Jump to content

Possible Rootkit.0Access.H


Recommended Posts

I have been having the redirects or other symptoms people have described in other threads. But I am getting the quarantine window stating Rootkit.0Access.H and also the blocked outgoing attempts.

2 compooters mbam-log says one is clean the other being the rootkit. I have ran RogueKiller and DDS on both. So I will post the RogueKiller and mbam-log logs for both now and maybe we can rule out the box I believe to be clean and confirm the dirty one. Will go ahead and post the DDS from infected.

Went ahead and gathered the following:

catchme.exe

ComboFix.exe

gmer.exe

mbr.exe

tdsskiller.exe

Also I am aware of the Backdoor Infection My XP is Screwed Guarantee mentioned in other threads. Lets do this!!!

That is if anyone is around still around and doesn't mind. Let me say ahead time that I appreciate your time. Thanks

1st box (believed to be unfilthy)

Rougue and mbam-log

RogueKiller V7.3.2

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: myname [Admin rights]

Mode: Scan -- Date: 04/14/2012 21:23:29

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND

[HJ] HKCU\[...]\Advanced : log4-14tart_ShowRecentDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 5592f8076f07eda90befeb8e6fe753f1

[bSP] 2691ba19d6185acf958677b3e659ee74 : Linux MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39103 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 80084086 | Size: 151678 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

1st the box (believed to be unfilthy)

mbam-log

4/14/2012 5:14:19 PM

mbam-log-2012-04-14 (17-14-19).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 336133

Time elapsed: 2 minute(s), 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

2nd Box Rootkit.0Access.H

RogueKiller V7.3.2

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: noneya [Admin rights]

Mode: Scan -- Date: 04/14/2012 21:32:37

¤¤¤ Bad processes: 1 ¤¤¤

[HJ NAME] svchost.exe -- \\.\globalroot\SystemRoot\system32\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤

[RANDOMNAME] HKLM\[...]\RunOnce : SpybotDeletingA1683 (command.com /c del "C:\WINDOWS\system32\PTDCBus.dll_old") -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[FAKED] ipsec.sys : c:\windows\system32\drivers\ipsec.sys --> CANNOT FIX

[FAKED] sermouse.sys : c:\windows\system32\drivers\sermouse.sys --> CANNOT FIX

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 22289581b6914a5ae432e3b904c3045c

[bSP] 8d122f242c67815dbb8670c9ad0c8e60 : Standard MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286165 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: +++++

--- User ---

[MBR] 8a2ba3c1b57b81ce0fe9502a492252ac

[bSP] f97044ea4914e92f5ed3a3937f3c5c39 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 40005 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 81931500 | Size: 265237 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: +++++

--- User ---

[MBR] 499d457da91959658856f03052e59be3

[bSP] 7fd259ac985bfcdc99527fac8c74535b : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive3: +++++

--- User ---

[MBR] 9b6a6236cdf3be5d16f1b8eb60f87af8

[bSP] 355824eb8fd2c66d848d09d0d40a919b : Windows XP MBR Code

Partition table:

0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 476 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

2nd Box Rootkit.0Access.H

mbam-log

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

noneya :: NONEYA-BIDNESS [administrator]

Protection: Enabled

4/14/2012 1:54:23 PM

mbam-log-2012-04-14 (13-54-23).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 194363

Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 1

C:\WINDOWS\system32\LwUsbHid.dll (RootKit.0Access.H) -> Delete on reboot.

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\WINDOWS\system32\LwUsbHid.dll (RootKit.0Access.H) -> Delete on reboot.

(end)

2nd Box Rootkit.0Access.H

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_29

Run by noneya at 22:10:43 on 2012-04-14

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uLocal Page = hxxp://www.google.com/

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com/

mDefault_Page_URL = hxxp://www.google.com/

mDefault_Search_URL = hxxp://www.google.com/

mSearch Page = hxxp://www.google.com/

mLocal Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/

mSearchAssistant = hxxp://www.google.com/

mCustomizeSearch = hxxp://www.google.com/

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\snagit 10\SnagitBHO.dll

BHO: IeCatch2 Class: {a5366673-e8ca-11d3-9cd9-0090271d075b} - c:\progra~1\flashg~1.7\jccatch.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\snagit 10\SnagitIEAddin.dll

TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashg~1.7\fgiebar.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [skinClock] c:\program files\atomic alarm clock\AtomicAlarmClock.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [smcService] c:\progra~1\sygate\spf\smc.exe -startgui

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [spybotDeletingA1683] command.com /c del "c:\windows\system32\PTDCBus.dll_old"

IE: Download All by FlashGet - c:\program files\flashget v1.7\jc_all.htm

IE: Download using FlashGet - c:\program files\flashget v1.7\jc_link.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashg~1.7\flashget.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{CB4F91B0-FE02-4277-88E0-EA06018B1AA8} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F18074FD-2BE5-4EFB-99E2-BE12AD8A2B2F} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: igfxcui - igfxdev.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\noneya\application data\mozilla\firefox\profiles\83i7hj2j.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z171&form=ZGAADF&install_date=20110922&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\noneya\application data\mozilla\firefox\profiles\83i7hj2j.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll

FF - plugin: c:\documents and settings\noneya\application data\mozilla\firefox\profiles\83i7hj2j.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: c:\documents and settings\noneya\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

FF - Ext: YesScript: yesscript@userstyles.org - %profile%\extensions\yesscript@userstyles.org

FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Flash Video Resources Downloader: max@subfighter.com - %profile%\extensions\max@subfighter.com

FF - Ext: Sothink Web Video Downloader for Firefox: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08} - %profile%\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}

FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

FF - Ext: Go2 proxy: go2appspot@gmail.com - %profile%\extensions\go2appspot@gmail.com

FF - Ext: JSONView: jsonview@brh.numbera.com - %profile%\extensions\jsonview@brh.numbera.com

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-04-12 05:35:02 -------- d-----w- c:\program files\ImageShack Uploader

2012-04-05 21:47:24 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-03-19 20:03:03 -------- d-----w- c:\documents and settings\noneya\VirtualBox VMs

2012-03-19 20:02:32 -------- d-----w- c:\documents and settings\noneya\.VirtualBox

2012-03-19 10:22:23 -------- d-----w- c:\program files\Marvell

2012-03-19 07:45:58 -------- d-sh--w- C:\$RECYCLE.BIN

2012-03-19 07:45:51 1073741824 --sha-w- C:\zpagefile.sys

2012-03-19 05:10:57 39956 ----a-w- c:\windows\system32\ipsec.sys

2012-03-19 03:25:06 -------- d-----w- c:\program files\Defraggler

2012-03-19 00:52:22 12029 ----a-w- C:\Services_Backup_3182012.REG

2012-03-19 00:51:36 2133 ----a-w- C:\services_conf_backup.vbs

2012-03-19 00:03:27 -------- d-----w- c:\program files\CCleaner

2012-03-18 19:50:37 -------- d-----w- c:\program files\Partition Magic 8 Pro By Jack Docherty

2012-03-18 15:38:13 -------- d-----w- c:\documents and settings\noneya\application data\Malwarebytes

2012-03-18 15:34:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-18 15:34:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-18 15:34:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-03-18 13:44:56 38400 ----a-w- c:\windows\system32\USB3Sw32.dll

2012-03-18 13:34:53 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-03-18 04:42:54 3446 ----a-w- c:\windows\system32\drivers\ntpda.sys

2012-03-18 04:42:54 -------- d-----w- c:\program files\NTPDA

2012-03-18 04:42:20 299520 ----a-w- c:\windows\uninst.exe

2012-03-18 04:42:20 -------- d-----w- c:\documents and settings\noneya\WINDOWS

2012-03-18 04:41:48 -------- d-----w- C:\Temp

2012-03-18 04:05:01 14048 ------w- c:\windows\system32\spmsg2.dll

2012-03-17 21:12:43 -------- d-----w- C:\Downloads

2012-03-17 21:10:41 -------- d-----w- c:\program files\FlashGet v1.7

2012-03-17 06:25:05 -------- d-----w- c:\program files\damn nfo viewer

2012-03-17 06:24:41 -------- d-----w- c:\program files\imgburn

2012-03-17 04:32:40 -------- d-----w- c:\program files\foobar2000

2012-03-17 04:32:14 -------- d-----w- c:\program files\Armory

.

==================== Find3M ====================

.

2012-04-05 21:47:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-22 04:05:26 90112 ----a-w- c:\windows\DUMP326a.tmp

2012-02-29 06:07:27 12319 ----a-w- C:\Services_Backup_2292012.REG

2012-02-21 05:40:45 6656 ----a-w- c:\windows\system32\lpcio.dll

2012-02-16 15:13:41 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-01-29 07:07:36 170080 ----a-w- c:\windows\system32\drivers\snapman.sys

2011-12-23 06:36:27 61972 ----a-w- c:\program files\Zoom Player Settings.reg

.

============= FINISH: 22:11:08.93 ===============

Link to post
Share on other sites

These steps are for electr1cian only. If you are a casual viewer, do NOT try this on your system!

If you are not electr1cian and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

Do not run any other tools on your own. Just only those I guide you to.

If you have questions, stop and ask.

Do not make any sort of changes to your system while I am helping you without checking here first ! Thant means no adds/changes/deletions/hardware changes without checking with me.

I have to be in-sync with the true status of things so we do not have a catastrophe.

There will be a lot of work to do. This is only the start.

:excl: I will only deal with one physical system in this topic. Not two of them. Any other system will need to be in a separate topic.

This is exclusively for the one you labeled 2nd Box Rootkit.0Access.H :excl:

You will want to print out or copy these instructions to Notepad for Safe offline reference!

Step 1

You must turn OFF Spybot's Tea Timer, otherwise it will interfere & nullify any fixes we make !!

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Now Logoff & Restart your computer fresh.

Step 2

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 3

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 4

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Step 5

Please download the following program to your Desktop >> Unhide <<

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives.

Step 6

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 7

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 8

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt .

Use separate replies as needed if logs do not fit into one reply box.

Link to post
Share on other sites

Sorry man time out, I just started up combofix prior to seeing your post. My intent was to follow this post here

http://forums.malwarebytes.org/index.php?showtopic=108601&view=findpost&p=542534

So far its killed the explorer.exe task and found the Rootkit.zeroaccess.h brought up 2 windows about rebooting, clicked ok on both but it still has not rebooted.

Also it installed recovery console prior to running. I have system restore on this drive if that may help get us back on the same page.

Seems like this thing would of rebooted by now especially after asking but instruction prior to running said to not do the reboot myself.

Again I am sorry for this complication.

Link to post
Share on other sites

so I opened task manager and the following service are running that normally are not however none of these are using CPU cycles

CF25989.3XE

ping.exe

ping.exe

ping.exe

also an extra svchost.exe maybe two

System idle is at 99 and all other services are still also no movement when sorted by CPU usage

Link to post
Share on other sites

Here ya go, that combofix I had to help along. Think it needed a service running that I have disabled or dependency disabled. Run a pretty tight startup count usually 19-21 services after xp boots and on this uninfected box even fewer maybe 16 running process after boot..

Anyway man if you look I have been dealing with this thing trashing my services panel. Adding all kinda junk/jiberish processes none of them are ever trying to start nor do they load any descriptioins so I been just going through and disabling them for about a week now some times 30-40 at a time. Gonna add my services config at the end.

Gonna run that security check now

Logfile of random's system information tool 1.09 (written by random/random)

Run by noneya at 2012-04-15 02:45:58

Microsoft Windows XP Professional Service Pack 3

System drive C: has 5 GB (14%) free of 40 GB

Total RAM: 3037 MB (87% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\noneya\Application Data\Mozilla\Firefox\Profiles\83i7hj2j.default

prefs.js - "browser.startup.homepage" - "http://www.google.com/"

prefs.js - "extensions.enabledItems" - "DeviceDetection@logitech.com:1.23.0.5, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, jqs@sun.com:1.0, yesscript@userstyles.org:1.9, {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3, max@subfighter.com:1.0.3, {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:6.7, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:4.1.3.1, {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.4, {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4, go2appspot@gmail.com:1.0.2, jsonview@brh.numbera.com:0.7, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"

prefs.js - "keyword.URL" - "http://www.bing.com/search?pc=Z171&form=ZGAADF&install_date=20110922&q="

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 10.1 Plugin

"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]

"Description"=

"Path"=C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]

"Description"=Veetle TV Core

"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]

"Description"=Veetle TV Player

"Path"=C:\Program Files\Veetle\Player\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.11]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\

browser.xpt

browserdirprovider.dll

brwsrcmp.dll

components.list

compreg.dat

FeedConverter.js

FeedProcessor.js

FeedWriter.js

fuelApplication.js

GPSDGeolocationProvider.js

jsconsole-clhandler.js

NetworkGeolocationProvider.js

nsAddonRepository.js

nsBadCertHandler.js

nsBlocklistService.js

nsBrowserContentHandler.js

nsBrowserGlue.js

nsContentDispatchChooser.js

nsContentPrefService.js

nsDefaultCLH.js

nsDownloadManagerUI.js

nsExtensionManager.js

nsFormAutoComplete.js

nsHandlerService.js

nsHelperAppDlg.js

nsINIProcessor.js

nsLivemarkService.js

nsLoginInfo.js

nsLoginManager.js

nsLoginManagerPrompter.js

nsMicrosummaryService.js

nsPlacesAutoComplete.js

nsPlacesDBFlush.js

nsPlacesTransactionsService.js

nsPrivateBrowsingService.js

nsProxyAutoConfig.js

nsSafebrowsingApplication.js

nsSearchService.js

nsSearchSuggestions.js

nsSessionStartup.js

nsSessionStore.js

nsSetDefaultBrowser.js

nsSidebar.js

nsTaggingService.js

nsTryToClose.js

nsUpdateService.js

nsUpdateServiceStub.js

nsUpdateTimerManager.js

nsUrlClassifierLib.js

nsUrlClassifierListManager.js

nsURLFormatter.js

nsWebHandlerApp.js

pluginGlue.js

storage-Legacy.js

storage-mozStorage.js

txEXSLTRegExFunctions.js

WebContentConverter.js

xpti.dat

C:\Program Files\Mozilla Firefox\plugins\

npdeployJava1.dll

npnul32.dll

npvsharetvplg.dll

C:\Program Files\Mozilla Firefox\searchplugins\

amazondotcom.xml

answers.xml

creativecommons.xml

eBay.xml

google.xml

wikipedia.xml

yahoo.xml

C:\Documents and Settings\noneya\Application Data\Mozilla\Firefox\Profiles\83i7hj2j.default\extensions\

DeviceDetection@logitech.com

go2appspot@gmail.com

jsonview@brh.numbera.com

max@subfighter.com

yesscript@userstyles.org

{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}

C:\Documents and Settings\noneya\Application Data\Mozilla\Firefox\Profiles\83i7hj2j.default\searchplugins\

mywebsearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]

SnagIt Toolbar Loader - C:\Program Files\Snagit 10\SnagitBHO.dll [2010-04-13 63304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B}]

IeCatch2 Class - C:\PROGRA~1\FLASHG~1.7\jccatch.dll [2002-01-16 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files\Snagit 10\SnagitIEAddin.dll [2010-04-13 206152]

{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FLASHG~1.7\fgiebar.dll [2005-06-07 86016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-12-05 20065384]

"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2011-10-07 1387288]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SkinClock"=C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [2012-03-18 1726976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

Ati2evxx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2011-04-22 214016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-09-27 66328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Disabled:Microsoft OneNote"

"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Disabled:Microsoft SharePoint Workspace"

"C:\Program Files\Bitcoin\bitcoin-qt.exe"="C:\Program Files\Bitcoin\bitcoin-qt.exe:*:Enabled:bitcoin-qt"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\namecoin\namecoind.exe"="C:\Program Files\namecoin\namecoind.exe:*:Enabled:namecoind"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Veetle\Player\VeetleNet.exe"="C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"wave4"=wdmaud.drv

"midi4"=wdmaud.drv

"mixer4"=wdmaud.drv

"aux3"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"VIDC.FFDS"=ff_vfw.dll

"msacm.ac3filter"=ac3filter.acm

"wave5"=wdmaud.drv

"midi5"=wdmaud.drv

"mixer5"=wdmaud.drv

"aux4"=wdmaud.drv

"wave6"=wdmaud.drv

"midi6"=wdmaud.drv

"mixer6"=wdmaud.drv

"aux5"=wdmaud.drv

"wave7"=wdmaud.drv

"midi7"=wdmaud.drv

"mixer7"=wdmaud.drv

"aux6"=wdmaud.drv

"wave8"=wdmaud.drv

"midi8"=wdmaud.drv

"mixer8"=wdmaud.drv

"aux7"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-04-15 02:37:05 ----D---- C:\Program Files\trend micro

2012-04-15 02:37:04 ----D---- C:\rsit

2012-04-15 02:36:17 ----SHD---- C:\RECYCLER

2012-04-15 02:18:09 ----D---- C:\Program Files\ERUNT

2012-04-15 01:46:49 ----D---- C:\WINDOWS\temp

2012-04-15 01:46:47 ----A---- C:\ComboFix.txt

2012-04-15 00:40:35 ----A---- C:\WINDOWS\system32\drivers\ipsec.sys

2012-04-15 00:30:09 ----A---- C:\Boot.bak

2012-04-15 00:30:07 ----RASHD---- C:\cmdcons

2012-04-15 00:25:57 ----A---- C:\WINDOWS\zip.exe

2012-04-15 00:25:57 ----A---- C:\WINDOWS\SWXCACLS.exe

2012-04-15 00:25:57 ----A---- C:\WINDOWS\SWSC.exe

2012-04-15 00:25:57 ----A---- C:\WINDOWS\SWREG.exe

2012-04-15 00:25:57 ----A---- C:\WINDOWS\sed.exe

2012-04-15 00:25:57 ----A---- C:\WINDOWS\PEV.exe

2012-04-15 00:25:57 ----A---- C:\WINDOWS\NIRCMD.exe

2012-04-15 00:25:57 ----A---- C:\WINDOWS\MBR.exe

2012-04-15 00:25:57 ----A---- C:\WINDOWS\grep.exe

2012-04-15 00:25:54 ----D---- C:\WINDOWS\ERDNT

2012-04-15 00:25:51 ----D---- C:\Qoobox

2012-04-14 17:14:52 ----A---- C:\WINDOWS\wininit.ini

2012-04-14 13:32:43 ----A---- C:\WINDOWS\ntbtlog.txt

2012-04-12 00:35:02 ----D---- C:\Program Files\ImageShack Uploader

2012-04-11 16:17:13 ----A---- C:\WINDOWS\JascCmdFile.INI

2012-04-05 16:47:24 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

2012-03-21 17:45:34 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT

2012-03-19 05:37:19 ----A---- C:\WINDOWS\mvraidver.dat

2012-03-19 05:22:23 ----D---- C:\Program Files\Marvell

2012-03-19 02:45:51 ----ASH---- C:\zpagefile.sys

2012-03-19 00:10:57 ----A---- C:\WINDOWS\system32\ipsec.sys

2012-03-18 22:25:06 ----D---- C:\Program Files\Defraggler

2012-03-18 19:51:36 ----A---- C:\services_conf_backup.vbs

2012-03-18 19:03:27 ----D---- C:\Program Files\CCleaner

2012-03-18 14:50:37 ----D---- C:\Program Files\Partition Magic 8 Pro By Jack Docherty

2012-03-18 10:38:13 ----D---- C:\Documents and Settings\noneya\Application Data\Malwarebytes

2012-03-18 10:34:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2012-03-18 10:34:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2012-03-18 10:34:19 ----A---- C:\WINDOWS\system32\drivers\mbam.sys

2012-03-18 08:48:39 ----A---- C:\WINDOWS\system32\itlsvc.dat

2012-03-18 08:48:39 ----A---- C:\WINDOWS\system32\itldvupd.dat

2012-03-17 23:42:54 ----D---- C:\Program Files\NTPDA

2012-03-17 23:42:20 ----A---- C:\WINDOWS\uninst.exe

2012-03-17 23:41:48 ----D---- C:\Temp

2012-03-17 23:05:08 ----D---- C:\Program Files\Reference Assemblies

2012-03-17 23:05:01 ----N---- C:\WINDOWS\system32\spmsg2.dll

2012-03-17 16:12:43 ----D---- C:\Downloads

2012-03-17 16:10:41 ----D---- C:\Program Files\FlashGet v1.7

2012-03-17 16:02:30 ----A---- C:\WINDOWS\system32\secushr.dat

2012-03-17 01:25:05 ----D---- C:\Documents and Settings\noneya\Application Data\Litecoin

2012-03-17 01:24:41 ----D---- C:\litecoin

2012-03-16 23:32:40 ----D---- C:\Documents and Settings\noneya\Application Data\Armory

2012-03-16 23:32:14 ----D---- C:\Program Files\Armory

2012-03-16 23:22:56 ----D---- C:\Documents and Settings\noneya\Application Data\Electrum

======List of files/folders modified in the last 1 month======

2012-04-15 02:38:01 ----D---- C:\WINDOWS\system32

2012-04-15 02:38:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2012-04-15 02:37:05 ----RD---- C:\Program Files

2012-04-15 02:35:04 ----A---- C:\Documents and Settings\noneya\Application Data\AtomicAlarmClock.ini

2012-04-15 02:19:42 ----D---- C:\WINDOWS\system32\drivers

2012-04-15 01:46:49 ----D---- C:\WINDOWS

2012-04-15 01:46:09 ----SD---- C:\WINDOWS\Tasks

2012-04-15 01:45:49 ----D---- C:\WINDOWS\system32\CatRoot2

2012-04-15 01:44:18 ----A---- C:\WINDOWS\system.ini

2012-04-15 01:44:10 ----D---- C:\WINDOWS\system32\drivers\etc

2012-04-15 01:41:28 ----D---- C:\WINDOWS\system32\config

2012-04-15 01:40:22 ----D---- C:\WINDOWS\AppPatch

2012-04-15 01:40:21 ----D---- C:\Program Files\Common Files

2012-04-15 01:35:38 ----D---- C:\WINDOWS\SoftwareDistribution

2012-04-15 00:30:09 ----RASH---- C:\boot.ini

2012-04-15 00:17:59 ----D---- C:\WINDOWS\Logs

2012-04-14 17:20:21 ----D---- C:\WINDOWS\twain_32

2012-04-14 17:20:21 ----D---- C:\WINDOWS\Registration

2012-04-14 16:11:13 ----D---- C:\Documents and Settings\All Users\Application Data\Zoom Player

2012-04-13 02:37:52 ----D---- C:\Documents and Settings\noneya\Application Data\Bitcoin

2012-04-12 23:00:04 ----D---- C:\Program Files\Dragon's Tale

2012-04-12 04:17:43 ----D---- C:\WINDOWS\Minidump

2012-04-12 00:35:05 ----SHD---- C:\WINDOWS\Installer

2012-04-09 19:33:13 ----D---- C:\Documents and Settings\noneya\Application Data\uTorrent

2012-04-09 06:57:08 ----D---- C:\Documents and Settings\noneya\Application Data\vlc

2012-04-05 17:11:09 ----D---- C:\Program Files\Yahoo!

2012-04-05 17:10:52 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!

2012-04-05 16:56:24 ----D---- C:\Documents and Settings\noneya\Application Data\Yahoo!

2012-03-25 23:15:25 ----D---- C:\Program Files\SpeedFan

2012-03-21 23:05:26 ----A---- C:\WINDOWS\DUMP326a.tmp

2012-03-21 17:52:30 ----D---- C:\WINDOWS\PeerNet

2012-03-21 17:45:23 ----D---- C:\WINDOWS\SHELLNEW

2012-03-21 17:30:23 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2012-03-21 03:54:04 ----D---- C:\Documents and Settings\noneya\Application Data\Media Player Classic

2012-03-20 14:37:13 ----D---- C:\Documents and Settings\noneya\Application Data\foobar2000

2012-03-20 06:06:59 ----D---- C:\WINDOWS\inf

2012-03-19 05:37:02 ----A---- C:\WINDOWS\php.ini

2012-03-19 00:19:06 ----D---- C:\WINDOWS\pss

2012-03-19 00:12:36 ----RSHDC---- C:\WINDOWS\system32\dllcache

2012-03-19 00:00:48 ----D---- C:\Program Files\CGMiner

2012-03-19 00:00:48 ----D---- C:\Program Files\Atomic Alarm Clock

2012-03-18 23:34:55 ----D---- C:\Program Files\Miners

2012-03-18 23:31:58 ----D---- C:\Program Files\Hide My IP 2009

2012-03-18 23:31:50 ----D---- C:\Program Files\GUIMiner

2012-03-18 23:07:38 ----A---- C:\WINDOWS\system32\BASSMOD.dll

2012-03-18 19:53:17 ----D---- C:\WINDOWS\Debug

2012-03-18 19:24:35 ----RSD---- C:\WINDOWS\assembly

2012-03-18 19:24:29 ----D---- C:\WINDOWS\WinSxS

2012-03-18 19:21:09 ----D---- C:\Program Files\MSBuild

2012-03-18 19:21:01 ----RSD---- C:\WINDOWS\Fonts

2012-03-18 19:21:01 ----D---- C:\WINDOWS\system32\en-US

2012-03-18 19:19:10 ----D---- C:\WINDOWS\Microsoft.NET

2012-03-18 19:19:09 ----D---- C:\Program Files\Microsoft.NET

2012-03-18 19:11:26 ----D---- C:\Program Files\FlashGet

2012-03-18 11:18:05 ----D---- C:\Program Files\Zoom Player

2012-03-18 09:09:11 ----D---- C:\WINDOWS\Acronis

2012-03-17 16:07:49 ----D---- C:\Documents and Settings\noneya\Application Data\BITS

2012-03-16 23:13:01 ----D---- C:\Program Files\Bitcoin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]

R0 mv91xx;mv91xx; C:\WINDOWS\system32\DRIVERS\mv91xx.sys [2011-11-11 275760]

R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2012-01-29 170080]

R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2011-03-18 25240]

R1 atitray;atitray; \??\C:\Program Files\ATI Tray Tools\atitray.sys []

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]

R1 ntiopnp;ntiopnp; C:\WINDOWS\system32\drivers\ntiopnp.sys [2010-11-11 21080]

R1 ntiowp;ntiowp; C:\WINDOWS\system32\drivers\ntiowp.sys [2006-10-20 12352]

R1 vcdrom;Virtual CD-ROM Device Driver; \??\C:\WINDOWS\system32\VCdRom.sys []

R2 cpuz135;cpuz135; \??\C:\WINDOWS\system32\drivers\cpuz135_x32.sys []

R2 LBeepKE;Logitech Beep Suppression Driver; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2011-09-02 12184]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2011-04-22 2016704]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-12-13 7069288]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service; C:\WINDOWS\system32\drivers\IntcHdmi.sys [2009-04-08 116224]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2011-09-02 41240]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2011-09-02 39192]

R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-07-06 234392]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

R3 vncmirror;vncmirror; C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2008-05-06 4608]

R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]

S0 Teefer;Teefer for NT; C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys []

S1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys []

S2 NTPDA;NTPDA; C:\WINDOWS\system32\drivers\NTPDA.sys []

S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]

S3 AODDriver4.01;AODDriver4.01; \??\C:\Program Files\AMD\OverDrive\i386\AODDriver2.sys []

S3 atidgllk;atidgllk; \??\C:\Program Files\GIGABYTE\EasyBoost\AtiTool\atidgllk.sys []

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys []

S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys []

S3 cpuz134;cpuz134; \??\C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys []

S3 FLASHSYS;FLASHSYS; \??\C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys []

S3 GPCIDrv;GPCIDrv; \??\C:\Program Files\GIGABYTE\EasyBoost\GPCIDrv.sys []

S3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd32.sys [2008-08-14 2469888]

S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2011-09-02 30360]

S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []

S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]

S3 MSICDSetup;MSICDSetup; \??\E:\CDriver.sys []

S3 NTIOLib_1_0_4;NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 4\LU4\NTIOLib.sys []

S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys []

S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys []

S3 PortTalk;PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys []

S3 pwdrvio;pwdrvio; \??\C:\WINDOWS\system32\pwdrvio.sys []

S3 pwdspio;pwdspio; \??\C:\WINDOWS\system32\pwdspio.sys []

S3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2011-12-02 4125352]

S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]

S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-08-17 17664]

S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 lpds;Se59unic; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S2 s217unic;Ipsraidn; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 253600]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]

S3 Marvell RAID;Marvell RAID Event Agent; C:\Program Files\Marvell\raid\svc\mvraidsvc.exe [2010-03-07 235560]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

S3 OS Selector;Acronis OS Selector activator; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-05-25 2139400]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S3 SmcService;Sygate Personal Firewall Pro; C:\Program Files\Sygate\SPF\smc.exe [2005-09-27 2635472]

S4 A88xTuner;BrPar; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 adiusbaw;ZDCNDIS5; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 aolavupd;REVOSENS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 ASNDIS5;BTSLBCSP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 atimpab;Alcaudsl; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 avg7rsxp;S3savagemx; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 avgfwsrv;Eloggersvc6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 avgtdi;Sffdisk; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 avp;Lyncusbserv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 awhost32;Fsssvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 bc_pat_f;Avgems; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 Bcim;Nvstor64; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 bdfdll;TPwSav; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 btaudio;Slssvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 bwmservice;Pwkntmon; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 caisafe;Ooclevercacheagent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 CAMCAUD;Zppinger; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 ca-messagequeuing;Btwdndis; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 carboncopy32;Advantage; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 ccdecode;Sskbfd; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 cmpci;DELTA; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 com4qlb;W22n51; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 CPUCooLServer;CPUCooLServer Service; C:\Program Files\CPUCooL\CooLSrv.exe [2011-12-01 743936]

S4 crystaloutputfileserver;SNTIE; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 CrystalSysInfo;Symantecantibotfilter; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 CTEAPSFX.DLL;Websensecpmcommunicationagent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 CTEXFIFX.DLL;Nabtsfec; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 cvspydr2;Ohci1394; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 cwafrmiregistry;Toshidpt; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 CXAVXBAR;Ehstart; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 cxusb;Mfebopk; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 DeviceScanner;Cvslock; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 d-link_st3402;Win32sl; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 dns4meclient;ATKFUSService; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 dphost;Pcnet; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 drvnddm;Oracle_load_balancer_60_server-forms6i; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 dsproct;Zebrmdm; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 dvd_2K;Pduip6000dmemcrdmgr; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 dvpapi;Avc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 enxpsvr;Moufiltr; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 epsonbidirectionalservice;NetTcpPortSharing; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 fcprintservice;RAPIProtocol; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 freesshdservice;Wampmysqld; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 FTSER2K;CA561; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 G400DH;Msmframework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 genregistrar;Pnkbstra; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 GoProto;Vci; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 haspnt;Emu10k; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 houdinilicenseserver;Rxfilter; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 HssSrv;PID_PEPI; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 hwdatacard;DCamUSBMke2; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 icollectservice;Enum1394; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 idisw2km;Aslm75; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 IFPUSB;Diskperf; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 IJPLMSVC;Z800obex; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 inort;Scdemu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 ireike;UxTuneUp; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 issvc;Fd16_700; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 k750mdm;License; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 KMW_SYS;Tbiosdrv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-09-27 295192]

S4 lilsgt;Lusbaudio; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 liveupdate;Sandrathesrv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 lmab_device;Fasttx2k; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 LMIRfsClientNP;W700obex; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 lvckap;Sysmgmthp; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 lxcf_device;SymIM; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 M2500;WUSB54Gv4SVC; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 mail2ec;Dnetc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 merakcontrol;Pfc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 mod7700;Intelroam; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 MRENDIS5;Lhidflt2; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 MRUWebService;MRU Web Service; C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe [2008-06-12 24635]

S4 ms_mpu401;Pxfhmdfl; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 MSCamSvc;Symmpi; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NecUsb3;USB3 Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S4 nimdbgk;Mi-raysat_3dsmax8; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 nipsvc;Scsiaccess; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 nmservice;Oracleformsserver-forms60server-oraform; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 noipducservice;Atitool; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 nvmd;Uleadburninghelper; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 nvsmu;Nbservice; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 nwlnkspx;Tphdexlgsvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 omniserv;Sunkfiltp; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 omniusbl;Avg7rsxp; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 oracle%oracle_home_service%clientcache80;SANDRA; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 oracleorahomehttpserver;Veteboot; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 p1131vid;IOSLINK; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 PBADRV;Qcmerced; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 PCASp50;KR3NPXP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 PCISys;W700mdm; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 PD0620VID;Licensemanagersocket; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 pdfcreatormessages;Pxfhmdm; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 pdiddcci;Avupdsvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 pdlndqll;W700mdfl; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 pid_0928;Ksthunk; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 pktfilter;PBADRV; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 pnkbstrk;Npkcrypt; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 procdd;Acnusvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 PSSdk23;Kbstuff; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 QPSched;Emclisrv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 rasirda;SE2Cbus; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 rdnaoflsvc;Fuj02b1; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 remoterecord;Pnrouter; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 RMSvc;Mpfp; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 rnadiagreceiver;Se2Cunic; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 s116bus;Ss_mdm; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 s116mgmt;Ibmcicstransactiongateway; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 s116nd5;Astcc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 s716obex;Ftrtsvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 SaiNtHid;Isdrv122; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 savrtpel;Viamraid; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 screadspool;NTIDrvr; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 SE2Bmdm;Regdefend; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 se2Cunic;Arc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 se44mgmt;Protectionservice; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 SeaPort;Cacheserver; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 sis315;TryAndDecideService; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 smapint;P3; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 sonypvu1;Pgpsdkservice; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 spcstb;MobilePreInstallerService; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 SRTSPL;RushTopDevice; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 sscdmdm;DellAMBrokerService; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 ssoftservice;Mdvrmng; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 sstpsvc;Useraccess; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 starwindservice;Dtscsi; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 StkScan;Usbscan; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 STV680;Bvrp_pci; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 tandpl;Cachemgr; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 telnet;ASUSVRC; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 tfsnudf;Ssfs0509; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 tifm21;EpmPsd; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 TMHIDSRV;Iwebcal; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 tmtdi;KR10N; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 transarcafsdaemon;Pnmsrv; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 tsmapip;Digitizer; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 USB_RNDIS_XP;Vpctcom; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 usb_rndisx;Mfcom; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 usbcm;SrvcEPECioctl; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 USBVCD;Dlaopiom; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 usbvideo;ELmou; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 UVCFTR;Arhidfltr; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 UWProSys;Ageremodemaudio; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 VAIOMediaPlatform-PhotoServer-UPnP;W800mdm; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 VC6SecS;CADlink; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 vcommmgr;SQLAgent$LG_LP2; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 viairda;Rsvchost; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 VIAPFD;Symantecantibotdriver; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 VICESYS;PNRPSvc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 vmnetdhcp;Nidomainservice; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 vpcnfltr;ZuneBusEnum; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 VRcore;Wmp54gv4svc; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 vusbbus;Zpcache; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 W8100PCI;Cdmservice; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2012-04-15 02:37:08

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

7-Zip 9.20-->"C:\Program Files\7-Zip\Uninstall.exe"

AC3Filter 1.63b-->"C:\Program Files\AC3Filter\unins000.exe"

Acronis Disk Director Suite 11.0216 Final-->C:\Program Files\Acronis Disk Director Suite\uninst.exe

Acronis Disk Director Home-->MsiExec.exe /X{9CCC78EF-027E-40E0-9B61-39932C65E3FE}

ActiveState ActivePython 2.7.2.5 (32-bit)-->MsiExec.exe /I{49351FE8-DB8F-4C56-9DA6-B2D6CE3F7BF8}

Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{FE23D063-934D-4829-A0D8-00634CE79B4A}

Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil11g_Plugin.exe -maintain plugin

AMD APP SDK Runtime-->MsiExec.exe /I{A25FF1C0-80B6-4B8B-A551-DC525697A408}

ATI Stream SDK v2 Developer-->MsiExec.exe /I{0ED98038-0885-F902-C419-669ADE471A46}

Atomic Alarm Clock 5.91-->"C:\Program Files\Atomic Alarm Clock\unins000.exe"

Bass Audio Decoder (remove only)-->"C:\Program Files\Bass Audio Decoder\uninstall.exe"

Belarc Advisor 8.2-->"C:\PROGRA~1\Belarc\Advisor\Uninstall.exe" "C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG"

BetOnline Poker 8.2-->C:\Program Files\BetOnline Poker\uninstall.exe

BetOnline Poker-->C:\Program Files\BetOnline Poker\uninstall.exe

BovadaPoker-->"C:\Program Files\Bovada\unins000.exe"

BTC On Tilt Poker 1.8-->"C:\Documents and Settings\noneya\Local Settings\Application Data\BTC On Tilt Poker\unins000.exe"

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

CD Audio Reader Filter (remove only)-->"C:\Program Files\CD Audio Reader Filter\uninstall.exe"

CPUCooL (remove only)-->"C:\Program Files\CPUCooL\CPUCooL-uninst.exe"

CPUFSB (remove only)-->"C:\Program Files\CPUFSB\CPUFSB-uninst.exe"

CPUID CPU-Z 1.59-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"

CPUID HWMonitor Pro 1.12-->"C:\Program Files\CPUID\HWMonitorPro\unins000.exe"

CSVed 2.2.1-->"C:\Program Files\CSVed\unins000.exe"

DCoder Image Source (remove only)-->"C:\Program Files\DCoder Image Source\uninstall.exe"

Defraggler-->"C:\Program Files\Defraggler\uninst.exe"

DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe"

Dragon's Tale-->"C:\WINDOWS\Dragon's Tale Uninstaller.exe"

Driver Sweeper version 3.2.0-->"C:\Program Files\Driver Sweeper\unins000.exe"

DScaler 5 Mpeg Decoders-->"C:\Program Files\DScaler5\unins000.exe"

EasyBoost-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{41910260-4532-4734-8181-3E8AFDBB05D7} /l1033

eReg-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

ffdshow v1.1.3966 [2011-08-09]-->"C:\Program Files\ffdshow\unins000.exe"

FFMPEG Core Files (remove only)-->"C:\Program Files\FFMPEG Core Files\uninstall.exe"

FlashGet(JetCar)-->C:\PROGRA~1\FLASHG~1.7\UNWISE.EXE C:\PROGRA~1\FLASHG~1.7\INSTALL.LOG

foobar2000 v0.9.5.2-->"C:\Program Files\foobar2000\uninstall.exe"

Foxit Reader 5.1-->"C:\Program Files\Foxit Reader\unins000.exe"

Gabest MPEG Splitter (remove only)-->"C:\Program Files\Gabest MPEG Splitter\uninstall.exe"

GIGABYTE VGA @BIOS-->MsiExec.exe /I{AA12545D-5EB8-4078-AFD9-8E8DC0AE3A76}

Google Earth Plug-in-->MsiExec.exe /X{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

GPU Caps Viewer 1.15.0-->"C:\Program Files\GPU_Caps_Viewer\unins000.exe"

Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"

HDD Regenerator-->MsiExec.exe /X{97A39919-9FEA-48B7-AB2B-4F99212D1E98}

ImageShack Uploader 2.2.0-->MsiExec.exe /X{8BCD7AE7-F713-4D50-BAB9-7839B9386870}

ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"

Intel® Graphics Media Accelerator Driver-->C:\Program Files\Intel\Intel® Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall

Intel® Processor ID Utility-->MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}

Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}

Java 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF}

LAV Filters (remove only)-->"C:\Program Files\LAV Filters\uninstall.exe"

LinuxLive USB Creator-->C:\Program Files\LinuxLive USB Creator\Uninstall.exe

Logitech SetPoint 6.32-->C:\Program Files\Common Files\LogiShrd\sp6_Uninstall\setup.exe

Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

marvell 91xx driver-->C:\Program Files\Marvell\mv91xx\uninst-91xx.exe

Marvell MRU V4-->C:\Program Files\Marvell\raid\uninstmru.exe

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"

Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}

Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}

Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS

Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

MONOGRAM AMR Splitter/Decoder (remove only)-->"C:\Program Files\MONOGRAM AMR SplitterDecoder\uninstall.exe"

Moyea FLV Editor Pro Version: 3.1.13.0-->"C:\Program Files\FLV Editor Pro\unins000.exe"

Mozilla Firefox (3.6.28)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MP4 Cutter 1.0-->"C:\Program Files\MP4 Cutter\unins000.exe"

MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}

Notepad++-->C:\Program Files\Notepad++\uninstall.exe

NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall

OpenSource AVI Splitter (remove only)-->"C:\Program Files\OpenSource AVI Splitter\uninstall.exe"

OpenSource DTS/AC3/DD+ Source Filter (remove only)-->"C:\Program Files\OpenSource DTSAC3DD+ Source Filter\uninstall.exe"

OpenSource Flash Video Splitter (remove only)-->"C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe"

PC Wizard 2010.1.96-->"C:\Program Files\CPUID\PC Wizard 2010\unins000.exe"

Python 2.7 Twisted-12.0.0-->MsiExec.exe /I{2E9D4ECD-62E1-4575-82A0-0002D6AB096A}

Ray Adams ATI Tray Tools-->"C:\Program Files\ATI Tray Tools\uninstall.exe"

RealMedia (remove only)-->"C:\Program Files\RealMedia\uninstall.exe"

REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -removeonly

Realtek HDMI Audio Driver for ATI-->RtaUpd.exe -k -m -nrg2709

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709

RichFLV-->msiexec /qb /x {5D38959D-2B4D-8AB0-FD1B-27C324E78DB0}

RichFLV-->MsiExec.exe /I{5D38959D-2B4D-8AB0-FD1B-27C324E78DB0}

SBR Poker 1.0.0-->"C:\Program Files\SBR Poker\unins000.exe"

SHOUTcast Source (remove only)-->"C:\Program Files\SHOUTcast Source\uninstall.exe"

Snagit 10-->MsiExec.exe /I{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}

SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

StreamTorrent 1.0-->"C:\Program Files\StreamTorrent 1.0\uninstall.exe"

Sygate Personal Firewall Pro-->MsiExec.exe /I{10B446B3-4DF4-4489-A168-8A98F7CD807E}

System Requirements Lab for Intel-->MsiExec.exe /I{EFE3D683-903C-4B58-AB8F-C68C69F33758}

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

TeamViewer 7-->C:\Program Files\TeamViewer\Version7\uninstall.exe

Veetle TV-->C:\Program Files\Veetle\UninstallVeetleTV.exe

VLC media player 1.1.11-->C:\Program Files\VideoLAN\VLC\uninstall.exe

VNC Enterprise Edition E4.4.0-->"C:\Program Files\VNC4\unins000.exe"

VNC Mirror Driver 1.8.0-->"C:\Program Files\VNC4\Mirror Driver\unins000.exe"

vShare.tv plugin 1.3-->C:\Program Files\vShare.tv plugin\uninst.exe

WinRAR 4.11 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe

XP Royale Theme-->C:\Temp\Resources\Themes\Uninstall_Royale_Theme.exe

ZEN Entertainment-->C:\Program Files\ZEN Poker\uninstall.exe

Zoom Player (remove only)-->"C:\Program Files\Zoom Player\uninstall.exe"

======Security center information======

FW: Sygate Personal Firewall Pro (disabled)

======System event log======

Computer Name: NONEYA-BIDNESS

Event Code: 7023

Message: The Network Location Awareness (NLA) service terminated with the following error:

The specified procedure could not be found.

Record Number: 19834

Source Name: Service Control Manager

Time Written: 20120303053008.000000-360

Event Type: error

User:

Computer Name: NONEYA-BIDNESS

Event Code: 7023

Message: The Network Location Awareness (NLA) service terminated with the following error:

The specified procedure could not be found.

Record Number: 19831

Source Name: Service Control Manager

Time Written: 20120303052955.000000-360

Event Type: error

User:

Computer Name: NONEYA-BIDNESS

Event Code: 7023

Message: The Network Location Awareness (NLA) service terminated with the following error:

The specified procedure could not be found.

Record Number: 19827

Source Name: Service Control Manager

Time Written: 20120303052942.000000-360

Event Type: error

User:

Computer Name: NONEYA-BIDNESS

Event Code: 7023

Message: The Network Location Awareness (NLA) service terminated with the following error:

The specified procedure could not be found.

Record Number: 19824

Source Name: Service Control Manager

Time Written: 20120303052930.000000-360

Event Type: error

User:

Computer Name: NONEYA-BIDNESS

Event Code: 7023

Message: The Network Location Awareness (NLA) service terminated with the following error:

The specified procedure could not be found.

Record Number: 19821

Source Name: Service Control Manager

Time Written: 20120303052921.000000-360

Event Type: error

User:

=====Application event log=====

Computer Name: NONEYA-BIDNESS

Event Code: 2004

Message: Unable to open the Server service. Server performance data

will not be returned. Error code returned is in data DWORD 0.

Record Number: 1221

Source Name: PerfNet

Time Written: 20111226103053.000000-360

Event Type: error

User:

Computer Name: NONEYA-BIDNESS

Event Code: 2004

Message: Unable to open the Server service. Server performance data

will not be returned. Error code returned is in data DWORD 0.

Record Number: 1220

Source Name: PerfNet

Time Written: 20111226102053.000000-360

Event Type: error

User:

Computer Name: NONEYA-BIDNESS

Event Code: 2004

Message: Unable to open the Server service. Server performance data

will not be returned. Error code returned is in data DWORD 0.

Record Number: 1219

Source Name: PerfNet

Time Written: 20111226101053.000000-360

Event Type: error

User:

Computer Name: NONEYA-BIDNESS

Event Code: 2004

Message: Unable to open the Server service. Server performance data

will not be returned. Error code returned is in data DWORD 0.

Record Number: 1218

Source Name: PerfNet

Time Written: 20111226100053.000000-360

Event Type: error

User:

Computer Name: NONEYA-BIDNESS

Event Code: 2004

Message: Unable to open the Server service. Server performance data

will not be returned. Error code returned is in data DWORD 0.

Record Number: 1217

Source Name: PerfNet

Time Written: 20111226095054.000000-360

Event Type: error

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Stream\bin\x86;C:\Python27;C:\Python27\Scripts;C:\Program Files\AMD APP\bin\x86;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Acronis\SnapAPI

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel

"PROCESSOR_REVISION"=170a

"NUMBER_OF_PROCESSORS"=4

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.py;.pyw

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"AMDAPPSDKROOT"=C:\Program Files\AMD APP\

"ATISTREAMSDKROOT"=C:\Program Files\ATI Stream\

-----------------EOF-----------------

;Services Startup Configuration Backup 4/15/2012 2:09:55 AM

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\A88xTuner]

"DisplayName"="BrPar"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adiusbaw]

"DisplayName"="ZDCNDIS5"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc]

"DisplayName"="Adobe Flash Player Update Service"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter]

"DisplayName"="Alerter"

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG]

"DisplayName"="Application Layer Gateway Service"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aolavupd]

"DisplayName"="REVOSENS"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt]

"DisplayName"="Application Management"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASNDIS5]

"DisplayName"="BTSLBCSP"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atimpab]

"DisplayName"="Alcaudsl"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AudioSrv]

"DisplayName"="Windows Audio"

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avg7rsxp]

"DisplayName"="S3savagemx"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgfwsrv]

"DisplayName"="Eloggersvc6"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgtdi]

"DisplayName"="Sffdisk"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avp]

"DisplayName"="Lyncusbserv"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\awhost32]

"DisplayName"="Fsssvc"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bcim]

"DisplayName"="Nvstor64"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bc_pat_f]

"DisplayName"="Avgems"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bdfdll]

"DisplayName"="TPwSav"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]

"DisplayName"="Background Intelligent Transfer Service"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser]

"DisplayName"="Computer Browser"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btaudio]

"DisplayName"="Slssvc"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bwmservice]

"DisplayName"="Pwkntmon"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ca-messagequeuing]

"DisplayName"="Btwdndis"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\caisafe]

"DisplayName"="Ooclevercacheagent"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CAMCAUD]

"DisplayName"="Zppinger"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\carboncopy32]

"DisplayName"="Advantage"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccdecode]

"DisplayName"="Sskbfd"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv]

"DisplayName"="ClipBook"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmpci]

"DisplayName"="DELTA"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\com4qlb]

"DisplayName"="W22n51"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COMSysApp]

"DisplayName"="COM+ System Application"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CPUCooLServer]

"DisplayName"="CPUCooLServer Service"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc]

"DisplayName"="CryptSvc"

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crystaloutputfileserver]

"DisplayName"="SNTIE"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CrystalSysInfo]

"DisplayName"="Symantecantibotfilter"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CTEAPSFX.DLL]

"DisplayName"="Websensecpmcommunicationagent"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CTEXFIFX.DLL]

"DisplayName"="Nabtsfec"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cvspydr2]

"DisplayName"="Ohci1394"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cwafrmiregistry]

"DisplayName"="Toshidpt"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CXAVXBAR]

"DisplayName"="Ehstart"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cxusb]

"DisplayName"="Mfebopk"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d-link_st3402]

"DisplayName"="Win32sl"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch]

"DisplayName"="DCOM Server Process Launcher"

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DeviceScanner]

"DisplayName"="Cvslock"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp]

"DisplayName"="DHCP Client"

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmadmin]

"DisplayName"="Logical Disk Manager Administrative Service"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmserver]

"DisplayName"="Logical Disk Manager"

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dns4meclient]

"DisplayName"="ATKFUSService"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache]

"DisplayName"="DNS Client"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dot3svc]

"DisplayName"="Wired AutoConfig"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dphost]

"DisplayName"="Pcnet"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drvnddm]

"DisplayName"="Oracle_load_balancer_60_server-forms6i"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dsproct]

"DisplayName"="Zebrmdm"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dvd_2K]

"DisplayName"="Pduip6000dmemcrdmgr"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dvpapi]

"DisplayName"="Avc"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost]

"DisplayName"="Extensible Authentication Protocol Service"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\enxpsvr]

"DisplayName"="Moufiltr"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epsonbidirectionalservice]

"DisplayName"="NetTcpPortSharing"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ERSvc]

"DisplayName"="Error Reporting Service"

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog]

"DisplayName"="Event Log"

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem]

"DisplayName"="COM+ Event System"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility]

"DisplayName"="Fast User Switching Compatibility"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fcprintservice]

"DisplayName"="RAPIProtocol"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\freesshdservice]

"DisplayName"="Wampmysqld"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FTSER2K]

"DisplayName"="CA561"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\G400DH]

"DisplayName"="Msmframework"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\genregistrar]

"DisplayName"="Pnkbstra"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GoProto]

"DisplayName"="Vci"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\haspnt]

"DisplayName"="Emu10k"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\helpsvc]

"DisplayName"="Help and Support"

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidServ]

"DisplayName"="HID Input Service"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hkmsvc]

"DisplayName"="Health Key and Certificate Management Service"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\houdinilicenseserver]

"DisplayName"="Rxfilter"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssSrv]

"DisplayName"="PID_PEPI"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTPFilter]

"DisplayName"="HTTP SSL"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hwdatacard]

"DisplayName"="DCamUSBMke2"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icollectservice]

"DisplayName"="Enum1394"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idisw2km]

"DisplayName"="Aslm75"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IDriverT]

"DisplayName"="InstallDriver Table Manager"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IFPUSB]

"DisplayName"="Diskperf"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IJPLMSVC]

"DisplayName"="Z800obex"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ImapiService]

"DisplayName"="IMAPI CD-Burning COM Service"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\inort]

"DisplayName"="Scdemu"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ireike]

"DisplayName"="UxTuneUp"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\issvc]

"DisplayName"="Fd16_700"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JavaQuickStarterService]

"DisplayName"="Java Quick Starter"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\k750mdm]

"DisplayName"="License"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KMW_SYS]

"DisplayName"="Tbiosdrv"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer]

"DisplayName"="Server"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation]

"DisplayName"="Workstation"

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LBTServ]

"DisplayName"="Logitech Bluetooth Service"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lilsgt]

"DisplayName"="Lusbaudio"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\liveupdate]

"DisplayName"="Sandrathesrv"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lmab_device]

"DisplayName"="Fasttx2k"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts]

"DisplayName"="TCP/IP NetBIOS Helper"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LMIRfsClientNP]

"DisplayName"="W700obex"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lpds]

"DisplayName"="Se59unic"

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lvckap]

"DisplayName"="Sysmgmthp"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lxcf_device]

"DisplayName"="SymIM"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\M2500]

"DisplayName"="WUSB54Gv4SVC"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mail2ec]

"DisplayName"="Dnetc"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Marvell RAID]

"DisplayName"="Marvell RAID Event Agent"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService]

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\merakcontrol]

"DisplayName"="Pfc"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]

"DisplayName"="Messenger"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Microsoft SharePoint Workspace Audit Service]

"DisplayName"="Microsoft SharePoint Workspace Audit Service"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mod7700]

"DisplayName"="Intelroam"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRENDIS5]

"DisplayName"="Lhidflt2"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRUWebService]

"DisplayName"="MRU Web Service"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSCamSvc]

"DisplayName"="Symmpi"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC]

"DisplayName"="Distributed Transaction Coordinator"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer]

"DisplayName"="Windows Installer"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ms_mpu401]

"DisplayName"="Pxfhmdfl"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\napagent]

"DisplayName"="Network Access Protection Agent"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE]

"DisplayName"="Network DDE"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm]

"DisplayName"="Network DDE DSDM"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon]

"DisplayName"="Net Logon"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nimdbgk]

"DisplayName"="Mi-raysat_3dsmax8"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nipsvc]

"DisplayName"="Scsiaccess"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nla]

"DisplayName"="Network Location Awareness (NLA)"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]

"DisplayName"="Oracleformsserver-forms60server-oraform"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\noipducservice]

"DisplayName"="Atitool"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtLmSsp]

"DisplayName"="NT LM Security Support Provider"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtmsSvc]

"DisplayName"="Removable Storage"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvmd]

"DisplayName"="Uleadburninghelper"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvsmu]

"DisplayName"="Nbservice"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nwlnkspx]

"DisplayName"="Tphdexlgsvc"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\omniserv]

"DisplayName"="Sunkfiltp"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\omniusbl]

"DisplayName"="Avg7rsxp"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oracle%oracle_home_service%clientcache80]

"DisplayName"="SANDRA"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oracleorahomehttpserver]

"DisplayName"="Veteboot"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OS Selector]

"DisplayName"="Acronis OS Selector activator"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ose]

"DisplayName"="Office Source Engine"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\osppsvc]

"DisplayName"="Office Software Protection Platform"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\p1131vid]

"DisplayName"="IOSLINK"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PBADRV]

"DisplayName"="Qcmerced"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCASp50]

"DisplayName"="KR3NPXP"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCISys]

"DisplayName"="W700mdm"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PD0620VID]

"DisplayName"="Licensemanagersocket"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pdfcreatormessages]

"DisplayName"="Pxfhmdm"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pdiddcci]

"DisplayName"="Avupdsvc"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pdlndqll]

"DisplayName"="W700mdfl"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pid_0928]

"DisplayName"="Ksthunk"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pktfilter]

"DisplayName"="PBADRV"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlay]

"DisplayName"="Plug and Play"

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pnkbstrk]

"DisplayName"="Npkcrypt"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]

"DisplayName"="IPSEC Services"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\procdd]

"DisplayName"="Acnusvc"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSSdk23]

"DisplayName"="Kbstuff"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QPSched]

"DisplayName"="Emclisrv"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto]

"DisplayName"="Remote Access Auto Connection Manager"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rasirda]

"DisplayName"="SE2Cbus"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan]

"DisplayName"="Remote Access Connection Manager"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdnaoflsvc]

"DisplayName"="Fuj02b1"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr]

"DisplayName"="Remote Desktop Help Session Manager"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess]

"DisplayName"="Routing and Remote Access"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\remoterecord]

"DisplayName"="Pnrouter"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]

"DisplayName"="Remote Registry"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RMSvc]

"DisplayName"="Mpfp"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rnadiagreceiver]

"DisplayName"="Se2Cunic"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcLocator]

"DisplayName"="Remote Procedure Call (RPC) Locator"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]

"DisplayName"="Remote Procedure Call (RPC)"

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RSVP]

"DisplayName"="QoS RSVP"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s116bus]

"DisplayName"="Ss_mdm"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s116mgmt]

"DisplayName"="Ibmcicstransactiongateway"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s116nd5]

"DisplayName"="Astcc"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s217unic]

"DisplayName"="Ipsraidn"

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s716obex]

"DisplayName"="Ftrtsvc"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SaiNtHid]

"DisplayName"="Isdrv122"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SamSs]

"DisplayName"="Security Accounts Manager"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\savrtpel]

"DisplayName"="Viamraid"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr]

"DisplayName"="Smart Card"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule]

"DisplayName"="Task Scheduler"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\screadspool]

"DisplayName"="NTIDrvr"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SE2Bmdm]

"DisplayName"="Regdefend"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\se2Cunic]

"DisplayName"="Arc"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\se44mgmt]

"DisplayName"="Protectionservice"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SeaPort]

"DisplayName"="Cacheserver"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS]

"DisplayName"="System Event Notification"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]

"DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)"

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShellHWDetection]

"DisplayName"="Shell Hardware Detection"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sis315]

"DisplayName"="TryAndDecideService"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smapint]

"DisplayName"="P3"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sonypvu1]

"DisplayName"="Pgpsdkservice"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spcstb]

"DisplayName"="MobilePreInstallerService"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice]

"DisplayName"="System Restore Service"

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRTSPL]

"DisplayName"="RushTopDevice"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sscdmdm]

"DisplayName"="DellAMBrokerService"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV]

"DisplayName"="SSDP Discovery Service"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ssoftservice]

"DisplayName"="Mdvrmng"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sstpsvc]

"DisplayName"="Useraccess"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\starwindservice]

"DisplayName"="Dtscsi"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stisvc]

"DisplayName"="Windows Image Acquisition (WIA)"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\StkScan]

"DisplayName"="Usbscan"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\STV680]

"DisplayName"="Bvrp_pci"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SwPrv]

"DisplayName"="MS Software Shadow Copy Provider"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog]

"DisplayName"="Performance Logs and Alerts"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tandpl]

"DisplayName"="Cachemgr"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv]

"DisplayName"="Telephony"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\telnet]

"DisplayName"="ASUSVRC"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService]

"DisplayName"="Terminal Services"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tfsnudf]

"DisplayName"="Ssfs0509"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes]

"DisplayName"="Themes"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tifm21]

"DisplayName"="EpmPsd"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]

"DisplayName"="Telnet"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TMHIDSRV]

"DisplayName"="Iwebcal"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmtdi]

"DisplayName"="KR10N"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\transarcafsdaemon]

"DisplayName"="Pnmsrv"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks]

"DisplayName"="Distributed Link Tracking Client"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tsmapip]

"DisplayName"="Digitizer"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost]

"DisplayName"="Universal Plug and Play Device Host"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS]

"DisplayName"="Uninterruptible Power Supply"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbcm]

"DisplayName"="SrvcEPECioctl"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBVCD]

"DisplayName"="Dlaopiom"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbvideo]

"DisplayName"="ELmou"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usb_rndisx]

"DisplayName"="Mfcom"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USB_RNDIS_XP]

"DisplayName"="Vpctcom"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UVCFTR]

"DisplayName"="Arhidfltr"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UWProSys]

"DisplayName"="Ageremodemaudio"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VAIOMediaPlatform-PhotoServer-UPnP]

"DisplayName"="W800mdm"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VC6SecS]

"DisplayName"="CADlink"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vcommmgr]

"DisplayName"="SQLAgent$LG_LP2"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\viairda]

"DisplayName"="Rsvchost"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VIAPFD]

"DisplayName"="Symantecantibotdriver"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VICESYS]

"DisplayName"="PNRPSvc"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmnetdhcp]

"DisplayName"="Nidomainservice"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vpcnfltr]

"DisplayName"="ZuneBusEnum"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VRcore]

"DisplayName"="Wmp54gv4svc"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS]

"DisplayName"="Volume Shadow Copy"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vusbbus]

"DisplayName"="Zpcache"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time]

"DisplayName"="Windows Time"

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W8100PCI]

"DisplayName"="Cdmservice"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient]

"DisplayName"="WebClient"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winmgmt]

"DisplayName"="Windows Management Instrumentation"

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wm]

"DisplayName"="Qbposdbservices"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmdmPmSN]

"DisplayName"="Portable Media Serial Number Service"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi]

"DisplayName"="Windows Management Instrumentation Driver Extensions"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApSrv]

"DisplayName"="WMI Performance Adapter"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wstcodec]

"DisplayName"="LVVI500A"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]

"DisplayName"="Automatic Updates"

"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVC]

"DisplayName"="Wireless Zero Configuration"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprov]

"DisplayName"="Network Provisioning Service"

"Start"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\z525bus]

"DisplayName"="MREMPR5"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\z525mdm]

"DisplayName"="RR2Mjpeg"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zendcoreapache]

"DisplayName"="Syntp"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zpmysql]

"DisplayName"="Sk99202k"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zpsc]

"DisplayName"="AtlsAud"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}]

"DisplayName"="Ndassvc"

"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{e2b953a6-195a-44f9-9ba3-3d5f4e32bb55}]

"DisplayName"="Papyjoy"

"Start"=dword:00000004

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.32

Windows XP Service Pack 3 x86

Internet Explorer 6 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Sygate Personal Firewall Pro

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

CCleaner

Java™ 6 Update 29

Java version out of date!

Adobe Flash Player 11.1.102.63

Mozilla Firefox (3.6.28) Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

``````````End of Log````````````

Link to post
Share on other sites

You are fortunate to have this system survived to this point.

Reminder again to you, and any other observers, do not take it upon yourself to assume that running specialized tools on your own is risk-free :excl:

You noted that you turned off services. You do so at your own risk. Turning off services that Windows needs will lead to deadlocks.

Your logs showed some peer-to-peer filesharing apps: uTorrent. Peer-to-peer filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

I need confirmation that you have de-installed uTorrent and any other p-2-p app before I proceed forward.

Link to post
Share on other sites

In all honesty I was never concerned. I've had my fair share of battles over the years. Also amassed an arsenal of PE enviroment and live CD's. Any inconvenience becomes a learning experience, just consumes alot time in some cases. Been a patron of blackvipers for years so I see tuning services as a necessity but times do occur when I wish I had some sort of dependency search.

Uninstalled utorrent and also vnc. Ready to proceed with your direction. Thought I should mention that when I reboot I still get the 1 second glimpse that is described here for that combofix description.

RC_successful.gif

Link to post
Share on other sites

You'll have to live with that (just press NO) until after we do all final cleanups.

Your RSIT log left a lot to be desired. I am going to ask for another log or two.

Be sure you COPY & PASTE.

Download and SAVE HijackThis

Save the HJT to your desktop or the folder of your choice, then navigate to that folder and double-click Hijackthis.exe to start it.

Do a "Scan and Save log". Copy and Paste the Hijackthis logs for review

Link to post
Share on other sites

Been working with this computer offline. Will continue to do so untill told other wise. Also sygate wouldn't start up on it earlier. Its service had been changed to manual but couldn't get it to ever start once I changed it just to auto so I reinstalled it in order to to update malwarebytes

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:34:32 AM, on 4/15/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\Snagit 10\SnagitBHO.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHG~1.7\jccatch.dll

O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\Snagit 10\SnagitIEAddin.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1.7\fgiebar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKCU\..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet v1.7\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet v1.7\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1.7\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1.7\flashget.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted IP range: http://127.0.0.1

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\raid\svc\mvraidsvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Acronis OS Selector activator (OS Selector) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--

End of file - 5415 bytes

Link to post
Share on other sites

This system does not show an antivirus program installed. I cannot go forward helping you unless you have one.

The chances of being re-infected once more are extremely high otherwise.

If cost is an issue, get one (and only one) of these free anti-virus programs. Save the setup program to your Desktop.

Avira Free for home use http://www.avira.com/en/avira-free-antivirus

MS Security Essentials http://windows.microsoft.com/en-US/windows/products/security-essentials

Avast http://www.avast.com/en-us/free-antivirus-download

Now then, run the Setup program for your new anti-virus program.

Bring up your new AV and do an UPDATE run to insure the new program is all up-to-date. Repeat until no more updates are found, and then logoff and restart system fresh.

Run a full scan of your system and save the log. Copy and paste the results.

Link to post
Share on other sites

04/15/2012 12:46

Scan of all local drives

File C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ipsec.sys.vir is infected by Win32:Aluroot-B [Rtk], Moved to chest

File C:\Qoobox\Quarantine\C\WINDOWS\system32\partmgr.dll.vir is infected by Win32:Sirefef-SM [Trj], Moved to chest

File C:\Qoobox\Quarantine\C\WINDOWS\system32\SPFDRV.dll.vir is infected by Win32:Sirefef-SM [Trj], Moved to chest

File C:\Qoobox\Quarantine\C\WINDOWS\system32\USB3Sw32.dll.vir is infected by Win32:Malware-gen, Moved to chest

File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP89\change.log.2 is infected by Win32:Agent-ANSR [PUP], Moved to chest

File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP89\change.log.3 is infected by Win32:Agent-ANSR [PUP], Moved to chest

File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP91\change.log.2 is infected by Win32:Agent-ANSR [PUP], Moved to chest

File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP91\change.log.3 is infected by Win32:Agent-ANSR [PUP], Moved to chest

File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP92\A0068815.sys is infected by Win32:Sirefef-PL [Rtk], Moved to chest

File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP92\A0068854.exe is infected by Win32:Malware-gen, Moved to chest

File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP92\A0068855.cl is infected by Unix:Malware-gen, Moved to chest

File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP92\A0068856.exe is infected by Win32:Malware-gen, Moved to chest

File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP92\A0068857.exe is infected by Win32:Malware-gen, Moved to chest

File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP92\A0068858.cl is infected by Unix:Malware-gen, Moved to chest

File C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP92\A0068865.exe is infected by Win32:Agent-ANSR [PUP], Moved to chest

Number of searched folders: 7651

Number of tested files: 76877

Number of infected files: 15

*

* avast! Scan Report

* This file is generated automatically

*

* Scan name: Full system scan

* Started on: Sunday, April 15, 2012 2:53:42 PM

* VPS: 120415-2, 04/15/2012

*

C:\Qoobox\Quarantine\39C\WINDOWS\system32\Drivers\ipsec.sys.vir (L) Win32:Aluroot-B [Rtk] (0)

C:\System Volume Information\_restore{240605D7-A625-4523-BA66-F49596D3FDEB}\RP92\A0068815.sys (L) Win32:Sirefef-PL [Rtk] (0)

Infected files: 2

Total files: 96957

Total folders: 8336

Total size: 642.1 GB

*

* Scan stopped: Sunday, April 15, 2012 3:35:54 PM

* Run-time was 42 minutes(s), 12 second(s)

*

Link to post
Share on other sites

Temporarily turn OFF your Avast antivirus so it does not interfere

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 2

Please read carefully and follow these steps.

  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

Please download Listparts

Run the tool, click Scan and post the log (Result.txt) it makes.

Step 4

Re-Enable your antivirus program

Reply with contents of the aswMBR log

TDSSKILLER log

Result.txt

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.