Jump to content

Another FBI Moneypak


Recommended Posts

Hi,

I was recently infected with this virus. I tried to go in to regular Safe Mode but the "Blocked" screen pops up even there.

I was able to successfully enter "Safe Mode Command prompt" and install mbam but I was unable to update the virus definitions because there is no network connectivity in this Safe Mode.

I've tried to delete this file, but I keep getting permission denied:

c:\documents and settings\administrator\wgsdgsdgdsgsd.dll

This is the first virus I have gotten that I was unable to resolve on my own by searching the web, so I was hoping someone could help me out.

This computer is running Windows XP.

I am including the dds.txt and attach.txt files (dss.scr was run while in Safe Mode-Command prompt).

Thanks!

DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.9.2

Run by Administrator at 17:54:17 on 2012-12-24

.

============== Running Processes ================

.

C:\WINDOWS\system32\svchost.exe -k netsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

mDefault_Page_URL = about:blank

uInternet Connection Wizard,ShellNext = hxxp://www.cio.att.com/

uProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85D7-B4DA413C5A9A} - c:\program files\virtual account numbers\CitiVANHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Virtual Account Numbers: {7A21A046-B886-4A62-9D69-EF2059B0A27B} - c:\program files\virtual account numbers\CitiVANToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [H/PC Connection Agent] "c:\program files\addon\activesync\wcescomm.exe"

mRun: [ATIModeChange] Ati2mdxx.exe

mRun: [ACU] "c:\program files\addon\atheros\ACU.exe" -nogui

mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Citi Virtual Account Numbers] c:\progra~1\virtua~1\CitiVAN.exe /lang=en_RG /dontopenmycards

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoWindowsUpdate = dword:0

mPolicies-Explorer: NoCDBurning = dword:1

mPolicies-Explorer: NoWindowsUpdate = dword:1

mPolicies-System: dontdisplaylastusername = dword:1

mPolicies-Windows\System: DisableGPO = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoWindowsUpdate = dword:1

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab

TCP: NameServer = 192.168.11.1

TCP: Interfaces\{8493BC2F-CAF9-4B2F-B970-A43B6D81949A} : DHCPNameServer = 192.168.11.1

Notify: IfxWlxEN - IfxWlxEN.dll

Notify: PSDNtfy - c:\program files\protecttools\embedded security software\PSDNtfy.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\bhm4hmsd.default\

FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npActiveGS.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmercoraPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - ExtSQL: 2012-11-27 16:16; citius@orbiscom; c:\program files\Virtual Account Numbers

.

============= SERVICES / DRIVERS ===============

.

R? aswFsBlk;aswFsBlk

R? aswSnx;aswSnx

R? aswSP;aswSP

R? avast! Antivirus;avast! Antivirus

R? CCDevice;CCDevice

R? CdpPacket;Cisco Discovery Protocol Packet Driver

R? ClntMgmt;HP Client Management Driver

R? Eacfilt;Eacfilt Miniport

R? ExtranetAccess;Contivity VPN Service

R? gupdate1ca446dd09092a0;Google Update Service (gupdate1ca446dd09092a0)

R? IPSECEXT;Nortel Extranet Access Protocol

R? MBAMProtector;MBAMProtector

R? MBAMScheduler;MBAMScheduler

R? MBAMService;MBAMService

R? McAfeeFramework;McAfee Framework Service

R? McShield;Network Associates McShield

R? McTaskManager;Network Associates Task Manager

R? NaiAvFilter1;NaiAvFilter1

R? NaiAvTdi1;NaiAvTdi1

R? SbieDrv;SbieDrv

R? Svc_DrInstal;Doctor Install

R? Synergy;Synergy

R? vsdatant;vsdatant

R? WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service

S? CONAN;CONAN

S? IFXTPM;IFXTPM

S? MbxStby;MbxStby

S? PersonalSecureDrive;PersonalSecureDrive

.

=============== File Associations ===============

.

FileExt: .scr: scrfile="%1" %*

FileExt: .reg: regfile=regedit.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-12-24 09:13:10 200568 ----a-w- c:\documents and settings\administrator\wgsdgsdgdsgsd.dll

2012-12-17 18:57:18 -------- d-----w- c:\documents and settings\administrator\application data\pokerth

2012-12-04 07:36:50 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Sun

2012-11-27 21:38:08 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-27 21:38:08 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-27 21:38:08 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-11-27 21:37:43 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-11-27 21:16:30 -------- d-----w- c:\program files\Virtual Account Numbers

2012-11-27 21:16:28 145920 ----a-w- c:\windows\system32\OBroker.exe

.

==================== Find3M ====================

.

2012-11-27 21:18:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-27 21:18:25 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr

2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 17:56:08.21 ===============</local>

attach.txt

Link to post
Share on other sites

Hello spaceclick and welcome to MalwareBytes forums.

Please do not use the "attach" feature when posting logs. Always Copy all & Paste directly into the reply box.

Use separate replies as needed.

See Grinler's article here

http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

See the section titled Automated Removal Instructions

Follow his instructions to get into Safe Mode with Networking

and do the rest of the steps listed after that (including the tool from from Emsisoft

Report back with the results.

xmas.gif

Link to post
Share on other sites

Hi, thanks for your reply.

As I stated in my initial posting, I can not go in to "Safe Mode with Networking" without the "FBI" screen poping up after I log in, preventing me from doing anything else. So I am unable to follow those instructions because it is impossible to "Start Internet Explorer" and download anything once that screen takes over my computer.

As indicated, the only "Safe Mode" that I can get in to without the "FBI" screen popping up is "Safe Mode with Command Prompt".

Thanks again!

Link to post
Share on other sites

You will need to use another system, and a blank CD, to create a XP boot CD. Or you may use the Windows XP operating CD (if you have it) and boot into the Recovery Console.

Please download ARCDC from Artellos.com.

  • Double click ARCDC.exe
  • Follow the dialog until you see 6 options. Please pick: Windows Professional SP2 & SP3
  • You will be prompted with a Terms of Use by Microsoft, please accept.
  • You will see a few dos screens flash by, this is normal.
  • Next you will be able to choose to add extra files. Select the Default Files.
  • The last window will allow you to burn the disk using BurnCDCC

Your ISO is located on your desktop.

Set your pc's BIOS boot option-sequence to boot from CD-drive first.

Place CD in the drive.

Power up the system and boot from it.

when at the command prompt, navigate to c:\documents and settings\administrator\wgsdgsdgdsgsd.dll

and then delete that dll

xmas.gif

Link to post
Share on other sites

When my PC boots up, it gives the option to start Windows XP or to start the Recovery Console. If I choose Recovery Console, it just seems to hang there indefinately.

So I put in my Win XP OS CD and booted from that and selected "R" for recovery console. Then selected "1. C"\Windows" for the windows.

I tried the following 3 things, and all produced the same response "Access is denied.":

c:\> cd "Documents and Settings"

c:\> cd "Documents and Settings\Administrator"

c:\> del "Documents and Settings\Administrator\wgsdgsdgdsgsd.dll"

Do I have to change permissions or something?

Thanks!

Link to post
Share on other sites

OK, well, since this is an old system running Winn XP, (my main system now runs Win7) I had totally forgotten that I had a copy of ERD Comander. So I booted that and was able to successfully rename that dll file and now the system boots up without the "Blocked" pop-up. It did pop up an error about not being able to run that renamed dll :-)

Anyway, is there anything else I should do to completely clean this machine? I am updating MBAM and running it now...

Link to post
Share on other sites

Yes.... Copy and Paste the contents of the last MBAM scan log.

Make sure the system is running Windows in normal mode, so that we can see everything that is active.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Close all open browsers at this point.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com
and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.
Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button
Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.
The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.
Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.
Step 6
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Step 7

See Grinler's article here

http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

See the section titled Automated Removal Instructions

Follow his instructions to get into Safe Mode with Networking

and do the rest of the steps listed after that (including the tool from from Emsisoft

Step 8

When all done, make sure to restart Windows in normal mode.

AND

RE-Enable your antivirus program.

Report back with the results.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log + Emsisoft-tool-log.

Use separate replies as needed if logs do not fit into one reply box.</will>

Edited by Maurice Naggar
Link to post
Share on other sites

OK, so I think I got rid of the "Blocked" malware, but now I have another problem. After I reboot, then log in, I get the normal desktop, but then Explorer hangs (there are no icons in the system tray). I can click on and start program icons on the desktop, but if I move the pointer to the task bar it just turns in to an hourglass and I can not do anything. Also if I start other programs (such as Firefox) it works OK until I need to download something, and then it also hangs. If I start up any file explorer windows, they also hang.

I did leave the computer running overnight (running the boot version of AVAST) and when I cam back to it thi morning, it was on the login screen and I was able to log in and Explorer was NOT hung. I am guessing that whatever causes it to hang had timed out or something by then, I am not sure why it worked that one time, but that seems to suggest that whatever is causing the hang is a program that starts before you log in.

When I reboot, Explorere hangs again. Also when I shutown the computer, it tells me it can not kill several programs (my wireless card's app, Explorer, etc.) and I have to tell it to force it to exit. Then somethimes it will reboot, but other times it just sits at the "Windows is shutting down..." screen indefinately.

Anyway, I ran MBAM first and it removed three things (all were, I believe, part of the "Blocked" malware.) I also ran the other things you suggested, I have included the logs below...

Malwarebytes Anti-Malware (Trial) 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.26.03

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 6.0.2900.2180

Administrator :: njpds01sc1649 [administrator]

Protection: Enabled

12/25/2012 11:21:49 PM

mbam-log-2012-12-25 (23-21-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 219799

Time elapsed: 8 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.bad (Trojan.FakeMS) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Logfile of random's system information tool 1.09 (written by random/random)

Run by Administrator at 2012-12-26 17:19:42

WIN_XP Service Pack 2

System drive C: has 18 GB (47%) free of 38 GB

Total RAM: 511 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:24:47 PM, on 12/26/2012

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Synergy\synergyd.exe

c:\WINDOWS\system32\IFXSPMGT.exe

C:\WINDOWS\Explorer.EXE

c:\WINDOWS\system32\IFXTCS.exe

C:\Program Files\addon\Atheros\ACU.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\addon\Activesync\wcescomm.exe

C:\PROGRA~1\addon\ACTIVE~1\rapimgr.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Synergy\synergys.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\data\downloads\RSIT.exe

C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cio.att.com/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ACU] "C:\Program Files\addon\Atheros\ACU.exe" -nogui

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\addon\Activesync\wcescomm.exe"

O4 - HKUS\S-1-5-21-1236889176-1945323513-1091443541-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-1236889176-1945323513-1091443541-500\..\Run: [H/PC Connection Agent] "C:\Program Files\addon\Activesync\wcescomm.exe" (User '?')

O4 - .DEFAULT User Startup: ropu.bat (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O14 - IERESET.INF: START_PAGE_URL=about:blank

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - http://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: PSDNtfy - c:\Program Files\ProtectTools\Embedded Security Software\PSDNtfy.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\system32\schdsrvc.exe

O23 - Service: Insight Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe

O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe

O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\IFXSPMGT.exe

O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\IFXTCS.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE

O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Guardeonic Solutions AG - c:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE

O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\addon\Sandboxie\SbieSvc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Synergy - Unknown owner - C:\Program Files\Synergy\synergyd.exe

--

End of file - 6033 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

C:\WINDOWS\tasks\avast! Emergency Update.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

C:\WINDOWS\tasks\OGALogon.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default

prefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8, {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.51, {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2, check4change-owner@mozdev.org:1.8.6, {00084897-021a-4361-8423-083407a033e0}:1.4, exif_viewer@mozilla.doslash.org:1.60, {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.5, {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:2.0.1, {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2.7, {289F3A4A-F3FF-4173-B994-DBC887E9C468}:0.3.5, redirectcleaner@example.net:1.3.0, {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6, {54BB9F3F-07E5-486c-9B39-C7398B99391C}:4.0.2011021601, {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3, {37fa1426-b82d-11db-8314-0800200c9a66}:2.7.10, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.3.300.262 Plugin

"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]

"Description"=DivX Web Player

"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0]

"Description"=DivX® Content Upload Plugin

"Path"=C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@freetoolsassociation.com/ActiveGS]

"Description"=ActiveGS

"Path"=undefinednpActiveGS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]

"Description"=Javaâ„¢ Deployment Toolkit

"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=8]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=0.8.6d]

"Description"=VLC Multimedia Plugin

"Path"=C:\data\apps\DVArchive\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.3]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

nsAxSecurityPolicy.js

nsILegitCheckPlugin.xpt

nsImercoraPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\

MercoraAxPlayer.msi

np32dsw.dll

npActiveGS.dll

npActiveGS.xpt

npLegitCheckPlugin.dll

npmercoraPlugin.dll

NPOFFICE.DLL

nppdf32.dll

npunagi2.dll

npunagi2.xpt

ShockwavePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\

amazondotcom.xml

answers.xml

bing.xml

creativecommons.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\

staged

twitternotifier@naan.net

{54BB9F3F-07E5-486c-9B39-C7398B99391C}

{e968fc70-8f95-4ab9-9e79-304de2a71ee1}

{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-27 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-27 155384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]

"ACU"=C:\Program Files\addon\Atheros\ACU.exe [2006-08-07 336014]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2005-02-04 15360]

"H/PC Connection Agent"=C:\Program Files\addon\Activesync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AeXAgentLogon]

C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe [2006-09-14 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

C:\WINDOWS\AGRSMMSG.exe [2003-08-14 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-11-25 335872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkAdmin]

C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE [2003-12-03 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]

C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2008-05-23 1011712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Doctor Install]

C:\Program Files\Doctor Install\InstallMgr.exe [2002-04-10 761856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-11 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

C:\Program Files\addon\Activesync\wcescomm.exe [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IfxSecurePlatformIndication]

c:\Program Files\ProtectTools\Embedded Security Software\SpTNA.exe [2003-10-17 73789]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

C:\Program Files\ltmoh\Ltmoh.exe [2003-08-14 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]

C:\Program Files\Network Associates\Common Framework\udaterui.exe [2008-11-10 136512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]

C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe [2003-10-07 147514]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDruntime]

c:\Program Files\ProtectTools\Embedded Security Software\PSDrt.EXE [2003-09-02 82344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Push Client]

C:\Documents and Settings\Administrator\Local Settings\Application Data\ATT Connect\Participant\pull.exe [2010-06-03 965872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

c:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe [2004-09-25 1691648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\start dr install service]

c:\winnt [2003-07-30 121935]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe [2007-09-25 75256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-07-15 618496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-07-15 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\X1FileMonitor.exe]

C:\Program Files\X1\X1FileMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^HotSync Manager.lnk]

C:\PROGRA~1\HANDSP~1\HOTSYNC.EXE [2002-05-22 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^X1 System Tray.lnk]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-10 738968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Global Network Client (Set auto-proxy).lnk]

C:\WINDOWS\Installer\{47BEA355-26AB-40EA-8984-72E83BFD9A8C}\Icon47BEA3551.ico [2005-09-23 29184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Global Network Client Monitor.lnk]

C:\WINDOWS\Installer\{47BEA355-26AB-40EA-8984-72E83BFD9A8C}\Icon4A6622C72.exe [2005-09-23 29184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IfxWlxEN]

C:\WINDOWS\system32\IfxWlxEN.dll [2003-10-17 352320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PSDNtfy]

c:\Program Files\ProtectTools\Embedded Security Software\PSDNtfy.dll [2003-09-02 49576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2005-02-04 239616]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=1

"legalnoticecaption"=

"legalnoticetext"=

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoWindowsUpdate"=0

"NoDriveAutoRun"=0x08000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoWindowsUpdate"=1

"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Nortel Networks\Extranet.exe"="C:\Program Files\Nortel Networks\Extranet.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:AT&T Extranet Access Client"

"%windir%\system32\MMC.exe"="%windir%\system32\MMC.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Microsoft Management Console (Computer Management)"

"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Microsoft NetMeeting"

"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:NAI McAfee VirusScan Common Framework Service"

"C:\Program Files\Altiris\Carbon Copy\SHELLKER.EXE"="C:\Program Files\Altiris\Carbon Copy\SHELLKER.EXE:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Carbon Copy"

"C:\Program Files\Altiris\Altiris Agent\PC Transplant\PCTWiz.exe"="C:\Program Files\Altiris\Altiris Agent\PC Transplant\PCTWiz.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris PC Transplant Wizard"

"C:\Program Files\Altiris\Altiris Agent\PC Transplant\PCTRTDestAgent.exe"="C:\Program Files\Altiris\Altiris Agent\PC Transplant\PCTRTDestAgent.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris PC Transplant Agent"

"C:\Program Files\AT&T Global Network Client\NetClient.exe"="C:\Program Files\AT&T Global Network Client\NetClient.exe:10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,135.0.0.0/255.0.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:Enabled:AT&T Global Network Client"

"C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary"

"C:\Program Files\addon\Activesync\rapimgr.exe"="C:\Program Files\addon\Activesync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\Program Files\addon\Activesync\wcescomm.exe"="C:\Program Files\addon\Activesync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\Program Files\addon\Activesync\WCESMgr.exe"="C:\Program Files\addon\Activesync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"C:\Documents and Settings\Administrator\Application Data\SBC\Q Team Link Messenger\Runtime\QTeamLinkMessenger.exe"="C:\Documents and Settings\Administrator\Application Data\SBC\Q Team Link Messenger\Runtime\QTeamLinkMessenger.exe:*:Enabled:QTeamLinkMessenger"

"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"

"C:\Program Files\Joost\xulrunner\tvprunner.exe"="C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner"

"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\addon\Veoh\VeohClient.exe"="C:\Program Files\addon\Veoh\VeohClient.exe:*:Disabled:Veoh Client"

"C:\Program Files\addon\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\addon\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"C:\Program Files\addon\Yahoo!\Messenger\YServer.exe"="C:\Program Files\addon\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"

"C:\Program Files\Cisco Systems\Cisco IP Communicator\AudioTuningWizard.exe"="C:\Program Files\Cisco Systems\Cisco IP Communicator\AudioTuningWizard.exe:*:Enabled:AudioTuningWizard"

"C:\Program Files\Cisco Systems\Cisco IP Communicator\communicatork9.exe"="C:\Program Files\Cisco Systems\Cisco IP Communicator\communicatork9.exe:*:Enabled:Cisco IP Communicator"

"C:\Program Files\Java\jre1.5.0_13\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_13\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary"

"C:\Program Files\Brother\Brmfl05a\FAXRX.exe"="C:\Program Files\Brother\Brmfl05a\FAXRX.exe:*:Enabled:PC-FAX Receive"

"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"

"C:\Program Files\SightSpeed\SightSpeed.exe"="C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed"

"C:\Program Files\WebEx\Connect\wbxcOIEx.exe"="C:\Program Files\WebEx\Connect\wbxcOIEx.exe:*:Enabled:wbxcOIEx"

"C:\Program Files\WebEx\Connect\connect.exe"="C:\Program Files\WebEx\Connect\connect.exe:*:Enabled:WebEx Connect"

"C:\WiRNS\WiRNS.exe"="C:\WiRNS\WiRNS.exe:*:Enabled:WiRNS"

"C:\Program Files\Synergy\synergys.exe"="C:\Program Files\Synergy\synergys.exe:*:Enabled:Synergy"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Nortel Networks\Extranet.exe"="C:\Program Files\Nortel Networks\Extranet.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:AT&T Extranet Access Client"

"%windir%\system32\MMC.exe"="%windir%\system32\MMC.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Microsoft Management Console (Computer Management)"

"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Microsoft NetMeeting"

"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:NAI McAfee VirusScan Common Framework Service"

"C:\Program Files\Altiris\Carbon Copy\SHELLKER.EXE"="C:\Program Files\Altiris\Carbon Copy\SHELLKER.EXE:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Carbon Copy"

"C:\Program Files\Altiris\Altiris Agent\PC Transplant\PCTWiz.exe"="C:\Program Files\Altiris\Altiris Agent\PC Transplant\PCTWiz.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris PC Transplant Wizard"

"C:\Program Files\Altiris\Altiris Agent\PC Transplant\PCTRTDestAgent.exe"="C:\Program Files\Altiris\Altiris Agent\PC Transplant\PCTRTDestAgent.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris PC Transplant Agent"

"C:\Program Files\AT&T Global Network Client\NetClient.exe"="C:\Program Files\AT&T Global Network Client\NetClient.exe:10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,135.0.0.0/255.0.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:Enabled:AT&T Global Network Client"

"C:\Program Files\addon\Activesync\rapimgr.exe"="C:\Program Files\addon\Activesync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\Program Files\addon\Activesync\wcescomm.exe"="C:\Program Files\addon\Activesync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\Program Files\addon\Activesync\WCESMgr.exe"="C:\Program Files\addon\Activesync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program Files\WebEx\Connect\connect.exe"="C:\Program Files\WebEx\Connect\connect.exe:*:Enabled:WebEx Connect"

"C:\Program Files\WebEx\Connect\wbxcOIEx.exe"="C:\Program Files\WebEx\Connect\wbxcOIEx.exe:*:Enabled:wbxcOIEx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux1"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"aux2"=wdmaud.drv

======File associations======

.reg - open - regedit.exe "%1" %*

.scr - open - "%1" %*

======List of files/folders created in the last 1 month======

2012-12-26 17:20:37 ----D---- C:\Program Files\trend micro

2012-12-26 17:19:42 ----D---- C:\rsit

2012-12-26 17:16:26 ----D---- C:\WINDOWS\ERDNT

2012-12-26 17:15:26 ----D---- C:\Program Files\ERUNT

2012-12-25 23:05:57 ----ASH---- C:\pagefile.sys

2012-12-24 04:24:34 ----A---- C:\WINDOWS\ntbtlog.txt

2012-12-24 04:15:16 ----A---- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js

2012-12-17 13:57:18 ----D---- C:\Documents and Settings\Administrator\Application Data\pokerth

2012-12-01 06:28:23 ----D---- C:\Program Files\Mozilla Firefox

2012-11-27 16:38:19 ----D---- C:\Documents and Settings\All Users\Application Data\Sun

2012-11-27 16:38:08 ----A---- C:\WINDOWS\system32\npDeployJava1.dll

2012-11-27 16:38:08 ----A---- C:\WINDOWS\system32\javaws.exe

2012-11-27 16:38:08 ----A---- C:\WINDOWS\system32\deployJava1.dll

2012-11-27 16:37:43 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll

2012-11-27 16:37:42 ----A---- C:\WINDOWS\system32\javaw.exe

2012-11-27 16:37:42 ----A---- C:\WINDOWS\system32\java.exe

2012-11-27 16:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee

======List of files/folders modified in the last 1 month======

2012-12-26 17:20:37 ----RD---- C:\Program Files

2012-12-26 17:17:31 ----D---- C:\WINDOWS\Temp

2012-12-26 17:16:26 ----D---- C:\WINDOWS

2012-12-26 09:48:49 ----D---- C:\WINDOWS\system32\CatRoot2

2012-12-26 00:32:02 ----D---- C:\Program Files\addon

2012-12-26 00:30:33 ----D---- C:\WINDOWS\system32

2012-12-26 00:29:46 ----D---- C:\WINDOWS\system32\drivers

2012-12-26 00:18:12 ----SHD---- C:\WINDOWS\CSC

2012-12-25 23:46:49 ----D---- C:\WINDOWS\Sun

2012-12-25 23:06:02 ----SHD---- C:\System Volume Information

2012-12-24 17:35:57 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$

2012-12-11 02:48:19 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc

2012-12-02 06:05:57 ----D---- C:\Program Files\Mozilla Maintenance Service

2012-11-27 16:38:18 ----SHD---- C:\WINDOWS\Installer

2012-11-27 16:38:18 ----SHD---- C:\Config.Msi

2012-11-27 16:37:06 ----D---- C:\Program Files\Java

2012-11-27 16:18:38 ----SD---- C:\WINDOWS\Downloaded Program Files

2012-11-27 16:18:25 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

2012-11-27 16:16:42 ----D---- C:\WINDOWS\WinSxS

2012-11-27 16:16:28 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]

R0 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-10-30 25256]

R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-10-30 35928]

R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-10-30 738504]

R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-10-30 361032]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-10-30 54232]

R1 CCDevice;CCDevice; C:\WINDOWS\system32\drivers\CCDevice.sys [2005-03-23 9216]

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2004-09-25 44288]

R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2004-09-25 24832]

R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2004-09-25 289792]

R1 ClntMgmt;HP Client Management Driver; C:\WINDOWS\System32\Drivers\ClntMgmt.sys [2003-10-29 59044]

R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2004-09-25 141184]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2005-02-04 36096]

R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2005-01-14 58464]

R1 PersonalSecureDrive;PersonalSecureDrive; C:\WINDOWS\System32\drivers\psd.sys [2003-09-02 33848]

R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2004-09-25 117632]

R1 UDFReadr;UDFReadr; C:\WINDOWS\system32\drivers\UDFReadr.sys [2004-09-25 200832]

R1 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []

R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-04-10 21275]

R2 agnwifi;AT&T Wi-Fi Support Driver; C:\WINDOWS\system32\DRIVERS\agnwifi.sys [2005-02-09 19328]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-10-30 21256]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-10-30 97608]

R2 CdpPacket;Cisco Discovery Protocol Packet Driver; C:\WINDOWS\system32\DRIVERS\CdpPacket.sys [2007-09-06 35692]

R2 cpqdfw;Diagnostics Driver; \??\C:\WINDOWS\system32\drivers\cpqdfw.sys []

R2 cq_mem;Diagnostics Memory Driver; \??\C:\WINDOWS\system32\drivers\cq_mem.sys []

R2 cqcpu;Diagnostics CPU Driver; \??\C:\WINDOWS\system32\drivers\cqcpu.sys []

R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]

R3 ABVPN2K;AGN VPN Client Miniport Interface; C:\WINDOWS\system32\DRIVERS\abvpn2k.sys [2004-12-21 164480]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-08-14 1196352]

R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-07-17 494080]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2003-12-02 641536]

R3 avpnnic;AGN Virtual Network Adapter; C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2003-04-04 13952]

R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2003-02-17 170880]

R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-28 182101]

R3 Eacfilt;Eacfilt Miniport; C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2004-04-16 9817]

R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2003-10-17 32640]

R3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-04-16 117760]

R3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 5689]

R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2004-09-25 23808]

R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-10-30 593408]

R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2003-07-15 270384]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2005-02-04 20480]

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]

S2 IPSECEXT;Nortel Extranet Access Protocol; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-04-16 117760]

S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]

S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]

S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]

S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]

S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]

S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2004-09-25 23936]

S3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []

S3 HidBth;Microsoft Bluetooth HID Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2004-08-03 25600]

S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]

S3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-01-14 108480]

S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\data\apps\NETSTU~1\NSNDIS5.SYS []

S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2002-05-22 15326]

S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]

S3 SbieDrv;SbieDrv; \??\C:\Program Files\addon\Sandboxie\SbieDrv.sys []

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]

S3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-07-17 494080]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2006-03-25 278613]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2005-02-04 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-11-27 161768]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 Synergy;Synergy; C:\Program Files\Synergy\synergyd.exe [2012-07-30 318536]

R3 IFXSpMgtSrv;Security Platform Management Service; c:\WINDOWS\system32\IFXSPMGT.exe [2003-10-17 122947]

R3 IFXTCS;Trusted Platform Core Service; c:\WINDOWS\system32\IFXTCS.exe [2003-10-17 364606]

S2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2005-02-04 14336]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-27 250808]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2003-12-02 385024]

S3 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2004-06-13 57344]

S3 CarbonCopyScheduler;Carbon Copy Scheduler; C:\WINDOWS\system32\schdsrvc.exe [2005-03-23 274432]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 CPQALERT;Insight Local Alerter; C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe [2003-12-03 512000]

S3 ExtranetAccess;Contivity VPN Service; C:\Program Files\Nortel Networks\Extranet_serv.exe [2004-04-16 643072]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-12-01 115168]

S3 NetCfgSvr;Network Configuration Service; C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE [2005-02-15 118784]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 PersonalSecureDriveService;Personal Secure Drive Service; c:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE [2003-09-02 106920]

S3 SbieSvc;Sandboxie Service; C:\Program Files\addon\Sandboxie\SbieSvc.exe [2012-06-17 75536]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2005-02-04 14336]

S4 AeXNSClient;Altiris Agent; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2006-09-14 1257472]

S4 CarbonCopy32;Altiris Carbon Copy; C:\WINDOWS\system32\ccsrvc.exe [2005-03-23 65536]

S4 cpqdmi;cpqdmi; C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe [2003-12-03 20480]

S4 gupdate1ca446dd09092a0;Google Update Service (gupdate1ca446dd09092a0); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-11-11 133104]

S4 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2008-11-10 103744]

S4 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\mcshield.exe [2004-09-22 221191]

S4 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\vstskmgr.exe [2004-09-22 28672]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

S4 Svc_DrInstal;Doctor Install; C:\Program Files\Doctor Install\DrInstalSvc.exe [2002-04-10 782336]

S4 WIN32SL;Win32Sl; C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe [2001-04-11 215552]

-----------------EOF-----------------

Link to post
Share on other sites

info.txt logfile of random's system information tool 1.09 2012-12-26 17:24:57

======Uninstall list======

-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall

-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe -maintain plugin

Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}

Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

Agere Systems AC'97 Modem-->agrsmdel

Agere V92 MOH Application-->ltremove.exe -a

Altiris Carbon Copy Solution Agent -->MsiExec.exe /X{BC13AD87-65E7-4963-A2DA-1ED419D3DC34}

Altiris Carbon Copy Solution Agent 6.1-->MsiExec.exe /x {BC13AD87-65E7-4963-A2DA-1ED419D3DC34} /qf

Altiris Software Delivery Solution Agent-->MsiExec.exe /X{A0A1EB01-A6FD-423A-8480-364055A7C961}

Altiris Task Synchronization Agent-->MsiExec.exe /X{2851123E-5786-41BE-A3F1-A9B21E499EEB}

AT&T Before You Call-->C:\Program Files\AT&T Before You Call\BeforeUCall.exe /uninstall

AT&T Connect Participant Application v8.9.35-->MsiExec.exe /X{CDD4495B-0424-42F0-8D89-70D47E21BD69}

AT&T Doctor Install-->MsiExec.exe /I{3DC0A1F2-038F-11D6-B897-00902799B4B8}

AT&T Extranet Access Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" Uninstall

AT&T ServicePass Verification Utility-->C:\Program Files\AT&T ServicePass\SrvcPass_Verify.exe /UNINSTALL C:\Program Files\AT&T ServicePass

Atheros Client Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly

ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup

Broadcom Gigabit Integrated Controller-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033

Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll

CCleaner-->"C:\Program Files\addon\CCleaner\uninst.exe"

Cisco IP Communicator-->MsiExec.exe /X{80D85DB3-F404-4688-B18C-024F53E86353}

Cisco WebEx Connect-->MsiExec.exe /X{EED0DAE4-F5A3-4166-94F3-76B23B1CD5C7}

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

Diagnostics for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1881AE03-2BD4-11D4-86BF-00508B10AA88}\SETUP.EXE" UNINSTALL

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB893357)-->"C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"

HP Integrated Wireless LAN W400-W500 Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C3DA2A1-03B2-44BD-B5AA-A44BD6E0C0C1}\SETUP.EXE" -l0x9

HP ProtectTools Embedded Security Software-->MsiExec.exe /I{C1648CA1-9B39-4C7E-94F1-791DE5557C54}

Insight Management Agent-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Compaq\Compaq Management Agents\DeIsL1.isu" -c"C:\Program Files\Compaq\Compaq Management Agents\cpqdmun.dll"

InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL

J2SE Runtime Environment 5.0 Update 13-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150130}

Java 2 Runtime Environment, SE v1.4.2_16-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142160}

Java 7 Update 9-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217009FF}

Knowledge Gateway-->MsiExec.exe /I{9B0F88A7-7994-473A-B27B-6F2F16D1C1A2}

McAfee Agent-->MsiExec.exe /X{36FE3EDA-0C18-48DE-934B-D9862F82A7A8}

McAfee Anti-Spyware Enterprise Module-->C:\Program Files\Network Associates\VirusScan\csscan.exe /UninstallMAS

McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}

Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}

Microsoft Office Live Meeting 2005-->MsiExec.exe /I{AB6972B2-CF5D-4CC8-AF4F-B5D6888AB120}

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

Mozilla Firefox 17.0.1 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

O2Micro MemoryCardBus Windows Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083} /l1033

Palm Desktop and Synchronization Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\Setup.exe" Uninstall

Q Enterprise Messenger 4.x-->MsiExec.exe /I{CA55B8B1-08C9-4554-A62D-6D4233BFD21E}

Roxio Easy Media Creator 7 Basic Edition-->MsiExec.exe /I{F4862B43-A087-4826-8C50-D41646EC7728}

Sandboxie 3.72 (32-bit)-->"C:\WINDOWS\Installer\SandboxieInstall32.exe" /remove

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"

Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"

Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"

Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"

Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"

Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"

Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"

Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"

Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"

Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"

Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"

Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"

Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"

Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"

Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"

Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"

Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"

Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"

Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"

Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"

Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"

Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"

Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"

Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"

Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"

Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"

Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"

Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981350)-->"C:\WINDOWS\$NtUninstallKB981350$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"

SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE"

Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Synergy-->C:\Program Files\Synergy\uninstall.exe

Theseus and the Minotaur-->C:\Program Files\addon\Theseus and the Minotaur\uninstall.exe

Total Uninstall 2.35-->"C:\Program Files\addon\Total Uninstall\unins000.exe"

Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"

Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"

Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Update for Windows XP (KB922580)-->"C:\WINDOWS\$NtUninstallKB922580$\spuninst\spuninst.exe"

Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"

Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"

Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"

Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"

Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"

Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"

Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"

Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"

VLC media player 2.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe

VNC Free Edition 4.1.2-->"C:\Program Files\addon\RealVNC\VNC4\unins000.exe"

WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe

Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe

Windows XP Hotfix - KB885626-->C:\WINDOWS\$NtUninstallKB885626$\spuninst\spuninst.exe

Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe

Windows XP Hotfix - KB887816-->C:\WINDOWS\$NtUninstallKB887816$\spuninst\spuninst.exe

Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe

Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe

Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe

Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"

Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"

WinZip-->"c:\progra~1\winzip\WINZIP32.EXE" /uninstall

x.hlp WebGuide_eng-->MsiExec.exe /I{53BCF0AA-1895-4791-800C-EBBB59E80825}

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\Bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;c:\Program Files\Common Files\Roxio Shared\DLLShared;C:\data\apps\IsoBuster

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel

"PROCESSOR_REVISION"=0d06

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"WIN32DMIPATH"=C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32

-----------------EOF-----------------

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.56

Windows XP Service Pack 2 x86

Out of date service pack!!

Internet Explorer 6 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

McAfee Anti-Spyware Enterprise Module

CCleaner

Java 7 Update 9

Java 2 Runtime Environment, SE v1.4.2_16

Adobe Flash Player 11.3.300.262

Adobe Reader 8 Adobe Reader out of Date!

Mozilla Firefox (17.0.1)

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 9%

````````````````````End of Log``````````````````````

RogueKiller V8.4.1 [Dec 24 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version

Started in : Normal mode

User : Administrator [Admin rights]

Mode : Scan -- Date : 12/26/2012 19:06:15

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[RUN][PREVRUN] HKLM\[...]\Run : BluetoothAuthenticationAgent (rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent) -> FOUND

[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] b31e86e07ddd48c8c32b7e9c237151f5

[bSP] 67991a84ebb17a27d627fb249ffe168b : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38146 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[5]_S_12262012_02d1906.txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5]_S_12262012_02d1906.txt

Link to post
Share on other sites

Backdoor trojan warning:

This system has some serious backdoor trojans.

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

See this article on creating strong passwords http://www.microsoft.com/security/online-privacy/passwords-create.aspx

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx

Help: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspx

Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspx

Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.asp

Let me know what you decide.

IF you decide to proceed with cleaning what is left, then

Please do NOT run any fixes on your own, nor get tools on your own. Just only follow my guidance.

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
  • This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Step 3

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
    Put a check next to all of these and uncheck the rest: (if found)
    [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
  • Then click on Delete on the right hand column under Options.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

P.S. Do NOT do any websurfing, online banking, online shopping, or games !

Your system is lacking XP Service pack 3.

The java runtime is out-of-date and insecure.

Link to post
Share on other sites

I believe I was just recently infected and I don't do any banking on this machine. It is pretty much just my secondary/spare machine that is used infrequently.

Can you point out what in the logs shows this trojan? Is it just the three items that were found and deleted by MBAM? Are those separate items or all part of the original "FBI Moneypak" malware?

As far as all the disabled services, I disabled many of them myself to conserve memory (this PC only has 512MB of memory) and did not install SP3 because of some legacy apps that I was not sure were compatible with it. I can install SP3 if you feel it is necessary.

I have also uninstalled all versions of Java on this machine, as I believe that was the point of entry for the malware.

I would like to clean this machine as best possible, as there are some apps that I would be unable to reinstall if I were to do a wipe and reinstall the OS.

I have completed all the steps from your last post; below is the output requested, thanks again!

Rkill 2.4.5 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/27/2012 12:50:58 PM in x86 mode.

Windows Version: Microsoft Windows XP Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\acs.exe (PID: 1212) [WD-HEUR]

* c:\WINDOWS\system32\IFXSPMGT.exe (PID: 900) [WD-HEUR]

* c:\WINDOWS\system32\IFXTCS.exe (PID: 1560) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = dword:00000001

Checking Windows Service Integrity:

* System Restore Service (srservice) is not Running.

Startup Type set to: Automatic

* Windows Management Instrumentation (winmgmt) is not Running.

Startup Type set to: Automatic

* Security Center (wscsvc) is not Running.

Startup Type set to: Automatic

* System Restore Filter Driver (sr) is not Running.

Startup Type set to: Disabled

* winmgmt => C:\DOCUME~1\ADMINI~1\wgsdgsdgdsgsd.dll [incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/27/2012 12:52:15 PM

Execution time: 0 hours(s), 1 minute(s), and 17 seconds(s)

RogueKiller V8.4.1 [Dec 24 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version

Started in : Normal mode

User : Administrator [Admin rights]

Mode : Scan -- Date : 12/27/2012 13:06:52

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[RUN][PREVRUN] HKLM\[...]\Run : BluetoothAuthenticationAgent (rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] b31e86e07ddd48c8c32b7e9c237151f5

[bSP] 67991a84ebb17a27d627fb249ffe168b : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38146 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[8]_S_12272012_02d1306.txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5]_S_12262012_02d1906.txt ;

RKreport[6]_S_12272012_02d1302.txt ; RKreport[7]_D_12272012_02d1304.txt ; RKreport[8]_S_12272012_02d1306.txt

Link to post
Share on other sites

The "FBI" ransomware is reason enough to suspect "trojans".

You should not have disabled Windows services willy-nilly. I sure hope you had not disabled some critical ones.

And for sure, you should be on XP Service pack 3.

BTW, I've in the past run Win XP-SP3 on an ancient system with only 384 MB RAM.

You surely can manage well enough with 512 MB.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member spaceclick only. If you are a casual viewer, do NOT try this on your system!

If you are not spaceclick and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2

Logoff and Restart the system fresh.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe cf-icon.jpg accept the EULA & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & Copy / Paste the contents of C:\Combofix.txt log and tell me, How is the system now ?

RE-Enable your AntiVirus and AntiSpyware applications.

Link to post
Share on other sites

I am still working through the steps, here is the first log...

15:04:54.0743 3592 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

15:04:56.0796 3592 ============================================================

15:04:56.0796 3592 Current date / time: 2012/12/28 15:04:56.0796

15:04:56.0796 3592 SystemInfo:

15:04:56.0796 3592

15:04:56.0796 3592 OS Version: 5.1.2600 ServicePack: 2.0

15:04:56.0796 3592 Product type: Workstation

15:04:56.0796 3592 ComputerName: nc6000

15:04:56.0796 3592 UserName: Administrator

15:04:56.0796 3592 Windows directory: C:\WINDOWS

15:04:56.0796 3592 System windows directory: C:\WINDOWS

15:04:56.0796 3592 Processor architecture: Intel x86

15:04:56.0796 3592 Number of processors: 1

15:04:56.0796 3592 Page size: 0x1000

15:04:56.0796 3592 Boot type: Normal boot

15:04:56.0796 3592 ============================================================

15:05:02.0004 3592 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1430, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054

15:05:02.0134 3592 ============================================================

15:05:02.0134 3592 \Device\Harddisk0\DR0:

15:05:02.0134 3592 MBR partitions:

15:05:02.0134 3592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A817B1

15:05:02.0134 3592 ============================================================

15:05:02.0214 3592 C: <-> \Device\Harddisk0\DR0\Partition1

15:05:02.0214 3592 ============================================================

15:05:02.0214 3592 Initialize success

15:05:02.0214 3592 ============================================================

15:05:14.0412 2644 ============================================================

15:05:14.0412 2644 Scan started

15:05:14.0412 2644 Mode: Manual;

15:05:14.0412 2644 ============================================================

15:05:15.0163 2644 ================ Scan system memory ========================

15:05:15.0163 2644 System memory - ok

15:05:15.0173 2644 ================ Scan services =============================

15:05:15.0413 2644 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\data\downloads\emisoft\Run\a2ddax86.sys

15:05:15.0423 2644 A2DDA - ok

15:05:15.0644 2644 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys

15:05:15.0654 2644 Aavmker4 - ok

15:05:15.0654 2644 Abiosdsk - ok

15:05:15.0674 2644 abp480n5 - ok

15:05:15.0714 2644 [ 6DBB7F8D4BD6294658D10C3464E68749 ] ABVPN2K C:\WINDOWS\system32\DRIVERS\abvpn2k.sys

15:05:15.0714 2644 ABVPN2K - ok

15:05:15.0764 2644 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:05:15.0774 2644 ACPI - ok

15:05:15.0814 2644 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

15:05:15.0814 2644 ACPIEC - ok

15:05:15.0864 2644 [ 82F32486D1D740D78022EDB93C2C47E1 ] ACS C:\WINDOWS\system32\acs.exe

15:05:15.0874 2644 ACS - ok

15:05:16.0004 2644 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

15:05:16.0014 2644 AdobeFlashPlayerUpdateSvc - ok

15:05:16.0034 2644 adpu160m - ok

15:05:16.0084 2644 [ 3CB6AE5435987B1F8C83FD2730479878 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys

15:05:16.0094 2644 aeaudio - ok

15:05:16.0134 2644 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys

15:05:16.0144 2644 aec - ok

15:05:16.0194 2644 [ 91F3DF93F40A74D222CD166FE95DB633 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys

15:05:16.0194 2644 AegisP - ok

15:05:16.0314 2644 [ E4C9197E4B2C265AA562BAA149CC6E7D ] AeXNSClient C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe

15:05:16.0365 2644 AeXNSClient - ok

15:05:16.0425 2644 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys

15:05:16.0435 2644 AFD - ok

15:05:16.0525 2644 [ AFF071B6290776E1FA162837C35EAC78 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys

15:05:16.0565 2644 AgereSoftModem - ok

15:05:16.0595 2644 [ 685443AFA5D1A94C5F47E4846B0E4C3D ] agnwifi C:\WINDOWS\system32\DRIVERS\agnwifi.sys

15:05:16.0605 2644 agnwifi - ok

15:05:16.0635 2644 [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys

15:05:16.0645 2644 agp440 - ok

15:05:16.0655 2644 Aha154x - ok

15:05:16.0675 2644 aic78u2 - ok

15:05:16.0695 2644 aic78xx - ok

15:05:16.0725 2644 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll

15:05:16.0735 2644 Alerter - ok

15:05:16.0755 2644 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe

15:05:16.0755 2644 ALG - ok

15:05:16.0775 2644 AliIde - ok

15:05:16.0795 2644 amsint - ok

15:05:16.0825 2644 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

15:05:16.0825 2644 AppMgmt - ok

15:05:16.0905 2644 [ 67ECB41E049BF13CCA7A34B8D064757C ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys

15:05:16.0925 2644 AR5211 - ok

15:05:16.0945 2644 asc - ok

15:05:16.0965 2644 asc3350p - ok

15:05:16.0985 2644 asc3550 - ok

15:05:17.0346 2644 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

15:05:17.0406 2644 aspnet_state - ok

15:05:17.0456 2644 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys

15:05:17.0466 2644 aswFsBlk - ok

15:05:17.0496 2644 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys

15:05:17.0496 2644 aswMon2 - ok

15:05:17.0536 2644 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys

15:05:17.0546 2644 AswRdr - ok

15:05:17.0616 2644 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys

15:05:17.0646 2644 aswSnx - ok

15:05:17.0696 2644 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys

15:05:17.0716 2644 aswSP - ok

15:05:17.0757 2644 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys

15:05:17.0757 2644 aswTdi - ok

15:05:17.0797 2644 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:05:17.0807 2644 AsyncMac - ok

15:05:17.0847 2644 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

15:05:17.0847 2644 atapi - ok

15:05:17.0867 2644 Atdisk - ok

15:05:17.0907 2644 [ 74861E44690029BF25A99CF1AADCD8F4 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

15:05:17.0917 2644 Ati HotKey Poller - ok

15:05:17.0977 2644 [ 75410DDA533D6B0DF3689341079FF215 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

15:05:17.0997 2644 ati2mtag - ok

15:05:18.0027 2644 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:05:18.0027 2644 Atmarpc - ok

15:05:18.0077 2644 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

15:05:18.0087 2644 AudioSrv - ok

15:05:18.0107 2644 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

15:05:18.0117 2644 audstub - ok

15:05:18.0207 2644 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

15:05:18.0207 2644 avast! Antivirus - ok

15:05:18.0247 2644 [ 84632BB018CDB66B366EAD809BB0A426 ] avpnnic C:\WINDOWS\system32\DRIVERS\avpnnic.sys

15:05:18.0247 2644 avpnnic - ok

15:05:18.0277 2644 [ 0E72B88B05A5931C46EFA7D511D9AEB9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys

15:05:18.0297 2644 b57w2k - ok

15:05:18.0347 2644 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

15:05:18.0347 2644 Beep - ok

15:05:18.0387 2644 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll

15:05:18.0417 2644 BITS - ok

15:05:18.0478 2644 [ C711ED965009BDCFF9AA62CEB6FF1AAD ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe

15:05:18.0488 2644 Brother XP spl Service - ok

15:05:18.0518 2644 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll

15:05:18.0518 2644 Browser - ok

15:05:18.0578 2644 [ D24B8D1784C68A25060FFFBE8ED34B76 ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys

15:05:18.0578 2644 BthEnum - ok

15:05:18.0628 2644 [ 9DF0ADF74CE1D6371ED60CF92EB1D9A6 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys

15:05:18.0628 2644 BTHMODEM - ok

15:05:18.0668 2644 [ 10355270BE12641B9764235DA39DCF0F ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys

15:05:18.0678 2644 BthPan - ok

15:05:18.0728 2644 [ 95EF6F3F386D93EE1E4D9CA45A50252A ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys

15:05:18.0738 2644 BTHPORT - ok

15:05:18.0788 2644 [ A18CC8C9B3890B1B68BED213716FEF6B ] BthServ C:\WINDOWS\System32\bthserv.dll

15:05:18.0788 2644 BthServ - ok

15:05:18.0828 2644 [ F06D4CB9918B462A84D9AC00027EFC30 ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys

15:05:18.0838 2644 BTHUSB - ok

15:05:18.0878 2644 [ BF0BAD77EDB37338B9D25753647B9EC4 ] CarbonCopy32 C:\WINDOWS\system32\ccsrvc.exe

15:05:18.0878 2644 CarbonCopy32 - ok

15:05:18.0928 2644 [ B77E19EF73CDB68F1AB1BB376D4DEB1E ] CarbonCopyScheduler C:\WINDOWS\system32\schdsrvc.exe

15:05:18.0958 2644 CarbonCopyScheduler - ok

15:05:19.0008 2644 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

15:05:19.0008 2644 cbidf2k - ok

15:05:19.0028 2644 [ F68D9209421C0A8A78D082CEDD05BEF8 ] CCDevice C:\WINDOWS\system32\drivers\CCDevice.sys

15:05:19.0028 2644 CCDevice - ok

15:05:19.0048 2644 cd20xrnt - ok

15:05:19.0078 2644 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

15:05:19.0078 2644 Cdaudio - ok

15:05:19.0129 2644 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

15:05:19.0139 2644 Cdfs - ok

15:05:19.0179 2644 [ 96540C491B68D14C2A01EB2E61FAD130 ] CdpPacket C:\WINDOWS\system32\DRIVERS\CdpPacket.sys

15:05:19.0189 2644 CdpPacket - ok

15:05:19.0229 2644 [ 681A83E2B0AE8AB723A98A42EDB7629A ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys

15:05:19.0239 2644 Cdr4_xp - ok

15:05:19.0259 2644 [ 8732A257F57AAA718F0C587CF5D0B430 ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys

15:05:19.0259 2644 Cdralw2k - ok

15:05:19.0289 2644 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:05:19.0289 2644 Cdrom - ok

15:05:19.0349 2644 [ 65A9C15050C06829C8D907DBD39C13E1 ] cdudf_xp C:\WINDOWS\system32\drivers\cdudf_xp.sys

15:05:19.0359 2644 cdudf_xp - ok

15:05:19.0379 2644 Changer - ok

15:05:19.0419 2644 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe

15:05:19.0429 2644 CiSvc - ok

15:05:19.0449 2644 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

15:05:19.0459 2644 ClipSrv - ok

15:05:19.0499 2644 [ E062776A713195AC1023375C10B10528 ] ClntMgmt C:\WINDOWS\system32\Drivers\ClntMgmt.sys

15:05:19.0499 2644 ClntMgmt - ok

15:05:19.0559 2644 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:05:19.0779 2644 clr_optimization_v2.0.50727_32 - ok

15:05:19.0830 2644 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys

15:05:19.0840 2644 CmBatt - ok

15:05:19.0850 2644 CmdIde - ok

15:05:19.0870 2644 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys

15:05:19.0880 2644 Compbatt - ok

15:05:19.0890 2644 COMSysApp - ok

15:05:19.0940 2644 [ 32B0AC2449D9EF70B719BFAF631F998A ] CONAN C:\WINDOWS\system32\drivers\o2mmb.sys

15:05:19.0980 2644 CONAN - ok

15:05:20.0050 2644 [ 0C71CBCCFAB3281B235A0074D417BD2B ] CPQALERT C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe

15:05:20.0060 2644 CPQALERT - ok

15:05:20.0080 2644 Cpqarray - ok

15:05:20.0130 2644 [ 817BEC5F328518290AC42821EC3922CB ] cpqdfw C:\WINDOWS\system32\drivers\cpqdfw.sys

15:05:20.0130 2644 cpqdfw - ok

15:05:20.0170 2644 [ A408ECDC66768984CB26B4E7D721F91D ] cpqdmi C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe

15:05:20.0180 2644 cpqdmi - ok

15:05:20.0210 2644 [ BE43D9C71508CB4116CB56979D1CE820 ] cqcpu C:\WINDOWS\system32\drivers\cqcpu.sys

15:05:20.0210 2644 cqcpu - ok

15:05:20.0240 2644 [ CD6364F3ACB9B2094AB60671806A5B9C ] cq_mem C:\WINDOWS\system32\drivers\cq_mem.sys

15:05:20.0240 2644 cq_mem - ok

15:05:20.0280 2644 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

15:05:20.0280 2644 CryptSvc - ok

15:05:20.0300 2644 dac2w2k - ok

15:05:20.0320 2644 dac960nt - ok

15:05:20.0370 2644 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

15:05:20.0400 2644 DcomLaunch - ok

15:05:20.0450 2644 [ EF545E1A4B043DA4C84E230DD471C55F ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

15:05:20.0460 2644 Dhcp - ok

15:05:20.0500 2644 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

15:05:20.0500 2644 Disk - ok

15:05:20.0521 2644 dmadmin - ok

15:05:20.0601 2644 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

15:05:20.0631 2644 dmboot - ok

15:05:20.0661 2644 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys

15:05:20.0671 2644 dmio - ok

15:05:20.0691 2644 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

15:05:20.0691 2644 dmload - ok

15:05:20.0731 2644 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll

15:05:20.0731 2644 dmserver - ok

15:05:20.0781 2644 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

15:05:20.0781 2644 DMusic - ok

15:05:20.0821 2644 [ AAC8FFBFD61E784FA3BAC851D4A0BD5F ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

15:05:20.0831 2644 Dnscache - ok

15:05:20.0841 2644 dpti2o - ok

15:05:20.0871 2644 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

15:05:20.0871 2644 drmkaud - ok

15:05:20.0921 2644 [ 668FFA03397AA70AAE3BFF2C81775A59 ] DVDVRRdr_xp C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys

15:05:20.0931 2644 DVDVRRdr_xp - ok

15:05:20.0951 2644 [ 240EA965412F5DB3A6E587700C1FE4EA ] dvd_2K C:\WINDOWS\system32\drivers\dvd_2K.sys

15:05:20.0961 2644 dvd_2K - ok

15:05:21.0001 2644 [ 6C5C1D9B16D8F0FD17EE2C1B3E622330 ] Eacfilt C:\WINDOWS\system32\DRIVERS\eacfilt.sys

15:05:21.0011 2644 Eacfilt - ok

15:05:21.0051 2644 [ 755B51FBF57E39DB017BA4E6F3032C6F ] EntDrv51 C:\WINDOWS\system32\drivers\EntDrv51.sys

15:05:21.0051 2644 EntDrv51 - ok

15:05:21.0091 2644 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll

15:05:21.0101 2644 ERSvc - ok

15:05:21.0171 2644 [ 37561F8D4160D62DA86D24AE41FAE8DE ] Eventlog C:\WINDOWS\system32\services.exe

15:05:21.0191 2644 Eventlog - ok

15:05:21.0242 2644 [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem C:\WINDOWS\system32\es.dll

15:05:21.0262 2644 EventSystem - ok

15:05:21.0342 2644 [ FE0B4A19110434486648F97E291384B5 ] ExtranetAccess C:\Program Files\Nortel Networks\Extranet_serv.exe

15:05:21.0362 2644 ExtranetAccess - ok

15:05:21.0402 2644 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

15:05:21.0412 2644 Fastfat - ok

15:05:21.0462 2644 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

15:05:21.0492 2644 FastUserSwitchingCompatibility - ok

15:05:21.0512 2644 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

15:05:21.0512 2644 Fdc - ok

15:05:21.0542 2644 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys

15:05:21.0542 2644 Fips - ok

15:05:21.0572 2644 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

15:05:21.0582 2644 Flpydisk - ok

15:05:21.0612 2644 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys

15:05:21.0622 2644 FltMgr - ok

15:05:21.0752 2644 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

15:05:21.0752 2644 FontCache3.0.0.0 - ok

15:05:21.0782 2644 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:05:21.0782 2644 Fs_Rec - ok

15:05:21.0812 2644 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:05:21.0822 2644 Ftdisk - ok

15:05:21.0832 2644 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:05:21.0842 2644 Gpc - ok

15:05:21.0923 2644 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca446dd09092a0 C:\Program Files\Google\Update\GoogleUpdate.exe

15:05:21.0933 2644 gupdate1ca446dd09092a0 - ok

15:05:22.0003 2644 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

15:05:22.0023 2644 helpsvc - ok

15:05:22.0073 2644 [ CDA7C5208286249BA83ACA396CE84CF7 ] HidBth C:\WINDOWS\system32\DRIVERS\hidbth.sys

15:05:22.0083 2644 HidBth - ok

15:05:22.0113 2644 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll

15:05:22.0123 2644 HidServ - ok

15:05:22.0163 2644 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:05:22.0163 2644 HidUsb - ok

15:05:22.0183 2644 hpn - ok

15:05:22.0253 2644 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

15:05:22.0263 2644 HTTP - ok

15:05:22.0303 2644 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

15:05:22.0333 2644 HTTPFilter - ok

15:05:22.0353 2644 i2omgmt - ok

15:05:22.0363 2644 i2omp - ok

15:05:22.0393 2644 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:05:22.0393 2644 i8042prt - ok

15:05:22.0624 2644 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:05:22.0654 2644 idsvc - ok

15:05:22.0704 2644 [ 0A7D26A0DEB36C5DF191D82381959E3A ] IFXSpMgtSrv c:\WINDOWS\system32\IFXSPMGT.exe

15:05:22.0724 2644 IFXSpMgtSrv - ok

15:05:22.0774 2644 [ 7D5558BB909E123323DF29121CDB665A ] IFXTCS c:\WINDOWS\system32\IFXTCS.exe

15:05:22.0794 2644 IFXTCS - ok

15:05:22.0824 2644 [ D40EDFDEF560EB0612420A86F81FCDE5 ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS

15:05:22.0824 2644 IFXTPM - ok

15:05:22.0844 2644 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

15:05:22.0854 2644 Imapi - ok

15:05:22.0904 2644 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe

15:05:22.0914 2644 ImapiService - ok

15:05:22.0954 2644 ini910u - ok

15:05:22.0974 2644 IntelIde - ok

15:05:23.0024 2644 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:05:23.0034 2644 intelppm - ok

15:05:23.0054 2644 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

15:05:23.0064 2644 Ip6Fw - ok

15:05:23.0084 2644 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:05:23.0094 2644 IpFilterDriver - ok

15:05:23.0114 2644 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:05:23.0114 2644 IpInIp - ok

15:05:23.0164 2644 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:05:23.0174 2644 IpNat - ok

15:05:23.0204 2644 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:05:23.0204 2644 IPSec - ok

15:05:23.0264 2644 [ 0603467932AA1BD6DED70631368754EA ] IPSECEXT C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys

15:05:23.0264 2644 IPSECEXT - ok

15:05:23.0284 2644 [ 0603467932AA1BD6DED70631368754EA ] IPSECSHM C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys

15:05:23.0295 2644 IPSECSHM - ok

15:05:23.0335 2644 [ 86C204836FEEC22510D434982D4221B8 ] irda C:\WINDOWS\system32\DRIVERS\irda.sys

15:05:23.0345 2644 irda - ok

15:05:23.0385 2644 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

15:05:23.0385 2644 IRENUM - ok

15:05:23.0405 2644 [ A02512C315C84F475BD89F847048B27B ] Irmon C:\WINDOWS\System32\irmon.dll

15:05:23.0415 2644 Irmon - ok

15:05:23.0445 2644 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:05:23.0445 2644 isapnp - ok

15:05:23.0495 2644 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:05:23.0505 2644 Kbdclass - ok

15:05:23.0545 2644 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

15:05:23.0545 2644 kbdhid - ok

15:05:23.0585 2644 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

15:05:23.0595 2644 kmixer - ok

15:05:23.0665 2644 [ 674D3E5A593475915DC6643317192403 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

15:05:23.0675 2644 KSecDD - ok

15:05:23.0725 2644 [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

15:05:23.0745 2644 lanmanserver - ok

15:05:23.0815 2644 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll

15:05:23.0845 2644 LanmanWorkstation - ok

15:05:23.0855 2644 lbrtfdc - ok

15:05:23.0905 2644 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

15:05:23.0925 2644 LmHosts - ok

15:05:23.0975 2644 [ 4C32B247524F91DB486D21DCB84D9C23 ] MbxStby C:\WINDOWS\system32\drivers\MbxStby.sys

15:05:23.0975 2644 MbxStby - ok

15:05:24.0066 2644 [ A88A9713B2B9F7665945626560858E68 ] McAfeeFramework C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

15:05:24.0066 2644 McAfeeFramework - ok

15:05:24.0126 2644 [ FE7985DAE11FA70829762C5AF39DBB27 ] McShield C:\Program Files\Network Associates\VirusScan\mcshield.exe

15:05:24.0136 2644 McShield - ok

15:05:24.0166 2644 [ DAE0D925FA8D4AEC46E924A136B93A32 ] McTaskManager C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

15:05:24.0166 2644 McTaskManager - ok

15:05:24.0236 2644 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

15:05:24.0246 2644 MDM - ok

15:05:24.0276 2644 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll

15:05:24.0286 2644 Messenger - ok

15:05:24.0316 2644 [ 26A06FB2315AD15613420054107BE520 ] mmc_2K C:\WINDOWS\system32\drivers\mmc_2K.sys

15:05:24.0316 2644 mmc_2K - ok

15:05:24.0356 2644 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

15:05:24.0356 2644 mnmdd - ok

15:05:24.0396 2644 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

15:05:24.0406 2644 mnmsrvc - ok

15:05:24.0436 2644 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

15:05:24.0436 2644 Modem - ok

15:05:24.0466 2644 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:05:24.0476 2644 Mouclass - ok

15:05:24.0506 2644 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:05:24.0516 2644 mouhid - ok

15:05:24.0536 2644 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

15:05:24.0536 2644 MountMgr - ok

15:05:24.0596 2644 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

15:05:24.0596 2644 MozillaMaintenance - ok

15:05:24.0616 2644 mraid35x - ok

15:05:24.0666 2644 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:05:24.0676 2644 MRxDAV - ok

15:05:24.0737 2644 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:05:24.0757 2644 MRxSmb - ok

15:05:24.0787 2644 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

15:05:24.0807 2644 MSDTC - ok

15:05:24.0827 2644 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

15:05:24.0827 2644 Msfs - ok

15:05:24.0857 2644 [ EE55F5C64417CC369866D7EAFE9B07AB ] MSIRCOMM C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys

15:05:24.0867 2644 MSIRCOMM - ok

15:05:24.0877 2644 MSIServer - ok

15:05:24.0907 2644 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:05:24.0917 2644 MSKSSRV - ok

15:05:24.0977 2644 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:05:24.0977 2644 MSPCLOCK - ok

15:05:24.0997 2644 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

15:05:25.0007 2644 MSPQM - ok

15:05:25.0037 2644 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:05:25.0037 2644 mssmbios - ok

15:05:25.0067 2644 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

15:05:25.0077 2644 Mup - ok

15:05:25.0127 2644 [ BFAFB7203642EED61C405C4070017EFB ] NaiAvFilter1 C:\WINDOWS\system32\drivers\naiavf5x.sys

15:05:25.0137 2644 NaiAvFilter1 - ok

15:05:25.0157 2644 [ 577D668392ECA8F47442DB740A1DD76F ] NaiAvTdi1 C:\WINDOWS\system32\drivers\mvstdi5x.sys

15:05:25.0167 2644 NaiAvTdi1 - ok

15:05:25.0207 2644 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

15:05:25.0217 2644 NDIS - ok

15:05:25.0247 2644 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:05:25.0247 2644 NdisTapi - ok

15:05:25.0277 2644 [ 8D3CE6B579CDE8D37ACC690B67DC2106 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:05:25.0287 2644 Ndisuio - ok

15:05:25.0307 2644 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:05:25.0317 2644 NdisWan - ok

15:05:25.0337 2644 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

15:05:25.0347 2644 NDProxy - ok

15:05:25.0367 2644 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

15:05:25.0367 2644 NetBIOS - ok

15:05:25.0408 2644 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

15:05:25.0408 2644 NetBT - ok

15:05:25.0468 2644 [ 7FABD9AD048C45AD5367530259531DAF ] NetCfgSvr C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE

15:05:25.0478 2644 NetCfgSvr - ok

15:05:25.0528 2644 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe

15:05:25.0548 2644 NetDDE - ok

15:05:25.0568 2644 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

15:05:25.0588 2644 NetDDEdsdm - ok

15:05:25.0618 2644 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe

15:05:25.0628 2644 Netlogon - ok

15:05:25.0688 2644 [ 36739B39267914BA69AD0610A0299732 ] Netman C:\WINDOWS\System32\netman.dll

15:05:25.0708 2644 Netman - ok

15:05:25.0778 2644 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:05:25.0788 2644 NetTcpPortSharing - ok

15:05:25.0828 2644 [ 097722F235A1FB698BF9234E01B52637 ] Nla C:\WINDOWS\System32\mswsock.dll

15:05:25.0848 2644 Nla - ok

15:05:25.0908 2644 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

15:05:25.0908 2644 Npfs - ok

15:05:26.0028 2644 [ 53F7546E8DAEFB3A0813F5E19C4613C9 ] NSNDIS5 C:\data\apps\NETSTU~1\NSNDIS5.SYS

15:05:26.0028 2644 NSNDIS5 - ok

15:05:26.0089 2644 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

15:05:26.0119 2644 Ntfs - ok

15:05:26.0129 2644 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

15:05:26.0139 2644 NtLmSsp - ok

15:05:26.0209 2644 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

15:05:26.0239 2644 NtmsSvc - ok

15:05:26.0249 2644 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

15:05:26.0249 2644 Null - ok

15:05:26.0279 2644 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:05:26.0289 2644 NwlnkFlt - ok

15:05:26.0309 2644 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:05:26.0309 2644 NwlnkFwd - ok

15:05:26.0369 2644 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:05:26.0369 2644 ose - ok

15:05:26.0429 2644 [ F49E3B9FB2DD84FCA2F6310A147C43FE ] PalmUSBD C:\WINDOWS\system32\drivers\PalmUSBD.sys

15:05:26.0429 2644 PalmUSBD - ok

15:05:26.0459 2644 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

15:05:26.0469 2644 Parport - ok

15:05:26.0499 2644 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

15:05:26.0499 2644 PartMgr - ok

15:05:26.0529 2644 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

15:05:26.0539 2644 ParVdm - ok

15:05:26.0569 2644 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

15:05:26.0579 2644 PCI - ok

15:05:26.0589 2644 PCIDump - ok

15:05:26.0619 2644 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

15:05:26.0619 2644 PCIIde - ok

15:05:26.0669 2644 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys

15:05:26.0669 2644 Pcmcia - ok

15:05:26.0689 2644 PDCOMP - ok

15:05:26.0709 2644 PDFRAME - ok

15:05:26.0719 2644 PDRELI - ok

15:05:26.0739 2644 PDRFRAME - ok

15:05:26.0759 2644 perc2 - ok

15:05:26.0780 2644 perc2hib - ok

15:05:26.0850 2644 [ 60E5DDFB46F2653ED02639F9084971F0 ] PersonalSecureDrive C:\WINDOWS\System32\drivers\psd.sys

15:05:26.0850 2644 PersonalSecureDrive - ok

15:05:26.0890 2644 [ 879664446768D4225D6A95EE3EC4238B ] PersonalSecureDriveService c:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE

15:05:26.0890 2644 PersonalSecureDriveService - ok

15:05:26.0920 2644 [ 37561F8D4160D62DA86D24AE41FAE8DE ] PlugPlay C:\WINDOWS\system32\services.exe

15:05:26.0930 2644 PlugPlay - ok

15:05:26.0960 2644 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

15:05:26.0960 2644 PolicyAgent - ok

15:05:26.0980 2644 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:05:26.0990 2644 PptpMiniport - ok

15:05:27.0000 2644 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

15:05:27.0000 2644 ProtectedStorage - ok

15:05:27.0030 2644 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

15:05:27.0030 2644 PSched - ok

15:05:27.0090 2644 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys

15:05:27.0090 2644 PSI - ok

15:05:27.0110 2644 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:05:27.0120 2644 Ptilink - ok

15:05:27.0140 2644 [ 55B943F509ED863B86E685AEE1445890 ] pwd_2k C:\WINDOWS\system32\drivers\pwd_2k.sys

15:05:27.0140 2644 pwd_2k - ok

15:05:27.0150 2644 ql1080 - ok

15:05:27.0160 2644 Ql10wnt - ok

15:05:27.0170 2644 ql12160 - ok

15:05:27.0180 2644 ql1240 - ok

15:05:27.0190 2644 ql1280 - ok

15:05:27.0210 2644 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:05:27.0210 2644 RasAcd - ok

15:05:27.0240 2644 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll

15:05:27.0250 2644 RasAuto - ok

15:05:27.0280 2644 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys

15:05:27.0280 2644 Rasirda - ok

15:05:27.0300 2644 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:05:27.0310 2644 Rasl2tp - ok

15:05:27.0340 2644 [ D4BD2EEAB07FEF323F0A0CEECC954F51 ] RasMan C:\WINDOWS\System32\rasmans.dll

15:05:27.0360 2644 RasMan - ok

15:05:27.0380 2644 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:05:27.0380 2644 RasPppoe - ok

15:05:27.0400 2644 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

15:05:27.0400 2644 Raspti - ok

15:05:27.0450 2644 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:05:27.0450 2644 Rdbss - ok

15:05:27.0481 2644 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:05:27.0481 2644 RDPCDD - ok

15:05:27.0521 2644 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:05:27.0541 2644 rdpdr - ok

15:05:27.0591 2644 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

15:05:27.0591 2644 RDPWD - ok

15:05:27.0631 2644 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

15:05:27.0641 2644 RDSessMgr - ok

15:05:27.0671 2644 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

15:05:27.0671 2644 redbook - ok

15:05:27.0711 2644 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

15:05:27.0721 2644 RemoteAccess - ok

15:05:27.0761 2644 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

15:05:27.0771 2644 RemoteRegistry - ok

15:05:27.0821 2644 [ 99C4B74981A1413F142A3903130088CB ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys

15:05:27.0831 2644 RFCOMM - ok

15:05:27.0861 2644 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe

15:05:27.0871 2644 RpcLocator - ok

15:05:27.0911 2644 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] RpcSs C:\WINDOWS\system32\rpcss.dll

15:05:27.0921 2644 RpcSs - ok

15:05:27.0961 2644 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

15:05:27.0981 2644 RSVP - ok

15:05:28.0011 2644 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe

15:05:28.0021 2644 SamSs - ok

15:05:28.0141 2644 [ 1FBD21895B768CD40E83B86C18E6454F ] SbieDrv C:\Program Files\addon\Sandboxie\SbieDrv.sys

15:05:28.0151 2644 SbieDrv - ok

15:05:28.0212 2644 [ D5D875D6662F30C7FBF5F6879452B12B ] SbieSvc C:\Program Files\addon\Sandboxie\SbieSvc.exe

15:05:28.0212 2644 SbieSvc - ok

15:05:28.0272 2644 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

15:05:28.0292 2644 SCardSvr - ok

15:05:28.0332 2644 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll

15:05:28.0352 2644 Schedule - ok

15:05:28.0402 2644 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:05:28.0402 2644 Secdrv - ok

15:05:28.0442 2644 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll

15:05:28.0452 2644 seclogon - ok

15:05:28.0702 2644 [ 306F9390976E41063D21AB9AB6D48122 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe

15:05:28.0742 2644 Secunia PSI Agent - ok

15:05:28.0873 2644 [ 29C852880E9634F8C6BD77A4E68B5B34 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe

15:05:28.0893 2644 Secunia Update Agent - ok

15:05:28.0933 2644 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll

15:05:28.0953 2644 SENS - ok

15:05:28.0983 2644 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

15:05:29.0003 2644 serenum - ok

15:05:29.0033 2644 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

15:05:29.0053 2644 Serial - ok

15:05:29.0093 2644 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

15:05:29.0103 2644 Sfloppy - ok

15:05:29.0163 2644 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

15:05:29.0173 2644 SharedAccess - ok

15:05:29.0213 2644 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

15:05:29.0233 2644 ShellHWDetection - ok

15:05:29.0243 2644 Simbad - ok

15:05:29.0273 2644 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys

15:05:29.0273 2644 SMCIRDA - ok

15:05:29.0363 2644 [ 3A11ABB30C6A64173F99C8C42E76827C ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys

15:05:29.0383 2644 smwdm - ok

15:05:29.0443 2644 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

15:05:29.0443 2644 SoundMAX Agent Service (default) - ok

15:05:29.0463 2644 Sparrow - ok

15:05:29.0483 2644 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

15:05:29.0493 2644 splitter - ok

15:05:29.0543 2644 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe

15:05:29.0564 2644 Spooler - ok

15:05:29.0614 2644 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

15:05:29.0614 2644 sr - ok

15:05:29.0644 2644 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll

15:05:29.0674 2644 srservice - ok

15:05:29.0744 2644 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

15:05:29.0764 2644 Srv - ok

15:05:29.0814 2644 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

15:05:29.0834 2644 SSDPSRV - ok

15:05:29.0894 2644 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys

15:05:29.0894 2644 StillCam - ok

15:05:29.0954 2644 [ B6763F8534AC547CF1AF98AFDFF2EDC8 ] stisvc C:\WINDOWS\system32\wiaservc.dll

15:05:29.0984 2644 stisvc - ok

15:05:30.0074 2644 [ 58877933A8C9B5685BAE7FE50212BC34 ] Svc_DrInstal C:\Program Files\Doctor Install\DrInstalSvc.exe

15:05:30.0104 2644 Svc_DrInstal - ok

15:05:30.0134 2644 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

15:05:30.0134 2644 swenum - ok

15:05:30.0174 2644 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

15:05:30.0184 2644 swmidi - ok

15:05:30.0194 2644 SwPrv - ok

15:05:30.0214 2644 symc810 - ok

15:05:30.0234 2644 symc8xx - ok

15:05:30.0244 2644 sym_hi - ok

15:05:30.0265 2644 sym_u3 - ok

15:05:30.0355 2644 [ FCFE16A3C24D606D677121BAB421ABD1 ] Synergy C:\Program Files\Synergy\synergyd.exe

15:05:30.0365 2644 Synergy - ok

15:05:30.0425 2644 [ 0C1762FEF34B265498EF2F3BEF7F1D64 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys

15:05:30.0435 2644 SynTP - ok

15:05:30.0455 2644 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

15:05:30.0465 2644 sysaudio - ok

15:05:30.0505 2644 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

15:05:30.0535 2644 SysmonLog - ok

15:05:30.0585 2644 [ FB78839B36025AA286A51289ED28B73E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

15:05:30.0615 2644 TapiSrv - ok

15:05:30.0675 2644 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:05:30.0685 2644 Tcpip - ok

15:05:30.0715 2644 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

15:05:30.0715 2644 TDPIPE - ok

15:05:30.0745 2644 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

15:05:30.0745 2644 TDTCP - ok

15:05:30.0775 2644 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

15:05:30.0785 2644 TermDD - ok

15:05:30.0845 2644 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll

15:05:30.0865 2644 TermService - ok

15:05:30.0895 2644 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] Themes C:\WINDOWS\System32\shsvcs.dll

15:05:30.0915 2644 Themes - ok

15:05:30.0986 2644 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

15:05:31.0006 2644 TlntSvr - ok

15:05:31.0026 2644 TosIde - ok

15:05:31.0066 2644 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll

15:05:31.0086 2644 TrkWks - ok

15:05:31.0136 2644 [ E3F66AC25AC2A0B7FDA19DF4651DEF82 ] UDFReadr C:\WINDOWS\system32\drivers\UDFReadr.sys

15:05:31.0146 2644 UDFReadr - ok

15:05:31.0186 2644 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

15:05:31.0196 2644 Udfs - ok

15:05:31.0206 2644 ultra - ok

15:05:31.0266 2644 [ 7B2170EE3D858CE8FBE503904CC9B663 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

15:05:31.0286 2644 Update - ok

15:05:31.0336 2644 [ ACA5D98663D879C6BAAFCEA7E2F1B710 ] upnphost C:\WINDOWS\System32\upnphost.dll

15:05:31.0356 2644 upnphost - ok

15:05:31.0386 2644 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe

15:05:31.0406 2644 UPS - ok

15:05:31.0456 2644 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

15:05:31.0456 2644 usbaudio - ok

15:05:31.0486 2644 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:05:31.0496 2644 usbccgp - ok

15:05:31.0516 2644 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:05:31.0516 2644 usbehci - ok

15:05:31.0536 2644 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:05:31.0556 2644 usbhub - ok

15:05:31.0596 2644 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:05:31.0606 2644 USBSTOR - ok

15:05:31.0626 2644 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:05:31.0637 2644 usbuhci - ok

15:05:31.0667 2644 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

15:05:31.0667 2644 VgaSave - ok

15:05:31.0687 2644 ViaIde - ok

15:05:31.0707 2644 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

15:05:31.0717 2644 VolSnap - ok

15:05:31.0767 2644 [ 1E20D7EA65754E238D328DE157E6761E ] vsdatant C:\WINDOWS\system32\vsdatant.sys

15:05:31.0807 2644 vsdatant - ok

15:05:31.0877 2644 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe

15:05:31.0897 2644 VSS - ok

15:05:31.0957 2644 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll

15:05:31.0987 2644 W32Time - ok

15:05:32.0017 2644 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:05:32.0027 2644 Wanarp - ok

15:05:32.0057 2644 [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

15:05:32.0067 2644 wceusbsh - ok

15:05:32.0137 2644 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

15:05:32.0157 2644 Wdf01000 - ok

15:05:32.0167 2644 WDICA - ok

15:05:32.0197 2644 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

15:05:32.0197 2644 wdmaud - ok

15:05:32.0257 2644 [ 265F534EF76832435AFBF771EC97176D ] WebClient C:\WINDOWS\System32\webclnt.dll

15:05:32.0277 2644 WebClient - ok

15:05:32.0338 2644 [ 5D2CF23E26E7A8BB83FBCC2A3603390B ] WIN32SL C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

15:05:32.0348 2644 WIN32SL - ok

15:05:32.0438 2644 winmgmt - ok

15:05:32.0508 2644 [ 67ECB41E049BF13CCA7A34B8D064757C ] WLAN_400_500_SERVICE C:\WINDOWS\system32\DRIVERS\ar5211.sys

15:05:32.0518 2644 WLAN_400_500_SERVICE - ok

15:05:32.0568 2644 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

15:05:32.0578 2644 WmdmPmSN - ok

15:05:32.0668 2644 [ 1081C185AED0660B2B5F173C3E023B23 ] Wmi C:\WINDOWS\System32\advapi32.dll

15:05:32.0688 2644 Wmi - ok

15:05:32.0718 2644 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

15:05:32.0738 2644 WmiAcpi - ok

15:05:33.0109 2644 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

15:05:33.0179 2644 WmiApSrv - ok

15:05:33.0369 2644 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

15:05:33.0399 2644 WMPNetworkSvc - ok

15:05:33.0449 2644 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll

15:05:33.0469 2644 wscsvc - ok

15:05:33.0509 2644 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll

15:05:33.0529 2644 wuauserv - ok

15:05:33.0569 2644 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:05:33.0599 2644 WudfPf - ok

15:05:33.0629 2644 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:05:33.0639 2644 WudfRd - ok

15:05:33.0669 2644 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

15:05:33.0699 2644 WudfSvc - ok

15:05:33.0740 2644 [ 9BE3612A127478B34700BEF4ACBA554D ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

15:05:33.0780 2644 WZCSVC - ok

15:05:33.0820 2644 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

15:05:33.0840 2644 xmlprov - ok

15:05:33.0900 2644 ================ Scan global ===============================

15:05:33.0940 2644 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll

15:05:34.0000 2644 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll

15:05:34.0050 2644 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll

15:05:34.0110 2644 [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe

15:05:34.0130 2644 [Global] - ok

15:05:34.0130 2644 ================ Scan MBR ==================================

15:05:34.0150 2644 [ 2CDA0839C249E90E2E67B5C33D8EAAF4 ] \Device\Harddisk0\DR0

15:05:34.0370 2644 \Device\Harddisk0\DR0 - ok

15:05:34.0380 2644 ================ Scan VBR ==================================

15:05:34.0380 2644 [ 443E3D7EE7BDF1A73730618BD70D4902 ] \Device\Harddisk0\DR0\Partition1

15:05:34.0390 2644 \Device\Harddisk0\DR0\Partition1 - ok

15:05:34.0390 2644 ============================================================

15:05:34.0390 2644 Scan finished

15:05:34.0390 2644 ============================================================

15:05:34.0421 3276 Detected object count: 0

15:05:34.0421 3276 Actual detected object count: 0

Link to post
Share on other sites

I was still having issues with Explorer hanging after a reboot. I fixed the hanging by disabling "Atheros Wireless Network Adapter #2" in Device Manager, this is my main Wi-Fi device. I rebooted a couple times and no more hangs. I then ran ComboFix which caused another reboot without a hang.

After this, I then re-enabled the Atheros device in Device Manager and rebooted a couple times and it still is OK, no Explorer hangs. Hopefully this is fixed.

Here is the output from ComboFix...

ComboFix 12-12-28.02 - Administrator 12/28/2012 17:07:49.1.1 - x86

Running from: c:\data\downloads\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt

c:\program files\Common Files\Altiris_Icon.ico

c:\windows\Downloaded Program Files\Temp

c:\windows\system\MSVBVM50.DLL

c:\windows\system\VB40032.DLL

c:\windows\system32\NetGina.dll

c:\windows\system32\SET141.tmp

c:\windows\system32\SET143.tmp

c:\windows\system32\SET146.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\msvcr71.dll.int

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-28 )))))))))))))))))))))))))))))))

.

.

2012-12-27 05:51 . 2012-12-27 05:51 -------- d-----w- c:\program files\Common Files\Adobe

2012-12-27 05:20 . 2012-12-27 05:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Secunia PSI

2012-12-27 05:16 . 2012-12-27 05:16 -------- d-----w- c:\program files\Secunia

2012-12-26 22:20 . 2012-12-26 22:24 -------- d-----w- c:\program files\trend micro

2012-12-26 22:19 . 2012-12-26 22:24 -------- d-----w- C:\rsit

2012-12-26 22:15 . 2012-12-26 22:15 -------- d-----w- c:\program files\ERUNT

2012-12-24 09:15 . 2012-12-24 11:11 3032 ----a-w- c:\documents and settings\All Users\Application Data\dsgsdgdsgdsgw.js

2012-12-17 18:57 . 2012-12-17 18:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\pokerth

2012-12-04 07:36 . 2012-12-04 07:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-27 10:43 . 2012-06-29 19:42 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-27 10:43 . 2012-06-29 19:42 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-27 21:37 . 2012-11-27 21:38 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-11-27 21:37 . 2012-11-27 21:38 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-27 21:37 . 2012-11-27 21:38 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-30 23:51 . 2012-09-20 00:59 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 23:51 . 2012-09-20 00:59 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-10-30 23:51 . 2012-09-20 00:59 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 23:51 . 2012-09-20 00:59 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 23:51 . 2012-09-20 00:59 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-10-30 23:51 . 2012-09-20 00:59 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-10-30 23:51 . 2012-09-20 00:59 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 23:51 . 2012-09-20 00:59 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-10-30 23:51 . 2012-09-20 00:59 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 23:50 . 2012-09-20 00:59 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-12-01 11:28 . 2012-12-01 11:28 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\addon\Activesync\wcescomm.exe" [2006-11-13 1289000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2005-02-04 110592]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

ropu.bat [2004-2-9 103]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]

2003-10-17 19:53 352320 ----a-w- c:\windows\system32\IfxWlxEN.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSDNtfy]

2003-09-02 15:53 49576 ----a-w- c:\program files\ProtectTools\Embedded Security Software\PSDNtfy.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^X1 System Tray.lnk]

path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\X1 System Tray.lnk

backup=c:\windows\pss\X1 System Tray.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Global Network Client (Set auto-proxy).lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Global Network Client (Set auto-proxy).lnk

backup=c:\windows\pss\AT&T Global Network Client (Set auto-proxy).lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Global Network Client Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Global Network Client Monitor.lnk

backup=c:\windows\pss\AT&T Global Network Client Monitor.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\start dr install service]

c:\winnt\startsrv [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]

2006-08-07 23:15 336014 ----a-w- c:\program files\addon\Atheros\ACU.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 02:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AeXAgentLogon]

2006-09-14 06:42 139264 ----a-w- c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]

2003-08-14 13:11 88363 ----a-w- c:\windows\AGRSMMSG.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2003-11-26 01:10 335872 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkAdmin]

2003-12-03 19:03 81920 ----a-w- c:\progra~1\Compaq\COMPAQ~1\Chkadmin.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]

2008-05-23 21:30 1011712 ----a-w- c:\program files\Brother\ControlCenter2\brctrcen.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Doctor Install]

2002-04-10 17:00 761856 ----a-w- c:\program files\Doctor Install\InstallMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-11-11 06:54 133104 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IfxSecurePlatformIndication]

2003-10-17 19:58 73789 ----a-w- c:\program files\ProtectTools\Embedded Security Software\SpTNA.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]

2003-08-14 13:11 184320 ----a-w- c:\program files\ltmoh\ltmoh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]

2008-11-10 20:00 136512 ----a-w- c:\program files\Network Associates\Common Framework\UdaterUI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]

2003-10-07 13:48 147514 ----a-w- c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDruntime]

2003-09-02 15:52 82344 ----a-w- c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Push Client]

2010-06-03 20:17 965872 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\ATT Connect\Participant\pull.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

2004-09-25 06:37 1691648 ----a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]

2004-09-23 00:00 94208 ----a-w- c:\program files\Network Associates\VirusScan\shstat.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2003-07-15 19:08 618496 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

2003-07-15 19:09 110592 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"= %windir%\system32\sessmgr.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:@xpsp2res.dll,-22019

"c:\program files\Nortel Networks\Extranet.exe"= c:\program files\Nortel Networks\Extranet.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:AT&T Extranet Access Client

"%windir%\system32\MMC.exe"= %windir%\system32\MMC.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Microsoft Management Console (Computer Management)

"c:\program files\NetMeeting\conf.exe"= c:\program files\NetMeeting\conf.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Microsoft NetMeeting

"c:\program files\Network Associates\Common Framework\FrameworkService.exe"= c:\program files\Network Associates\Common Framework\FrameworkService.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:NAI McAfee VirusScan Common Framework Service

"c:\program files\Altiris\Carbon Copy\SHELLKER.EXE"= c:\program files\Altiris\Carbon Copy\SHELLKER.EXE:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Carbon Copy

"c:\program files\AT&T Global Network Client\NetClient.exe"= c:\program files\AT&T Global Network Client\NetClient.exe:10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,135.0.0.0/255.0.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:Enabled:AT&T Global Network Client

"c:\program files\addon\Activesync\rapimgr.exe"= c:\program files\addon\Activesync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\addon\Activesync\wcescomm.exe"= c:\program files\addon\Activesync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\addon\Activesync\WCESMgr.exe"= c:\program files\addon\Activesync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Documents and Settings\\Administrator\\Application Data\\SBC\\Q Team Link Messenger\\Runtime\\QTeamLinkMessenger.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\AudioTuningWizard.exe"=

"c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"=

"c:\\data\\apps\\Halite\\Halite.exe"=

"c:\\Program Files\\Brother\\Brmfl05a\\FAXRX.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\WebEx\\Connect\\wbxcOIEx.exe"=

"c:\\Program Files\\WebEx\\Connect\\connect.exe"=

"c:\\WiRNS\\WiRNS.exe"=

"c:\\Program Files\\Synergy\\synergys.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"139:TCP"= 139:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:@xpsp2res.dll,-22004

"445:TCP"= 445:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:@xpsp2res.dll,-22005

"137:UDP"= 137:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:@xpsp2res.dll,-22001

"138:UDP"= 138:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:@xpsp2res.dll,-22002

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"8081:TCP"= 8081:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:NAI McAfee EPO

"9091:TCP"= 9091:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:NAI McAfee EPO

"52028:TCP"= 52028:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Agent (tickle)/WOL (Wake On LAN/Power Management)

"52029:TCP"= 52029:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Agent (tickle)/WOL (Wake On LAN/Power Management)

"137:TCP"= 137:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:NETBIOS – Altiris Network discovery/Inventory Solution

"161:UDP"= 161:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:SNMP - Altiris Network discovery/Inventory Solution

"162:UDP"= 162:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:SNMP - Altiris Network discovery/Inventory Solution

"1680:TCP"= 1680:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1681:UDP"= 1681:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1682:UDP"= 1682:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1683:UDP"= 1683:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1684:UDP"= 1684:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1685:UDP"= 1685:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1686:UDP"= 1686:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1687:UDP"= 1687:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1688:UDP"= 1688:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1689:UDP"= 1689:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1690:UDP"= 1690:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1691:UDP"= 1691:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1692:UDP"= 1692:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1693:UDP"= 1693:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1694:UDP"= 1694:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1695:UDP"= 1695:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1696:UDP"= 1696:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1697:UDP"= 1697:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1698:UDP"= 1698:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1699:UDP"= 1699:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1700:UDP"= 1700:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"1701:UDP"= 1701:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)

"4949:TCP"= 4949:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris PC Transplant Peer-To-Peer migration

"4949:UDP"= 4949:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris PC Transplant Peer-To-Peer migration

"41415:TCP"= 41415:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris PC Transplant Peer-To-Peer migration

"41415:UDP"= 41415:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris PC Transplant Peer-To-Peer migration

"9001:TCP"= 9001:TCP:10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,135.0.0.0/255.0.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:Enabled:Q Team-Link Messenger

"9002:TCP"= 9002:TCP:10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,135.0.0.0/255.0.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:Enabled:Q Team-Link Messenger

"9003:TCP"= 9003:TCP:10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,135.0.0.0/255.0.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:Enabled:Q Team-Link Messenger

"9004:TCP"= 9004:TCP:10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,135.0.0.0/255.0.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:Enabled:Q Team-Link Messenger

"9005:TCP"= 9005:TCP:10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,135.0.0.0/255.0.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:Enabled:Q Team-Link Messenger

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [x]

R3 ExtranetAccess;Contivity VPN Service;c:\program files\Nortel Networks\Extranet_serv.exe [x]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]

R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]

R3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\ar5211.sys [x]

R4 gupdate1ca446dd09092a0;Google Update Service (gupdate1ca446dd09092a0);c:\program files\Google\Update\GoogleUpdate.exe [x]

R4 Svc_DrInstal;Doctor Install;c:\program files\Doctor Install\DrInstalSvc.exe [x]

S1 A2DDA;A2 Direct Disk Access Support Driver;c:\data\downloads\emisoft\Run\a2ddax86.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 CCDevice;CCDevice; [x]

S1 ClntMgmt;HP Client Management Driver;c:\windows\system32\Drivers\ClntMgmt.sys [x]

S1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [x]

S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\DRIVERS\CdpPacket.sys [x]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]

S2 Synergy;Synergy;c:\program files\Synergy\synergyd.exe [x]

S3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [x]

S3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [x]

S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [x]

S3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{RUNONCE_ACTIVATESS1021}]

2000-04-12 16:32 184320 ----a-w- c:\windows\USERRU~1\runonce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 10:43]

.

2012-11-21 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-20 23:50]

.

2009-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-03 06:54]

.

2008-11-11 c:\windows\Tasks\GoogleUpdateTaskUser.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-11 06:54]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = hxxp://www.cio.att.com/

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-IndexSearch - c:\program files\ScanSoft\PaperPort\IndexSearch.exe

MSConfigStartUp-PaperPort PTD - c:\program files\ScanSoft\PaperPort\pptd40nt.exe

MSConfigStartUp-SSBkgdUpdate - c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

MSConfigStartUp-X1FileMonitor - c:\program files\X1\X1FileMonitor.exe

AddRemove-Sun Download Manager 2.0 (web) - c:\windows\system32\javaws.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-28 17:21

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(504)

c:\program files\ProtectTools\Embedded Security Software\PSDNtfy.dll

c:\windows\system32\IfxWlxEN.dll

.

- - - - - - - > 'explorer.exe'(2228)

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\system32\acs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\windows\system32\IFXSPMGT.exe

c:\windows\system32\IFXTCS.exe

c:\windows\system32\IPCONFIG.exe

c:\windows\system32\rundll32.exe

c:\progra~1\addon\ACTIVE~1\rapimgr.exe

.

**************************************************************************

.

Completion time: 2012-12-28 17:25:30 - machine was rebooted

ComboFix-quarantined-files.txt 2012-12-28 22:25

.

Pre-Run: 18,983,051,264 bytes free

Post-Run: 19,234,549,760 bytes free

.

- - End Of File - - 18B2B942C197B3205DDBA1C32BC06524

Link to post
Share on other sites

The system has a whole "raft" of open ports for

Altiris Remote Control (Carbon Copy)

What is that?

Is this a home system? or is this system used in business or organization?

You said

I then re-enabled the Atheros device in Device Manager and rebooted a couple times and it still is OK, no Explorer hangs. Hopefully this is fixed.
.

I hope so, as well.

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Accept the EULA & Download the latest version of >> Windows Offline << from here and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u10-windows-i586.exe to install the newest version.
    ( jre-7u10-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

Adobe Reader

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Add-or=Remove Programs, Un-install Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Check Windows services

Go to Start >> select Control Panel >> and go to Action Center or Security Center (as appropos)

What does it show for antivirus status?

What does it show for Firewall status ?

What does it show for Automatic Updates?

Did you or any other user of the system "disable any Windows services" ?

NEXT: Check for missing or disabled Windows services, by doing the following, and post detailed results when done !!

From Start button, select RUN (or Win-key +R) and in the run-text-box type in MSCONFIG and press OK or Enter.

On Vista or Windows 7, press Windows-key on keybooard, and type in MSCONFIG

You should see the General tab. Click the General tab. It should have Normal startup selected (in the radio-box=selection)

IF it does not, then you click on Normal startup.

Click on Services tab. To get it's display of services.

Keep a written list of any changes from my list of services below. That way you and I have a reference document.

Look at the bottom line Hide all Microsoft services

IF and only IF its is checkmarked, then un-check it.

the list of servies may be shown in non-alphabetical order, so ....

Look at the heading titled "Service". Click on it as needed so the list is sorted and top of list starts with the "A" services.

You can toggle as needed to get the desired order.

IF any of below services are NOT shown, don't panic & do not stop, just write down the info for me and proceed with the others !

Then using the scroll-bar scroll down the list

Look for COM+ Event System. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for COM+ System Application. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Ipsec Policy Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Remote Procedure Call (RPC). Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Management Instrumentation. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Installer. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Update. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

When done, press the Apply button, and the OK button.

You're likely to be prompted to Restart Windows, do so.

If not prompted, you do a Logoff and Restart of Windows.

Then report back here with details.

If any of the services are not shown, just let me know which.

FSS report

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into a new reply.

NEXT

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Link to post
Share on other sites

This PC is an old "work" PC and Altiris was used for remote access. I have a newer PC that is used for that now.

I have completely uninstalled all versions of Java on this PC, and did not install a new version, as I do not need it.

I have removed old version of Adobe Reader and installed latest version.

Security center is not running, nor is Firewall service (even though they are set to "Automatic" in services.msc.

I think this is due to serviceDLL pointing to that old virus file (see FSS output below).

I went through the services listed and most of them are there (with a check mark checked), but almost all of them are "Stopped".

These two were not there at all:

Ipsec policy agent - does not exist

Windows Update - does not exist

Below is FSS.txt, as you can see, it looks like the firewall and security center DLL is set to that virus file that no longer exists, I assume that is why those services no longer work.

Farbar Service Scanner Version: 23-12-2012

Ran by Administrator (administrator) on 30-12-2012 at 16:47:03

Running from "C:\data\downloads"

Microsoft Windows XP Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

sharedaccess Service is not running. Checking service configuration:

The start type of sharedaccess service is OK.

The ImagePath of sharedaccess service is OK.

The ServiceDll of sharedaccess service is OK.

winmgmt Service is not running. Checking service configuration:

The start type of winmgmt service is OK.

The ImagePath of winmgmt service is OK.

The ServiceDll of winmgmt: "C:\DOCUME~1\ADMINI~1\wgsdgsdgdsgsd.dll".

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:

The start type of winmgmt service is OK.

The ImagePath of winmgmt service is OK.

The ServiceDll of winmgmt: "C:\DOCUME~1\ADMINI~1\wgsdgsdgdsgsd.dll".

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll

[1979-12-31 19:00] - [2006-05-19 07:59] - 0111616 ____A (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F

C:\WINDOWS\system32\Drivers\afd.sys

[1979-12-31 19:00] - [2008-08-14 04:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys

[1979-12-31 19:00] - [2005-02-04 09:02] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys

[1979-12-31 19:00] - [2008-06-20 05:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys

[1979-12-31 19:00] - [2005-02-04 09:06] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll

[1979-12-31 19:00] - [2008-02-20 00:32] - 0045568 ____A (Microsoft Corporation) AAC8FFBFD61E784FA3BAC851D4A0BD5F

C:\WINDOWS\system32\ipnathlp.dll

[1979-12-31 19:00] - [2005-02-04 09:08] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll

[1979-12-31 19:00] - [2005-08-22 13:29] - 0197632 ____A (Microsoft Corporation) 36739B39267914BA69AD0610A0299732

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2005-09-23 10:37] - [2005-02-04 09:03] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll

[2005-09-23 10:39] - [2005-02-04 09:03] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys

[2005-09-23 10:39] - [2005-02-04 09:03] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll

[1979-12-31 19:00] - [2005-02-04 09:03] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll

[2005-09-23 10:37] - [2005-02-04 09:03] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll

[2005-09-23 10:39] - [2005-02-04 09:03] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll

[2005-09-23 10:39] - [2005-02-04 09:01] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll

[1979-12-31 19:00] - [2008-07-07 15:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C

C:\WINDOWS\system32\cryptsvc.dll

[1979-12-31 19:00] - [2005-02-04 09:04] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe

[1979-12-31 19:00] - [2005-02-04 09:04] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll

[1979-12-31 19:00] - [2009-02-09 05:20] - 0399360 ____A (Microsoft Corporation) 01095FEBF33BEEA00C2A0730B9B3EC28

C:\WINDOWS\system32\services.exe

[1979-12-31 19:00] - [2009-02-06 12:14] - 0110592 ____A (Microsoft Corporation) 37561F8D4160D62DA86D24AE41FAE8DE

Extra List:

=======

ABVPN2K(13) AegisP(15) aswTdi(18) CdpPacket(16) Eacfilt(12) Gpc(4) IPSec(6) IPSECEXT(10) IPSECSHM(11) irda(3) NaiAvTdi1(9) NetBT(7) PSched(8) RFCOMM(17) Tcpip(5)

0x12000000060000000100000002000000030000000400000005000000120000000900000007000000080000000A0000000B0000000C0000000D0000000E0000000F0000001000000011000000

IpSec Tag value is correct.

**** End of log ****

I will run WBAM again and post my findings...

Link to post
Share on other sites

Here is the MBAM log...

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2012.12.30.10

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 6.0.2900.2180

Administrator :: nc6000 [administrator]

Protection: Disabled

12/30/2012 5:10:41 PM

mbam-log-2012-12-30 (17-10-41).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 322868

Time elapsed: 1 hour(s), 1 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Sandbox\Administrator\MyPlayCity\drive\C\Program Files\MyPlayCity\tbMyP0.dll (Adware.NetPumper) -> Quarantined and deleted successfully.

C:\Sandbox\Administrator\MyPlayCity\drive\C\Program Files\MyPlayCity\tbMyPl.dll (Adware.NetPumper) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member spaceclick only.

If you are a casual viewer, do NOT try this on your system!

If you are a casual viewer & not spaceclick and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Again, as much as possible, keep Windows in normal mode, as we continue our efforts to remove malwares. Right now, I am seeing traces of adware.

Step 1

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click JRT.exe and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply. And tell me, How is the system now?
  • Re-enable your security software.

Step 2

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 3

This next section is to correct the settings for 2 windows xp services. You are asked to download and SAVE 3 files.

Once after they are saved, you will be applying 3 fixes.

1a) Download this registry-fix file http://download.blee...haredAccess.reg

Save it to your DESKTOP.

1b) Download this registry-fix file http://download.blee...HAREDACCESS.reg

Save it to your DESKTOP.

1c) Download this registry-fix file http://download.blee.../xp/winmgmt.reg

Save it to your DESKTOP.

2) go to Start, type in

REGEDIT and press Enter-key

from main menu, select File

then select IMPORT

navigate the dialog (click on DESKTOP icon on left to select it)

type in LEGACY_SHAREDACCESS.reg in the Filename text-box and click Open button.

Once the merge is complete, you will see a confirmation message.

Click OK when done.

3) Still in Regedit

from main menu, select File

then select IMPORT

navigate the dialog (click on DESKTOP icon on left to select it)

type in SHAREDACCESS.reg in the Filename text-box and click Open button.

Once the merge is complete, you will see a confirmation message.

Click OK when done.

4) Still in Regedit

from main menu, select File

then select IMPORT

navigate the dialog (click on DESKTOP icon on left to select it)

type in winmgmt.reg in the Filename text-box and click Open button.

Once the merge is complete, you will see a confirmation message.

Click OK when done.

5 )Exit/close Regedit.

Logoff and Restart Windows fresh.

Step 4

In normal mode Windows:

Download OTL by OldTimer & SAVE to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Please close any of your open windows/programs and exit; saving any open work you have.

Go slow and careful. This is a Custom scan. Have infinite patience while it runs.

Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall on

For a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %ALLUSERSPROFILE%\Application Data\*.dll /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    c:|wgsdgs;true;true;true; /FP
    c:|MyPlayCity;true;true;true; /FP
    c:|tbMyP0;true;true;true; /FP
    c:|crossride;true;true;true; /FP
    c:|conduit;true;true;true; /FP
    c:|Fun4IM;true;true;true; /FP
    c:|Bandoo;true;true;true; /FP
    c:|Searchn;true;true;true; /FP
    c:|Searchq;true;true;true; /FP
    c:|datamngr;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    c:|whitesmoke;true;true;true; /FP
    c:|services.ex;true;true;true; /FP
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options|exe /rs
    %systemroot%\*. /mp /s
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • :excl: Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please Attach the OTL log(s) .

Link to post
Share on other sites

I tried running Step 1, but it gave an error about a service not running or unable to be started when doing the Modules section and then hung indefinately when doing the Processes section. I assume this was due to the sercurity/firewall service not working. After I finished all the other steps, I tried doing step 1 again and it had no problems, I have included the log below.

For the three registry imports, I was unable to import the first one at all at first, but after running all the other steps, I tried again and it seemed to partially work; I got this error: "some keys are open by the system or other process".

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.3.2 (12.29.2012:3)

OS: Microsoft Windows XP x86

Ran by Administrator on Mon 12/31/2012 at 17:41:33.49

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\bhm4hmsd.default\prefs.js

user_pref("extensions.piclens.UpdateInfo", "H4sIAAAAAAAAC+1WPW/CMBD9N54iFCgNYshAUTuBhEpEB5TB2Fdi4diVfSHl39cOCJVSWFoVNXK83bvvlyedRW2Az5GiXYCxQqu02yO2fgbFwYDxSGXTHlFVOaGVYgXYNCb

user_pref("extensions.rdr.whitelist", "abp:// ed2k:// file:// web.archive.org babelfish.altavista.com http://*.*.*.*/translate_c? jigsaw.w3.org validator.w3.org .contentqualit

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 12/31/2012 at 17:47:36.46

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.104 - Logfile created 12/31/2012 at 16:36:45

# Updated 29/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)

# User : Administrator - nc6000

# Boot Mode : Normal

# Running from : C:\data\downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKCU\Software\Headlight

***** [internet Browsers] *****

-\\ Internet Explorer v6.0.2900.2180

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\prefs.js

Found : user_pref("extensions.rdr.whitelist", "abp:// ed2k:// file:// web.archive.org babelfish.altavista.co[...]

Found : user_pref("extensions.twitternotifier.configuration", "{\"config\":{\"photo_sizes\":{\"thumb\":{\"w\[...]

-\\ Google Chrome v [unable to get version]

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1142 octets] - [31/12/2012 16:36:45]

########## EOF - C:\AdwCleaner[R1].txt - [1202 octets] ##########

Link to post
Share on other sites

OTL logfile created on: 12/31/2012 5:14:43 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\data\downloads

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 341.68 Mb Available Physical Memory | 66.82% Memory free

1.22 Gb Paging File | 1.05 Gb Available in Paging File | 86.24% Paging File free

Paging file location(s): C:\pagefile.sys 768 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.25 Gb Total Space | 17.51 Gb Free Space | 47.00% Space Free | Partition Type: NTFS

Computer Name: nc6000 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/31 15:23:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\data\downloads\OTL.exe

PRC - [2012/11/26 09:09:20 | 000,659,040 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe

PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/07/30 13:12:22 | 000,318,536 | ---- | M] () -- C:\Program Files\Synergy\synergyd.exe

PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/11/13 12:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\addon\Activesync\rapimgr.exe

PRC - [2006/08/07 18:15:18 | 000,336,014 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\addon\Atheros\ACU.exe

PRC - [2006/03/25 17:17:26 | 000,278,613 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe

PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/31 14:02:01 | 002,041,856 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12123101\algo.dll

MOD - [2012/07/30 13:12:22 | 000,318,536 | ---- | M] () -- C:\Program Files\Synergy\synergyd.exe

MOD - [2002/11/26 12:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll

========== Services (SafeList) ==========

SRV - [2012/12/27 05:43:54 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/12/01 06:28:57 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/11/26 09:09:22 | 001,225,312 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)

SRV - [2012/11/26 09:09:20 | 000,659,040 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/07/30 13:12:22 | 000,318,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Synergy\synergyd.exe -- (Synergy)

SRV - [2012/06/17 02:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) [On_Demand | Stopped] -- C:\Program Files\addon\Sandboxie\SbieSvc.exe -- (SbieSvc)

SRV - [2008/11/10 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2006/09/14 01:45:26 | 001,257,472 | ---- | M] (Altiris, Inc.) [Disabled | Stopped] -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient)

SRV - [2006/03/25 17:17:26 | 000,278,613 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)

SRV - [2005/03/23 18:16:50 | 000,274,432 | ---- | M] (Altiris) [On_Demand | Stopped] -- C:\WINDOWS\system32\SchdSrvc.exe -- (CarbonCopyScheduler)

SRV - [2005/03/23 18:10:00 | 000,065,536 | ---- | M] (Altiris) [Disabled | Stopped] -- C:\WINDOWS\system32\CCSRVC.exe -- (CarbonCopy32)

SRV - [2005/02/15 08:00:00 | 000,118,784 | ---- | M] (AT&T) [On_Demand | Stopped] -- C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE -- (NetCfgSvr)

SRV - [2004/09/22 19:00:00 | 000,221,191 | ---- | M] (Network Associates, Inc.) [Disabled | Stopped] -- C:\Program Files\Network Associates\VirusScan\mcshield.exe -- (McShield)

SRV - [2004/09/22 19:00:00 | 000,028,672 | ---- | M] (Network Associates, Inc.) [Disabled | Stopped] -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe -- (McTaskManager)

SRV - [2004/04/16 14:26:56 | 000,643,072 | ---- | M] (Nortel Networks NA, Inc.) [On_Demand | Stopped] -- C:\Program Files\Nortel Networks\Extranet_serv.exe -- (ExtranetAccess)

SRV - [2003/12/03 14:03:40 | 000,020,480 | ---- | M] (Compaq Computer Corporation) [Disabled | Stopped] -- C:\Program Files\Compaq\Compaq Management Agents\Cpqdmi.exe -- (cpqdmi)

SRV - [2003/12/03 14:02:02 | 000,512,000 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files\Compaq\Compaq Management Agents\Cpqalert.exe -- (CPQALERT)

SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)

SRV - [2002/04/10 12:00:46 | 000,782,336 | -H-- | M] (AT&T) [Disabled | Stopped] -- C:\Program Files\Doctor Install\DrInstalSvc.exe -- (Svc_DrInstal)

SRV - [2001/04/11 09:33:46 | 000,215,552 | ---- | M] (Intel) [Disabled | Stopped] -- C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe -- (WIN32SL)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2012/12/26 14:37:04 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\data\downloads\emisoft\Run\a2ddax86.sys -- (A2DDA)

DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/06/17 02:51:54 | 000,137,488 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Program Files\addon\Sandboxie\SbieDrv.sys -- (SbieDrv)

DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)

DRV - [2007/09/06 18:29:02 | 000,035,692 | ---- | M] (Cisco Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdpPacket.sys -- (CdpPacket)

DRV - [2006/07/17 06:49:54 | 000,494,080 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (WLAN_400_500_SERVICE)

DRV - [2006/07/17 06:49:54 | 000,494,080 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)

DRV - [2005/03/23 18:14:40 | 000,009,216 | ---- | M] (Altiris) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CCDevice.sys -- (CCDevice)

DRV - [2005/02/09 07:05:06 | 000,019,328 | ---- | M] (AT&T) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi)

DRV - [2005/01/15 20:02:42 | 000,272,832 | ---- | M] (Zone Labs Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2005/01/14 19:00:00 | 000,108,480 | ---- | M] (Network Associates, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)

DRV - [2005/01/14 19:00:00 | 000,058,464 | ---- | M] (Network Associates, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mvstdi5x.sys -- (NaiAvTdi1)

DRV - [2005/01/14 19:00:00 | 000,008,320 | ---- | M] (Network Associates, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\entdrv51.sys -- (EntDrv51)

DRV - [2004/12/21 13:25:38 | 000,164,480 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\abvpn2k.sys -- (ABVPN2K)

DRV - [2004/09/25 01:39:08 | 000,289,792 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)

DRV - [2004/09/25 01:38:32 | 000,023,936 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)

DRV - [2004/09/25 01:32:40 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2004/09/25 01:29:52 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)

DRV - [2004/09/25 01:29:50 | 000,141,184 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)

DRV - [2004/09/25 01:26:40 | 000,200,832 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)

DRV - [2004/09/25 01:26:28 | 000,023,808 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)

DRV - [2004/09/25 01:23:16 | 000,117,632 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)

DRV - [2004/04/16 14:35:18 | 000,009,817 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)

DRV - [2004/04/16 14:34:56 | 000,117,760 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)

DRV - [2004/04/16 14:34:56 | 000,117,760 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)

DRV - [2004/03/24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\data\apps\NetStumbler\nsndis5.sys -- (NSNDIS5)

DRV - [2003/12/02 16:57:02 | 000,641,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2003/10/29 15:53:20 | 000,059,044 | ---- | M] (Hewlett-Packard) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Clntmgmt.sys -- (ClntMgmt)

DRV - [2003/10/17 14:31:46 | 000,032,640 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)

DRV - [2003/09/02 10:52:56 | 000,033,848 | ---- | M] (Guardeonic Solutions AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\psd.sys -- (PersonalSecureDrive)

DRV - [2003/08/14 08:11:00 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2003/07/28 23:49:00 | 000,182,101 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)

DRV - [2003/07/24 13:50:00 | 000,005,689 | ---- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)

DRV - [2003/04/04 11:48:06 | 000,013,952 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)

DRV - [2003/02/17 12:22:24 | 000,170,880 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2002/08/19 13:35:44 | 000,019,845 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Cpqdfw.sys -- (cpqdfw)

DRV - [2002/05/22 11:42:42 | 000,015,326 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)

DRV - [2001/08/17 07:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: check4change-owner%40mozdev.org:1.9.3

FF - prefs.js..extensions.enabledAddons: cslite-mod%40wantora.bitbucket.org:1.4.8

FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00

FF - prefs.js..extensions.enabledAddons: redirectcleaner%40example.net:2.1.1

FF - prefs.js..extensions.enabledAddons: twitternotifier%40naan.net:2.5.2

FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68

FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3

FF - prefs.js..extensions.enabledAddons: %7BFDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3%7D:1.3.5

FF - prefs.js..extensions.enabledAddons: %7B7f57cf46-4467-4c2d-adfa-0cba7c507e54%7D:2.0.8

FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.4pre.121222b

FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.0.4

FF - prefs.js..extensions.enabledAddons: %7B54BB9F3F-07E5-486c-9B39-C7398B99391C%7D:4.1.2012122901

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8

FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.51

FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2

FF - prefs.js..extensions.enabledItems: check4change-owner@mozdev.org:1.8.6

FF - prefs.js..extensions.enabledItems: {00084897-021a-4361-8423-083407a033e0}:1.4

FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.60

FF - prefs.js..extensions.enabledItems: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.5

FF - prefs.js..extensions.enabledItems: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:2.0.1

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2.7

FF - prefs.js..extensions.enabledItems: {289F3A4A-F3FF-4173-B994-DBC887E9C468}:0.3.5

FF - prefs.js..extensions.enabledItems: redirectcleaner@example.net:1.3.0

FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6

FF - prefs.js..extensions.enabledItems: {54BB9F3F-07E5-486c-9B39-C7398B99391C}:4.0.2011021601

FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3

FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.7.10

FF - prefs.js..network.proxy.autoconfig_url: "http://us-auto.proxy.att.com:8001/"

FF - prefs.js..network.proxy.backup.ftp: "proxy.att.com"

FF - prefs.js..network.proxy.backup.ftp_port: 8000

FF - prefs.js..network.proxy.backup.gopher: "proxy.att.com"

FF - prefs.js..network.proxy.backup.gopher_port: 8000

FF - prefs.js..network.proxy.backup.socks: "proxy.att.com"

FF - prefs.js..network.proxy.backup.socks_port: 8000

FF - prefs.js..network.proxy.backup.ssl: "proxy.att.com"

FF - prefs.js..network.proxy.backup.ssl_port: 8000

FF - prefs.js..network.proxy.ftp: "192.168.108.68"

FF - prefs.js..network.proxy.ftp_port: 8000

FF - prefs.js..network.proxy.gopher: "192.168.108.68"

FF - prefs.js..network.proxy.gopher_port: 8000

FF - prefs.js..network.proxy.http: "192.168.108.68"

FF - prefs.js..network.proxy.http_port: 8000

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "192.168.108.68"

FF - prefs.js..network.proxy.socks_port: 8000

FF - prefs.js..network.proxy.ssl: "192.168.108.68"

FF - prefs.js..network.proxy.ssl_port: 8000

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found

FF - HKLM\Software\MozillaPlugins\@freetoolsassociation.com/ActiveGS: undefinednpActiveGS.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.7\npGoogleOneClick8.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.8.6d: C:\data\apps\DVArchive\VLC\npvlc.dll File not found

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@freetoolsassociation.com/ActiveGS: undefinednpActiveGS.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=5: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=6: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/21 05:00:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/01 06:28:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/30 16:10:31 | 000,000,000 | ---D | M]

[2008/02/18 22:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2012/12/30 16:45:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions

[2011/05/10 16:16:25 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}

[2009/10/01 19:53:57 | 000,000,000 | ---D | M] (IE View Lite) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}

[2012/09/30 00:36:12 | 000,000,000 | ---D | M] (Echofon) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\twitternotifier@naan.net

[2012/06/29 14:18:45 | 000,617,362 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\check4change-owner@mozdev.org.xpi

[2012/08/07 10:56:40 | 000,261,822 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\cslite-mod@wantora.bitbucket.org.xpi

[2012/08/30 04:27:46 | 000,230,013 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\exif_viewer@mozilla.doslash.org.xpi

[2012/11/18 07:54:33 | 000,030,750 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\redirectcleaner@example.net.xpi

[2012/12/28 17:45:56 | 000,194,265 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi

[2012/12/30 16:45:41 | 000,058,510 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi

[2012/12/12 11:58:47 | 000,526,889 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi

[2012/11/26 01:36:42 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012/06/29 14:19:22 | 000,138,614 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

[2012/12/26 18:22:18 | 000,748,081 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

[2012/12/01 06:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/12/01 06:28:58 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2006/07/06 23:22:00 | 000,806,912 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npActiveGS.dll

[2006/10/09 12:29:00 | 000,135,168 | ---- | M] (Mercora, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmercoraPlugin.dll

[2012/08/30 04:27:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/10/12 11:54:04 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google ()

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2012/12/28 17:21:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.5.0_13\bin\jp2ssv.dll File not found

O4 - HKLM..\Run: [ACU] C:\Program Files\addon\Atheros\ACU.exe (Atheros Communications, Inc.)

O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\addon\Activesync\wcescomm.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8493BC2F-CAF9-4B2F-B970-A43B6D81949A}: DhcpNameServer = 192.168.11.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\IfxWlxEN: DllName - (IfxWlxEN.dll) - C:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG)

O20 - Winlogon\Notify\PSDNtfy: DllName - (c:\Program Files\ProtectTools\Embedded Security Software\PSDNtfy.dll) - c:\Program Files\ProtectTools\Embedded Security Software\PSDNtfy.dll (Guardeonic Solutions AG)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/09/23 10:41:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^HotSync Manager.lnk - C:\Program Files\Handspring\HOTSYNC.EXE - (Palm, Inc.)

MsConfig - StartUpFolder: C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^X1 System Tray.lnk - Reg Error: Value error. - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Global Network Client (Set auto-proxy).lnk - C:\WINDOWS\Installer\{47BEA355-26AB-40EA-8984-72E83BFD9A8C}\Icon47BEA3551.ico - ()

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Global Network Client Monitor.lnk - C:\WINDOWS\Installer\{47BEA355-26AB-40EA-8984-72E83BFD9A8C}\Icon4A6622C72.exe - ()

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found

MsConfig - StartUpReg: AeXAgentLogon - hkey= - key= - C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe (Altiris, Inc.)

MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)

MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

MsConfig - StartUpReg: ChkAdmin - hkey= - key= - C:\Program Files\Compaq\Compaq Management Agents\Chkadmin.exe (Hewlett-Packard Company)

MsConfig - StartUpReg: ControlCenter2.0 - hkey= - key= - C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)

MsConfig - StartUpReg: Doctor Install - hkey= - key= - C:\Program Files\Doctor Install\InstallMgr.exe (AT&T)

MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)

MsConfig - StartUpReg: IfxSecurePlatformIndication - hkey= - key= - c:\Program Files\ProtectTools\Embedded Security Software\SpTNA.exe (Infineon Technologies AG)

MsConfig - StartUpReg: LtMoh - hkey= - key= - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)

MsConfig - StartUpReg: McAfeeUpdaterUI - hkey= - key= - C:\Program Files\Network Associates\Common Framework\udaterui.exe (McAfee, Inc.)

MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

MsConfig - StartUpReg: Network Associates Error Reporting Service - hkey= - key= - C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe (Network Associates, Inc.)

MsConfig - StartUpReg: PSDruntime - hkey= - key= - c:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe (Guardeonic Solutions AG)

MsConfig - StartUpReg: Push Client - hkey= - key= - C:\Documents and Settings\Administrator\Local Settings\Application Data\ATT Connect\Participant\pull.exe (AT&T Inc.)

MsConfig - StartUpReg: RoxioDragToDisc - hkey= - key= - c:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Roxio)

MsConfig - StartUpReg: ShStatEXE - hkey= - key= - C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.)

MsConfig - StartUpReg: start dr install service - hkey= - key= - File not found

MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

MsConfig - StartUpReg: SynTPLpr - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

ActiveX: AutorunsDisabled -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/31 15:27:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2012/12/31 15:24:51 | 000,000,000 | ---D | C] -- C:\JRT

[2012/12/30 17:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/12/30 17:08:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/12/30 17:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/12/28 23:31:58 | 000,048,128 | ---- | C] (AT&T) -- C:\WINDOWS\System32\NetGina.dll

[2012/12/28 17:25:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2012/12/28 16:59:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012/12/28 16:59:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012/12/28 16:59:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012/12/28 16:59:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/12/28 16:59:05 | 000,000,000 | ---D | C] -- C:\ComboFix

[2012/12/28 16:58:52 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/12/27 00:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2012/12/27 00:20:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Secunia PSI

[2012/12/27 00:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia

[2012/12/26 17:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2012/12/26 17:19:42 | 000,000,000 | ---D | C] -- C:\rsit

[2012/12/26 17:16:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/12/26 17:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

[2012/12/26 17:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/12/24 17:54:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools

[2012/12/17 13:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\pokerth

[2012/12/04 02:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/31 16:45:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/12/31 16:45:22 | 000,000,258 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol

[2012/12/31 16:44:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/12/30 17:08:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/12/30 16:42:32 | 000,002,221 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Firewall Settings.lnk

[2012/12/30 16:38:00 | 000,021,161 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2012/12/30 16:38:00 | 000,021,161 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.bak

[2012/12/30 16:37:47 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AT&T Global Network Client.lnk

[2012/12/30 16:10:32 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk

[2012/12/28 17:21:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/12/28 15:46:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2012/12/28 15:46:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2012/12/27 05:43:56 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/12/27 05:43:54 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012/12/27 05:43:53 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012/12/27 05:05:21 | 000,478,222 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/12/27 05:05:21 | 000,086,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/12/27 04:44:24 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/12/26 17:15:35 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk

[2012/12/26 17:15:33 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk

[2012/12/24 06:11:15 | 000,003,032 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js

[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

Link to post
Share on other sites

========== Files Created - No Company Name ==========

[2012/12/30 17:08:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/12/30 16:10:32 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk

[2012/12/30 16:10:32 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk

[2012/12/28 16:59:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/12/28 16:59:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/12/28 16:59:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/12/28 16:59:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/12/28 16:59:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/12/27 06:07:44 | 000,002,221 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Firewall Settings.lnk

[2012/12/27 00:17:08 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk

[2012/12/26 17:15:35 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk

[2012/12/26 17:15:33 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk

[2012/12/24 04:15:16 | 000,003,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js

[2012/12/24 04:15:12 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\runctf.lnk

[2010/02/25 17:08:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\_dvarchive_.run

[2008/11/12 11:04:32 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND

[2008/10/30 17:27:31 | 000,001,064 | RH-- | C] () -- C:\Documents and Settings\Administrator\XrxWm.ini

[2008/10/30 17:27:30 | 000,000,483 | RH-- | C] () -- C:\Documents and Settings\Administrator\xwa55pdy.dyc

[2008/10/30 17:22:46 | 000,048,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02030a.dtd

[2007/04/15 23:32:41 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc

[2007/04/15 05:30:25 | 000,016,360 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_9

[2007/04/15 05:30:25 | 000,016,360 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_8

[2007/04/15 05:30:25 | 000,016,360 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_7

[2007/04/15 05:30:25 | 000,016,360 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_10

[2007/04/15 05:30:25 | 000,015,892 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml~

[2007/04/15 05:30:25 | 000,015,892 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_6

[2007/04/15 05:30:25 | 000,015,892 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_5

[2007/04/15 05:30:25 | 000,015,892 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_4

[2007/04/15 05:30:25 | 000,015,892 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_3

[2007/04/15 05:30:25 | 000,015,892 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_2

[2007/04/15 05:30:25 | 000,015,892 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_1

[2007/04/15 05:30:25 | 000,015,892 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml

[2007/04/09 05:01:26 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/04/05 10:21:09 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

[2005/09/23 11:23:25 | 000,000,258 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol

========== ZeroAccess Check ==========

[2005/09/23 11:08:09 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 10:20:22 | 001,509,888 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:20:33 | 000,473,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2005/02/04 09:03:04 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

[2012/12/30 16:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2008/01/21 20:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon

[2012/09/19 19:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2008/11/11 20:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2008/10/06 23:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother

[2007/11/05 15:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco

[2008/10/06 23:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield

[2008/06/02 00:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games

[2008/07/06 03:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/11/27 16:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2008/01/19 03:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Meridian93

[2012/12/27 00:56:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2009/01/04 06:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help

[2012/06/29 13:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mozilla

[2005/09/23 10:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates

[2007/10/26 02:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

[2008/04/17 04:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games

[2012/11/27 16:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun

[2007/04/06 02:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2009/04/24 20:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2012/09/23 22:47:39 | 000,364,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}\setup.exe

[2009/03/13 13:45:02 | 006,616,833 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Current\EPOAGENT3000\Install\0409\FramePkg.exe

< %ALLUSERSPROFILE%\Application Data\*.dll /s >

[2007/02/20 20:30:12 | 000,092,728 | ---- | M] (Un4seen Developments) -- C:\Documents and Settings\All Users\Application Data\SpinTop Games\SpinTopGamesLauncher\AOL\MysteryPILTWeb\bass.dll

[2007/08/29 18:16:32 | 001,003,520 | ---- | M] (SpinTop Games) -- C:\Documents and Settings\All Users\Application Data\SpinTop Games\SpinTopGamesLauncher\AOL\MysteryPILTWeb\MysteryPILTWeb.dll

[2007/08/30 11:38:58 | 003,268,608 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpinTop Games\SpinTopGamesLauncher\AOL\MysteryPILTWeb\Resources.dll

< %APPDATA%\*. >

[2009/11/11 19:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.oit

[2008/08/04 23:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.Tribler

[2009/11/07 18:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore

[2008/06/06 03:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe

[2012/08/15 10:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ATT Connect

[2008/10/07 00:36:06 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Administrator\Application Data\Brother

[2007/11/05 15:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Cisco

[2009/05/23 19:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CyberPower Audio Editing Lab

[2008/11/30 21:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\dvdcss

[2007/12/12 05:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FastStone

[2008/04/12 15:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Help

[2005/09/23 10:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities

[2005/09/23 11:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Infineon

[2008/10/07 01:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield

[2007/05/30 22:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo

[2012/08/16 11:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia

[2008/07/06 03:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2008/07/08 21:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic

[2012/08/07 00:21:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft

[2010/12/20 22:28:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Move Networks

[2008/02/18 22:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla

[2007/10/26 02:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12

[2012/12/17 13:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\pokerth

[2012/12/26 18:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QuickScan

[2008/07/06 01:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Roxio

[2007/04/06 00:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SBC

[2010/12/20 22:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft

[2005/09/23 11:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun

[2007/04/06 00:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Talkback

[2012/12/11 02:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\vlc

[2009/11/12 14:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\webex

[2009/11/07 18:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WebEx Connect

[2008/10/30 17:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Xerox

< %APPDATA%\*.exe /s >

[2012/08/07 00:21:04 | 000,062,736 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\ARPPRODUCTICON.exe

[2012/08/07 00:21:04 | 000,062,736 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\LSUDesktopShortcut_5E8B335F6B1645798E61AE17118989A8.exe

[2012/08/07 00:21:05 | 000,062,736 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\LSUStartShortcut1_0C445A24F06A4871AC024995E6B63EA6.exe

[2012/08/07 00:21:05 | 000,058,640 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\MyATTDesktopShortc_F98F597BB2C24BCA8A2E00E99FF50C40.exe

[2012/08/07 00:21:05 | 000,062,736 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\MyATTStartShortcut_37B266125E564D7BBC298658403757C7.exe

[2012/08/07 00:21:06 | 000,062,736 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\NewShortcut11_0A40599CA5B444D89111273D573729A6.exe

[2012/08/07 00:21:05 | 000,046,352 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\ParticipantHelpSta_AFE5E24C07B1432883124EEC348980E5.exe

[2012/08/07 00:21:06 | 000,062,736 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\ParticipantStartSh_DF0BA5751BF84E0AABDD4B6DA83B3B0C.exe

[2012/08/07 00:21:07 | 000,062,736 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\PullClientStartSho_CD6A27034E724245941D2EB3A8CF0DD5.exe

[2008/03/04 19:12:44 | 000,254,464 | ---- | M] (AT&T Services, Inc.) -- C:\Documents and Settings\Administrator\Application Data\SBC\Q Team Link Messenger\Runtime\QProtocolHandler.exe

[2007/03/07 12:34:22 | 000,237,568 | ---- | M] (AT&T Services, Inc.) -- C:\Documents and Settings\Administrator\Application Data\SBC\Q Team Link Messenger\Runtime\QProtocolHandler.exe_save

[2006/09/26 16:32:16 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SBC\Q Team Link Messenger\Runtime\QTeamLinkMessenger.exe

[2010/08/11 16:10:54 | 000,065,660 | ---- | M] (AT&T) -- C:\Documents and Settings\Administrator\Application Data\SBC\Q Team Link Messenger\Runtime4\QProtocolHandler.exe

[2011/07/25 13:25:50 | 000,058,159 | ---- | M] (AT&T) -- C:\Documents and Settings\Administrator\Application Data\SBC\Q Team Link Messenger\Runtime4\QTeamLinkMessenger.exe

< %SYSTEMDRIVE%\*.exe >

< c:|wgsdgs;true;true;true; /FP >

< c:|MyPlayCity;true;true;true; /FP >

[2009/05/23 06:57:19 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity

[2009/05/23 06:56:50 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\drive

[2009/05/23 06:57:20 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user

[2012/12/30 18:18:33 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\drive\C\Program Files\MyPlayCity

[2009/07/01 00:27:08 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\drive\C\Program Files\MyPlayCity.com

[2012/08/14 23:04:32 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\drive\C\Program Files\MyPlayCity.com\Amusive Chess

[2009/05/23 06:57:04 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\drive\C\Program Files\MyPlayCity.com\Confectionary

[2009/06/30 23:51:35 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\drive\C\Program Files\MyPlayCity.com\Subsea Relic

[2009/07/01 00:27:11 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\all\Start Menu\Programs\MyPlayCity.com

[2009/07/01 00:27:12 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\all\Start Menu\Programs\MyPlayCity.com\Amusive Chess

[2009/05/23 06:57:19 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\all\Start Menu\Programs\MyPlayCity.com\Confectionary

[2009/05/23 06:57:20 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\all\Start Menu\Programs\MyPlayCity.com\Subsea Relic

[2009/05/23 06:57:23 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\MyPlayCity

[2009/07/01 00:19:09 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\MyPlayCity\CacheIcons

[2009/05/23 06:57:22 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\MyPlayCity\Chat

[2009/05/23 06:57:23 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\MyPlayCity\EmailNotifier

[2009/05/23 06:57:23 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\MyPlayCity\Logs

[2009/05/23 06:57:23 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\MyPlayCity\RadioPlayer

[2009/07/01 00:19:09 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\MyPlayCity\rss

[2009/05/23 06:57:23 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\MyPlayCity\UserDefinedItems

< c:|tbMyP0;true;true;true; /FP >

< c:|crossride;true;true;true; /FP >

< c:|conduit;true;true;true; /FP >

[2012/06/25 19:00:29 | 000,000,000 | ---D | M] -- c:\Program Files\Handspring\Outlook Conduits

[2009/05/23 06:49:58 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\iWin\drive\C\Program Files\Conduit

[2009/05/23 06:49:58 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\iWin\drive\C\Program Files\Conduit\Community Alerts

[2009/05/23 06:55:07 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\iWin\user\current\Local Settings\Application Data\Conduit

[2009/05/23 06:55:07 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\iWin\user\current\Local Settings\Application Data\Conduit\Community Alerts

[2009/05/23 06:56:50 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\drive\C\Program Files\Conduit

[2009/05/23 06:56:51 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\drive\C\Program Files\Conduit\Community Alerts

[2009/05/23 06:57:21 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\Conduit

[2009/05/23 06:57:21 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\Conduit\Community Alerts

< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchn;true;true;true; /FP >

< c:|Searchq;true;true;true; /FP >

< c:|datamngr;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >

< c:|whitesmoke;true;true;true; /FP >

< c:|services.ex;true;true;true; /FP >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL: http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

< HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options|exe /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe\\MitigationOptions: Reg Error: Unknown registry data type File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe\\MitigationOptions: Reg Error: Unknown registry data type File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe\\ApplicationGoo: 14 02 00 00 10 02 00 00 00 02 00 00 90 04 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 00 00 07 00 0B 00 00 00 00 00 07 00 0B 00 00 00 3F 00 00 00 02 00 00 00 04 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 00 00 00 01 00 56 00 61 00 72 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 00 00 24 00 04 00 00 00 54 00 72 00 61 00 6E 00 73 00 6C 00 61 00 74 00 69 00 6F 00 6E 00 00 00 00 00 09 04 E4 04 F0 03 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 CC 03 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 45 00 34 00 00 00 4A 00 19 00 01 00 43 00 6F 00 6D 00 6D 00 65 00 6E 00 74 00 73 00 00 00 43 00 72 00 79 00 73 00 74 00 61 00 6C 00 20 00 53 00 51 00 4C 00 20 00 44 00 65 00 73 00 69 00 67 00 6E 00 65 00 72 00 20 00 37 00 2E 00 30 00 00 00 00 00 88 00 34 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 53 00 65 00 61 00 67 00 61 00 74 00 65 00 20 00 53 00 6F 00 66 00 74 00 77 00 61 00 72 00 65 00 20 00 49 00 6E 00 66 00 6F 00 72 00 6D 00 61 00 74 00 69 00 6F 00 6E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 00 6D 00 65 00 6E 00 74 00 20 00 47 00 72 00 6F 00 75 00 70 00 2C 00 20 00 49 00 6E 00 63 00 2E 00 00 00 AE 00 45 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 28 00 63 00 29 00 20 00 31 00 39 00 39 00 31 00 2D 00 31 00 39 00 39 00 10 00 00 00 00 00 00 00 [binary data over 200 bytes]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE\\DisableHeapLookAside: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerApp.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerUpdateService.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe\\ApplicationGoo: 54 09 00 00 54 02 00 00 00 02 00 00 8C 03 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 02 00 A8 11 2E 04 00 00 02 00 A8 11 2E 04 00 00 3F 00 00 00 20 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EC 02 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 C8 02 00 00 01 00 30 00 30 00 30 00 30 00 30 00 34 00 62 00 30 00 00 00 38 00 10 00 01 00 43 00 6F 00 6D 00 6D 00 65 00 6E 00 74 00 73 00 00 00 4F 00 72 00 69 00 67 00 6E 00 61 00 6C 00 20 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 42 00 11 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 53 00 41 00 50 00 20 00 41 00 47 00 2C 00 20 00 57 00 61 00 6C 00 6C 00 64 00 6F 00 72 00 66 00 00 00 00 00 5A 00 19 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 53 00 41 00 50 00 20 00 46 00 72 00 6F 00 6E 00 74 00 65 00 6E 00 64 00 20 00 66 00 6F 00 72 00 20 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 00 00 00 00 3C 00 0E 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 34 00 35 00 32 00 30 00 2E 00 32 00 2E 00 30 00 2E 00 31 00 30 00 37 00 30 00 00 00 32 00 09 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 46 00 45 00 57 00 46 00 52 00 4F 00 4E 00 54 00 00 00 00 00 7A 00 2B 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 02 00 00 00 00 00 00 00 01 00 00 00 4C 00 00 00 3C FD 06 00 04 00 00 00 00 00 00 00 65 05 00 00 02 00 00 00 03 00 00 00 00 00 01 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 33 00 00 00 23 00 54 02 00 00 00 02 00 00 8C 03 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 03 00 9E 11 26 04 00 00 03 00 9E 11 26 04 00 00 3F 00 00 00 20 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EC 02 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 C8 02 00 00 01 00 30 00 30 00 30 00 30 00 30 00 34 00 62 00 30 00 00 00 38 00 10 00 01 00 43 00 6F 00 6D 00 6D 00 65 00 6E 00 74 00 73 00 00 00 4F 00 72 00 69 00 67 00 6E 00 61 00 6C 00 20 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 42 00 11 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 53 00 41 00 50 00 20 00 41 00 47 00 2C 00 20 00 57 00 61 00 6C 00 6C 00 64 00 6F 00 72 00 66 00 00 00 00 00 5A 00 19 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 53 00 41 00 50 00 20 00 46 00 72 00 6F 00 6E 00 74 00 65 00 6E 00 64 00 20 00 66 00 6F 00 72 00 20 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 00 00 00 00 3C 00 0E 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 34 00 35 00 31 00 30 00 2E 00 33 00 2E 00 30 00 2E 00 31 00 30 00 36 00 32 00 00 00 32 00 09 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 46 00 45 00 57 00 46 00 52 00 4F 00 4E 00 54 00 00 00 00 00 7A 00 2B 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 02 00 00 00 00 00 00 00 01 00 00 00 4C 00 00 00 3C FD 06 00 04 00 00 00 00 00 00 00 65 05 00 00 02 00 00 00 03 00 00 00 00 00 01 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 33 00 00 00 23 00 54 02 00 00 00 02 00 00 20 03 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 00 00 04 00 F0 03 00 00 00 00 04 00 F0 03 00 00 3F 00 00 00 00 00 00 00 04 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7E 02 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 5A 02 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 45 00 34 00 00 00 2E 00 07 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 53 00 41 00 50 00 20 00 41 00 47 00 00 00 00 00 5A 00 19 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 53 00 41 00 50 00 20 00 46 00 72 00 6F 00 6E 00 74 00 65 00 6E 00 64 00 20 00 66 00 6F 00 72 00 20 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 00 00 00 00 36 00 0B 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 34 00 2E 00 30 00 2E 00 30 00 2E 00 31 00 30 00 30 00 38 00 00 00 00 00 2C 00 06 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 46 00 52 00 4F 00 4E 00 54 00 00 00 5E 00 1D 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 A9 00 20 00 31 00 39 00 39 00 33 00 2D 00 31 00 39 00 39 00 37 00 20 00 53 00 41 00 50 00 20 00 41 00 47 00 00 00 00 00 28 00 00 00 01 00 4C 00 65 00 67 00 61 00 6C 00 54 00 72 00 61 00 64 00 02 00 00 00 00 00 00 00 01 00 00 00 4C 00 00 00 3C FD 06 00 04 00 00 00 00 00 00 00 65 05 00 00 02 00 00 00 03 00 00 00 00 00 01 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 33 00 00 00 23 00 54 02 00 00 00 02 00 00 18 03 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 00 00 04 00 DD 03 00 00 00 00 04 00 DD 03 00 00 3F 00 00 00 00 00 00 00 04 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 02 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 54 02 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 45 00 34 00 00 00 2E 00 07 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 53 00 41 00 50 00 20 00 41 00 47 00 00 00 00 00 5A 00 19 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 53 00 41 00 50 00 20 00 46 00 72 00 6F 00 6E 00 74 00 65 00 6E 00 64 00 20 00 66 00 6F 00 72 00 20 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 00 00 00 00 34 00 0A 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 34 00 2E 00 30 00 2E 00 30 00 2E 00 39 00 38 00 39 00 00 00 2C 00 06 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 46 00 52 00 4F 00 4E 00 54 00 00 00 5E 00 1D 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 A9 00 20 00 31 00 39 00 39 00 33 00 2D 00 31 00 39 00 39 00 37 00 20 00 53 00 41 00 50 00 20 00 41 00 47 00 00 00 00 00 28 00 00 00 01 00 4C 00 65 00 67 00 61 00 6C 00 54 00 72 00 61 00 64 00 65 00 6D 00 02 00 00 00 00 00 00 00 01 00 00 00 4C 00 00 00 3C FD 06 00 04 00 00 00 00 00 00 00 65 05 00 00 02 00 00 00 03 00 00 00 00 00 01 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 33 00 00 00 23 00 [binary data over 200 bytes]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\\DisableExceptionChainValidation: 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\\ApplicationGoo: 58 02 00 00 54 02 00 00 00 02 00 00 6C 07 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 05 00 05 00 07 00 A8 07 05 00 05 00 07 00 A8 07 3F 00 00 00 00 00 00 00 04 00 04 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CC 06 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 54 03 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 42 00 30 00 00 00 18 00 00 00 01 00 43 00 6F 00 6D 00 6D 00 65 00 6E 00 74 00 73 00 00 00 4C 00 16 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 43 00 6F 00 72 00 70 00 6F 00 72 00 61 00 74 00 69 00 6F 00 6E 00 00 00 68 00 20 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 45 00 78 00 63 00 68 00 61 00 6E 00 67 00 65 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 53 00 65 00 74 00 75 00 70 00 00 00 36 00 0B 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 35 00 2E 00 35 00 2E 00 31 00 39 00 36 00 30 00 2E 00 37 00 00 00 00 00 2C 00 06 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 53 00 65 00 74 00 75 00 70 00 00 00 9C 00 3C 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 02 00 00 00 00 00 00 00 01 00 00 00 4C 00 00 00 3C FD 06 00 05 00 00 00 00 00 00 00 65 05 00 00 02 00 00 00 03 00 00 00 02 00 00 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 34 00 00 00 23 00 [binary data over 200 bytes]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe\\ApplicationGoo: 58 02 00 00 54 02 00 00 00 02 00 00 44 02 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 01 00 01 00 0C 00 00 00 01 00 01 00 0C 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 00 00 00 00 00 56 00 61 00 72 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 00 00 24 00 04 00 00 00 54 00 72 00 61 00 6E 00 73 00 6C 00 61 00 74 00 69 00 6F 00 6E 00 00 00 00 00 09 04 B0 04 A4 01 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 80 01 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 42 00 30 00 00 00 40 00 20 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 44 00 65 00 4C 00 6F 00 72 00 6D 00 65 00 20 00 4D 00 61 00 70 00 70 00 69 00 6E 00 67 00 00 00 44 00 22 00 01 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 4E 00 61 00 6D 00 65 00 00 00 00 00 52 00 65 00 67 00 20 00 28 00 44 00 4C 00 69 00 62 00 62 00 79 00 5C 00 6D 00 73 00 66 00 29 00 00 00 00 00 34 00 14 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 31 00 2E 00 30 00 31 00 2E 00 30 00 30 00 31 00 32 00 00 00 38 00 14 00 01 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 31 00 2E 00 30 00 31 00 2E 00 30 00 30 00 31 00 32 00 00 00 34 00 12 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 4D 00 4E 00 47 00 52 00 45 00 47 00 33 00 32 00 00 00 00 00 02 00 00 00 00 00 00 00 01 00 00 00 4C 00 00 00 3C FD 06 00 04 00 00 00 00 00 00 00 65 05 00 00 02 00 00 00 03 00 00 00 00 00 01 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 33 00 00 00 23 00 [binary data over 200 bytes]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE\\GlobalFlag: 0x00200000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE\\GlobalFlag: 0x00200000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE\\DisableHeapLookAside: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE\\DisableHeapLookAside: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe\\ApplicationGoo: 14 02 00 00 10 02 00 00 00 02 00 00 B4 02 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 35 00 07 00 00 00 00 00 35 00 07 00 00 00 00 00 3F 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12 02 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 EE 01 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 62 00 30 00 00 00 42 00 11 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 50 00 65 00 6F 00 70 00 6C 00 65 00 53 00 6F 00 66 00 74 00 2C 00 20 00 49 00 6E 00 63 00 2E 00 00 00 00 00 28 00 00 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 2A 00 05 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 37 00 2E 00 35 00 33 00 00 00 00 00 9C 00 3C 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 A9 00 20 00 31 00 39 00 38 00 38 00 2D 00 31 00 39 00 39 00 38 00 20 00 50 00 65 00 6F 00 70 00 6C 00 65 00 53 00 6F 00 66 00 74 00 2C 00 20 00 49 00 6E 00 63 00 2E 00 20 00 20 00 41 00 6C 00 6C 00 20 00 52 00 69 00 67 00 68 00 74 00 73 00 20 00 52 00 65 00 73 00 65 00 72 00 76 00 65 00 64 00 00 00 3C 00 0A 00 01 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 70 00 73 00 64 00 6D 00 74 00 2E 00 10 00 00 00 00 00 00 00 [binary data over 200 bytes]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE\\DisableHeapLookAside: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE\\DisableHeapLookAside: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\\ApplicationGoo: 00 07 00 00 54 02 00 00 00 02 00 00 84 07 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 05 00 05 00 07 00 A8 07 05 00 05 00 07 00 A8 07 3F 00 00 00 00 00 00 00 04 00 04 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E4 06 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 60 03 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 42 00 30 00 00 00 18 00 00 00 01 00 43 00 6F 00 6D 00 6D 00 65 00 6E 00 74 00 73 00 00 00 4C 00 16 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 43 00 6F 00 72 00 70 00 6F 00 72 00 61 00 74 00 69 00 6F 00 6E 00 00 00 68 00 20 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 45 00 78 00 63 00 68 00 61 00 6E 00 67 00 65 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 53 00 65 00 74 00 75 00 70 00 00 00 36 00 0B 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 35 00 2E 00 35 00 2E 00 31 00 39 00 36 00 30 00 2E 00 37 00 00 00 00 00 2C 00 06 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 53 00 65 00 74 00 75 00 70 00 00 00 9E 00 3D 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 02 00 00 00 00 00 00 00 01 00 00 00 4C 00 00 00 3C FD 06 00 05 00 00 00 00 00 00 00 65 05 00 00 02 00 00 00 00 00 00 00 00 00 00 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 33 00 00 00 24 00 54 02 00 00 00 02 00 00 A4 08 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 05 00 05 00 07 00 A8 07 05 00 05 00 07 00 A8 07 3F 00 00 00 00 00 00 00 04 00 04 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 08 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 F0 03 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 42 00 30 00 00 00 18 00 00 00 01 00 43 00 6F 00 6D 00 6D 00 65 00 6E 00 74 00 73 00 00 00 4C 00 16 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 43 00 6F 00 72 00 70 00 6F 00 72 00 61 00 74 00 69 00 6F 00 6E 00 00 00 68 00 20 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 45 00 78 00 63 00 68 00 61 00 6E 00 67 00 65 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 53 00 65 00 74 00 75 00 70 00 00 00 36 00 0B 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 35 00 2E 00 35 00 2E 00 31 00 39 00 36 00 30 00 2E 00 37 00 00 00 00 00 2C 00 06 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 53 00 65 00 74 00 75 00 70 00 00 00 A6 00 41 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 02 00 00 00 00 00 00 00 01 00 00 00 4C 00 00 00 3C FD 06 00 05 00 00 00 00 00 00 00 65 05 00 00 02 00 00 00 00 00 00 00 00 00 00 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 33 00 00 00 24 00 54 02 00 00 00 02 00 00 18 04 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 05 00 05 00 07 00 A8 07 05 00 05 00 07 00 A8 07 3F 00 00 00 00 00 00 00 04 00 04 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 03 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 54 03 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 42 00 30 00 00 00 18 00 00 00 01 00 43 00 6F 00 6D 00 6D 00 65 00 6E 00 74 00 73 00 00 00 4C 00 16 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 43 00 6F 00 72 00 70 00 6F 00 72 00 61 00 74 00 69 00 6F 00 6E 00 00 00 68 00 20 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 45 00 78 00 63 00 68 00 61 00 6E 00 67 00 65 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 53 00 65 00 74 00 75 00 70 00 00 00 36 00 0B 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 35 00 2E 00 35 00 2E 00 31 00 39 00 36 00 30 00 2E 00 37 00 00 00 00 00 2C 00 06 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 53 00 65 00 74 00 75 00 70 00 00 00 9A 00 3B 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 02 00 00 00 00 00 00 00 01 00 00 00 4C 00 00 00 3C FD 06 00 05 00 00 00 00 00 00 00 65 05 00 00 02 00 00 00 00 00 00 00 00 00 00 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 33 00 00 00 24 00 [binary data over 200 bytes]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll\\ApplicationGoo: 14 02 00 00 10 02 00 00 00 02 00 00 04 03 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 1C 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 3F 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 02 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 40 02 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 62 00 30 00 00 00 44 00 12 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 43 00 6F 00 72 00 65 00 6C 00 20 00 43 00 6F 00 72 00 70 00 6F 00 72 00 61 00 74 00 69 00 6F 00 6E 00 00 00 4E 00 13 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 43 00 6F 00 72 00 65 00 6C 00 20 00 53 00 65 00 74 00 75 00 70 00 20 00 57 00 69 00 7A 00 61 00 72 00 64 00 00 00 00 00 2C 00 06 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 38 00 2E 00 30 00 32 00 38 00 00 00 46 00 13 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 43 00 6F 00 72 00 65 00 6C 00 20 00 53 00 65 00 74 00 75 00 70 00 20 00 57 00 69 00 7A 00 61 00 72 00 64 00 00 00 00 00 6C 00 24 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 A9 00 20 00 31 00 39 00 39 00 37 00 2C 00 20 00 43 00 6F 00 72 00 65 00 6C 00 20 00 43 00 6F 00 72 00 70 00 6F 00 72 00 08 00 00 00 00 00 00 00 [binary data over 200 bytes]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe\\ApplicationGoo: 14 02 00 00 10 02 00 00 00 02 00 00 38 03 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 02 00 0A 00 01 00 0A 00 02 00 0A 00 01 00 0A 00 00 00 00 00 00 00 00 00 04 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 02 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 74 02 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 45 00 34 00 00 00 4A 00 15 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 53 00 79 00 6D 00 61 00 6E 00 74 00 65 00 63 00 20 00 43 00 6F 00 72 00 70 00 6F 00 72 00 61 00 74 00 69 00 6F 00 6E 00 00 00 00 00 60 00 1C 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 53 00 79 00 6D 00 61 00 6E 00 74 00 65 00 63 00 20 00 53 00 79 00 6D 00 65 00 76 00 65 00 6E 00 74 00 20 00 49 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 65 00 72 00 00 00 34 00 0A 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 31 00 30 00 2E 00 32 00 2E 00 31 00 30 00 2E 00 31 00 00 00 30 00 08 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 53 00 45 00 56 00 49 00 4E 00 53 00 54 00 00 00 7E 00 2D 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 28 00 43 00 29 00 20 00 53 00 79 00 6D 00 61 00 6E 00 74 00 65 00 63 00 20 00 43 00 6F 00 72 00 01 00 00 00 00 00 00 00 [binary data over 200 bytes]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE\\DisableHeapLookAside: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE\\DisableHeapLookAside: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll\\CheckAppHelp: 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE\\ApplicationGoo: 14 02 00 00 10 02 00 00 00 02 00 00 7C 03 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 00 00 01 00 09 00 26 00 00 00 01 00 09 00 26 00 3F 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 DC 02 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 B8 02 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 62 00 30 00 00 00 66 00 27 00 01 00 43 00 6F 00 6D 00 6D 00 65 00 6E 00 74 00 73 00 00 00 42 00 75 00 73 00 69 00 6E 00 65 00 73 00 73 00 20 00 49 00 6E 00 74 00 65 00 6C 00 6C 00 69 00 67 00 65 00 6E 00 63 00 65 00 20 00 6F 00 6E 00 20 00 45 00 76 00 65 00 72 00 79 00 20 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 00 00 00 00 00 48 00 14 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 43 00 6F 00 67 00 6E 00 6F 00 73 00 20 00 49 00 6E 00 63 00 6F 00 72 00 70 00 6F 00 72 00 61 00 74 00 65 00 64 00 00 00 60 00 1C 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 43 00 6F 00 67 00 6E 00 6F 00 73 00 20 00 47 00 65 00 6E 00 65 00 72 00 69 00 63 00 20 00 49 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 61 00 74 00 69 00 6F 00 6E 00 00 00 38 00 0C 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 31 00 2C 00 20 00 30 00 2C 00 20 00 33 00 38 00 2C 00 20 00 39 00 00 00 30 00 08 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 01 00 00 00 00 00 00 00 [binary data over 200 bytes]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path\\Debugger: ntsd -d [2005/02/04 09:01:22 | 000,031,744 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path\\GlobalFlag: 0x000010F0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE\\ApplicationGoo: 14 02 00 00 10 02 00 00 00 02 00 00 A4 02 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 00 00 01 00 01 00 00 00 00 00 01 00 01 00 00 00 3F 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 02 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 E0 01 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 45 00 34 00 00 00 20 00 00 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 58 00 18 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 49 00 4E 00 53 00 54 00 41 00 4C 00 4C 00 20 00 4D 00 46 00 43 00 20 00 41 00 70 00 70 00 6C 00 69 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 00 30 00 08 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 31 00 2E 00 30 00 2E 00 30 00 30 00 31 00 00 00 30 00 08 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 49 00 4E 00 53 00 54 00 41 00 4C 00 4C 00 00 00 24 00 00 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 28 00 00 00 01 00 4C 00 65 00 67 00 61 00 6C 00 54 00 72 00 61 00 64 00 65 00 6D 00 61 00 72 00 6B 00 73 00 00 00 00 00 40 00 0C 00 01 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 49 00 4E 00 53 00 54 00 41 00 4C 00 4C 00 2E 00 45 00 58 00 45 00 00 00 30 00 08 00 08 00 00 00 00 00 00 00 [binary data over 200 bytes]

< %systemroot%\*. /mp /s >

< End of report >

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×