 7:47 PM 22856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [16/11/2009 10:22 AM 47360]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [21/08/2009 3:14 PM 36928]
S3 VMHybrid;VMHybrid service;c:\windows\system32\drivers\VMHybrid.sys [1/09/2008 3:05 AM 1060224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]
.
2012-11-03 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2009-12-20 06:29]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 04:12]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 04:12]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1708537768-1801674531-1003Core.job
- c:\documents and settings\peter smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-12 15:32]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1708537768-1801674531-1003UA.job
- c:\documents and settings\peter smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-12 15:32]
.
2009-10-24 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]
.
2012-11-04 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2012-11-06 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2012-11-04 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2012-11-06 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-04-03 03:26]
.
2012-11-06 c:\windows\Tasks\User_Feed_Synchronization-{FDA492B4-C921-4A9E-B111-88B14DFCFF35}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 17:31]
.
.
------- Supplementary Scan -------
.
IE: {{87989A8E-F587-43A4-9315-34A4E4F4B3F9}
TCP: DhcpNameServer = 10.0.0.138
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://games.bigfishgames.com/en_big-city-adventure-sydney-australia/online/JBGamePlayer.cab
FF - ProfilePath - c:\documents and settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-07-11 00:24; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Coconut Queen - c:\program files\iWin\Coconut Queen\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-07 09:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,ad,8f,d6,8b,c3,82,4d,96,33,cd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2a,ad,8f,d6,8b,c3,82,4d,96,33,cd,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\08\00\05\05,,?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1140)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-11-07 09:58:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-06 22:58
.
Pre-Run: 97,934,557,184 bytes free
Post-Run: 97,891,307,520 bytes free
.
- - End Of File - - 232F7079BF2D8EB48DFE753FC81348FD
-
My apologies, I forgot to inform you that combofix did find a nasty that it said would be difficult to remove and also the browser diversions seem to have stopped, I am disappointed that this system would not let me to get to the combofix log stage. I also know that I have damaged files but I will not repair with xp cd or touch anything until your reply, cheers Pete
-
Hi and once again thank you for your time Gringo. I once again had hiccups. I have AVG 2012 and it is slightly different to the advice for disabling 2011. Never the less I tempory disabled AVG, after this was applied the next window had the time limit which I set to 15 minutes, the only check box in this window was disable firewall which I also checked and okayed, AVG showed all function icons in red. I then followed instructions and ran combofix and combo fix said AVG was still running real time protection??? I still ran combofix as I know I disabled AVG 2012, combofix after the scan rebooted and did over 40 stages, it then started to delete files in my personal settings etc and deleted folders and then just stopped. After one hour I had to make the decision to enable task manager as it was the only function I had to reboot the system. I have gone no further at this stage and once again I am unable to provide you with a log file. Currently I have noticed that the ethernet LED has stopped thrashing but the HD is still thrashing. I decided to be patient and await your next reply instead of trying with combo fix again. Cheers and thanks Pete
-
Hi, I lost report for security check, I did not notice this until I ran other two programs my system crashed during this and some scans had too be done again. My browser was still diverting to ads after these 2 were run. I also had a block by AVG when I rebooted after all the processes you requested were ran. ie File Name :- qszmg.justdied.com/index.php? Threat Name :- Exploit Rogue Scanner (type831)
Cheers and thanks Pete
# AdwCleaner v2.006 - Logfile created 11/05/2012 at 09:56:35
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : peter smith - PB1947
# Boot Mode : Normal
# Running from : C:\Documents and Settings\peter smith\Desktop\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
File Found : C:\Documents and Settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\BrowserMngr_extensions.sqlite
File Found : C:\Documents and Settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\browsermngr_prefs.js
File Found : C:\Documents and Settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\searchplugins\BabylonMngr.xml
File Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\windows\Tasks\Browser Manager.job
Folder Found : C:\DOCUME~1\PETERS~1\LOCALS~1\Temp\CT2504091
Folder Found : C:\Documents and Settings\All Users\Application Data\Browser Manager
Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Found : C:\Documents and Settings\All Users\Application Data\Premium
Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\iWin
Folder Found : C:\Documents and Settings\peter smith\Application Data\Babylon
Folder Found : C:\Documents and Settings\peter smith\Application Data\BabylonToolbar
Folder Found : C:\Documents and Settings\peter smith\Application Data\iWin
Folder Found : C:\Documents and Settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\CT2504091
Folder Found : C:\Documents and Settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Folder Found : C:\Documents and Settings\peter smith\Application Data\PriceGong
Folder Found : C:\Documents and Settings\peter smith\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\peter smith\Local Settings\Application Data\ConduitEngine
Folder Found : C:\Program Files\BabylonToolbar
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\iWin
Folder Found : C:\Program Files\Trymedia
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\SmartBar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\GamesBarSetup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\Software\Software
Key Found : HKU\S-1-5-21-1409082233-1708537768-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v8.0.1 (en-GB)
Profile name : default
File : C:\Documents and Settings\peter smith\Application Data\Mozilla\Firefox\Profiles\lhrewx53.default\prefs.js
Found : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT2504091.FirstTime", "true");
Found : user_pref("CT2504091.FirstTimeFF3", "true");
Found : user_pref("CT2504091.UserID", "UN00269778162390743");
Found : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT2504091.autoDisableScopes", -1);
Found : user_pref("CT2504091.cbfirsttime", "Mon Aug 13 2012 18:06:13 GMT+1000 (AUS Eastern Standard Time)");
Found : user_pref("CT2504091.defaultSearch", "false");
Found : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT2504091.enableAlerts", "false");
Found : user_pref("CT2504091.enableSearchFromAddressBar", "true");
Found : user_pref("CT2504091.firstTimeDialogOpened", "true");
Found : user_pref("CT2504091.fixPageNotFoundError", "true");
Found : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT2504091.fixUrls", true);
Found : user_pref("CT2504091.installId", "ConduitNSISIntegration");
Found : user_pref("CT2504091.installType", "ConduitNSISIntegration");
Found : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2504091.isNewTabEnabled", true);
Found : user_pref("CT2504091.isPerformedSmartBarTransition", "true");
Found : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT2504091.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRA[...]
Found : user_pref("CT2504091.openThankYouPage", "false");
Found : user_pref("CT2504091.openUninstallPage", "false");
Found : user_pref("CT2504091.search.searchAppId", "129079840422026594");
Found : user_pref("CT2504091.search.searchCount", "0");
Found : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1344845171657");
Found : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1344845158127");
Found : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1344845156751");
Found : user_pref("CT2504091.serviceLayer_services_login_10.10.20.14_lastUpdate", "1344845171783");
Found : user_pref("CT2504091.serviceLayer_services_optimizer_lastUpdate", "1344845171279");
Found : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1344845156777");
Found : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1344845155668");
Found : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1344845154672");
Found : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1344845156727");
Found : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1344845155360");
Found : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1344845170806");
Found : user_pref("CT2504091.settingsINI", true);
Found : user_pref("CT2504091.shouldFirstTimeDialog", "false");
Found : user_pref("CT2504091.smartbar.CTID", "CT2504091");
Found : user_pref("CT2504091.smartbar.Uninstall", "0");
Found : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
Found : user_pref("CT2504091.startPage", "false");
Found : user_pref("CT2504091.toolbarBornServerTime", "13-8-2012");
Found : user_pref("CT2504091.toolbarCurrentServerTime", "13-8-2012");
Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_3312_8&ba[...]
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_331[...]
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.id", "08262c03000000000000001cc0a94c4d");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15565");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109217&tt=120812_bandext_3312_8");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109217&tt=12081[...]
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.618:05:21");
Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_3312_8&babsrc=KW[...]
-\\ Google Chrome v22.0.1229.94
File : C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Found [l.13] : homepage = "hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_3312_8&babsrc=HP_ss&mntrId=08262c03000000000000001cc0a94c4d",
Found [l.1586] : homepage = "hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_3312_8&babsrc=HP_ss&mntrId=08262c03000000000000001cc0a94c4d",
-\\ Opera v11.60.1185.0
File : C:\Documents and Settings\peter smith\Application Data\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [12311 octets] - [05/11/2012 09:39:30]
AdwCleaner[s1].txt - [349 octets] - [05/11/2012 09:42:46]
AdwCleaner[R2].txt - [11997 octets] - [05/11/2012 09:56:35]
########## EOF - C:\AdwCleaner[R2].txt - [12058 octets] ##########
RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : peter smith [Admin rights]
Mode : Scan -- Date : 11/05/2012 09:29:33
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[TASK][sUSP PATH] NSSstub.job : C:\DOCUME~1\PETERS~1\LOCALS~1\Temp\{887A5008-70E1-4FC7-812F-9B0B772FF3CE}\nssstub.exe -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST31000333AS +++++
--- User ---
[MBR] ea784c8cab1d412493f0e8296eb075de
[bSP] 5810d739f7f69ddc51f4cc775ca8f251 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 976752000 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_11052012_02d0929.txt >>
RKreport[1]_S_11052012_02d0929.txt
-
Hi, My HD and modem started to thrash in unison about a week ago. I have a full registered version of AVG and have run full scans twice since and it showed a clean system. I started to smell a rat when my browser (google chrome) started to do weird things ie tabbing ads and weird sites. I have a full registered version of malwarebytes which was mothballed due to clashes at the time with AVG. (I currently have noticed that this is not the case now). I updated malwarebytes and ran a full scan and came up with a affiliates downloader which was subsequently removed. I then did another full scan with AVG and it picked up 16 malware/viruses??? after originally showing a clean system. These were removed and system rebooted
I then did another scan with malware bytes with the modem switched off and picked up trojans in my memory and restore files which were removed and system reboot. I did a registery clean with Ccleaner and defragged. I then did another another fullscan with AVG and found yet another 3 Trojans 2 of which I could not remove, they were disabled and quarantined. Then I again rebooted (modem still switched off)
I did one more scan with Malwarebytes and finally came up clean (Ironically I am not so sure about that). I then after a reboot switched on my modem and my harddisk started to thrash, the ethernet light and HD light are at this moment having a hernia and I know without going any further my problem is rewriting itself.
Dont you hate it!!!! Below are the log pastes of dds and attach
your help will be appreciated. Cheers Pete
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by peter smith at 18:22:36 on 2012-11-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3068.1985 [GMT 11:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled*
.
============== Running Processes ================
.
C:\windows\system32\nvsvc32.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\CTsvcCDA.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\windows\vVX3000.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\windows\system32\CTXFIHLP.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\peter smith\Start Menu\Programs\Startup\hpqtra08.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\windows\system32\IoctlSvc.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\PnkBstrB.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\peter smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k hpdevmgmt
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://go.bigpond.com/home/index.jsp
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CPrintEnhancer Object: {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - c:\program files\hp\smart web printing\SmartWebPrinting.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\peter smith\application data\flashgetbho\FlashGetBHO3.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Groove Folder Synchronization: {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} - c:\program files\microsoft office\office14\GROOVEEX.DLL
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\peter smith\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC EA 2; InfoPath.3; Creative AutoUpdate v1.40.01)" -"http://www.freeaddictinggames.com/game/knievels-wild-ride/"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [NBAgent] "c:\program files\nero\nero 11\nero backitup\NBAgent.exe" /WinStart
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\peter smith\start menu\programs\startup\hpqtra08.exe
StartupFolder: c:\docume~1\peters~1\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\documents and settings\peter smith\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Download All By FlashGet3 - c:\documents and settings\peter smith\application data\flashgetbho\GetAllUrl.htm
IE: Download By FlashGet3 - c:\documents and settings\peter smith\application data\flashgetbho\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243504952390
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://games.bigfishgames.com/en_big-city-adventure-sydney-australia/online/JBGamePlayer.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\peter smith\application data\mozilla\firefox\profiles\lhrewx53.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_3312_8&babsrc=HP_ss&mntrId=08262c03000000000000001cc0a94c4d
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109217&tt=120812_bandext_3312_8&babsrc=KW_ss&mntrId=08262c03000000000000001cc0a94c4d&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\peter smith\application data\mozilla\firefox\profiles\lhrewx53.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\peter smith\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\common~1\nero\browse~1\npBrowserPlugin.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\downloader\npdd.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: !HIDDEN! 2009-07-11 00:24; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217&tt=120812_bandext_3312_8
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 08262c03000000000000001cc0a94c4d
FF - user.js: extensions.BabylonToolbar.instlDay - 15565
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.618:05:21
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-6 64288]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-4-18 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-4-18 12464]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-2-2 14776]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-2-22 301920]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-28 98392]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-6-13 2321560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2011-9-19 87368]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-7-8 54760]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-3 399432]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-7 214896]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-11-25 687400]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-26 35088]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-14 2348352]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-4 22856]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2012-5-15 100456]
R3 VMHybrid;VMHybrid service;c:\windows\system32\drivers\VMHybrid.sys [2008-9-1 1060224]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-25 135664]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-4 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?]
S3 ComproHID;VideoMate Root Enumerated Hid Device;c:\windows\system32\drivers\ComproHID.sys [2009-5-22 7040]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-7-18 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-25 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys --> c:\windows\system32\drivers\motusbdevice.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-8-21 36928]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-03 04:37:05 33280 ----a-w- c:\program files\microsoft games\halo\trainer.exe
2012-11-03 04:18:59 -------- d-----w- C:\Halo
2012-10-31 08:27:55 -------- d-----w- C:\extract
2012-10-29 23:35:11 -------- d-----w- c:\program files\Aveyond - Gates of Night
2012-10-27 00:10:53 -------- d-----w- c:\documents and settings\peter smith\application data\Aveyond 3
2012-10-26 23:46:07 441 ----a-w- c:\program files\2710201210460739.bat
2012-10-26 13:47:37 -------- d-----w- c:\documents and settings\peter smith\local settings\application data\Buried In Time
2012-10-26 12:40:34 -------- d-----w- c:\documents and settings\peter smith\application data\Mud Puddle Games
2012-10-23 12:56:20 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-20 23:11:47 -------- d-----w- c:\documents and settings\peter smith\application data\Oberon Media
2012-10-20 23:11:38 -------- d-----w- c:\program files\common files\Oberon Media
2012-10-20 23:09:14 -------- d-----w- c:\documents and settings\all users\application data\Oberon Media
2012-10-20 23:09:09 -------- d-----w- c:\program files\Oberon Media
2012-10-20 23:09:09 -------- d-----w- c:\program files\MSN Games
2012-10-06 05:01:48 -------- d-----w- c:\program files\Cheat Engine 6.1
.
==================== Find3M ====================
.
2012-10-23 12:56:08 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-23 12:56:08 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-23 12:56:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-29 08:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 05:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-08 07:21:25 256868 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-08-08 07:21:25 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-08-08 07:21:14 256868 ----a-w- c:\windows\system32\nvdrsdb0.bin
.
============= FINISH: 18:23:11.00 ===============
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 22/05/2009 6:27:43 PM
System Uptime: 4/11/2012 5:05:08 PM (1 hours ago)
.
Motherboard: Intel Corporation | | DG41TY
Processor: Intel Pentium III Xeon processor | LGA775 | 2332/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 87.005 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 377.505 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6120 classic
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6120 classic
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP736: 8/08/2012 6:17:31 AM - System Checkpoint
RP737: 8/08/2012 11:10:01 AM - Installed Trains and Trucks Tycoon
RP738: 9/08/2012 2:32:01 PM - System Checkpoint
RP739: 12/08/2012 8:00:50 PM - System Checkpoint
RP740: 13/08/2012 6:08:24 PM - Restore Operation
RP741: 14/08/2012 7:19:50 PM - System Checkpoint
RP742: 15/08/2012 12:17:09 PM - Software Distribution Service 3.0
RP743: 16/08/2012 8:51:17 PM - System Checkpoint
RP744: 6/10/2012 9:04:56 AM - Installed DirectX
RP745: 6/10/2012 9:05:36 AM - Installed Nero Prerequisite Installer 1.0.
RP746: 6/10/2012 9:29:09 AM - Software Distribution Service 3.0
RP747: 15/10/2012 4:28:43 PM - Software Distribution Service 3.0
RP748: 17/10/2012 1:18:00 PM - Installed DirectX
RP749: 18/10/2012 3:57:19 PM - System Checkpoint
RP750: 19/10/2012 4:59:24 PM - System Checkpoint
RP751: 21/10/2012 1:26:20 AM - System Checkpoint
RP752: 22/10/2012 2:07:08 AM - System Checkpoint
RP753: 23/10/2012 2:44:00 PM - System Checkpoint
RP754: 23/10/2012 11:55:41 PM - Removed Java 7 Update 5
RP755: 26/10/2012 4:22:41 PM - System Checkpoint
RP756: 30/10/2012 1:12:55 AM - System Checkpoint
RP757: 31/10/2012 1:02:33 PM - System Checkpoint
RP758: 1/11/2012 1:43:31 PM - System Checkpoint
RP759: 4/11/2012 4:20:43 AM - System Checkpoint
.
==== Installed Programs ======================
.
100% Free Euchre 7.30
100% Free Five Hundred 7.30
32 Bit HP CIO Components Installer
4 Elements
900 Puzzle Games
ACDSee Image Decoder Update
ACDSee Pro 4
ACDSee RAW Image Decoder Plug-In Update 4.0
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Age of Empires III
Age of Empires III - The Asian Dynasties
AIO_Scan
All My Gods
ANNO 1404
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Australian Pictorial Computer Stamp Catalogue 2012 Edition
Australian Pictorial Computer Stamp Organiser 2012 Edition
Aveyond - Gates of Night
Aveyond Lord of Twilight
AVG 2012
AVS Media Player 3.1
AVS Mobile Uploader version 1.9
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Be a King (remove only)
Be Rich
Be Richer
Bejeweled Twist 1.0.3
BestHD Blu-ray DVD Ripper 3.58.07
Big Fish Games: Game Manager
Blokus World Tour
Bonampak
Bonjour
Boulder Dash®: Pirate's Quest™
Brain Games: Chess
BufferChm
Build-a-Lot 4: Power Source
Build-a-lot: On Vacation
C4200
c4200_Help
CallerIP
Canasta From Special K
Capitalism II
CCleaner
Champion Chef
Cheat Engine 6.1
Chocolatier 2 - Secret Ingredients
Coconut Queen (remove only)
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 3.0.0.1
Copy
Cradle of Persia 1.00
Creative Audio Control Panel
Creative Console Launcher
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
Creative WaveStudio 7
Cribbage
Critical Update for Windows Media Player 11 (KB959772)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Diablo II
DocProc
DocProcQFolder
Downloader
Dragon Keeper
Drawn: Dark Flight ®
DVD Shrink 3.2
East India Company Collection
Empire Earth II
eSupportQFolder
F.E.A.R. 2: Project Origin
Fallout 3
Farm Tribe
Fate of the Pharaoh
FINAL FANTASY XIV
Fishdom (remove only)
fishsim2
Fishsim2.11h+
FlashGet 3.3
Flower Story - Fairy Quest
FREEping
Garden Defense
Gardenscapes 1.00
Garmin USB Drivers
Garmin WebUpdater
Gatling Gears
gBurner
GFI LANguard 9.6
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker
Greek Goddesses of Solitaire
Guild Wars
Honeybee
Hospital Tycoon
Hot Dish
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hoyle Board Games 2003
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart All-In-One Driver Software 9.0.A Corporate Edition
HP Photosmart All-In-One Software 8.0
HP Photosmart Essential
HP Product Assistant
HP Product Detection
HP Smart Web Printing 1.0
HP Solution Center 8.0
HP Update
HPProductAssistant
Hunting Unlimited 2010
Island Tribe 1.00
Island Tribe 2
iTunes
Java 7 Update 9
Java Auto Updater
Java 6 Update 29
JavaFX 2.1.1
Junk Mail filter update
K-Lite Mega Codec Pack 6.5.5
Kingdom Chronicles Collector's Edition
Land Grabbers
Left 4 Dead 2
Left 4 Dead 2 Add-on Support
Left 4 Dead 2 Authoring Tools
Legends of Atlantis: Exodus
Magic FLAC to MP3 Converter 3.71
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.65.1.1000
Marblez
Matroska Pack - Lazy Man's MKV 0.9.9
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Easy Assist v2
Microsoft Fix it Center
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Halo
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft LifeCam
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works 6-9 Converter
Microsoft WSE 3.0 Runtime
Miriel the Magical Merchant (remove only)
MobileMe Control Panel
Monopoly (remove only)
Monument Builders: Eiffel Tower
Mortimer Beckett and the Time Paradox
MotoHelper 2.1.32 Driver 5.4.0
MotoHelper MergeModules
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 5.4.0
Mount&Blade With Fire and Sword
Mozilla Firefox 8.0.1 (x86 en-GB)
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
My Farm Life 2
My Kingdom For The Princess II
My Life Story (remove only)
My Tribe
Nero 11
Nero 8 Essentials
Nero Abstract Themes
Nero Audio Pack 1
Nero BackItUp 11
Nero BackItUp 11 Help (CHM)
Nero Backup Drivers
Nero Blu-ray Player
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero Cliparts
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero CoverDesigner 11
Nero CoverDesigner 11 Help (CHM)
Nero Disc Menus 1
Nero Disc Menus 2
Nero Disc Menus 3
Nero Disc Menus Basic
Nero Effects Basic
Nero Express 11
Nero Express 11 Help (CHM)
Nero Family and Events Themes
Nero Football (Soccer) Themes
Nero Holiday and Sports Themes
Nero Image Samples
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Kwik Themes Basic
Nero PiP Effects 1
Nero PiP Effects Basic
Nero Prerequisite Installer 1.0
Nero Recode 11
Nero Recode 11 Help (CHM)
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero SharedVideoCodecs
Nero SoundTrax 11
Nero SoundTrax 11 Help (CHM)
Nero Update
Nero Video 11
Nero Video 11 Help (CHM)
Nero Video Samples
Nero Video Transitions 1
Nero WaveEditor 11
Nero WaveEditor 11 Help (CHM)
nero.prerequisites.msi
neroxml
New Yankee in King Arthur's Court
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia PC Suite
Nokia Software Updater
NVIDIA Control Panel 267.59
NVIDIA Graphics Driver 267.59
NVIDIA HD Audio Driver 1.1.13.1
NVIDIA Install Application
NVIDIA nView 136.18
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Update 1.7.11
NVIDIA Update Components
OGA Notifier 2.0.0048.0
Open Sea Fishing
OpenAL
Opera 11.60
Ovi Desktop Sync Engine
OviMPlatform
Pakoombo
Path To Success
PC Connectivity Solution
Photo Story 3 for Windows
PL-2303 USB-to-Serial
Plants vs. Zombies (remove only)
ps_aio_corporate
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PunkBuster Services
QuickTime
Railroad Tycoon 3
Railroad Tycoon 3 1.06
Rapala Pro Fishing
RAW - Realms of Ancient War
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Robinson Crusoe and The Cursed Pirates
Royal Envoy Collector's Edition
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Seeds of Sorcery
Segoe UI
Shaban
Sid Meier's Railroads!
Simon3D
Skype Toolbars
Skype™ 5.10
Smart Defrag 2
SolutionCenter
SoundFont Bank Manager
SPORE™
SPORE™ Galactic Adventures
Star Defender 4
Status
Steam
swMSM
Sylenth1 v2.20
System Requirements Lab
The Chronicles of Spellborn
The Fall Trilogy 1.00
The Golden Years: Way Out West
The Island: Castaway 2
The Sims Carnival - BumperBlast
The Sims Medieval
The Timebuilders - Caveman's Prophecy
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Toolbox
TrackMania 2
TrayApp
Trucks & Trailers 1.00
Turbo Subs
Tweak UI
Ubisoft Game Launcher
Undelete 360
Uniblue DriverScanner 2009
Uniblue System Tweaker
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
VC80CRTRedist - 8.0.50727.6195
VCRedistSetup
Virtual City (remove only)
Virtual Villagers - The Secret City
Virtual Villagers - The Secret City 1.0
Virtual Villagers 3 - The Secret City Fixed
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Welcome App (Start-up experience)
Westward IV - All Aboard (remove only)
Windows 7 Upgrade Advisor
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
WinPcap 4.1.2
WinRAR archiver
Wireshark 1.4.1
World Mosaics 4 1.00
World Of Zellians
Youda Farmer 3 - Seasons
Youda Survivor
.
==== Event Viewer Messages From Past Week ========
.
3/11/2012 10:18:16 PM, error: Service Control Manager [7022] - The WebClient service hung on starting.
2/11/2012 8:13:49 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
2/11/2012 5:30:26 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
2/11/2012 5:30:13 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service hpqddsvc with arguments "" in order to run the server: {2C82180E-8C3C-4A1B-BEB1-B9140713E701}
.
==== End Of File ===========================
About time they put more bridges across the Cann River 
Another Blonde Lady (sorry ladies)
in Tailwaggers and Jokes
Posted
A blonde lady fronts her husband with a can of baked beans and asks
"how do you cook these dear"
The husband replies
"stand in boiling water for 5 minutes honey"
Blonde lady ends up in Hospital burns unit with 3rd degree burns to the feet
groan:- this is that bad ya gotta laugh