spaceclick Posted December 24, 2012 ID:626724 Share Posted December 24, 2012 Hi,I was recently infected with this virus. I tried to go in to regular Safe Mode but the "Blocked" screen pops up even there.I was able to successfully enter "Safe Mode Command prompt" and install mbam but I was unable to update the virus definitions because there is no network connectivity in this Safe Mode.I've tried to delete this file, but I keep getting permission denied:c:\documents and settings\administrator\wgsdgsdgdsgsd.dllThis is the first virus I have gotten that I was unable to resolve on my own by searching the web, so I was hoping someone could help me out.This computer is running Windows XP.I am including the dds.txt and attach.txt files (dss.scr was run while in Safe Mode-Command prompt).Thanks!DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMALInternet Explorer: 6.0.2900.2180 BrowserJavaVersion: 10.9.2Run by Administrator at 17:54:17 on 2012-12-24.============== Running Processes ================.C:\WINDOWS\system32\svchost.exe -k netsvcs.============== Pseudo HJT Report ===============.uStart Page = about:blankuSearch Page = hxxp://www.google.commDefault_Page_URL = about:blankuInternet Connection Wizard,ShellNext = hxxp://www.cio.att.com/uProxyOverride = <local>uSearchURL,(Default) = hxxp://www.google.com/keyword/%smSearchAssistant = hxxp://www.google.com/ieBHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Virtual Account Numbers Helper: {17424104-1444-4810-85D7-B4DA413C5A9A} - c:\program files\virtual account numbers\CitiVANHelper.dllBHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllTB: Virtual Account Numbers: {7A21A046-B886-4A62-9D69-EF2059B0A27B} - c:\program files\virtual account numbers\CitiVANToolbar.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [H/PC Connection Agent] "c:\program files\addon\activesync\wcescomm.exe"mRun: [ATIModeChange] Ati2mdxx.exemRun: [ACU] "c:\program files\addon\atheros\ACU.exe" -noguimRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -kmRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentmRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /noguimRun: [Citi Virtual Account Numbers] c:\progra~1\virtua~1\CitiVAN.exe /lang=en_RG /dontopenmycardsmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"uPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoWindowsUpdate = dword:0mPolicies-Explorer: NoCDBurning = dword:1mPolicies-Explorer: NoWindowsUpdate = dword:1mPolicies-System: dontdisplaylastusername = dword:1mPolicies-Windows\System: DisableGPO = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoWindowsUpdate = dword:1IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cabTCP: NameServer = 192.168.11.1TCP: Interfaces\{8493BC2F-CAF9-4B2F-B970-A43B6D81949A} : DHCPNameServer = 192.168.11.1Notify: IfxWlxEN - IfxWlxEN.dllNotify: PSDNtfy - c:\program files\protecttools\embedded security software\PSDNtfy.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\bhm4hmsd.default\FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npActiveGS.dllFF - plugin: c:\program files\mozilla firefox\plugins\npmercoraPlugin.dllFF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dllFF - plugin: c:\windows\system32\npDeployJava1.dllFF - plugin: c:\windows\system32\npptools.dllFF - ExtSQL: 2012-11-27 16:16; citius@orbiscom; c:\program files\Virtual Account Numbers.============= SERVICES / DRIVERS ===============.R? aswFsBlk;aswFsBlkR? aswSnx;aswSnxR? aswSP;aswSPR? avast! Antivirus;avast! AntivirusR? CCDevice;CCDeviceR? CdpPacket;Cisco Discovery Protocol Packet DriverR? ClntMgmt;HP Client Management DriverR? Eacfilt;Eacfilt MiniportR? ExtranetAccess;Contivity VPN ServiceR? gupdate1ca446dd09092a0;Google Update Service (gupdate1ca446dd09092a0)R? IPSECEXT;Nortel Extranet Access ProtocolR? MBAMProtector;MBAMProtectorR? MBAMScheduler;MBAMSchedulerR? MBAMService;MBAMServiceR? McAfeeFramework;McAfee Framework ServiceR? McShield;Network Associates McShieldR? McTaskManager;Network Associates Task ManagerR? NaiAvFilter1;NaiAvFilter1R? NaiAvTdi1;NaiAvTdi1R? SbieDrv;SbieDrvR? Svc_DrInstal;Doctor InstallR? Synergy;SynergyR? vsdatant;vsdatantR? WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter ServiceS? CONAN;CONANS? IFXTPM;IFXTPMS? MbxStby;MbxStbyS? PersonalSecureDrive;PersonalSecureDrive.=============== File Associations ===============.FileExt: .scr: scrfile="%1" %*FileExt: .reg: regfile=regedit.exe "%1" %*.=============== Created Last 30 ================.2012-12-24 09:13:10 200568 ----a-w- c:\documents and settings\administrator\wgsdgsdgdsgsd.dll2012-12-17 18:57:18 -------- d-----w- c:\documents and settings\administrator\application data\pokerth2012-12-04 07:36:50 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Sun2012-11-27 21:38:08 821736 ----a-w- c:\windows\system32\npDeployJava1.dll2012-11-27 21:38:08 746984 ----a-w- c:\windows\system32\deployJava1.dll2012-11-27 21:38:08 143872 ----a-w- c:\windows\system32\javacpl.cpl2012-11-27 21:37:43 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2012-11-27 21:16:30 -------- d-----w- c:\program files\Virtual Account Numbers2012-11-27 21:16:28 145920 ----a-w- c:\windows\system32\OBroker.exe.==================== Find3M ====================.2012-11-27 21:18:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-11-27 21:18:25 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys.============= FINISH: 17:56:08.21 ===============</local>attach.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 25, 2012 ID:626787 Share Posted December 25, 2012 Hello spaceclick and welcome to MalwareBytes forums.Please do not use the "attach" feature when posting logs. Always Copy all & Paste directly into the reply box.Use separate replies as needed.See Grinler's article herehttp://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomwareSee the section titled Automated Removal InstructionsFollow his instructions to get into Safe Mode with Networkingand do the rest of the steps listed after that (including the tool from from EmsisoftReport back with the results. Link to post Share on other sites More sharing options...
spaceclick Posted December 25, 2012 Author ID:626809 Share Posted December 25, 2012 Hi, thanks for your reply.As I stated in my initial posting, I can not go in to "Safe Mode with Networking" without the "FBI" screen poping up after I log in, preventing me from doing anything else. So I am unable to follow those instructions because it is impossible to "Start Internet Explorer" and download anything once that screen takes over my computer.As indicated, the only "Safe Mode" that I can get in to without the "FBI" screen popping up is "Safe Mode with Command Prompt".Thanks again! Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 25, 2012 ID:626812 Share Posted December 25, 2012 You will need to use another system, and a blank CD, to create a XP boot CD. Or you may use the Windows XP operating CD (if you have it) and boot into the Recovery Console.Please download ARCDC from Artellos.com.Double click ARCDC.exeFollow the dialog until you see 6 options. Please pick: Windows Professional SP2 & SP3You will be prompted with a Terms of Use by Microsoft, please accept.You will see a few dos screens flash by, this is normal.Next you will be able to choose to add extra files. Select the Default Files.The last window will allow you to burn the disk using BurnCDCCYour ISO is located on your desktop.Set your pc's BIOS boot option-sequence to boot from CD-drive first.Place CD in the drive.Power up the system and boot from it.when at the command prompt, navigate to c:\documents and settings\administrator\wgsdgsdgdsgsd.dlland then delete that dll Link to post Share on other sites More sharing options...
spaceclick Posted December 26, 2012 Author ID:626908 Share Posted December 26, 2012 When my PC boots up, it gives the option to start Windows XP or to start the Recovery Console. If I choose Recovery Console, it just seems to hang there indefinately.So I put in my Win XP OS CD and booted from that and selected "R" for recovery console. Then selected "1. C"\Windows" for the windows.I tried the following 3 things, and all produced the same response "Access is denied.":c:\> cd "Documents and Settings"c:\> cd "Documents and Settings\Administrator"c:\> del "Documents and Settings\Administrator\wgsdgsdgdsgsd.dll"Do I have to change permissions or something?Thanks! Link to post Share on other sites More sharing options...
spaceclick Posted December 26, 2012 Author ID:626910 Share Posted December 26, 2012 OK, well, since this is an old system running Winn XP, (my main system now runs Win7) I had totally forgotten that I had a copy of ERD Comander. So I booted that and was able to successfully rename that dll file and now the system boots up without the "Blocked" pop-up. It did pop up an error about not being able to run that renamed dll :-)Anyway, is there anything else I should do to completely clean this machine? I am updating MBAM and running it now... Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 26, 2012 ID:626978 Share Posted December 26, 2012 (edited) Yes.... Copy and Paste the contents of the last MBAM scan log.Make sure the system is running Windows in normal mode, so that we can see everything that is active.Step 11. Go >> Here << and download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup (the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked 6. Press OK7. Press YES to create the folder.Step 2Set Windows to show all files and all folders. On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed. "CHECK" (turn on) Display the contents of system folders. Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders. Next, un-check Hide extensions for known file types. Next un-check Hide protected operating system files. Step 3Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Step 4Download Security Check by screen317 and save it to your Desktop: here or hereRun Security Check Follow the onscreen instructions inside of the command window.A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!Step 5Close all open browsers at this point.Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallStart Internet ExplorerUsing Internet Explorer browser only, go to BitDefender Quickscan website:http://quickscan.bitdefender.comand click "Start Scan".Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.If prompted, reply yes to allow it to run.Press the Allow button and follow prompts.Press the "Start Scan" once more.You'll see the EULA in a pop-up window. Click the I accept & then the OK buttonNote: The FAQ is here --> http://quickscan.bitdefender.com/faq/and that QuickScan has no removal capability.The site boasts a 60-second scan. Do have patience as it likely will take longer.It may seem to stall at moments, but have patience; it will move on.You'll see a progress bar at top right of window.Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.The log report will show in your text editor. Save the log.Do a Select ALL, Copy. Then paste contents into your next reply.Step 6 Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or >> from here << Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.For Windows XP, double-click to start. Wait until Prescan has finished ... Click on Scan. Click on Report and copy/paste the content of the notepad into your next reply.Step 7See Grinler's article herehttp://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomwareSee the section titled Automated Removal InstructionsFollow his instructions to get into Safe Mode with Networkingand do the rest of the steps listed after that (including the tool from from EmsisoftStep 8When all done, make sure to restart Windows in normal mode.ANDRE-Enable your antivirus program.Report back with the results.Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log + Emsisoft-tool-log.Use separate replies as needed if logs do not fit into one reply box.</will> Edited December 26, 2012 by Maurice Naggar Link to post Share on other sites More sharing options...
spaceclick Posted December 27, 2012 Author ID:627148 Share Posted December 27, 2012 OK, so I think I got rid of the "Blocked" malware, but now I have another problem. After I reboot, then log in, I get the normal desktop, but then Explorer hangs (there are no icons in the system tray). I can click on and start program icons on the desktop, but if I move the pointer to the task bar it just turns in to an hourglass and I can not do anything. Also if I start other programs (such as Firefox) it works OK until I need to download something, and then it also hangs. If I start up any file explorer windows, they also hang.I did leave the computer running overnight (running the boot version of AVAST) and when I cam back to it thi morning, it was on the login screen and I was able to log in and Explorer was NOT hung. I am guessing that whatever causes it to hang had timed out or something by then, I am not sure why it worked that one time, but that seems to suggest that whatever is causing the hang is a program that starts before you log in.When I reboot, Explorere hangs again. Also when I shutown the computer, it tells me it can not kill several programs (my wireless card's app, Explorer, etc.) and I have to tell it to force it to exit. Then somethimes it will reboot, but other times it just sits at the "Windows is shutting down..." screen indefinately.Anyway, I ran MBAM first and it removed three things (all were, I believe, part of the "Blocked" malware.) I also ran the other things you suggested, I have included the logs below...Malwarebytes Anti-Malware (Trial) 1.65.1.1000www.malwarebytes.orgDatabase version: v2012.12.26.03Windows XP Service Pack 2 x86 NTFSInternet Explorer 6.0.2900.2180Administrator :: njpds01sc1649 [administrator]Protection: Enabled12/25/2012 11:21:49 PMmbam-log-2012-12-25 (23-21-49).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 219799Time elapsed: 8 minute(s), 11 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 3C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.bad (Trojan.FakeMS) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
spaceclick Posted December 27, 2012 Author ID:627149 Share Posted December 27, 2012 Logfile of random's system information tool 1.09 (written by random/random)Run by Administrator at 2012-12-26 17:19:42WIN_XP Service Pack 2System drive C: has 18 GB (47%) free of 38 GBTotal RAM: 511 MB (43% free)Logfile of Trend Micro HijackThis v2.0.4Scan saved at 5:24:47 PM, on 12/26/2012Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\Program Files\Java\jre7\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\Program Files\Synergy\synergyd.exec:\WINDOWS\system32\IFXSPMGT.exeC:\WINDOWS\Explorer.EXEc:\WINDOWS\system32\IFXTCS.exeC:\Program Files\addon\Atheros\ACU.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\AVAST Software\Avast\avastUI.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\addon\Activesync\wcescomm.exeC:\PROGRA~1\addon\ACTIVE~1\rapimgr.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Synergy\synergys.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\data\downloads\RSIT.exeC:\Program Files\trend micro\Administrator.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cio.att.com/O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllO4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exeO4 - HKLM\..\Run: [ACU] "C:\Program Files\addon\Atheros\ACU.exe" -noguiO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguiO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\addon\Activesync\wcescomm.exe"O4 - HKUS\S-1-5-21-1236889176-1945323513-1091443541-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')O4 - HKUS\S-1-5-21-1236889176-1945323513-1091443541-500\..\Run: [H/PC Connection Agent] "C:\Program Files\addon\Activesync\wcescomm.exe" (User '?')O4 - .DEFAULT User Startup: ropu.bat (User 'Default user')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO14 - IERESET.INF: START_PAGE_URL=about:blankO16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cabO16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - http://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO20 - Winlogon Notify: PSDNtfy - c:\Program Files\ProtectTools\Embedded Security Software\PSDNtfy.dllO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exeO23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\system32\schdsrvc.exeO23 - Service: Insight Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exeO23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exeO23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\IFXSPMGT.exeO23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\IFXTCS.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXEO23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Guardeonic Solutions AG - c:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXEO23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\addon\Sandboxie\SbieSvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: Synergy - Unknown owner - C:\Program Files\Synergy\synergyd.exe--End of file - 6033 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\Adobe Flash Player Updater.jobC:\WINDOWS\tasks\avast! Emergency Update.jobC:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.jobC:\WINDOWS\tasks\GoogleUpdateTaskUser.jobC:\WINDOWS\tasks\OGALogon.job=========Mozilla firefox=========ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.defaultprefs.js - "extensions.enabledItems" - "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8, {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.51, {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2, check4change-owner@mozdev.org:1.8.6, {00084897-021a-4361-8423-083407a033e0}:1.4, exif_viewer@mozilla.doslash.org:1.60, {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.5, {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:2.0.1, {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2.7, {289F3A4A-F3FF-4173-B994-DBC887E9C468}:0.3.5, redirectcleaner@example.net:1.3.0, {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6, {54BB9F3F-07E5-486c-9B39-C7398B99391C}:4.0.2011021601, {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3, {37fa1426-b82d-11db-8314-0800200c9a66}:2.7.10, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18""{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]"Description"=Adobe® Flash® Player 11.3.300.262 Plugin"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]"Description"=Adobe Shockwave Player"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]"Description"=DivX Web Player"Path"=C:\Program Files\DivX\DivX Web Player\npdivx32.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0]"Description"=DivX® Content Upload Plugin"Path"=C:\Program Files\DivX\DivX Content Uploader\npUpload.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@freetoolsassociation.com/ActiveGS]"Description"=ActiveGS"Path"=undefinednpActiveGS.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]"Description"=Java™ Deployment Toolkit"Path"=C:\WINDOWS\system32\npDeployJava1.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]"Description"=Oracle® Next Generation Java™ Plug-In"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]"Description"=Ag Player Plugin"Path"=C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]"Description"=Windows Presentation Foundation plug-in for Mozilla browsers"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=8]"Description"=Google Update"Path"=C:\Program Files\Google\Update\1.2.183.7\npGoogleOneClick8.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=0.8.6d]"Description"=VLC Multimedia Plugin"Path"=C:\data\apps\DVArchive\VLC\npvlc.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.3]"Description"=VLC Multimedia Plugin"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dllC:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}C:\Program Files\Mozilla Firefox\components\binary.manifestbrowsercomps.dllnsAxSecurityPolicy.jsnsILegitCheckPlugin.xptnsImercoraPlugin.xptC:\Program Files\Mozilla Firefox\plugins\MercoraAxPlayer.msinp32dsw.dllnpActiveGS.dllnpActiveGS.xptnpLegitCheckPlugin.dllnpmercoraPlugin.dllNPOFFICE.DLLnppdf32.dllnpunagi2.dllnpunagi2.xptShockwavePlugin.classC:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xmlanswers.xmlbing.xmlcreativecommons.xmleBay.xmlgoogle.xmltwitter.xmlwikipedia.xmlyahoo.xmlC:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\stagedtwitternotifier@naan.net{54BB9F3F-07E5-486c-9B39-C7398B99391C}{e968fc70-8f95-4ab9-9e79-304de2a71ee1}{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-11-27 449512][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-11-27 155384][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]"ACU"=C:\Program Files\addon\Atheros\ACU.exe [2006-08-07 336014]"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2005-02-04 15360]"H/PC Connection Agent"=C:\Program Files\addon\Activesync\wcescomm.exe [2006-11-13 1289000][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AeXAgentLogon]C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe [2006-09-14 139264][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]C:\WINDOWS\AGRSMMSG.exe [2003-08-14 88363][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-11-25 335872][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkAdmin]C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE [2003-12-03 81920][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2008-05-23 1011712][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Doctor Install]C:\Program Files\Doctor Install\InstallMgr.exe [2002-04-10 761856][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-11 133104][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]C:\Program Files\addon\Activesync\wcescomm.exe [2006-11-13 1289000][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IfxSecurePlatformIndication]c:\Program Files\ProtectTools\Embedded Security Software\SpTNA.exe [2003-10-17 73789][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]C:\Program Files\ltmoh\Ltmoh.exe [2003-08-14 184320][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]C:\Program Files\Network Associates\Common Framework\udaterui.exe [2008-11-10 136512][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe [2003-10-07 147514][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDruntime]c:\Program Files\ProtectTools\Embedded Security Software\PSDrt.EXE [2003-09-02 82344][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Push Client]C:\Documents and Settings\Administrator\Local Settings\Application Data\ATT Connect\Participant\pull.exe [2010-06-03 965872][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]c:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe [2004-09-25 1691648][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\start dr install service]c:\winnt [2003-07-30 121935][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe [2007-09-25 75256][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-07-15 618496][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-07-15 110592][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\X1FileMonitor.exe]C:\Program Files\X1\X1FileMonitor.exe [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^HotSync Manager.lnk]C:\PROGRA~1\HANDSP~1\HOTSYNC.EXE [2002-05-22 299008][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^X1 System Tray.lnk] [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2008-10-15 39792][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-10 738968][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Global Network Client (Set auto-proxy).lnk]C:\WINDOWS\Installer\{47BEA355-26AB-40EA-8984-72E83BFD9A8C}\Icon47BEA3551.ico [2005-09-23 29184][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Global Network Client Monitor.lnk]C:\WINDOWS\Installer\{47BEA355-26AB-40EA-8984-72E83BFD9A8C}\Icon4A6622C72.exe [2005-09-23 29184][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IfxWlxEN]C:\WINDOWS\system32\IfxWlxEN.dll [2003-10-17 352320][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PSDNtfy]c:\Program Files\ProtectTools\Embedded Security Software\PSDNtfy.dll [2003-09-02 49576][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2005-02-04 239616]WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=1"legalnoticecaption"="legalnoticetext"="undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=145"NoWindowsUpdate"=0"NoDriveAutoRun"=0x08000000[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoWindowsUpdate"=1"HonorAutoRunSetting"=1[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:@xpsp2res.dll,-22019""C:\Program Files\Nortel Networks\Extranet.exe"="C:\Program Files\Nortel Networks\Extranet.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:AT&T Extranet Access Client""%windir%\system32\MMC.exe"="%windir%\system32\MMC.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Microsoft Management Console (Computer Management)""C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Microsoft NetMeeting""C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:NAI McAfee VirusScan Common Framework Service""C:\Program Files\Altiris\Carbon Copy\SHELLKER.EXE"="C:\Program Files\Altiris\Carbon Copy\SHELLKER.EXE:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Carbon Copy""C:\Program Files\Altiris\Altiris Agent\PC Transplant\PCTWiz.exe"="C:\Program Files\Altiris\Altiris Agent\PC Transplant\PCTWiz.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris PC Transplant Wizard""C:\Program Files\Altiris\Altiris Agent\PC Transplant\PCTRTDestAgent.exe"="C:\Program Files\Altiris\Altiris Agent\PC Transplant\PCTRTDestAgent.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris PC Transplant Agent""C:\Program Files\AT&T Global Network Client\NetClient.exe"="C:\Program Files\AT&T Global Network Client\NetClient.exe:10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,135.0.0.0/255.0.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:Enabled:AT&T Global Network Client""C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_10\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary""C:\Program Files\addon\Activesync\rapimgr.exe"="C:\Program Files\addon\Activesync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager""C:\Program Files\addon\Activesync\wcescomm.exe"="C:\Program Files\addon\Activesync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager""C:\Program Files\addon\Activesync\WCESMgr.exe"="C:\Program Files\addon\Activesync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application""C:\Documents and Settings\Administrator\Application Data\SBC\Q Team Link Messenger\Runtime\QTeamLinkMessenger.exe"="C:\Documents and Settings\Administrator\Application Data\SBC\Q Team Link Messenger\Runtime\QTeamLinkMessenger.exe:*:Enabled:QTeamLinkMessenger""C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer""C:\Program Files\Joost\xulrunner\tvprunner.exe"="C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner""C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox""C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1""C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)""C:\Program Files\addon\Veoh\VeohClient.exe"="C:\Program Files\addon\Veoh\VeohClient.exe:*:Disabled:Veoh Client""C:\Program Files\addon\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\addon\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger""C:\Program Files\addon\Yahoo!\Messenger\YServer.exe"="C:\Program Files\addon\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server""C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program""C:\Program Files\Cisco Systems\Cisco IP Communicator\AudioTuningWizard.exe"="C:\Program Files\Cisco Systems\Cisco IP Communicator\AudioTuningWizard.exe:*:Enabled:AudioTuningWizard""C:\Program Files\Cisco Systems\Cisco IP Communicator\communicatork9.exe"="C:\Program Files\Cisco Systems\Cisco IP Communicator\communicatork9.exe:*:Enabled:Cisco IP Communicator""C:\Program Files\Java\jre1.5.0_13\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_13\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary""C:\Program Files\Brother\Brmfl05a\FAXRX.exe"="C:\Program Files\Brother\Brmfl05a\FAXRX.exe:*:Enabled:PC-FAX Receive""C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test""C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App""C:\Program Files\SightSpeed\SightSpeed.exe"="C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed""C:\Program Files\WebEx\Connect\wbxcOIEx.exe"="C:\Program Files\WebEx\Connect\wbxcOIEx.exe:*:Enabled:wbxcOIEx""C:\Program Files\WebEx\Connect\connect.exe"="C:\Program Files\WebEx\Connect\connect.exe:*:Enabled:WebEx Connect""C:\WiRNS\WiRNS.exe"="C:\WiRNS\WiRNS.exe:*:Enabled:WiRNS""C:\Program Files\Synergy\synergys.exe"="C:\Program Files\Synergy\synergys.exe:*:Enabled:Synergy"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:@xpsp2res.dll,-22019""C:\Program Files\Nortel Networks\Extranet.exe"="C:\Program Files\Nortel Networks\Extranet.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:AT&T Extranet Access Client""%windir%\system32\MMC.exe"="%windir%\system32\MMC.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Microsoft Management Console (Computer Management)""C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Microsoft NetMeeting""C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:NAI McAfee VirusScan Common Framework Service""C:\Program Files\Altiris\Carbon Copy\SHELLKER.EXE"="C:\Program Files\Altiris\Carbon Copy\SHELLKER.EXE:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Carbon Copy""C:\Program Files\Altiris\Altiris Agent\PC Transplant\PCTWiz.exe"="C:\Program Files\Altiris\Altiris Agent\PC Transplant\PCTWiz.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris PC Transplant Wizard""C:\Program Files\Altiris\Altiris Agent\PC Transplant\PCTRTDestAgent.exe"="C:\Program Files\Altiris\Altiris Agent\PC Transplant\PCTRTDestAgent.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris PC Transplant Agent""C:\Program Files\AT&T Global Network Client\NetClient.exe"="C:\Program Files\AT&T Global Network Client\NetClient.exe:10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,135.0.0.0/255.0.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:Enabled:AT&T Global Network Client""C:\Program Files\addon\Activesync\rapimgr.exe"="C:\Program Files\addon\Activesync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager""C:\Program Files\addon\Activesync\wcescomm.exe"="C:\Program Files\addon\Activesync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager""C:\Program Files\addon\Activesync\WCESMgr.exe"="C:\Program Files\addon\Activesync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application""C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1""C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)""C:\Program Files\WebEx\Connect\connect.exe"="C:\Program Files\WebEx\Connect\connect.exe:*:Enabled:WebEx Connect""C:\Program Files\WebEx\Connect\wbxcOIEx.exe"="C:\Program Files\WebEx\Connect\wbxcOIEx.exe:*:Enabled:wbxcOIEx"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]"midimapper"=midimap.dll"msacm.imaadpcm"=imaadp32.acm"msacm.msadpcm"=msadp32.acm"msacm.msg711"=msg711.acm"msacm.msgsm610"=msgsm32.acm"msacm.trspch"=tssoft32.acm"vidc.cvid"=iccvid.dll"vidc.I420"=msh263.drv"vidc.iv31"=ir32_32.dll"vidc.iv32"=ir32_32.dll"vidc.iv41"=ir41_32.ax"vidc.iyuv"=iyuv_32.dll"vidc.mrle"=msrle32.dll"vidc.msvc"=msvidc32.dll"vidc.uyvy"=msyuv.dll"vidc.yuy2"=msyuv.dll"vidc.yvu9"=tsbyuv.dll"vidc.yvyu"=msyuv.dll"wavemapper"=msacm32.drv"msacm.msg723"=msg723.acm"vidc.M263"=msh263.drv"vidc.M261"=msh261.drv"msacm.msaudio1"=msaud32.acm"msacm.sl_anet"=sl_anet.acm"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax"vidc.iv50"=ir50_32.dll"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm"wave"=wdmaud.drv"midi"=wdmaud.drv"mixer"=wdmaud.drv"wave1"=wdmaud.drv"midi1"=wdmaud.drv"mixer1"=wdmaud.drv"aux"=wdmaud.drv"wave2"=wdmaud.drv"midi2"=wdmaud.drv"mixer2"=wdmaud.drv"aux1"=wdmaud.drv"wave3"=wdmaud.drv"midi3"=wdmaud.drv"mixer3"=wdmaud.drv"aux2"=wdmaud.drv======File associations======.reg - open - regedit.exe "%1" %*.scr - open - "%1" %*======List of files/folders created in the last 1 month======2012-12-26 17:20:37 ----D---- C:\Program Files\trend micro2012-12-26 17:19:42 ----D---- C:\rsit2012-12-26 17:16:26 ----D---- C:\WINDOWS\ERDNT2012-12-26 17:15:26 ----D---- C:\Program Files\ERUNT2012-12-25 23:05:57 ----ASH---- C:\pagefile.sys2012-12-24 04:24:34 ----A---- C:\WINDOWS\ntbtlog.txt2012-12-24 04:15:16 ----A---- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js2012-12-17 13:57:18 ----D---- C:\Documents and Settings\Administrator\Application Data\pokerth2012-12-01 06:28:23 ----D---- C:\Program Files\Mozilla Firefox2012-11-27 16:38:19 ----D---- C:\Documents and Settings\All Users\Application Data\Sun2012-11-27 16:38:08 ----A---- C:\WINDOWS\system32\npDeployJava1.dll2012-11-27 16:38:08 ----A---- C:\WINDOWS\system32\javaws.exe2012-11-27 16:38:08 ----A---- C:\WINDOWS\system32\deployJava1.dll2012-11-27 16:37:43 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll2012-11-27 16:37:42 ----A---- C:\WINDOWS\system32\javaw.exe2012-11-27 16:37:42 ----A---- C:\WINDOWS\system32\java.exe2012-11-27 16:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee======List of files/folders modified in the last 1 month======2012-12-26 17:20:37 ----RD---- C:\Program Files2012-12-26 17:17:31 ----D---- C:\WINDOWS\Temp2012-12-26 17:16:26 ----D---- C:\WINDOWS2012-12-26 09:48:49 ----D---- C:\WINDOWS\system32\CatRoot22012-12-26 00:32:02 ----D---- C:\Program Files\addon2012-12-26 00:30:33 ----D---- C:\WINDOWS\system322012-12-26 00:29:46 ----D---- C:\WINDOWS\system32\drivers2012-12-26 00:18:12 ----SHD---- C:\WINDOWS\CSC2012-12-25 23:46:49 ----D---- C:\WINDOWS\Sun2012-12-25 23:06:02 ----SHD---- C:\System Volume Information2012-12-24 17:35:57 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$2012-12-11 02:48:19 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc2012-12-02 06:05:57 ----D---- C:\Program Files\Mozilla Maintenance Service2012-11-27 16:38:18 ----SHD---- C:\WINDOWS\Installer2012-11-27 16:38:18 ----SHD---- C:\Config.Msi2012-11-27 16:37:06 ----D---- C:\Program Files\Java2012-11-27 16:18:38 ----SD---- C:\WINDOWS\Downloaded Program Files2012-11-27 16:18:25 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe2012-11-27 16:16:42 ----D---- C:\WINDOWS\WinSxS2012-11-27 16:16:28 ----HD---- C:\Program Files\InstallShield Installation Information======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]R0 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-10-30 25256]R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-10-30 35928]R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-10-30 738504]R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-10-30 361032]R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-10-30 54232]R1 CCDevice;CCDevice; C:\WINDOWS\system32\drivers\CCDevice.sys [2005-03-23 9216]R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2004-09-25 44288]R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2004-09-25 24832]R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2004-09-25 289792]R1 ClntMgmt;HP Client Management Driver; C:\WINDOWS\System32\Drivers\ClntMgmt.sys [2003-10-29 59044]R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2004-09-25 141184]R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2005-02-04 36096]R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2005-01-14 58464]R1 PersonalSecureDrive;PersonalSecureDrive; C:\WINDOWS\System32\drivers\psd.sys [2003-09-02 33848]R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2004-09-25 117632]R1 UDFReadr;UDFReadr; C:\WINDOWS\system32\drivers\UDFReadr.sys [2004-09-25 200832]R1 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-04-10 21275]R2 agnwifi;AT&T Wi-Fi Support Driver; C:\WINDOWS\system32\DRIVERS\agnwifi.sys [2005-02-09 19328]R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-10-30 21256]R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-10-30 97608]R2 CdpPacket;Cisco Discovery Protocol Packet Driver; C:\WINDOWS\system32\DRIVERS\CdpPacket.sys [2007-09-06 35692]R2 cpqdfw;Diagnostics Driver; \??\C:\WINDOWS\system32\drivers\cpqdfw.sys []R2 cq_mem;Diagnostics Memory Driver; \??\C:\WINDOWS\system32\drivers\cq_mem.sys []R2 cqcpu;Diagnostics CPU Driver; \??\C:\WINDOWS\system32\drivers\cqcpu.sys []R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]R3 ABVPN2K;AGN VPN Client Miniport Interface; C:\WINDOWS\system32\DRIVERS\abvpn2k.sys [2004-12-21 164480]R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-10-23 100384]R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-08-14 1196352]R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-07-17 494080]R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2003-12-02 641536]R3 avpnnic;AGN Virtual Network Adapter; C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2003-04-04 13952]R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2003-02-17 170880]R3 CONAN;CONAN; C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-28 182101]R3 Eacfilt;Eacfilt Miniport; C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2004-04-16 9817]R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2003-10-17 32640]R3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-04-16 117760]R3 MbxStby;MbxStby; C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 5689]R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2004-09-25 23808]R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-10-30 593408]R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2003-07-15 270384]R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2005-02-04 20480]S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]S2 IPSECEXT;Nortel Extranet Access Protocol; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-04-16 117760]S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2004-09-25 23936]S3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []S3 HidBth;Microsoft Bluetooth HID Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2004-08-03 25600]S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]S3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-01-14 108480]S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\data\apps\NETSTU~1\NSNDIS5.SYS []S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2002-05-22 15326]S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]S3 SbieDrv;SbieDrv; \??\C:\Program Files\addon\Sandboxie\SbieDrv.sys []S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]S3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-07-17 494080]S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2006-03-25 278613]R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2005-02-04 14336]R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2012-11-27 161768]R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]R2 Synergy;Synergy; C:\Program Files\Synergy\synergyd.exe [2012-07-30 318536]R3 IFXSpMgtSrv;Security Platform Management Service; c:\WINDOWS\system32\IFXSPMGT.exe [2003-10-17 122947]R3 IFXTCS;Trusted Platform Core Service; c:\WINDOWS\system32\IFXTCS.exe [2003-10-17 364606]S2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2005-02-04 14336]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-27 250808]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]S3 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2003-12-02 385024]S3 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2004-06-13 57344]S3 CarbonCopyScheduler;Carbon Copy Scheduler; C:\WINDOWS\system32\schdsrvc.exe [2005-03-23 274432]S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]S3 CPQALERT;Insight Local Alerter; C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe [2003-12-03 512000]S3 ExtranetAccess;Contivity VPN Service; C:\Program Files\Nortel Networks\Extranet_serv.exe [2004-04-16 643072]S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-12-01 115168]S3 NetCfgSvr;Network Configuration Service; C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE [2005-02-15 118784]S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]S3 PersonalSecureDriveService;Personal Secure Drive Service; c:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE [2003-09-02 106920]S3 SbieSvc;Sandboxie Service; C:\Program Files\addon\Sandboxie\SbieSvc.exe [2012-06-17 75536]S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2005-02-04 14336]S4 AeXNSClient;Altiris Agent; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2006-09-14 1257472]S4 CarbonCopy32;Altiris Carbon Copy; C:\WINDOWS\system32\ccsrvc.exe [2005-03-23 65536]S4 cpqdmi;cpqdmi; C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe [2003-12-03 20480]S4 gupdate1ca446dd09092a0;Google Update Service (gupdate1ca446dd09092a0); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-11-11 133104]S4 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2008-11-10 103744]S4 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\mcshield.exe [2004-09-22 221191]S4 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\vstskmgr.exe [2004-09-22 28672]S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]S4 Svc_DrInstal;Doctor Install; C:\Program Files\Doctor Install\DrInstalSvc.exe [2002-04-10 782336]S4 WIN32SL;Win32Sl; C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe [2001-04-11 215552]-----------------EOF----------------- Link to post Share on other sites More sharing options...
spaceclick Posted December 27, 2012 Author ID:627150 Share Posted December 27, 2012 info.txt logfile of random's system information tool 1.09 2012-12-26 17:24:57======Uninstall list======-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infAdobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe -maintain activexAdobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe -maintain pluginAdobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.logAgere Systems AC'97 Modem-->agrsmdelAgere V92 MOH Application-->ltremove.exe -aAltiris Carbon Copy Solution Agent -->MsiExec.exe /X{BC13AD87-65E7-4963-A2DA-1ED419D3DC34}Altiris Carbon Copy Solution Agent 6.1-->MsiExec.exe /x {BC13AD87-65E7-4963-A2DA-1ED419D3DC34} /qfAltiris Software Delivery Solution Agent-->MsiExec.exe /X{A0A1EB01-A6FD-423A-8480-364055A7C961}Altiris Task Synchronization Agent-->MsiExec.exe /X{2851123E-5786-41BE-A3F1-A9B21E499EEB}AT&T Before You Call-->C:\Program Files\AT&T Before You Call\BeforeUCall.exe /uninstallAT&T Connect Participant Application v8.9.35-->MsiExec.exe /X{CDD4495B-0424-42F0-8D89-70D47E21BD69}AT&T Doctor Install-->MsiExec.exe /I{3DC0A1F2-038F-11D6-B897-00902799B4B8}AT&T Extranet Access Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" UninstallAT&T ServicePass Verification Utility-->C:\Program Files\AT&T ServicePass\SrvcPass_Verify.exe /UNINSTALL C:\Program Files\AT&T ServicePassAtheros Client Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonlyATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exeATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -cleanavast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetupBroadcom Gigabit Integrated Controller-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dllCCleaner-->"C:\Program Files\addon\CCleaner\uninst.exe"Cisco IP Communicator-->MsiExec.exe /X{80D85DB3-F404-4688-B18C-024F53E86353}Cisco WebEx Connect-->MsiExec.exe /X{EED0DAE4-F5A3-4166-94F3-76B23B1CD5C7}Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"Diagnostics for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1881AE03-2BD4-11D4-86BF-00508B10AA88}\SETUP.EXE" UNINSTALLERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exeGoogle Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"Hotfix for Windows XP (KB893357)-->"C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"HP Integrated Wireless LAN W400-W500 Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C3DA2A1-03B2-44BD-B5AA-A44BD6E0C0C1}\SETUP.EXE" -l0x9HP ProtectTools Embedded Security Software-->MsiExec.exe /I{C1648CA1-9B39-4C7E-94F1-791DE5557C54}Insight Management Agent-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Compaq\Compaq Management Agents\DeIsL1.isu" -c"C:\Program Files\Compaq\Compaq Management Agents\cpqdmun.dll"InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALLJ2SE Runtime Environment 5.0 Update 13-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150130}Java 2 Runtime Environment, SE v1.4.2_16-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142160}Java 7 Update 9-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217009FF}Knowledge Gateway-->MsiExec.exe /I{9B0F88A7-7994-473A-B27B-6F2F16D1C1A2}McAfee Agent-->MsiExec.exe /X{36FE3EDA-0C18-48DE-934B-D9862F82A7A8}McAfee Anti-Spyware Enterprise Module-->C:\Program Files\Network Associates\VirusScan\csscan.exe /UninstallMASMcAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exeMicrosoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}Microsoft Office Live Meeting 2005-->MsiExec.exe /I{AB6972B2-CF5D-4CC8-AF4F-B5D6888AB120}Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}Mozilla Firefox 17.0.1 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exeMozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}O2Micro MemoryCardBus Windows Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083} /l1033Palm Desktop and Synchronization Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\Setup.exe" UninstallQ Enterprise Messenger 4.x-->MsiExec.exe /I{CA55B8B1-08C9-4554-A62D-6D4233BFD21E}Roxio Easy Media Creator 7 Basic Edition-->MsiExec.exe /I{F4862B43-A087-4826-8C50-D41646EC7728}Sandboxie 3.72 (32-bit)-->"C:\WINDOWS\Installer\SandboxieInstall32.exe" /removeSecurity Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"Security Update for Windows XP (KB981350)-->"C:\WINDOWS\$NtUninstallKB981350$\spuninst\spuninst.exe"Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE"Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstallSynergy-->C:\Program Files\Synergy\uninstall.exeTheseus and the Minotaur-->C:\Program Files\addon\Theseus and the Minotaur\uninstall.exeTotal Uninstall 2.35-->"C:\Program Files\addon\Total Uninstall\unins000.exe"Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"Update for Windows XP (KB922580)-->"C:\WINDOWS\$NtUninstallKB922580$\spuninst\spuninst.exe"Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"VLC media player 2.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exeVNC Free Edition 4.1.2-->"C:\Program Files\addon\RealVNC\VNC4\unins000.exe"WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exeWindows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCTWindows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAllWindows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /UninstallWindows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exeWindows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exeWindows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exeWindows XP Hotfix - KB885626-->C:\WINDOWS\$NtUninstallKB885626$\spuninst\spuninst.exeWindows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exeWindows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exeWindows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exeWindows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exeWindows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exeWindows XP Hotfix - KB887816-->C:\WINDOWS\$NtUninstallKB887816$\spuninst\spuninst.exeWindows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exeWindows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exeWindows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exeWindows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exeWindows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exeWindows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"WinZip-->"c:\progra~1\winzip\WINZIP32.EXE" /uninstallx.hlp WebGuide_eng-->MsiExec.exe /I{53BCF0AA-1895-4791-800C-EBBB59E80825}Securitycenter WMI appears to be broken======Environment variables======"ComSpec"=%SystemRoot%\system32\cmd.exe"Path"=C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\Bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;c:\Program Files\Common Files\Roxio Shared\DLLShared;C:\data\apps\IsoBuster"windir"=%SystemRoot%"FP_NO_HOST_CHECK"=NO"OS"=Windows_NT"PROCESSOR_ARCHITECTURE"=x86"PROCESSOR_LEVEL"=6"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel"PROCESSOR_REVISION"=0d06"NUMBER_OF_PROCESSORS"=1"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH"TEMP"=%SystemRoot%\TEMP"TMP"=%SystemRoot%\TEMP"WIN32DMIPATH"=C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32-----------------EOF----------------- Link to post Share on other sites More sharing options...
spaceclick Posted December 27, 2012 Author ID:627151 Share Posted December 27, 2012 Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 2 x86 Out of date service pack!! Internet Explorer 6 Out of date!``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:````````` McAfee Anti-Spyware Enterprise Module CCleaner Java 7 Update 9 Java 2 Runtime Environment, SE v1.4.2_16 Adobe Flash Player 11.3.300.262 Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox (17.0.1)````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 9%````````````````````End of Log``````````````````````RogueKiller V8.4.1 [Dec 24 2012] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits versionStarted in : Normal modeUser : Administrator [Admin rights]Mode : Scan -- Date : 12/26/2012 19:06:15¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[RUN][PREVRUN] HKLM\[...]\Run : BluetoothAuthenticationAgent (rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent) -> FOUND[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\WINDOWS\system32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: +++++--- User ---[MBR] b31e86e07ddd48c8c32b7e9c237151f5[bSP] 67991a84ebb17a27d627fb249ffe168b : MBR Code unknownPartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38146 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[5]_S_12262012_02d1906.txt >>RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5]_S_12262012_02d1906.txt Link to post Share on other sites More sharing options...
spaceclick Posted December 27, 2012 Author ID:627194 Share Posted December 27, 2012 I think I fixed the "Explorer hanging" issue. I ran the "Windows Explorer Shell Fix" batch file that I found on http://www.ms-mvp.org/ and that seemd to fix the issue.System now boots up fine without hanging, although I should proabably reboot it a few more times to make sure it is consistent. Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 27, 2012 ID:627274 Share Posted December 27, 2012 Backdoor trojan warning:This system has some serious backdoor trojans. This is a point where you need to decide about whether to make a clean start.According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.You are strongly advised to do the following immediately.1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.See this article on creating strong passwords http://www.microsoft.com/security/online-privacy/passwords-create.aspx* Take any other steps you think appropriate for an attempted identity theft.You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojanDanger: Remote Access Trojans http://www.microsoft...o/virusrat.mspxConsumers – Identity Theft http://www.ftc.gov/b...mers/index.htmlWhen should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspxHelp: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspxHelp: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspxMicrosoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.aspLet me know what you decide.IF you decide to proceed with cleaning what is left, thenPlease do NOT run any fixes on your own, nor get tools on your own. Just only follow my guidance.Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from >>> here <<< Double-click FixPolicies.exe. Click the "Install" button on the bottom toolbar of the box that will open. The program will create a new Folder called FixPolicies. Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd. A black box will briefly appear and then close. This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again. Step 2Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista or Windows 7, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.If your antivirus program gives a prompt message, respond positive to allow RKILL to run.If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILLIF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.htmlStep 3Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsPlease disconnect any USB or external drives from the computer before you run this scan!Right-Click RogueKiller and select Run as Administrator.Wait until Prescan finishes.On the RogueKiller console, click the Registry tab.Put a check next to all of these and uncheck the rest: (if found)[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUNDThen click on Delete on the right hand column under Options.When done, logoff & Restart the system.The log will be found as RKreportCopy & Paste the contents into next reply.P.S. Do NOT do any websurfing, online banking, online shopping, or games !Your system is lacking XP Service pack 3.The java runtime is out-of-date and insecure. Link to post Share on other sites More sharing options...
spaceclick Posted December 27, 2012 Author ID:627342 Share Posted December 27, 2012 I believe I was just recently infected and I don't do any banking on this machine. It is pretty much just my secondary/spare machine that is used infrequently.Can you point out what in the logs shows this trojan? Is it just the three items that were found and deleted by MBAM? Are those separate items or all part of the original "FBI Moneypak" malware?As far as all the disabled services, I disabled many of them myself to conserve memory (this PC only has 512MB of memory) and did not install SP3 because of some legacy apps that I was not sure were compatible with it. I can install SP3 if you feel it is necessary.I have also uninstalled all versions of Java on this machine, as I believe that was the point of entry for the malware.I would like to clean this machine as best possible, as there are some apps that I would be unable to reinstall if I were to do a wipe and reinstall the OS.I have completed all the steps from your last post; below is the output requested, thanks again!Rkill 2.4.5 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2012 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.htmlProgram started at: 12/27/2012 12:50:58 PM in x86 mode.Windows Version: Microsoft Windows XP Service Pack 2Checking for Windows services to stop: * No malware services found to stop.Checking for processes to terminate: * C:\WINDOWS\system32\acs.exe (PID: 1212) [WD-HEUR] * c:\WINDOWS\system32\IFXSPMGT.exe (PID: 900) [WD-HEUR] * c:\WINDOWS\system32\IFXTCS.exe (PID: 1560) [WD-HEUR]3 proccesses terminated!Checking Registry for malware related settings: * No issues found in the Registry.Resetting .EXE, .COM, & .BAT associations in the Windows Registry.Performing miscellaneous checks: * System Restore Disabled [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = dword:00000001Checking Windows Service Integrity: * System Restore Service (srservice) is not Running. Startup Type set to: Automatic * Windows Management Instrumentation (winmgmt) is not Running. Startup Type set to: Automatic * Security Center (wscsvc) is not Running. Startup Type set to: Automatic * System Restore Filter Driver (sr) is not Running. Startup Type set to: Disabled * winmgmt => C:\DOCUME~1\ADMINI~1\wgsdgsdgdsgsd.dll [incorrect ServiceDLL]Searching for Missing Digital Signatures: * No issues found.Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhostProgram finished at: 12/27/2012 12:52:15 PMExecution time: 0 hours(s), 1 minute(s), and 17 seconds(s)RogueKiller V8.4.1 [Dec 24 2012] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits versionStarted in : Normal modeUser : Administrator [Admin rights]Mode : Scan -- Date : 12/27/2012 13:06:52¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 1 ¤¤¤[RUN][PREVRUN] HKLM\[...]\Run : BluetoothAuthenticationAgent (rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\WINDOWS\system32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: +++++--- User ---[MBR] b31e86e07ddd48c8c32b7e9c237151f5[bSP] 67991a84ebb17a27d627fb249ffe168b : MBR Code unknownPartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38146 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[8]_S_12272012_02d1306.txt >>RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5]_S_12262012_02d1906.txt ;RKreport[6]_S_12272012_02d1302.txt ; RKreport[7]_D_12272012_02d1304.txt ; RKreport[8]_S_12272012_02d1306.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 28, 2012 ID:627715 Share Posted December 28, 2012 The "FBI" ransomware is reason enough to suspect "trojans".You should not have disabled Windows services willy-nilly. I sure hope you had not disabled some critical ones.And for sure, you should be on XP Service pack 3.BTW, I've in the past run Win XP-SP3 on an ancient system with only 384 MB RAM.You surely can manage well enough with 512 MB.You will want to print out or copy these instructions to Notepad for offline reference!These steps are for member spaceclick only. If you are a casual viewer, do NOT try this on your system! If you are not spaceclick and have a similar problem, do NOT post here; start your own topicDo not run or start any other programs while these utilities and tools are in use!Do NOT run any other tools on your own or do any fixes other than what is listed here.If you have questions, please ask before you do something on your own.But it is important that you get going on these following steps.=Close any of your open programs while you run these tools.Please read carefully and follow these steps.Download TDSSKiller and save it to your Desktop.Double-Click on TDSSKiller.exe to run the application, then on Start Scan.If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueIt may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. Step 2Logoff and Restart the system fresh.Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallIf you have a prior copy of Combofix, delete it now !Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stagesIt will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop. Link 1 Link 2* IMPORTANT !!! SAVE AS Combo-Fix.exe to your DesktopIf your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on Combo-Fix.exe accept the EULA & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.------------------------------------------------------- A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. Notes:[1] IF after Combofix reboot you get the message Illegal operation attempted on registry key that has been marked for deletion....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.[2] Do not mouseclick combofix's window nor run any program while Combofix is running.That may cause it to stall.[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !Reply & Copy / Paste the contents of C:\Combofix.txt log and tell me, How is the system now ? RE-Enable your AntiVirus and AntiSpyware applications. Link to post Share on other sites More sharing options...
spaceclick Posted December 28, 2012 Author ID:627736 Share Posted December 28, 2012 I am still working through the steps, here is the first log...15:04:54.0743 3592 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:3515:04:56.0796 3592 ============================================================15:04:56.0796 3592 Current date / time: 2012/12/28 15:04:56.079615:04:56.0796 3592 SystemInfo:15:04:56.0796 3592 15:04:56.0796 3592 OS Version: 5.1.2600 ServicePack: 2.015:04:56.0796 3592 Product type: Workstation15:04:56.0796 3592 ComputerName: nc600015:04:56.0796 3592 UserName: Administrator15:04:56.0796 3592 Windows directory: C:\WINDOWS15:04:56.0796 3592 System windows directory: C:\WINDOWS15:04:56.0796 3592 Processor architecture: Intel x8615:04:56.0796 3592 Number of processors: 115:04:56.0796 3592 Page size: 0x100015:04:56.0796 3592 Boot type: Normal boot15:04:56.0796 3592 ============================================================15:05:02.0004 3592 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1430, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x0000005415:05:02.0134 3592 ============================================================15:05:02.0134 3592 \Device\Harddisk0\DR0:15:05:02.0134 3592 MBR partitions:15:05:02.0134 3592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A817B115:05:02.0134 3592 ============================================================15:05:02.0214 3592 C: <-> \Device\Harddisk0\DR0\Partition115:05:02.0214 3592 ============================================================15:05:02.0214 3592 Initialize success15:05:02.0214 3592 ============================================================15:05:14.0412 2644 ============================================================15:05:14.0412 2644 Scan started15:05:14.0412 2644 Mode: Manual;15:05:14.0412 2644 ============================================================15:05:15.0163 2644 ================ Scan system memory ========================15:05:15.0163 2644 System memory - ok15:05:15.0173 2644 ================ Scan services =============================15:05:15.0413 2644 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\data\downloads\emisoft\Run\a2ddax86.sys15:05:15.0423 2644 A2DDA - ok15:05:15.0644 2644 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys15:05:15.0654 2644 Aavmker4 - ok15:05:15.0654 2644 Abiosdsk - ok15:05:15.0674 2644 abp480n5 - ok15:05:15.0714 2644 [ 6DBB7F8D4BD6294658D10C3464E68749 ] ABVPN2K C:\WINDOWS\system32\DRIVERS\abvpn2k.sys15:05:15.0714 2644 ABVPN2K - ok15:05:15.0764 2644 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys15:05:15.0774 2644 ACPI - ok15:05:15.0814 2644 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys15:05:15.0814 2644 ACPIEC - ok15:05:15.0864 2644 [ 82F32486D1D740D78022EDB93C2C47E1 ] ACS C:\WINDOWS\system32\acs.exe15:05:15.0874 2644 ACS - ok15:05:16.0004 2644 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe15:05:16.0014 2644 AdobeFlashPlayerUpdateSvc - ok15:05:16.0034 2644 adpu160m - ok15:05:16.0084 2644 [ 3CB6AE5435987B1F8C83FD2730479878 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys15:05:16.0094 2644 aeaudio - ok15:05:16.0134 2644 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys15:05:16.0144 2644 aec - ok15:05:16.0194 2644 [ 91F3DF93F40A74D222CD166FE95DB633 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys15:05:16.0194 2644 AegisP - ok15:05:16.0314 2644 [ E4C9197E4B2C265AA562BAA149CC6E7D ] AeXNSClient C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe15:05:16.0365 2644 AeXNSClient - ok15:05:16.0425 2644 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys15:05:16.0435 2644 AFD - ok15:05:16.0525 2644 [ AFF071B6290776E1FA162837C35EAC78 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys15:05:16.0565 2644 AgereSoftModem - ok15:05:16.0595 2644 [ 685443AFA5D1A94C5F47E4846B0E4C3D ] agnwifi C:\WINDOWS\system32\DRIVERS\agnwifi.sys15:05:16.0605 2644 agnwifi - ok15:05:16.0635 2644 [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys15:05:16.0645 2644 agp440 - ok15:05:16.0655 2644 Aha154x - ok15:05:16.0675 2644 aic78u2 - ok15:05:16.0695 2644 aic78xx - ok15:05:16.0725 2644 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll15:05:16.0735 2644 Alerter - ok15:05:16.0755 2644 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe15:05:16.0755 2644 ALG - ok15:05:16.0775 2644 AliIde - ok15:05:16.0795 2644 amsint - ok15:05:16.0825 2644 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll15:05:16.0825 2644 AppMgmt - ok15:05:16.0905 2644 [ 67ECB41E049BF13CCA7A34B8D064757C ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys15:05:16.0925 2644 AR5211 - ok15:05:16.0945 2644 asc - ok15:05:16.0965 2644 asc3350p - ok15:05:16.0985 2644 asc3550 - ok15:05:17.0346 2644 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe15:05:17.0406 2644 aspnet_state - ok15:05:17.0456 2644 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys15:05:17.0466 2644 aswFsBlk - ok15:05:17.0496 2644 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys15:05:17.0496 2644 aswMon2 - ok15:05:17.0536 2644 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys15:05:17.0546 2644 AswRdr - ok15:05:17.0616 2644 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys15:05:17.0646 2644 aswSnx - ok15:05:17.0696 2644 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys15:05:17.0716 2644 aswSP - ok15:05:17.0757 2644 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys15:05:17.0757 2644 aswTdi - ok15:05:17.0797 2644 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys15:05:17.0807 2644 AsyncMac - ok15:05:17.0847 2644 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys15:05:17.0847 2644 atapi - ok15:05:17.0867 2644 Atdisk - ok15:05:17.0907 2644 [ 74861E44690029BF25A99CF1AADCD8F4 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe15:05:17.0917 2644 Ati HotKey Poller - ok15:05:17.0977 2644 [ 75410DDA533D6B0DF3689341079FF215 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys15:05:17.0997 2644 ati2mtag - ok15:05:18.0027 2644 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys15:05:18.0027 2644 Atmarpc - ok15:05:18.0077 2644 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll15:05:18.0087 2644 AudioSrv - ok15:05:18.0107 2644 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys15:05:18.0117 2644 audstub - ok15:05:18.0207 2644 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe15:05:18.0207 2644 avast! Antivirus - ok15:05:18.0247 2644 [ 84632BB018CDB66B366EAD809BB0A426 ] avpnnic C:\WINDOWS\system32\DRIVERS\avpnnic.sys15:05:18.0247 2644 avpnnic - ok15:05:18.0277 2644 [ 0E72B88B05A5931C46EFA7D511D9AEB9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys15:05:18.0297 2644 b57w2k - ok15:05:18.0347 2644 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys15:05:18.0347 2644 Beep - ok15:05:18.0387 2644 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll15:05:18.0417 2644 BITS - ok15:05:18.0478 2644 [ C711ED965009BDCFF9AA62CEB6FF1AAD ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe15:05:18.0488 2644 Brother XP spl Service - ok15:05:18.0518 2644 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll15:05:18.0518 2644 Browser - ok15:05:18.0578 2644 [ D24B8D1784C68A25060FFFBE8ED34B76 ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys15:05:18.0578 2644 BthEnum - ok15:05:18.0628 2644 [ 9DF0ADF74CE1D6371ED60CF92EB1D9A6 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys15:05:18.0628 2644 BTHMODEM - ok15:05:18.0668 2644 [ 10355270BE12641B9764235DA39DCF0F ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys15:05:18.0678 2644 BthPan - ok15:05:18.0728 2644 [ 95EF6F3F386D93EE1E4D9CA45A50252A ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys15:05:18.0738 2644 BTHPORT - ok15:05:18.0788 2644 [ A18CC8C9B3890B1B68BED213716FEF6B ] BthServ C:\WINDOWS\System32\bthserv.dll15:05:18.0788 2644 BthServ - ok15:05:18.0828 2644 [ F06D4CB9918B462A84D9AC00027EFC30 ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys15:05:18.0838 2644 BTHUSB - ok15:05:18.0878 2644 [ BF0BAD77EDB37338B9D25753647B9EC4 ] CarbonCopy32 C:\WINDOWS\system32\ccsrvc.exe15:05:18.0878 2644 CarbonCopy32 - ok15:05:18.0928 2644 [ B77E19EF73CDB68F1AB1BB376D4DEB1E ] CarbonCopyScheduler C:\WINDOWS\system32\schdsrvc.exe15:05:18.0958 2644 CarbonCopyScheduler - ok15:05:19.0008 2644 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys15:05:19.0008 2644 cbidf2k - ok15:05:19.0028 2644 [ F68D9209421C0A8A78D082CEDD05BEF8 ] CCDevice C:\WINDOWS\system32\drivers\CCDevice.sys15:05:19.0028 2644 CCDevice - ok15:05:19.0048 2644 cd20xrnt - ok15:05:19.0078 2644 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys15:05:19.0078 2644 Cdaudio - ok15:05:19.0129 2644 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys15:05:19.0139 2644 Cdfs - ok15:05:19.0179 2644 [ 96540C491B68D14C2A01EB2E61FAD130 ] CdpPacket C:\WINDOWS\system32\DRIVERS\CdpPacket.sys15:05:19.0189 2644 CdpPacket - ok15:05:19.0229 2644 [ 681A83E2B0AE8AB723A98A42EDB7629A ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys15:05:19.0239 2644 Cdr4_xp - ok15:05:19.0259 2644 [ 8732A257F57AAA718F0C587CF5D0B430 ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys15:05:19.0259 2644 Cdralw2k - ok15:05:19.0289 2644 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys15:05:19.0289 2644 Cdrom - ok15:05:19.0349 2644 [ 65A9C15050C06829C8D907DBD39C13E1 ] cdudf_xp C:\WINDOWS\system32\drivers\cdudf_xp.sys15:05:19.0359 2644 cdudf_xp - ok15:05:19.0379 2644 Changer - ok15:05:19.0419 2644 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe15:05:19.0429 2644 CiSvc - ok15:05:19.0449 2644 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe15:05:19.0459 2644 ClipSrv - ok15:05:19.0499 2644 [ E062776A713195AC1023375C10B10528 ] ClntMgmt C:\WINDOWS\system32\Drivers\ClntMgmt.sys15:05:19.0499 2644 ClntMgmt - ok15:05:19.0559 2644 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe15:05:19.0779 2644 clr_optimization_v2.0.50727_32 - ok15:05:19.0830 2644 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys15:05:19.0840 2644 CmBatt - ok15:05:19.0850 2644 CmdIde - ok15:05:19.0870 2644 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys15:05:19.0880 2644 Compbatt - ok15:05:19.0890 2644 COMSysApp - ok15:05:19.0940 2644 [ 32B0AC2449D9EF70B719BFAF631F998A ] CONAN C:\WINDOWS\system32\drivers\o2mmb.sys15:05:19.0980 2644 CONAN - ok15:05:20.0050 2644 [ 0C71CBCCFAB3281B235A0074D417BD2B ] CPQALERT C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe15:05:20.0060 2644 CPQALERT - ok15:05:20.0080 2644 Cpqarray - ok15:05:20.0130 2644 [ 817BEC5F328518290AC42821EC3922CB ] cpqdfw C:\WINDOWS\system32\drivers\cpqdfw.sys15:05:20.0130 2644 cpqdfw - ok15:05:20.0170 2644 [ A408ECDC66768984CB26B4E7D721F91D ] cpqdmi C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe15:05:20.0180 2644 cpqdmi - ok15:05:20.0210 2644 [ BE43D9C71508CB4116CB56979D1CE820 ] cqcpu C:\WINDOWS\system32\drivers\cqcpu.sys15:05:20.0210 2644 cqcpu - ok15:05:20.0240 2644 [ CD6364F3ACB9B2094AB60671806A5B9C ] cq_mem C:\WINDOWS\system32\drivers\cq_mem.sys15:05:20.0240 2644 cq_mem - ok15:05:20.0280 2644 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll15:05:20.0280 2644 CryptSvc - ok15:05:20.0300 2644 dac2w2k - ok15:05:20.0320 2644 dac960nt - ok15:05:20.0370 2644 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll15:05:20.0400 2644 DcomLaunch - ok15:05:20.0450 2644 [ EF545E1A4B043DA4C84E230DD471C55F ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll15:05:20.0460 2644 Dhcp - ok15:05:20.0500 2644 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys15:05:20.0500 2644 Disk - ok15:05:20.0521 2644 dmadmin - ok15:05:20.0601 2644 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys15:05:20.0631 2644 dmboot - ok15:05:20.0661 2644 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys15:05:20.0671 2644 dmio - ok15:05:20.0691 2644 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys15:05:20.0691 2644 dmload - ok15:05:20.0731 2644 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll15:05:20.0731 2644 dmserver - ok15:05:20.0781 2644 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys15:05:20.0781 2644 DMusic - ok15:05:20.0821 2644 [ AAC8FFBFD61E784FA3BAC851D4A0BD5F ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll15:05:20.0831 2644 Dnscache - ok15:05:20.0841 2644 dpti2o - ok15:05:20.0871 2644 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys15:05:20.0871 2644 drmkaud - ok15:05:20.0921 2644 [ 668FFA03397AA70AAE3BFF2C81775A59 ] DVDVRRdr_xp C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys15:05:20.0931 2644 DVDVRRdr_xp - ok15:05:20.0951 2644 [ 240EA965412F5DB3A6E587700C1FE4EA ] dvd_2K C:\WINDOWS\system32\drivers\dvd_2K.sys15:05:20.0961 2644 dvd_2K - ok15:05:21.0001 2644 [ 6C5C1D9B16D8F0FD17EE2C1B3E622330 ] Eacfilt C:\WINDOWS\system32\DRIVERS\eacfilt.sys15:05:21.0011 2644 Eacfilt - ok15:05:21.0051 2644 [ 755B51FBF57E39DB017BA4E6F3032C6F ] EntDrv51 C:\WINDOWS\system32\drivers\EntDrv51.sys15:05:21.0051 2644 EntDrv51 - ok15:05:21.0091 2644 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll15:05:21.0101 2644 ERSvc - ok15:05:21.0171 2644 [ 37561F8D4160D62DA86D24AE41FAE8DE ] Eventlog C:\WINDOWS\system32\services.exe15:05:21.0191 2644 Eventlog - ok15:05:21.0242 2644 [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem C:\WINDOWS\system32\es.dll15:05:21.0262 2644 EventSystem - ok15:05:21.0342 2644 [ FE0B4A19110434486648F97E291384B5 ] ExtranetAccess C:\Program Files\Nortel Networks\Extranet_serv.exe15:05:21.0362 2644 ExtranetAccess - ok15:05:21.0402 2644 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys15:05:21.0412 2644 Fastfat - ok15:05:21.0462 2644 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll15:05:21.0492 2644 FastUserSwitchingCompatibility - ok15:05:21.0512 2644 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys15:05:21.0512 2644 Fdc - ok15:05:21.0542 2644 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys15:05:21.0542 2644 Fips - ok15:05:21.0572 2644 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys15:05:21.0582 2644 Flpydisk - ok15:05:21.0612 2644 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys15:05:21.0622 2644 FltMgr - ok15:05:21.0752 2644 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe15:05:21.0752 2644 FontCache3.0.0.0 - ok15:05:21.0782 2644 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys15:05:21.0782 2644 Fs_Rec - ok15:05:21.0812 2644 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys15:05:21.0822 2644 Ftdisk - ok15:05:21.0832 2644 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys15:05:21.0842 2644 Gpc - ok15:05:21.0923 2644 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca446dd09092a0 C:\Program Files\Google\Update\GoogleUpdate.exe15:05:21.0933 2644 gupdate1ca446dd09092a0 - ok15:05:22.0003 2644 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll15:05:22.0023 2644 helpsvc - ok15:05:22.0073 2644 [ CDA7C5208286249BA83ACA396CE84CF7 ] HidBth C:\WINDOWS\system32\DRIVERS\hidbth.sys15:05:22.0083 2644 HidBth - ok15:05:22.0113 2644 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll15:05:22.0123 2644 HidServ - ok15:05:22.0163 2644 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys15:05:22.0163 2644 HidUsb - ok15:05:22.0183 2644 hpn - ok15:05:22.0253 2644 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys15:05:22.0263 2644 HTTP - ok15:05:22.0303 2644 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll15:05:22.0333 2644 HTTPFilter - ok15:05:22.0353 2644 i2omgmt - ok15:05:22.0363 2644 i2omp - ok15:05:22.0393 2644 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys15:05:22.0393 2644 i8042prt - ok15:05:22.0624 2644 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe15:05:22.0654 2644 idsvc - ok15:05:22.0704 2644 [ 0A7D26A0DEB36C5DF191D82381959E3A ] IFXSpMgtSrv c:\WINDOWS\system32\IFXSPMGT.exe15:05:22.0724 2644 IFXSpMgtSrv - ok15:05:22.0774 2644 [ 7D5558BB909E123323DF29121CDB665A ] IFXTCS c:\WINDOWS\system32\IFXTCS.exe15:05:22.0794 2644 IFXTCS - ok15:05:22.0824 2644 [ D40EDFDEF560EB0612420A86F81FCDE5 ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS15:05:22.0824 2644 IFXTPM - ok15:05:22.0844 2644 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys15:05:22.0854 2644 Imapi - ok15:05:22.0904 2644 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe15:05:22.0914 2644 ImapiService - ok15:05:22.0954 2644 ini910u - ok15:05:22.0974 2644 IntelIde - ok15:05:23.0024 2644 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys15:05:23.0034 2644 intelppm - ok15:05:23.0054 2644 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys15:05:23.0064 2644 Ip6Fw - ok15:05:23.0084 2644 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys15:05:23.0094 2644 IpFilterDriver - ok15:05:23.0114 2644 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys15:05:23.0114 2644 IpInIp - ok15:05:23.0164 2644 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys15:05:23.0174 2644 IpNat - ok15:05:23.0204 2644 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys15:05:23.0204 2644 IPSec - ok15:05:23.0264 2644 [ 0603467932AA1BD6DED70631368754EA ] IPSECEXT C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys15:05:23.0264 2644 IPSECEXT - ok15:05:23.0284 2644 [ 0603467932AA1BD6DED70631368754EA ] IPSECSHM C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys15:05:23.0295 2644 IPSECSHM - ok15:05:23.0335 2644 [ 86C204836FEEC22510D434982D4221B8 ] irda C:\WINDOWS\system32\DRIVERS\irda.sys15:05:23.0345 2644 irda - ok15:05:23.0385 2644 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys15:05:23.0385 2644 IRENUM - ok15:05:23.0405 2644 [ A02512C315C84F475BD89F847048B27B ] Irmon C:\WINDOWS\System32\irmon.dll15:05:23.0415 2644 Irmon - ok15:05:23.0445 2644 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys15:05:23.0445 2644 isapnp - ok15:05:23.0495 2644 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys15:05:23.0505 2644 Kbdclass - ok15:05:23.0545 2644 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys15:05:23.0545 2644 kbdhid - ok15:05:23.0585 2644 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys15:05:23.0595 2644 kmixer - ok15:05:23.0665 2644 [ 674D3E5A593475915DC6643317192403 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys15:05:23.0675 2644 KSecDD - ok15:05:23.0725 2644 [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll15:05:23.0745 2644 lanmanserver - ok15:05:23.0815 2644 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll15:05:23.0845 2644 LanmanWorkstation - ok15:05:23.0855 2644 lbrtfdc - ok15:05:23.0905 2644 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll15:05:23.0925 2644 LmHosts - ok15:05:23.0975 2644 [ 4C32B247524F91DB486D21DCB84D9C23 ] MbxStby C:\WINDOWS\system32\drivers\MbxStby.sys15:05:23.0975 2644 MbxStby - ok15:05:24.0066 2644 [ A88A9713B2B9F7665945626560858E68 ] McAfeeFramework C:\Program Files\Network Associates\Common Framework\FrameworkService.exe15:05:24.0066 2644 McAfeeFramework - ok15:05:24.0126 2644 [ FE7985DAE11FA70829762C5AF39DBB27 ] McShield C:\Program Files\Network Associates\VirusScan\mcshield.exe15:05:24.0136 2644 McShield - ok15:05:24.0166 2644 [ DAE0D925FA8D4AEC46E924A136B93A32 ] McTaskManager C:\Program Files\Network Associates\VirusScan\vstskmgr.exe15:05:24.0166 2644 McTaskManager - ok15:05:24.0236 2644 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE15:05:24.0246 2644 MDM - ok15:05:24.0276 2644 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll15:05:24.0286 2644 Messenger - ok15:05:24.0316 2644 [ 26A06FB2315AD15613420054107BE520 ] mmc_2K C:\WINDOWS\system32\drivers\mmc_2K.sys15:05:24.0316 2644 mmc_2K - ok15:05:24.0356 2644 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys15:05:24.0356 2644 mnmdd - ok15:05:24.0396 2644 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe15:05:24.0406 2644 mnmsrvc - ok15:05:24.0436 2644 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys15:05:24.0436 2644 Modem - ok15:05:24.0466 2644 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys15:05:24.0476 2644 Mouclass - ok15:05:24.0506 2644 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys15:05:24.0516 2644 mouhid - ok15:05:24.0536 2644 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys15:05:24.0536 2644 MountMgr - ok15:05:24.0596 2644 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe15:05:24.0596 2644 MozillaMaintenance - ok15:05:24.0616 2644 mraid35x - ok15:05:24.0666 2644 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys15:05:24.0676 2644 MRxDAV - ok15:05:24.0737 2644 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys15:05:24.0757 2644 MRxSmb - ok15:05:24.0787 2644 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe15:05:24.0807 2644 MSDTC - ok15:05:24.0827 2644 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys15:05:24.0827 2644 Msfs - ok15:05:24.0857 2644 [ EE55F5C64417CC369866D7EAFE9B07AB ] MSIRCOMM C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys15:05:24.0867 2644 MSIRCOMM - ok15:05:24.0877 2644 MSIServer - ok15:05:24.0907 2644 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys15:05:24.0917 2644 MSKSSRV - ok15:05:24.0977 2644 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys15:05:24.0977 2644 MSPCLOCK - ok15:05:24.0997 2644 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys15:05:25.0007 2644 MSPQM - ok15:05:25.0037 2644 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys15:05:25.0037 2644 mssmbios - ok15:05:25.0067 2644 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys15:05:25.0077 2644 Mup - ok15:05:25.0127 2644 [ BFAFB7203642EED61C405C4070017EFB ] NaiAvFilter1 C:\WINDOWS\system32\drivers\naiavf5x.sys15:05:25.0137 2644 NaiAvFilter1 - ok15:05:25.0157 2644 [ 577D668392ECA8F47442DB740A1DD76F ] NaiAvTdi1 C:\WINDOWS\system32\drivers\mvstdi5x.sys15:05:25.0167 2644 NaiAvTdi1 - ok15:05:25.0207 2644 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys15:05:25.0217 2644 NDIS - ok15:05:25.0247 2644 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys15:05:25.0247 2644 NdisTapi - ok15:05:25.0277 2644 [ 8D3CE6B579CDE8D37ACC690B67DC2106 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys15:05:25.0287 2644 Ndisuio - ok15:05:25.0307 2644 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys15:05:25.0317 2644 NdisWan - ok15:05:25.0337 2644 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys15:05:25.0347 2644 NDProxy - ok15:05:25.0367 2644 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys15:05:25.0367 2644 NetBIOS - ok15:05:25.0408 2644 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys15:05:25.0408 2644 NetBT - ok15:05:25.0468 2644 [ 7FABD9AD048C45AD5367530259531DAF ] NetCfgSvr C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE15:05:25.0478 2644 NetCfgSvr - ok15:05:25.0528 2644 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe15:05:25.0548 2644 NetDDE - ok15:05:25.0568 2644 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe15:05:25.0588 2644 NetDDEdsdm - ok15:05:25.0618 2644 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe15:05:25.0628 2644 Netlogon - ok15:05:25.0688 2644 [ 36739B39267914BA69AD0610A0299732 ] Netman C:\WINDOWS\System32\netman.dll15:05:25.0708 2644 Netman - ok15:05:25.0778 2644 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe15:05:25.0788 2644 NetTcpPortSharing - ok15:05:25.0828 2644 [ 097722F235A1FB698BF9234E01B52637 ] Nla C:\WINDOWS\System32\mswsock.dll15:05:25.0848 2644 Nla - ok15:05:25.0908 2644 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys15:05:25.0908 2644 Npfs - ok15:05:26.0028 2644 [ 53F7546E8DAEFB3A0813F5E19C4613C9 ] NSNDIS5 C:\data\apps\NETSTU~1\NSNDIS5.SYS15:05:26.0028 2644 NSNDIS5 - ok15:05:26.0089 2644 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys15:05:26.0119 2644 Ntfs - ok15:05:26.0129 2644 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe15:05:26.0139 2644 NtLmSsp - ok15:05:26.0209 2644 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll15:05:26.0239 2644 NtmsSvc - ok15:05:26.0249 2644 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys15:05:26.0249 2644 Null - ok15:05:26.0279 2644 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys15:05:26.0289 2644 NwlnkFlt - ok15:05:26.0309 2644 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys15:05:26.0309 2644 NwlnkFwd - ok15:05:26.0369 2644 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE15:05:26.0369 2644 ose - ok15:05:26.0429 2644 [ F49E3B9FB2DD84FCA2F6310A147C43FE ] PalmUSBD C:\WINDOWS\system32\drivers\PalmUSBD.sys15:05:26.0429 2644 PalmUSBD - ok15:05:26.0459 2644 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys15:05:26.0469 2644 Parport - ok15:05:26.0499 2644 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys15:05:26.0499 2644 PartMgr - ok15:05:26.0529 2644 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys15:05:26.0539 2644 ParVdm - ok15:05:26.0569 2644 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys15:05:26.0579 2644 PCI - ok15:05:26.0589 2644 PCIDump - ok15:05:26.0619 2644 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys15:05:26.0619 2644 PCIIde - ok15:05:26.0669 2644 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys15:05:26.0669 2644 Pcmcia - ok15:05:26.0689 2644 PDCOMP - ok15:05:26.0709 2644 PDFRAME - ok15:05:26.0719 2644 PDRELI - ok15:05:26.0739 2644 PDRFRAME - ok15:05:26.0759 2644 perc2 - ok15:05:26.0780 2644 perc2hib - ok15:05:26.0850 2644 [ 60E5DDFB46F2653ED02639F9084971F0 ] PersonalSecureDrive C:\WINDOWS\System32\drivers\psd.sys15:05:26.0850 2644 PersonalSecureDrive - ok15:05:26.0890 2644 [ 879664446768D4225D6A95EE3EC4238B ] PersonalSecureDriveService c:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE15:05:26.0890 2644 PersonalSecureDriveService - ok15:05:26.0920 2644 [ 37561F8D4160D62DA86D24AE41FAE8DE ] PlugPlay C:\WINDOWS\system32\services.exe15:05:26.0930 2644 PlugPlay - ok15:05:26.0960 2644 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe15:05:26.0960 2644 PolicyAgent - ok15:05:26.0980 2644 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys15:05:26.0990 2644 PptpMiniport - ok15:05:27.0000 2644 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe15:05:27.0000 2644 ProtectedStorage - ok15:05:27.0030 2644 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys15:05:27.0030 2644 PSched - ok15:05:27.0090 2644 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys15:05:27.0090 2644 PSI - ok15:05:27.0110 2644 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys15:05:27.0120 2644 Ptilink - ok15:05:27.0140 2644 [ 55B943F509ED863B86E685AEE1445890 ] pwd_2k C:\WINDOWS\system32\drivers\pwd_2k.sys15:05:27.0140 2644 pwd_2k - ok15:05:27.0150 2644 ql1080 - ok15:05:27.0160 2644 Ql10wnt - ok15:05:27.0170 2644 ql12160 - ok15:05:27.0180 2644 ql1240 - ok15:05:27.0190 2644 ql1280 - ok15:05:27.0210 2644 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys15:05:27.0210 2644 RasAcd - ok15:05:27.0240 2644 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll15:05:27.0250 2644 RasAuto - ok15:05:27.0280 2644 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys15:05:27.0280 2644 Rasirda - ok15:05:27.0300 2644 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys15:05:27.0310 2644 Rasl2tp - ok15:05:27.0340 2644 [ D4BD2EEAB07FEF323F0A0CEECC954F51 ] RasMan C:\WINDOWS\System32\rasmans.dll15:05:27.0360 2644 RasMan - ok15:05:27.0380 2644 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys15:05:27.0380 2644 RasPppoe - ok15:05:27.0400 2644 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys15:05:27.0400 2644 Raspti - ok15:05:27.0450 2644 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys15:05:27.0450 2644 Rdbss - ok15:05:27.0481 2644 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys15:05:27.0481 2644 RDPCDD - ok15:05:27.0521 2644 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys15:05:27.0541 2644 rdpdr - ok15:05:27.0591 2644 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys15:05:27.0591 2644 RDPWD - ok15:05:27.0631 2644 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe15:05:27.0641 2644 RDSessMgr - ok15:05:27.0671 2644 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys15:05:27.0671 2644 redbook - ok15:05:27.0711 2644 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll15:05:27.0721 2644 RemoteAccess - ok15:05:27.0761 2644 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll15:05:27.0771 2644 RemoteRegistry - ok15:05:27.0821 2644 [ 99C4B74981A1413F142A3903130088CB ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys15:05:27.0831 2644 RFCOMM - ok15:05:27.0861 2644 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe15:05:27.0871 2644 RpcLocator - ok15:05:27.0911 2644 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] RpcSs C:\WINDOWS\system32\rpcss.dll15:05:27.0921 2644 RpcSs - ok15:05:27.0961 2644 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe15:05:27.0981 2644 RSVP - ok15:05:28.0011 2644 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe15:05:28.0021 2644 SamSs - ok15:05:28.0141 2644 [ 1FBD21895B768CD40E83B86C18E6454F ] SbieDrv C:\Program Files\addon\Sandboxie\SbieDrv.sys15:05:28.0151 2644 SbieDrv - ok15:05:28.0212 2644 [ D5D875D6662F30C7FBF5F6879452B12B ] SbieSvc C:\Program Files\addon\Sandboxie\SbieSvc.exe15:05:28.0212 2644 SbieSvc - ok15:05:28.0272 2644 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe15:05:28.0292 2644 SCardSvr - ok15:05:28.0332 2644 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll15:05:28.0352 2644 Schedule - ok15:05:28.0402 2644 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys15:05:28.0402 2644 Secdrv - ok15:05:28.0442 2644 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll15:05:28.0452 2644 seclogon - ok15:05:28.0702 2644 [ 306F9390976E41063D21AB9AB6D48122 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe15:05:28.0742 2644 Secunia PSI Agent - ok15:05:28.0873 2644 [ 29C852880E9634F8C6BD77A4E68B5B34 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe15:05:28.0893 2644 Secunia Update Agent - ok15:05:28.0933 2644 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll15:05:28.0953 2644 SENS - ok15:05:28.0983 2644 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys15:05:29.0003 2644 serenum - ok15:05:29.0033 2644 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys15:05:29.0053 2644 Serial - ok15:05:29.0093 2644 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys15:05:29.0103 2644 Sfloppy - ok15:05:29.0163 2644 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll15:05:29.0173 2644 SharedAccess - ok15:05:29.0213 2644 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll15:05:29.0233 2644 ShellHWDetection - ok15:05:29.0243 2644 Simbad - ok15:05:29.0273 2644 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys15:05:29.0273 2644 SMCIRDA - ok15:05:29.0363 2644 [ 3A11ABB30C6A64173F99C8C42E76827C ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys15:05:29.0383 2644 smwdm - ok15:05:29.0443 2644 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe15:05:29.0443 2644 SoundMAX Agent Service (default) - ok15:05:29.0463 2644 Sparrow - ok15:05:29.0483 2644 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys15:05:29.0493 2644 splitter - ok15:05:29.0543 2644 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe15:05:29.0564 2644 Spooler - ok15:05:29.0614 2644 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys15:05:29.0614 2644 sr - ok15:05:29.0644 2644 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll15:05:29.0674 2644 srservice - ok15:05:29.0744 2644 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys15:05:29.0764 2644 Srv - ok15:05:29.0814 2644 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll15:05:29.0834 2644 SSDPSRV - ok15:05:29.0894 2644 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys15:05:29.0894 2644 StillCam - ok15:05:29.0954 2644 [ B6763F8534AC547CF1AF98AFDFF2EDC8 ] stisvc C:\WINDOWS\system32\wiaservc.dll15:05:29.0984 2644 stisvc - ok15:05:30.0074 2644 [ 58877933A8C9B5685BAE7FE50212BC34 ] Svc_DrInstal C:\Program Files\Doctor Install\DrInstalSvc.exe15:05:30.0104 2644 Svc_DrInstal - ok15:05:30.0134 2644 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys15:05:30.0134 2644 swenum - ok15:05:30.0174 2644 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys15:05:30.0184 2644 swmidi - ok15:05:30.0194 2644 SwPrv - ok15:05:30.0214 2644 symc810 - ok15:05:30.0234 2644 symc8xx - ok15:05:30.0244 2644 sym_hi - ok15:05:30.0265 2644 sym_u3 - ok15:05:30.0355 2644 [ FCFE16A3C24D606D677121BAB421ABD1 ] Synergy C:\Program Files\Synergy\synergyd.exe15:05:30.0365 2644 Synergy - ok15:05:30.0425 2644 [ 0C1762FEF34B265498EF2F3BEF7F1D64 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys15:05:30.0435 2644 SynTP - ok15:05:30.0455 2644 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys15:05:30.0465 2644 sysaudio - ok15:05:30.0505 2644 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe15:05:30.0535 2644 SysmonLog - ok15:05:30.0585 2644 [ FB78839B36025AA286A51289ED28B73E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll15:05:30.0615 2644 TapiSrv - ok15:05:30.0675 2644 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys15:05:30.0685 2644 Tcpip - ok15:05:30.0715 2644 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys15:05:30.0715 2644 TDPIPE - ok15:05:30.0745 2644 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys15:05:30.0745 2644 TDTCP - ok15:05:30.0775 2644 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys15:05:30.0785 2644 TermDD - ok15:05:30.0845 2644 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll15:05:30.0865 2644 TermService - ok15:05:30.0895 2644 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] Themes C:\WINDOWS\System32\shsvcs.dll15:05:30.0915 2644 Themes - ok15:05:30.0986 2644 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe15:05:31.0006 2644 TlntSvr - ok15:05:31.0026 2644 TosIde - ok15:05:31.0066 2644 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll15:05:31.0086 2644 TrkWks - ok15:05:31.0136 2644 [ E3F66AC25AC2A0B7FDA19DF4651DEF82 ] UDFReadr C:\WINDOWS\system32\drivers\UDFReadr.sys15:05:31.0146 2644 UDFReadr - ok15:05:31.0186 2644 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys15:05:31.0196 2644 Udfs - ok15:05:31.0206 2644 ultra - ok15:05:31.0266 2644 [ 7B2170EE3D858CE8FBE503904CC9B663 ] Update C:\WINDOWS\system32\DRIVERS\update.sys15:05:31.0286 2644 Update - ok15:05:31.0336 2644 [ ACA5D98663D879C6BAAFCEA7E2F1B710 ] upnphost C:\WINDOWS\System32\upnphost.dll15:05:31.0356 2644 upnphost - ok15:05:31.0386 2644 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe15:05:31.0406 2644 UPS - ok15:05:31.0456 2644 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys15:05:31.0456 2644 usbaudio - ok15:05:31.0486 2644 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys15:05:31.0496 2644 usbccgp - ok15:05:31.0516 2644 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys15:05:31.0516 2644 usbehci - ok15:05:31.0536 2644 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys15:05:31.0556 2644 usbhub - ok15:05:31.0596 2644 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS15:05:31.0606 2644 USBSTOR - ok15:05:31.0626 2644 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys15:05:31.0637 2644 usbuhci - ok15:05:31.0667 2644 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys15:05:31.0667 2644 VgaSave - ok15:05:31.0687 2644 ViaIde - ok15:05:31.0707 2644 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys15:05:31.0717 2644 VolSnap - ok15:05:31.0767 2644 [ 1E20D7EA65754E238D328DE157E6761E ] vsdatant C:\WINDOWS\system32\vsdatant.sys15:05:31.0807 2644 vsdatant - ok15:05:31.0877 2644 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe15:05:31.0897 2644 VSS - ok15:05:31.0957 2644 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll15:05:31.0987 2644 W32Time - ok15:05:32.0017 2644 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys15:05:32.0027 2644 Wanarp - ok15:05:32.0057 2644 [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys15:05:32.0067 2644 wceusbsh - ok15:05:32.0137 2644 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys15:05:32.0157 2644 Wdf01000 - ok15:05:32.0167 2644 WDICA - ok15:05:32.0197 2644 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys15:05:32.0197 2644 wdmaud - ok15:05:32.0257 2644 [ 265F534EF76832435AFBF771EC97176D ] WebClient C:\WINDOWS\System32\webclnt.dll15:05:32.0277 2644 WebClient - ok15:05:32.0338 2644 [ 5D2CF23E26E7A8BB83FBCC2A3603390B ] WIN32SL C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe15:05:32.0348 2644 WIN32SL - ok15:05:32.0438 2644 winmgmt - ok15:05:32.0508 2644 [ 67ECB41E049BF13CCA7A34B8D064757C ] WLAN_400_500_SERVICE C:\WINDOWS\system32\DRIVERS\ar5211.sys15:05:32.0518 2644 WLAN_400_500_SERVICE - ok15:05:32.0568 2644 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll15:05:32.0578 2644 WmdmPmSN - ok15:05:32.0668 2644 [ 1081C185AED0660B2B5F173C3E023B23 ] Wmi C:\WINDOWS\System32\advapi32.dll15:05:32.0688 2644 Wmi - ok15:05:32.0718 2644 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys15:05:32.0738 2644 WmiAcpi - ok15:05:33.0109 2644 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe15:05:33.0179 2644 WmiApSrv - ok15:05:33.0369 2644 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe15:05:33.0399 2644 WMPNetworkSvc - ok15:05:33.0449 2644 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll15:05:33.0469 2644 wscsvc - ok15:05:33.0509 2644 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll15:05:33.0529 2644 wuauserv - ok15:05:33.0569 2644 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys15:05:33.0599 2644 WudfPf - ok15:05:33.0629 2644 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys15:05:33.0639 2644 WudfRd - ok15:05:33.0669 2644 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll15:05:33.0699 2644 WudfSvc - ok15:05:33.0740 2644 [ 9BE3612A127478B34700BEF4ACBA554D ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll15:05:33.0780 2644 WZCSVC - ok15:05:33.0820 2644 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll15:05:33.0840 2644 xmlprov - ok15:05:33.0900 2644 ================ Scan global ===============================15:05:33.0940 2644 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll15:05:34.0000 2644 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll15:05:34.0050 2644 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll15:05:34.0110 2644 [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe15:05:34.0130 2644 [Global] - ok15:05:34.0130 2644 ================ Scan MBR ==================================15:05:34.0150 2644 [ 2CDA0839C249E90E2E67B5C33D8EAAF4 ] \Device\Harddisk0\DR015:05:34.0370 2644 \Device\Harddisk0\DR0 - ok15:05:34.0380 2644 ================ Scan VBR ==================================15:05:34.0380 2644 [ 443E3D7EE7BDF1A73730618BD70D4902 ] \Device\Harddisk0\DR0\Partition115:05:34.0390 2644 \Device\Harddisk0\DR0\Partition1 - ok15:05:34.0390 2644 ============================================================15:05:34.0390 2644 Scan finished15:05:34.0390 2644 ============================================================15:05:34.0421 3276 Detected object count: 015:05:34.0421 3276 Actual detected object count: 0 Link to post Share on other sites More sharing options...
spaceclick Posted December 28, 2012 Author ID:627772 Share Posted December 28, 2012 I was still having issues with Explorer hanging after a reboot. I fixed the hanging by disabling "Atheros Wireless Network Adapter #2" in Device Manager, this is my main Wi-Fi device. I rebooted a couple times and no more hangs. I then ran ComboFix which caused another reboot without a hang.After this, I then re-enabled the Atheros device in Device Manager and rebooted a couple times and it still is OK, no Explorer hangs. Hopefully this is fixed.Here is the output from ComboFix...ComboFix 12-12-28.02 - Administrator 12/28/2012 17:07:49.1.1 - x86Running from: c:\data\downloads\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Administrator\WINDOWSc:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txtc:\program files\Common Files\Altiris_Icon.icoc:\windows\Downloaded Program Files\Tempc:\windows\system\MSVBVM50.DLLc:\windows\system\VB40032.DLLc:\windows\system32\NetGina.dllc:\windows\system32\SET141.tmpc:\windows\system32\SET143.tmpc:\windows\system32\SET146.tmpc:\windows\system32\URTTempc:\windows\system32\URTTemp\fusion.dllc:\windows\system32\URTTemp\mscoree.dllc:\windows\system32\URTTemp\mscoree.dll.localc:\windows\system32\URTTemp\mscorsn.dllc:\windows\system32\URTTemp\mscorwks.dllc:\windows\system32\URTTemp\msvcr71.dllc:\windows\system32\URTTemp\msvcr71.dll.intc:\windows\system32\URTTemp\regtlib.exe..((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-28 )))))))))))))))))))))))))))))))..2012-12-27 05:51 . 2012-12-27 05:51 -------- d-----w- c:\program files\Common Files\Adobe2012-12-27 05:20 . 2012-12-27 05:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Secunia PSI2012-12-27 05:16 . 2012-12-27 05:16 -------- d-----w- c:\program files\Secunia2012-12-26 22:20 . 2012-12-26 22:24 -------- d-----w- c:\program files\trend micro2012-12-26 22:19 . 2012-12-26 22:24 -------- d-----w- C:\rsit2012-12-26 22:15 . 2012-12-26 22:15 -------- d-----w- c:\program files\ERUNT2012-12-24 09:15 . 2012-12-24 11:11 3032 ----a-w- c:\documents and settings\All Users\Application Data\dsgsdgdsgdsgw.js2012-12-17 18:57 . 2012-12-17 18:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\pokerth2012-12-04 07:36 . 2012-12-04 07:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-12-27 10:43 . 2012-06-29 19:42 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-12-27 10:43 . 2012-06-29 19:42 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-11-27 21:37 . 2012-11-27 21:38 143872 ----a-w- c:\windows\system32\javacpl.cpl2012-11-27 21:37 . 2012-11-27 21:38 821736 ----a-w- c:\windows\system32\npDeployJava1.dll2012-11-27 21:37 . 2012-11-27 21:38 746984 ----a-w- c:\windows\system32\deployJava1.dll2012-10-30 23:51 . 2012-09-20 00:59 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys2012-10-30 23:51 . 2012-09-20 00:59 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys2012-10-30 23:51 . 2012-09-20 00:59 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys2012-10-30 23:51 . 2012-09-20 00:59 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys2012-10-30 23:51 . 2012-09-20 00:59 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys2012-10-30 23:51 . 2012-09-20 00:59 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys2012-10-30 23:51 . 2012-09-20 00:59 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2012-10-30 23:51 . 2012-09-20 00:59 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys2012-10-30 23:51 . 2012-09-20 00:59 41224 ----a-w- c:\windows\avastSS.scr2012-10-30 23:50 . 2012-09-20 00:59 227648 ----a-w- c:\windows\system32\aswBoot.exe2012-12-01 11:28 . 2012-12-01 11:28 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"H/PC Connection Agent"="c:\program files\addon\Activesync\wcescomm.exe" [2006-11-13 1289000].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]"BluetoothAuthenticationAgent"="bthprops.cpl" [2005-02-04 110592].c:\documents and settings\Default User\Start Menu\Programs\Startup\ropu.bat [2004-2-9 103].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]2003-10-17 19:53 352320 ----a-w- c:\windows\system32\IfxWlxEN.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSDNtfy]2003-09-02 15:53 49576 ----a-w- c:\program files\ProtectTools\Embedded Security Software\PSDNtfy.dll.[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^HotSync Manager.lnk]path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\HotSync Manager.lnkbackup=c:\windows\pss\HotSync Manager.lnkStartup.[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^X1 System Tray.lnk]path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\X1 System Tray.lnkbackup=c:\windows\pss\X1 System Tray.lnkStartup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnkbackup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Global Network Client (Set auto-proxy).lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Global Network Client (Set auto-proxy).lnkbackup=c:\windows\pss\AT&T Global Network Client (Set auto-proxy).lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Global Network Client Monitor.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Global Network Client Monitor.lnkbackup=c:\windows\pss\AT&T Global Network Client Monitor.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\start dr install service]c:\winnt\startsrv [X].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]2006-08-07 23:15 336014 ----a-w- c:\program files\addon\Atheros\ACU.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2011-03-30 02:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AeXAgentLogon]2006-09-14 06:42 139264 ----a-w- c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]2003-08-14 13:11 88363 ----a-w- c:\windows\AGRSMMSG.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]2003-11-26 01:10 335872 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkAdmin]2003-12-03 19:03 81920 ----a-w- c:\progra~1\Compaq\COMPAQ~1\Chkadmin.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]2008-05-23 21:30 1011712 ----a-w- c:\program files\Brother\ControlCenter2\brctrcen.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Doctor Install]2002-04-10 17:00 761856 ----a-w- c:\program files\Doctor Install\InstallMgr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]2008-11-11 06:54 133104 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IfxSecurePlatformIndication]2003-10-17 19:58 73789 ----a-w- c:\program files\ProtectTools\Embedded Security Software\SpTNA.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]2003-08-14 13:11 184320 ----a-w- c:\program files\ltmoh\ltmoh.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]2008-11-10 20:00 136512 ----a-w- c:\program files\Network Associates\Common Framework\UdaterUI.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]2003-10-07 13:48 147514 ----a-w- c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDruntime]2003-09-02 15:52 82344 ----a-w- c:\program files\ProtectTools\Embedded Security Software\PSDrt.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Push Client]2010-06-03 20:17 965872 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\ATT Connect\Participant\pull.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]2004-09-25 06:37 1691648 ----a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]2004-09-23 00:00 94208 ----a-w- c:\program files\Network Associates\VirusScan\shstat.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]2003-07-15 19:08 618496 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]2003-07-15 19:09 110592 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe"= %windir%\system32\sessmgr.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:@xpsp2res.dll,-22019"c:\program files\Nortel Networks\Extranet.exe"= c:\program files\Nortel Networks\Extranet.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:AT&T Extranet Access Client"%windir%\system32\MMC.exe"= %windir%\system32\MMC.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Microsoft Management Console (Computer Management)"c:\program files\NetMeeting\conf.exe"= c:\program files\NetMeeting\conf.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Microsoft NetMeeting"c:\program files\Network Associates\Common Framework\FrameworkService.exe"= c:\program files\Network Associates\Common Framework\FrameworkService.exe:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:NAI McAfee VirusScan Common Framework Service"c:\program files\Altiris\Carbon Copy\SHELLKER.EXE"= c:\program files\Altiris\Carbon Copy\SHELLKER.EXE:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Carbon Copy"c:\program files\AT&T Global Network Client\NetClient.exe"= c:\program files\AT&T Global Network Client\NetClient.exe:10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,135.0.0.0/255.0.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:Enabled:AT&T Global Network Client"c:\program files\addon\Activesync\rapimgr.exe"= c:\program files\addon\Activesync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"c:\program files\addon\Activesync\wcescomm.exe"= c:\program files\addon\Activesync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"c:\program files\addon\Activesync\WCESMgr.exe"= c:\program files\addon\Activesync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"c:\\Documents and Settings\\Administrator\\Application Data\\SBC\\Q Team Link Messenger\\Runtime\\QTeamLinkMessenger.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\WINDOWS\\system32\\ftp.exe"="c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\AudioTuningWizard.exe"="c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"="c:\\data\\apps\\Halite\\Halite.exe"="c:\\Program Files\\Brother\\Brmfl05a\\FAXRX.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\Program Files\\WebEx\\Connect\\wbxcOIEx.exe"="c:\\Program Files\\WebEx\\Connect\\connect.exe"="c:\\WiRNS\\WiRNS.exe"="c:\\Program Files\\Synergy\\synergys.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"139:TCP"= 139:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:@xpsp2res.dll,-22004"445:TCP"= 445:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:@xpsp2res.dll,-22005"137:UDP"= 137:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:@xpsp2res.dll,-22001"138:UDP"= 138:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:@xpsp2res.dll,-22002"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009"8081:TCP"= 8081:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:NAI McAfee EPO"9091:TCP"= 9091:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:NAI McAfee EPO"52028:TCP"= 52028:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Agent (tickle)/WOL (Wake On LAN/Power Management)"52029:TCP"= 52029:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Agent (tickle)/WOL (Wake On LAN/Power Management)"137:TCP"= 137:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:NETBIOS – Altiris Network discovery/Inventory Solution"161:UDP"= 161:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:SNMP - Altiris Network discovery/Inventory Solution"162:UDP"= 162:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:SNMP - Altiris Network discovery/Inventory Solution"1680:TCP"= 1680:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1681:UDP"= 1681:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1682:UDP"= 1682:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1683:UDP"= 1683:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1684:UDP"= 1684:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1685:UDP"= 1685:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1686:UDP"= 1686:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1687:UDP"= 1687:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1688:UDP"= 1688:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1689:UDP"= 1689:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1690:UDP"= 1690:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1691:UDP"= 1691:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1692:UDP"= 1692:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1693:UDP"= 1693:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1694:UDP"= 1694:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1695:UDP"= 1695:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1696:UDP"= 1696:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1697:UDP"= 1697:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1698:UDP"= 1698:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1699:UDP"= 1699:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1700:UDP"= 1700:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"1701:UDP"= 1701:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris Remote Control (Carbon Copy)"4949:TCP"= 4949:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris PC Transplant Peer-To-Peer migration"4949:UDP"= 4949:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris PC Transplant Peer-To-Peer migration"41415:TCP"= 41415:TCP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris PC Transplant Peer-To-Peer migration"41415:UDP"= 41415:UDP:135.0.0.0/255.0.0.0,10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:enabled:Altiris PC Transplant Peer-To-Peer migration"9001:TCP"= 9001:TCP:10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,135.0.0.0/255.0.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:Enabled:Q Team-Link Messenger"9002:TCP"= 9002:TCP:10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,135.0.0.0/255.0.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:Enabled:Q Team-Link Messenger"9003:TCP"= 9003:TCP:10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,135.0.0.0/255.0.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:Enabled:Q Team-Link Messenger"9004:TCP"= 9004:TCP:10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,135.0.0.0/255.0.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:Enabled:Q Team-Link Messenger"9005:TCP"= 9005:TCP:10.0.0.0/255.0.0.0,32.70.1.0/255.255.255.0,130.1.0.0/255.255.0.0,130.2.0.0/255.254.0.0,135.0.0.0/255.0.0.0,192.20.0.0/255.255.0.0,192.128.0.0/255.255.0.0,192.151.83.0/255.255.255.0,192.205.0.0/255.255.0.0,192.206.169.0/255.255.255.0,204.159.0.0/255.255.0.0,206.121.250.0/255.255.255.0,206.121.253.0/255.255.255.0:Enabled:Q Team-Link Messenger"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service.R2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [x]R3 ExtranetAccess;Contivity VPN Service;c:\program files\Nortel Networks\Extranet_serv.exe [x]R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]R3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\ar5211.sys [x]R4 gupdate1ca446dd09092a0;Google Update Service (gupdate1ca446dd09092a0);c:\program files\Google\Update\GoogleUpdate.exe [x]R4 Svc_DrInstal;Doctor Install;c:\program files\Doctor Install\DrInstalSvc.exe [x]S1 A2DDA;A2 Direct Disk Access Support Driver;c:\data\downloads\emisoft\Run\a2ddax86.sys [x]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S1 CCDevice;CCDevice; [x]S1 ClntMgmt;HP Client Management Driver;c:\windows\system32\Drivers\ClntMgmt.sys [x]S1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [x]S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [x]S2 aswFsBlk;aswFsBlk; [x]S2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\DRIVERS\CdpPacket.sys [x]S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]S2 Synergy;Synergy;c:\program files\Synergy\synergyd.exe [x]S3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [x]S3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [x]S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [x]S3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [x]..[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{RUNONCE_ACTIVATESS1021}]2000-04-12 16:32 184320 ----a-w- c:\windows\USERRU~1\runonce.exe.Contents of the 'Scheduled Tasks' folder.2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 10:43].2012-11-21 c:\windows\Tasks\avast! Emergency Update.job- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-20 23:50].2009-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-03 06:54].2008-11-11 c:\windows\Tasks\GoogleUpdateTaskUser.job- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-11 06:54]..------- Supplementary Scan -------.uStart Page = about:blankuInternet Connection Wizard,ShellNext = hxxp://www.cio.att.com/uInternet Settings,ProxyOverride = <local>uSearchURL,(Default) = hxxp://www.google.com/keyword/%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cabFF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\.- - - - ORPHANS REMOVED - - - -.MSConfigStartUp-IndexSearch - c:\program files\ScanSoft\PaperPort\IndexSearch.exeMSConfigStartUp-PaperPort PTD - c:\program files\ScanSoft\PaperPort\pptd40nt.exeMSConfigStartUp-SSBkgdUpdate - c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exeMSConfigStartUp-X1FileMonitor - c:\program files\X1\X1FileMonitor.exeAddRemove-Sun Download Manager 2.0 (web) - c:\windows\system32\javaws.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-12-28 17:21Windows 5.1.2600 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(504)c:\program files\ProtectTools\Embedded Security Software\PSDNtfy.dllc:\windows\system32\IfxWlxEN.dll.- - - - - - - > 'explorer.exe'(2228)c:\windows\system32\WPDShServiceObj.dllc:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\AVAST Software\Avast\AvastSvc.exec:\windows\system32\acs.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\Analog Devices\SoundMAX\SMAgent.exec:\windows\system32\IFXSPMGT.exec:\windows\system32\IFXTCS.exec:\windows\system32\IPCONFIG.exec:\windows\system32\rundll32.exec:\progra~1\addon\ACTIVE~1\rapimgr.exe.**************************************************************************.Completion time: 2012-12-28 17:25:30 - machine was rebootedComboFix-quarantined-files.txt 2012-12-28 22:25.Pre-Run: 18,983,051,264 bytes freePost-Run: 19,234,549,760 bytes free.- - End Of File - - 18B2B942C197B3205DDBA1C32BC06524 Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 30, 2012 ID:628474 Share Posted December 30, 2012 The system has a whole "raft" of open ports for Altiris Remote Control (Carbon Copy)What is that?Is this a home system? or is this system used in business or organization?You said I then re-enabled the Atheros device in Device Manager and rebooted a couple times and it still is OK, no Explorer hangs. Hopefully this is fixed..I hope so, as well.Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.Accept the EULA & Download the latest version of >> Windows Offline << from here and save it to your desktop.Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating systemClose any programs you may have running - especially your web browser(s).Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-7u10-windows-i586.exe to install the newest version.( jre-7u10-windows-x64.exe if this is a 64-bit Windows o.s.)After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button.Next, click on the Delete Files buttonThere are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files[*]Click OK on Delete Temporary Files WindowNote: This deletes ALL the Downloaded Applications and Applets from the CACHE.[*]Click OK to leave the Temporary Files WindowSmall tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:Click Advanced Tab. Expand the Miscellaneous item.UN-check the line Java quick starterPress Apply then OK. Close the applet when done.Adobe ReaderOlder versions of Adobe Reader pose a potential security risk.De-install your Adobe Reader: Use Control Panel's Add-or=Remove Programs, Un-install Adobe Reader. Get latest Adobe Reader versionhttp://get.adobe.com/reader/Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )Check Windows servicesGo to Start >> select Control Panel >> and go to Action Center or Security Center (as appropos)What does it show for antivirus status?What does it show for Firewall status ?What does it show for Automatic Updates?Did you or any other user of the system "disable any Windows services" ?NEXT: Check for missing or disabled Windows services, by doing the following, and post detailed results when done !!From Start button, select RUN (or Win-key +R) and in the run-text-box type in MSCONFIG and press OK or Enter.On Vista or Windows 7, press Windows-key on keybooard, and type in MSCONFIG You should see the General tab. Click the General tab. It should have Normal startup selected (in the radio-box=selection)IF it does not, then you click on Normal startup.Click on Services tab. To get it's display of services.Keep a written list of any changes from my list of services below. That way you and I have a reference document.Look at the bottom line Hide all Microsoft servicesIF and only IF its is checkmarked, then un-check it.the list of servies may be shown in non-alphabetical order, so ....Look at the heading titled "Service". Click on it as needed so the list is sorted and top of list starts with the "A" services.You can toggle as needed to get the desired order.IF any of below services are NOT shown, don't panic & do not stop, just write down the info for me and proceed with the others !Then using the scroll-bar scroll down the listLook for COM+ Event System. Is it shown? Is it checked? If not, click on that checkbox to checkmark.Look for COM+ System Application. Is it shown? Is it checked? If not, click on that checkbox to checkmark.Look for Ipsec Policy Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark.Look for Remote Procedure Call (RPC). Is it shown ? Is it checked? If not, click on that checkbox to checkmark.Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.Look for Windows Management Instrumentation. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.Look for Windows Installer. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.Look for Windows Update. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.When done, press the Apply button, and the OK button.You're likely to be prompted to Restart Windows, do so.If not prompted, you do a Logoff and Restart of Windows.Then report back here with details.If any of the services are not shown, just let me know which.FSS reportDownload >> Farbar's Service Scanner utility << and Save to your Desktop.If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.If using XP, double-click to start.Answer Yes to ok when prompted.If your firewall then puts out a prompt, again, allow it to run.Once FSS is on-screen, be sure the following items are checkmarked:Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderClick on "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Copy & Paste contents of FSS.txt into a new reply. NEXTSave and close any work documents, close any apps that you started.Temporarily turn off (disable) your antivirus programHow To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsStart your MBAM MalwareBytes' Anti-Malware. Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.Next, Click the Update tab. Press the "Check for Updates" button. If prompted for a Restart, do that.When done, click the Scanner tab.Do a Full Scan. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. When all done, Copy & paste the MBAM scan log into a new reply.Tell me, How is the system ?Re-enable your antivirus program. Link to post Share on other sites More sharing options...
spaceclick Posted December 30, 2012 Author ID:628590 Share Posted December 30, 2012 This PC is an old "work" PC and Altiris was used for remote access. I have a newer PC that is used for that now.I have completely uninstalled all versions of Java on this PC, and did not install a new version, as I do not need it.I have removed old version of Adobe Reader and installed latest version.Security center is not running, nor is Firewall service (even though they are set to "Automatic" in services.msc.I think this is due to serviceDLL pointing to that old virus file (see FSS output below).I went through the services listed and most of them are there (with a check mark checked), but almost all of them are "Stopped".These two were not there at all:Ipsec policy agent - does not existWindows Update - does not existBelow is FSS.txt, as you can see, it looks like the firewall and security center DLL is set to that virus file that no longer exists, I assume that is why those services no longer work.Farbar Service Scanner Version: 23-12-2012Ran by Administrator (administrator) on 30-12-2012 at 16:47:03Running from "C:\data\downloads"Microsoft Windows XP Service Pack 2 (X86)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo IP is accessible.Yahoo.com is accessible.Windows Firewall:=============sharedaccess Service is not running. Checking service configuration:The start type of sharedaccess service is OK.The ImagePath of sharedaccess service is OK.The ServiceDll of sharedaccess service is OK.winmgmt Service is not running. Checking service configuration:The start type of winmgmt service is OK.The ImagePath of winmgmt service is OK.The ServiceDll of winmgmt: "C:\DOCUME~1\ADMINI~1\wgsdgsdgdsgsd.dll".Firewall Disabled Policy:==================System Restore:============System Restore Disabled Policy:========================Security Center:============wscsvc Service is not running. Checking service configuration:The start type of wscsvc service is OK.The ImagePath of wscsvc service is OK.The ServiceDll of wscsvc service is OK.winmgmt Service is not running. Checking service configuration:The start type of winmgmt service is OK.The ImagePath of winmgmt service is OK.The ServiceDll of winmgmt: "C:\DOCUME~1\ADMINI~1\wgsdgsdgdsgsd.dll".Windows Update:============Windows Autoupdate Disabled Policy:============================File Check:========C:\WINDOWS\system32\dhcpcsvc.dll[1979-12-31 19:00] - [2006-05-19 07:59] - 0111616 ____A (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55FC:\WINDOWS\system32\Drivers\afd.sys[1979-12-31 19:00] - [2008-08-14 04:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702C:\WINDOWS\system32\Drivers\netbt.sys[1979-12-31 19:00] - [2005-02-04 09:02] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86BC:\WINDOWS\system32\Drivers\tcpip.sys[1979-12-31 19:00] - [2008-06-20 05:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9C:\WINDOWS\system32\Drivers\ipsec.sys[1979-12-31 19:00] - [2005-02-04 09:06] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1C:\WINDOWS\system32\dnsrslvr.dll[1979-12-31 19:00] - [2008-02-20 00:32] - 0045568 ____A (Microsoft Corporation) AAC8FFBFD61E784FA3BAC851D4A0BD5FC:\WINDOWS\system32\ipnathlp.dll[1979-12-31 19:00] - [2005-02-04 09:08] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFFC:\WINDOWS\system32\netman.dll[1979-12-31 19:00] - [2005-08-22 13:29] - 0197632 ____A (Microsoft Corporation) 36739B39267914BA69AD0610A0299732C:\WINDOWS\system32\wbem\WMIsvc.dll[2005-09-23 10:37] - [2005-02-04 09:03] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658EC:\WINDOWS\system32\srsvc.dll[2005-09-23 10:39] - [2005-02-04 09:03] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838C:\WINDOWS\system32\Drivers\sr.sys[2005-09-23 10:39] - [2005-02-04 09:03] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24C:\WINDOWS\system32\wscsvc.dll[1979-12-31 19:00] - [2005-02-04 09:03] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4AC:\WINDOWS\system32\wbem\WMIsvc.dll[2005-09-23 10:37] - [2005-02-04 09:03] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658EC:\WINDOWS\system32\wuauserv.dll[2005-09-23 10:39] - [2005-02-04 09:03] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8C:\WINDOWS\system32\qmgr.dll[2005-09-23 10:39] - [2005-02-04 09:01] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEAC:\WINDOWS\system32\es.dll[1979-12-31 19:00] - [2008-07-07 15:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606CC:\WINDOWS\system32\cryptsvc.dll[1979-12-31 19:00] - [2005-02-04 09:04] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73BC:\WINDOWS\system32\svchost.exe[1979-12-31 19:00] - [2005-02-04 09:04] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716C:\WINDOWS\system32\rpcss.dll[1979-12-31 19:00] - [2009-02-09 05:20] - 0399360 ____A (Microsoft Corporation) 01095FEBF33BEEA00C2A0730B9B3EC28C:\WINDOWS\system32\services.exe[1979-12-31 19:00] - [2009-02-06 12:14] - 0110592 ____A (Microsoft Corporation) 37561F8D4160D62DA86D24AE41FAE8DEExtra List:=======ABVPN2K(13) AegisP(15) aswTdi(18) CdpPacket(16) Eacfilt(12) Gpc(4) IPSec(6) IPSECEXT(10) IPSECSHM(11) irda(3) NaiAvTdi1(9) NetBT(7) PSched(8) RFCOMM(17) Tcpip(5)0x12000000060000000100000002000000030000000400000005000000120000000900000007000000080000000A0000000B0000000C0000000D0000000E0000000F0000001000000011000000IpSec Tag value is correct.**** End of log ****I will run WBAM again and post my findings... Link to post Share on other sites More sharing options...
spaceclick Posted December 30, 2012 Author ID:628631 Share Posted December 30, 2012 Here is the MBAM log...Malwarebytes Anti-Malware (Trial) 1.70.0.1100www.malwarebytes.orgDatabase version: v2012.12.30.10Windows XP Service Pack 2 x86 NTFSInternet Explorer 6.0.2900.2180Administrator :: nc6000 [administrator]Protection: Disabled12/30/2012 5:10:41 PMmbam-log-2012-12-30 (17-10-41).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 322868Time elapsed: 1 hour(s), 1 minute(s), 18 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 2C:\Sandbox\Administrator\MyPlayCity\drive\C\Program Files\MyPlayCity\tbMyP0.dll (Adware.NetPumper) -> Quarantined and deleted successfully.C:\Sandbox\Administrator\MyPlayCity\drive\C\Program Files\MyPlayCity\tbMyPl.dll (Adware.NetPumper) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 31, 2012 ID:628827 Share Posted December 31, 2012 You will want to print out or copy these instructions to Notepad for offline reference!These steps are for member spaceclick only.If you are a casual viewer, do NOT try this on your system!If you are a casual viewer & not spaceclick and have a similar problem, do NOT post here; start your own topicDo not run or start any other programs while these utilities and tools are in use!Do NOT run any other tools on your own or do any fixes other than what is listed here.If you have questions, please ask before you do something on your own.But it is important that you get going on these following steps.=Close any of your open programs while you run these tools.Again, as much as possible, keep Windows in normal mode, as we continue our efforts to remove malwares. Right now, I am seeing traces of adware.Step 1Please download Junkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click JRT.exe and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply. And tell me, How is the system now?Re-enable your security software.Step 2Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.If your are running Windows XP, double click adwcleaner.exe to start it.Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.Step 3This next section is to correct the settings for 2 windows xp services. You are asked to download and SAVE 3 files.Once after they are saved, you will be applying 3 fixes.1a) Download this registry-fix file http://download.blee...haredAccess.regSave it to your DESKTOP.1b) Download this registry-fix file http://download.blee...HAREDACCESS.regSave it to your DESKTOP.1c) Download this registry-fix file http://download.blee.../xp/winmgmt.regSave it to your DESKTOP.2) go to Start, type inREGEDIT and press Enter-keyfrom main menu, select Filethen select IMPORTnavigate the dialog (click on DESKTOP icon on left to select it)type in LEGACY_SHAREDACCESS.reg in the Filename text-box and click Open button.Once the merge is complete, you will see a confirmation message.Click OK when done.3) Still in Regeditfrom main menu, select Filethen select IMPORTnavigate the dialog (click on DESKTOP icon on left to select it)type in SHAREDACCESS.reg in the Filename text-box and click Open button.Once the merge is complete, you will see a confirmation message.Click OK when done.4) Still in Regeditfrom main menu, select Filethen select IMPORTnavigate the dialog (click on DESKTOP icon on left to select it)type in winmgmt.reg in the Filename text-box and click Open button.Once the merge is complete, you will see a confirmation message.Click OK when done.5 )Exit/close Regedit.Logoff and Restart Windows fresh.Step 4 In normal mode Windows:Download OTL by OldTimer & SAVE to your desktop: http://oldtimer.geekstogo.com/OTL.exePlease close any of your open windows/programs and exit; saving any open work you have.Go slow and careful. This is a Custom scan. Have infinite patience while it runs.Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall onFor a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsI'd like to have you do a special run of OTL to generate some searches & a new log-report.Please double-click OTL.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):*****************************************************************netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%ALLUSERSPROFILE%\Application Data\*.%ALLUSERSPROFILE%\Application Data\*.exe /s%ALLUSERSPROFILE%\Application Data\*.dll /s%APPDATA%\*.%APPDATA%\*.exe /s%SYSTEMDRIVE%\*.exec:|wgsdgs;true;true;true; /FPc:|MyPlayCity;true;true;true; /FPc:|tbMyP0;true;true;true; /FPc:|crossride;true;true;true; /FPc:|conduit;true;true;true; /FPc:|Fun4IM;true;true;true; /FPc:|Bandoo;true;true;true; /FPc:|Searchn;true;true;true; /FPc:|Searchq;true;true;true; /FPc:|datamngr;true;true;true; /FPc:|iLivid;true;true;true; /FPc:|whitesmoke;true;true;true; /FPc:|services.ex;true;true;true; /FP%USERPROFILE%\..|smtmp;true;true;true /FPHKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rsHKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rsHKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rsHKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rsHKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rsHKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rsHKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rsHKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rsHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options|exe /rs%systemroot%\*. /mp /s*****************************************************************Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste. Close any browser(s) windows that may be open.Using your mouse, click on Run Scan.The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.These are saved in the same location as OTL.Please Attach the OTL log(s) . Link to post Share on other sites More sharing options...
spaceclick Posted December 31, 2012 Author ID:629025 Share Posted December 31, 2012 I tried running Step 1, but it gave an error about a service not running or unable to be started when doing the Modules section and then hung indefinately when doing the Processes section. I assume this was due to the sercurity/firewall service not working. After I finished all the other steps, I tried doing step 1 again and it had no problems, I have included the log below.For the three registry imports, I was unable to import the first one at all at first, but after running all the other steps, I tried again and it seemed to partially work; I got this error: "some keys are open by the system or other process".~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.3.2 (12.29.2012:3)OS: Microsoft Windows XP x86Ran by Administrator on Mon 12/31/2012 at 17:41:33.49Blog: http://thisisudax.blogspot.com~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry Keys~~~ Files~~~ Folders~~~ FireFoxSuccessfully deleted the following from C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\bhm4hmsd.default\prefs.jsuser_pref("extensions.piclens.UpdateInfo", "H4sIAAAAAAAAC+1WPW/CMBD9N54iFCgNYshAUTuBhEpEB5TB2Fdi4diVfSHl39cOCJVSWFoVNXK83bvvlyedRW2Az5GiXYCxQqu02yO2fgbFwYDxSGXTHlFVOaGVYgXYNCbuser_pref("extensions.rdr.whitelist", "abp:// ed2k:// file:// web.archive.org babelfish.altavista.com http://*.*.*.*/translate_c? jigsaw.w3.org validator.w3.org .contentqualit~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 12/31/2012 at 17:47:36.46End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# AdwCleaner v2.104 - Logfile created 12/31/2012 at 16:36:45# Updated 29/12/2012 by Xplode# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)# User : Administrator - nc6000# Boot Mode : Normal# Running from : C:\data\downloads\adwcleaner.exe# Option [search]***** [services] ********** [Files / Folders] ********** [Registry] *****Key Found : HKCU\Software\Headlight***** [internet Browsers] *****-\\ Internet Explorer v6.0.2900.2180[OK] Registry is clean.-\\ Mozilla Firefox v17.0.1 (en-US)File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\prefs.jsFound : user_pref("extensions.rdr.whitelist", "abp:// ed2k:// file:// web.archive.org babelfish.altavista.co[...]Found : user_pref("extensions.twitternotifier.configuration", "{\"config\":{\"photo_sizes\":{\"thumb\":{\"w\[...]-\\ Google Chrome v [unable to get version]File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [1142 octets] - [31/12/2012 16:36:45]########## EOF - C:\AdwCleaner[R1].txt - [1202 octets] ########## Link to post Share on other sites More sharing options...
spaceclick Posted December 31, 2012 Author ID:629027 Share Posted December 31, 2012 OTL logfile created on: 12/31/2012 5:14:43 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\data\downloadsWindows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy511.36 Mb Total Physical Memory | 341.68 Mb Available Physical Memory | 66.82% Memory free1.22 Gb Paging File | 1.05 Gb Available in Paging File | 86.24% Paging File freePaging file location(s): C:\pagefile.sys 768 1024 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 37.25 Gb Total Space | 17.51 Gb Free Space | 47.00% Space Free | Partition Type: NTFSComputer Name: nc6000 | User Name: Administrator | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/12/31 15:23:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\data\downloads\OTL.exePRC - [2012/11/26 09:09:20 | 000,659,040 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exePRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exePRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exePRC - [2012/07/30 13:12:22 | 000,318,536 | ---- | M] () -- C:\Program Files\Synergy\synergyd.exePRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2006/11/13 12:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\addon\Activesync\rapimgr.exePRC - [2006/08/07 18:15:18 | 000,336,014 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\addon\Atheros\ACU.exePRC - [2006/03/25 17:17:26 | 000,278,613 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exePRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe========== Modules (No Company Name) ==========MOD - [2012/12/31 14:02:01 | 002,041,856 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12123101\algo.dllMOD - [2012/07/30 13:12:22 | 000,318,536 | ---- | M] () -- C:\Program Files\Synergy\synergyd.exeMOD - [2002/11/26 12:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll========== Services (SafeList) ==========SRV - [2012/12/27 05:43:54 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2012/12/01 06:28:57 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2012/11/26 09:09:22 | 001,225,312 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)SRV - [2012/11/26 09:09:20 | 000,659,040 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)SRV - [2012/07/30 13:12:22 | 000,318,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Synergy\synergyd.exe -- (Synergy)SRV - [2012/06/17 02:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) [On_Demand | Stopped] -- C:\Program Files\addon\Sandboxie\SbieSvc.exe -- (SbieSvc)SRV - [2008/11/10 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)SRV - [2006/09/14 01:45:26 | 001,257,472 | ---- | M] (Altiris, Inc.) [Disabled | Stopped] -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient)SRV - [2006/03/25 17:17:26 | 000,278,613 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)SRV - [2005/03/23 18:16:50 | 000,274,432 | ---- | M] (Altiris) [On_Demand | Stopped] -- C:\WINDOWS\system32\SchdSrvc.exe -- (CarbonCopyScheduler)SRV - [2005/03/23 18:10:00 | 000,065,536 | ---- | M] (Altiris) [Disabled | Stopped] -- C:\WINDOWS\system32\CCSRVC.exe -- (CarbonCopy32)SRV - [2005/02/15 08:00:00 | 000,118,784 | ---- | M] (AT&T) [On_Demand | Stopped] -- C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE -- (NetCfgSvr)SRV - [2004/09/22 19:00:00 | 000,221,191 | ---- | M] (Network Associates, Inc.) [Disabled | Stopped] -- C:\Program Files\Network Associates\VirusScan\mcshield.exe -- (McShield)SRV - [2004/09/22 19:00:00 | 000,028,672 | ---- | M] (Network Associates, Inc.) [Disabled | Stopped] -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe -- (McTaskManager)SRV - [2004/04/16 14:26:56 | 000,643,072 | ---- | M] (Nortel Networks NA, Inc.) [On_Demand | Stopped] -- C:\Program Files\Nortel Networks\Extranet_serv.exe -- (ExtranetAccess)SRV - [2003/12/03 14:03:40 | 000,020,480 | ---- | M] (Compaq Computer Corporation) [Disabled | Stopped] -- C:\Program Files\Compaq\Compaq Management Agents\Cpqdmi.exe -- (cpqdmi)SRV - [2003/12/03 14:02:02 | 000,512,000 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files\Compaq\Compaq Management Agents\Cpqalert.exe -- (CPQALERT)SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)SRV - [2002/04/10 12:00:46 | 000,782,336 | -H-- | M] (AT&T) [Disabled | Stopped] -- C:\Program Files\Doctor Install\DrInstalSvc.exe -- (Svc_DrInstal)SRV - [2001/04/11 09:33:46 | 000,215,552 | ---- | M] (Intel) [Disabled | Stopped] -- C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe -- (WIN32SL)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)DRV - File not found [Kernel | System | Stopped] -- -- (Changer)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)DRV - [2012/12/26 14:37:04 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\data\downloads\emisoft\Run\a2ddax86.sys -- (A2DDA)DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)DRV - [2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)DRV - [2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)DRV - [2012/06/17 02:51:54 | 000,137,488 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Program Files\addon\Sandboxie\SbieDrv.sys -- (SbieDrv)DRV - [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)DRV - [2007/09/06 18:29:02 | 000,035,692 | ---- | M] (Cisco Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdpPacket.sys -- (CdpPacket)DRV - [2006/07/17 06:49:54 | 000,494,080 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (WLAN_400_500_SERVICE)DRV - [2006/07/17 06:49:54 | 000,494,080 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)DRV - [2005/03/23 18:14:40 | 000,009,216 | ---- | M] (Altiris) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CCDevice.sys -- (CCDevice)DRV - [2005/02/09 07:05:06 | 000,019,328 | ---- | M] (AT&T) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi)DRV - [2005/01/15 20:02:42 | 000,272,832 | ---- | M] (Zone Labs Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)DRV - [2005/01/14 19:00:00 | 000,108,480 | ---- | M] (Network Associates, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)DRV - [2005/01/14 19:00:00 | 000,058,464 | ---- | M] (Network Associates, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mvstdi5x.sys -- (NaiAvTdi1)DRV - [2005/01/14 19:00:00 | 000,008,320 | ---- | M] (Network Associates, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\entdrv51.sys -- (EntDrv51)DRV - [2004/12/21 13:25:38 | 000,164,480 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\abvpn2k.sys -- (ABVPN2K)DRV - [2004/09/25 01:39:08 | 000,289,792 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)DRV - [2004/09/25 01:38:32 | 000,023,936 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)DRV - [2004/09/25 01:32:40 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)DRV - [2004/09/25 01:29:52 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)DRV - [2004/09/25 01:29:50 | 000,141,184 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)DRV - [2004/09/25 01:26:40 | 000,200,832 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)DRV - [2004/09/25 01:26:28 | 000,023,808 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)DRV - [2004/09/25 01:23:16 | 000,117,632 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)DRV - [2004/04/16 14:35:18 | 000,009,817 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)DRV - [2004/04/16 14:34:56 | 000,117,760 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)DRV - [2004/04/16 14:34:56 | 000,117,760 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)DRV - [2004/03/24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\data\apps\NetStumbler\nsndis5.sys -- (NSNDIS5)DRV - [2003/12/02 16:57:02 | 000,641,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)DRV - [2003/10/29 15:53:20 | 000,059,044 | ---- | M] (Hewlett-Packard) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Clntmgmt.sys -- (ClntMgmt)DRV - [2003/10/17 14:31:46 | 000,032,640 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)DRV - [2003/09/02 10:52:56 | 000,033,848 | ---- | M] (Guardeonic Solutions AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\psd.sys -- (PersonalSecureDrive)DRV - [2003/08/14 08:11:00 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)DRV - [2003/07/28 23:49:00 | 000,182,101 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)DRV - [2003/07/24 13:50:00 | 000,005,689 | ---- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)DRV - [2003/04/04 11:48:06 | 000,013,952 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)DRV - [2003/02/17 12:22:24 | 000,170,880 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)DRV - [2002/08/19 13:35:44 | 000,019,845 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Cpqdfw.sys -- (cpqdfw)DRV - [2002/05/22 11:42:42 | 000,015,326 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)DRV - [2001/08/17 07:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankIE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>========== FireFox ==========FF - prefs.js..extensions.enabledAddons: check4change-owner%40mozdev.org:1.9.3FF - prefs.js..extensions.enabledAddons: cslite-mod%40wantora.bitbucket.org:1.4.8FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00FF - prefs.js..extensions.enabledAddons: redirectcleaner%40example.net:2.1.1FF - prefs.js..extensions.enabledAddons: twitternotifier%40naan.net:2.5.2FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3FF - prefs.js..extensions.enabledAddons: %7BFDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3%7D:1.3.5FF - prefs.js..extensions.enabledAddons: %7B7f57cf46-4467-4c2d-adfa-0cba7c507e54%7D:2.0.8FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.4pre.121222bFF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.0.4FF - prefs.js..extensions.enabledAddons: %7B54BB9F3F-07E5-486c-9B39-C7398B99391C%7D:4.1.2012122901FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.51FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2FF - prefs.js..extensions.enabledItems: check4change-owner@mozdev.org:1.8.6FF - prefs.js..extensions.enabledItems: {00084897-021a-4361-8423-083407a033e0}:1.4FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.60FF - prefs.js..extensions.enabledItems: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.5FF - prefs.js..extensions.enabledItems: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:2.0.1FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.2.7FF - prefs.js..extensions.enabledItems: {289F3A4A-F3FF-4173-B994-DBC887E9C468}:0.3.5FF - prefs.js..extensions.enabledItems: redirectcleaner@example.net:1.3.0FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6FF - prefs.js..extensions.enabledItems: {54BB9F3F-07E5-486c-9B39-C7398B99391C}:4.0.2011021601FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.7.10FF - prefs.js..network.proxy.autoconfig_url: "http://us-auto.proxy.att.com:8001/"FF - prefs.js..network.proxy.backup.ftp: "proxy.att.com"FF - prefs.js..network.proxy.backup.ftp_port: 8000FF - prefs.js..network.proxy.backup.gopher: "proxy.att.com"FF - prefs.js..network.proxy.backup.gopher_port: 8000FF - prefs.js..network.proxy.backup.socks: "proxy.att.com"FF - prefs.js..network.proxy.backup.socks_port: 8000FF - prefs.js..network.proxy.backup.ssl: "proxy.att.com"FF - prefs.js..network.proxy.backup.ssl_port: 8000FF - prefs.js..network.proxy.ftp: "192.168.108.68"FF - prefs.js..network.proxy.ftp_port: 8000FF - prefs.js..network.proxy.gopher: "192.168.108.68"FF - prefs.js..network.proxy.gopher_port: 8000FF - prefs.js..network.proxy.http: "192.168.108.68"FF - prefs.js..network.proxy.http_port: 8000FF - prefs.js..network.proxy.share_proxy_settings: trueFF - prefs.js..network.proxy.socks: "192.168.108.68"FF - prefs.js..network.proxy.socks_port: 8000FF - prefs.js..network.proxy.ssl: "192.168.108.68"FF - prefs.js..network.proxy.ssl_port: 8000FF - user.js - File not foundFF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not foundFF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not foundFF - HKLM\Software\MozillaPlugins\@freetoolsassociation.com/ActiveGS: undefinednpActiveGS.dll File not foundFF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.7\npGoogleOneClick8.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.8.6d: C:\data\apps\DVArchive\VLC\npvlc.dll File not foundFF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@freetoolsassociation.com/ActiveGS: undefinednpActiveGS.dll File not foundFF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=5: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll File not foundFF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=6: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll (Google Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/21 05:00:51 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/01 06:28:58 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/30 16:10:31 | 000,000,000 | ---D | M][2008/02/18 22:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions[2012/12/30 16:45:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions[2011/05/10 16:16:25 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}[2009/10/01 19:53:57 | 000,000,000 | ---D | M] (IE View Lite) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}[2012/09/30 00:36:12 | 000,000,000 | ---D | M] (Echofon) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\twitternotifier@naan.net[2012/06/29 14:18:45 | 000,617,362 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\check4change-owner@mozdev.org.xpi[2012/08/07 10:56:40 | 000,261,822 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\cslite-mod@wantora.bitbucket.org.xpi[2012/08/30 04:27:46 | 000,230,013 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\exif_viewer@mozilla.doslash.org.xpi[2012/11/18 07:54:33 | 000,030,750 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\redirectcleaner@example.net.xpi[2012/12/28 17:45:56 | 000,194,265 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi[2012/12/30 16:45:41 | 000,058,510 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi[2012/12/12 11:58:47 | 000,526,889 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}.xpi[2012/11/26 01:36:42 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi[2012/06/29 14:19:22 | 000,138,614 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi[2012/12/26 18:22:18 | 000,748,081 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bhm4hmsd.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi[2012/12/01 06:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2012/12/01 06:28:58 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll[2006/07/06 23:22:00 | 000,806,912 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npActiveGS.dll[2006/10/09 12:29:00 | 000,135,168 | ---- | M] (Mercora, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmercoraPlugin.dll[2012/08/30 04:27:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml[2012/10/12 11:54:04 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml========== Chrome ==========CHR - default_search_provider: Google ()CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}O1 HOSTS File: ([2012/12/28 17:21:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.5.0_13\bin\jp2ssv.dll File not foundO4 - HKLM..\Run: [ACU] C:\Program Files\addon\Atheros\ACU.exe (Atheros Communications, Inc.)O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\addon\Activesync\wcescomm.exe (Microsoft Corporation)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://ll.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab (Reg Error: Key error.)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8493BC2F-CAF9-4B2F-B970-A43B6D81949A}: DhcpNameServer = 192.168.11.1O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O20 - Winlogon\Notify\IfxWlxEN: DllName - (IfxWlxEN.dll) - C:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG)O20 - Winlogon\Notify\PSDNtfy: DllName - (c:\Program Files\ProtectTools\Embedded Security Software\PSDNtfy.dll) - c:\Program Files\ProtectTools\Embedded Security Software\PSDNtfy.dll (Guardeonic Solutions AG)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2005/09/23 10:41:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)NetSvcs: 6to4 - File not foundNetSvcs: Ias - File not foundNetSvcs: Iprip - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: WmdmPmSp - File not foundMsConfig - StartUpFolder: C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^HotSync Manager.lnk - C:\Program Files\Handspring\HOTSYNC.EXE - (Palm, Inc.)MsConfig - StartUpFolder: C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^X1 System Tray.lnk - Reg Error: Value error. - File not foundMsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - - File not foundMsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - - File not foundMsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Global Network Client (Set auto-proxy).lnk - C:\WINDOWS\Installer\{47BEA355-26AB-40EA-8984-72E83BFD9A8C}\Icon47BEA3551.ico - ()MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Global Network Client Monitor.lnk - C:\WINDOWS\Installer\{47BEA355-26AB-40EA-8984-72E83BFD9A8C}\Icon4A6622C72.exe - ()MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not foundMsConfig - StartUpReg: AeXAgentLogon - hkey= - key= - C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe (Altiris, Inc.)MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)MsConfig - StartUpReg: ChkAdmin - hkey= - key= - C:\Program Files\Compaq\Compaq Management Agents\Chkadmin.exe (Hewlett-Packard Company)MsConfig - StartUpReg: ControlCenter2.0 - hkey= - key= - C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)MsConfig - StartUpReg: Doctor Install - hkey= - key= - C:\Program Files\Doctor Install\InstallMgr.exe (AT&T)MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)MsConfig - StartUpReg: IfxSecurePlatformIndication - hkey= - key= - c:\Program Files\ProtectTools\Embedded Security Software\SpTNA.exe (Infineon Technologies AG)MsConfig - StartUpReg: LtMoh - hkey= - key= - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)MsConfig - StartUpReg: McAfeeUpdaterUI - hkey= - key= - C:\Program Files\Network Associates\Common Framework\udaterui.exe (McAfee, Inc.)MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)MsConfig - StartUpReg: Network Associates Error Reporting Service - hkey= - key= - C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe (Network Associates, Inc.)MsConfig - StartUpReg: PSDruntime - hkey= - key= - c:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe (Guardeonic Solutions AG)MsConfig - StartUpReg: Push Client - hkey= - key= - C:\Documents and Settings\Administrator\Local Settings\Application Data\ATT Connect\Participant\pull.exe (AT&T Inc.)MsConfig - StartUpReg: RoxioDragToDisc - hkey= - key= - c:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Roxio)MsConfig - StartUpReg: ShStatEXE - hkey= - key= - C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.)MsConfig - StartUpReg: start dr install service - hkey= - key= - File not foundMsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)MsConfig - StartUpReg: SynTPLpr - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)MsConfig - State: "system.ini" - 0MsConfig - State: "win.ini" - 0MsConfig - State: "bootini" - 0MsConfig - State: "services" - 0MsConfig - State: "startup" - 2SafeBootMin: Base - Driver GroupSafeBootMin: Boot Bus Extender - Driver GroupSafeBootMin: Boot file system - Driver GroupSafeBootMin: File system - Driver GroupSafeBootMin: Filter - Driver GroupSafeBootMin: PCI Configuration - Driver GroupSafeBootMin: PNP Filter - Driver GroupSafeBootMin: Primary disk - Driver GroupSafeBootMin: SCSI Class - Driver GroupSafeBootMin: sermouse.sys - DriverSafeBootMin: System Bus Extender - Driver GroupSafeBootMin: vga.sys - DriverSafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesSafeBootNet: Base - Driver GroupSafeBootNet: Boot Bus Extender - Driver GroupSafeBootNet: Boot file system - Driver GroupSafeBootNet: File system - Driver GroupSafeBootNet: Filter - Driver GroupSafeBootNet: NDIS Wrapper - Driver GroupSafeBootNet: NetBIOSGroup - Driver GroupSafeBootNet: NetDDEGroup - Driver GroupSafeBootNet: Network - Driver GroupSafeBootNet: NetworkProvider - Driver GroupSafeBootNet: PCI Configuration - Driver GroupSafeBootNet: PNP Filter - Driver GroupSafeBootNet: PNP_TDI - Driver GroupSafeBootNet: Primary disk - Driver GroupSafeBootNet: SCSI Class - Driver GroupSafeBootNet: sermouse.sys - DriverSafeBootNet: Streams Drivers - Driver GroupSafeBootNet: System Bus Extender - Driver GroupSafeBootNet: TDI - Driver GroupSafeBootNet: vga.sys - DriverSafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - NetSafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClientSafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetServiceSafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTransSafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShowActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimationActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dllActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for JavaActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing PackActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - UniscribeActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced AuthoringActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /installActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NTActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShowActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawExActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer HelpActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.infActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java ClassesActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUserActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICWActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup ToolsActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing EnhancementsActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media PlayerActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site AccessActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET FrameworkActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web FoldersActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /installActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dllActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exeActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,InstallActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data BindingActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET FrameworkActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core FontsActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET FrameworkActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task SchedulerActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML HelpActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service InterfaceActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMPActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIEActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOEActiveX: AutorunsDisabled -Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)========== Files/Folders - Created Within 30 Days ==========[2012/12/31 15:27:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT[2012/12/31 15:24:51 | 000,000,000 | ---D | C] -- C:\JRT[2012/12/30 17:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware[2012/12/30 17:08:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2012/12/30 17:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2012/12/28 23:31:58 | 000,048,128 | ---- | C] (AT&T) -- C:\WINDOWS\System32\NetGina.dll[2012/12/28 17:25:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp[2012/12/28 16:59:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe[2012/12/28 16:59:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe[2012/12/28 16:59:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe[2012/12/28 16:59:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe[2012/12/28 16:59:05 | 000,000,000 | ---D | C] -- C:\ComboFix[2012/12/28 16:58:52 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/12/27 00:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe[2012/12/27 00:20:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Secunia PSI[2012/12/27 00:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia[2012/12/26 17:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro[2012/12/26 17:19:42 | 000,000,000 | ---D | C] -- C:\rsit[2012/12/26 17:16:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2012/12/26 17:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT[2012/12/26 17:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT[2012/12/24 17:54:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools[2012/12/17 13:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\pokerth[2012/12/04 02:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\*.tmp files -> C:\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/12/31 16:45:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2012/12/31 16:45:22 | 000,000,258 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol[2012/12/31 16:44:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2012/12/30 17:08:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk[2012/12/30 16:42:32 | 000,002,221 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Firewall Settings.lnk[2012/12/30 16:38:00 | 000,021,161 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml[2012/12/30 16:38:00 | 000,021,161 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.bak[2012/12/30 16:37:47 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AT&T Global Network Client.lnk[2012/12/30 16:10:32 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk[2012/12/28 17:21:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts[2012/12/28 15:46:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb[2012/12/28 15:46:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb[2012/12/27 05:43:56 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job[2012/12/27 05:43:54 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe[2012/12/27 05:43:53 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl[2012/12/27 05:05:21 | 000,478,222 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2012/12/27 05:05:21 | 000,086,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2012/12/27 04:44:24 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2012/12/26 17:15:35 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk[2012/12/26 17:15:33 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk[2012/12/24 06:11:15 | 000,003,032 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\*.tmp files -> C:\*.tmp -> ] Link to post Share on other sites More sharing options...
spaceclick Posted December 31, 2012 Author ID:629029 Share Posted December 31, 2012 ========== Files Created - No Company Name ==========[2012/12/30 17:08:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk[2012/12/30 16:10:32 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk[2012/12/30 16:10:32 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk[2012/12/28 16:59:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe[2012/12/28 16:59:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe[2012/12/28 16:59:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe[2012/12/28 16:59:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe[2012/12/28 16:59:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe[2012/12/27 06:07:44 | 000,002,221 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Firewall Settings.lnk[2012/12/27 00:17:08 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk[2012/12/26 17:15:35 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk[2012/12/26 17:15:33 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk[2012/12/24 04:15:16 | 000,003,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dsgsdgdsgdsgw.js[2012/12/24 04:15:12 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\runctf.lnk[2010/02/25 17:08:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\_dvarchive_.run[2008/11/12 11:04:32 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND[2008/10/30 17:27:31 | 000,001,064 | RH-- | C] () -- C:\Documents and Settings\Administrator\XrxWm.ini[2008/10/30 17:27:30 | 000,000,483 | RH-- | C] () -- C:\Documents and Settings\Administrator\xwa55pdy.dyc[2008/10/30 17:22:46 | 000,048,586 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xpif-v02030a.dtd[2007/04/15 23:32:41 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc[2007/04/15 05:30:25 | 000,016,360 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_9[2007/04/15 05:30:25 | 000,016,360 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_8[2007/04/15 05:30:25 | 000,016,360 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_7[2007/04/15 05:30:25 | 000,016,360 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_10[2007/04/15 05:30:25 | 000,015,892 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml~[2007/04/15 05:30:25 | 000,015,892 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_6[2007/04/15 05:30:25 | 000,015,892 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_5[2007/04/15 05:30:25 | 000,015,892 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_4[2007/04/15 05:30:25 | 000,015,892 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_3[2007/04/15 05:30:25 | 000,015,892 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_2[2007/04/15 05:30:25 | 000,015,892 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml_1[2007/04/15 05:30:25 | 000,015,892 | ---- | C] () -- C:\Documents and Settings\Administrator\DVArchive.xml[2007/04/09 05:01:26 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2007/04/05 10:21:09 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol[2005/09/23 11:23:25 | 000,000,258 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol========== ZeroAccess Check ==========[2005/09/23 11:08:09 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 10:20:22 | 001,509,888 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:20:33 | 000,473,088 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]"" = %systemroot%\system32\wbem\wbemess.dll -- [2005/02/04 09:03:04 | 000,273,920 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both========== Custom Scans ==========< %ALLUSERSPROFILE%\Application Data\*. >[2012/12/30 16:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe[2008/01/21 20:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon[2012/09/19 19:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software[2008/11/11 20:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus[2008/10/06 23:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother[2007/11/05 15:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco[2008/10/06 23:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield[2008/06/02 00:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games[2008/07/06 03:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2012/11/27 16:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee[2008/01/19 03:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Meridian93[2012/12/27 00:56:58 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft[2009/01/04 06:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help[2012/06/29 13:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mozilla[2005/09/23 10:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates[2007/10/26 02:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage[2008/04/17 04:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games[2012/11/27 16:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun[2007/04/06 02:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage[2009/04/24 20:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!< %ALLUSERSPROFILE%\Application Data\*.exe /s >[2012/09/23 22:47:39 | 000,364,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}\setup.exe[2009/03/13 13:45:02 | 006,616,833 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Current\EPOAGENT3000\Install\0409\FramePkg.exe< %ALLUSERSPROFILE%\Application Data\*.dll /s >[2007/02/20 20:30:12 | 000,092,728 | ---- | M] (Un4seen Developments) -- C:\Documents and Settings\All Users\Application Data\SpinTop Games\SpinTopGamesLauncher\AOL\MysteryPILTWeb\bass.dll[2007/08/29 18:16:32 | 001,003,520 | ---- | M] (SpinTop Games) -- C:\Documents and Settings\All Users\Application Data\SpinTop Games\SpinTopGamesLauncher\AOL\MysteryPILTWeb\MysteryPILTWeb.dll[2007/08/30 11:38:58 | 003,268,608 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpinTop Games\SpinTopGamesLauncher\AOL\MysteryPILTWeb\Resources.dll< %APPDATA%\*. >[2009/11/11 19:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.oit[2008/08/04 23:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.Tribler[2009/11/07 18:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore[2008/06/06 03:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe[2012/08/15 10:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ATT Connect[2008/10/07 00:36:06 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Administrator\Application Data\Brother[2007/11/05 15:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Cisco[2009/05/23 19:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CyberPower Audio Editing Lab[2008/11/30 21:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\dvdcss[2007/12/12 05:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FastStone[2008/04/12 15:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Help[2005/09/23 10:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities[2005/09/23 11:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Infineon[2008/10/07 01:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield[2007/05/30 22:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo[2012/08/16 11:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia[2008/07/06 03:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes[2008/07/08 21:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic[2012/08/07 00:21:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft[2010/12/20 22:28:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Move Networks[2008/02/18 22:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla[2007/10/26 02:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12[2012/12/17 13:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\pokerth[2012/12/26 18:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QuickScan[2008/07/06 01:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Roxio[2007/04/06 00:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SBC[2010/12/20 22:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft[2005/09/23 11:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun[2007/04/06 00:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Talkback[2012/12/11 02:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\vlc[2009/11/12 14:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\webex[2009/11/07 18:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WebEx Connect[2008/10/30 17:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Xerox< %APPDATA%\*.exe /s >[2012/08/07 00:21:04 | 000,062,736 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\ARPPRODUCTICON.exe[2012/08/07 00:21:04 | 000,062,736 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\LSUDesktopShortcut_5E8B335F6B1645798E61AE17118989A8.exe[2012/08/07 00:21:05 | 000,062,736 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\LSUStartShortcut1_0C445A24F06A4871AC024995E6B63EA6.exe[2012/08/07 00:21:05 | 000,058,640 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\MyATTDesktopShortc_F98F597BB2C24BCA8A2E00E99FF50C40.exe[2012/08/07 00:21:05 | 000,062,736 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\MyATTStartShortcut_37B266125E564D7BBC298658403757C7.exe[2012/08/07 00:21:06 | 000,062,736 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\NewShortcut11_0A40599CA5B444D89111273D573729A6.exe[2012/08/07 00:21:05 | 000,046,352 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\ParticipantHelpSta_AFE5E24C07B1432883124EEC348980E5.exe[2012/08/07 00:21:06 | 000,062,736 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\ParticipantStartSh_DF0BA5751BF84E0AABDD4B6DA83B3B0C.exe[2012/08/07 00:21:07 | 000,062,736 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{CDD4495B-0424-42F0-8D89-70D47E21BD69}\PullClientStartSho_CD6A27034E724245941D2EB3A8CF0DD5.exe[2008/03/04 19:12:44 | 000,254,464 | ---- | M] (AT&T Services, Inc.) -- C:\Documents and Settings\Administrator\Application Data\SBC\Q Team Link Messenger\Runtime\QProtocolHandler.exe[2007/03/07 12:34:22 | 000,237,568 | ---- | M] (AT&T Services, Inc.) -- C:\Documents and Settings\Administrator\Application Data\SBC\Q Team Link Messenger\Runtime\QProtocolHandler.exe_save[2006/09/26 16:32:16 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\SBC\Q Team Link Messenger\Runtime\QTeamLinkMessenger.exe[2010/08/11 16:10:54 | 000,065,660 | ---- | M] (AT&T) -- C:\Documents and Settings\Administrator\Application Data\SBC\Q Team Link Messenger\Runtime4\QProtocolHandler.exe[2011/07/25 13:25:50 | 000,058,159 | ---- | M] (AT&T) -- C:\Documents and Settings\Administrator\Application Data\SBC\Q Team Link Messenger\Runtime4\QTeamLinkMessenger.exe< %SYSTEMDRIVE%\*.exe >< c:|wgsdgs;true;true;true; /FP >< c:|MyPlayCity;true;true;true; /FP >[2009/05/23 06:57:19 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity[2009/05/23 06:56:50 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\drive[2009/05/23 06:57:20 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user[2012/12/30 18:18:33 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\drive\C\Program Files\MyPlayCity[2009/07/01 00:27:08 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\drive\C\Program Files\MyPlayCity.com[2012/08/14 23:04:32 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\drive\C\Program Files\MyPlayCity.com\Amusive Chess[2009/05/23 06:57:04 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\drive\C\Program Files\MyPlayCity.com\Confectionary[2009/06/30 23:51:35 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\drive\C\Program Files\MyPlayCity.com\Subsea Relic[2009/07/01 00:27:11 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\all\Start Menu\Programs\MyPlayCity.com[2009/07/01 00:27:12 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\all\Start Menu\Programs\MyPlayCity.com\Amusive Chess[2009/05/23 06:57:19 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\all\Start Menu\Programs\MyPlayCity.com\Confectionary[2009/05/23 06:57:20 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\all\Start Menu\Programs\MyPlayCity.com\Subsea Relic[2009/05/23 06:57:23 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\MyPlayCity[2009/07/01 00:19:09 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\MyPlayCity\CacheIcons[2009/05/23 06:57:22 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\MyPlayCity\Chat[2009/05/23 06:57:23 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\MyPlayCity\EmailNotifier[2009/05/23 06:57:23 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\MyPlayCity\Logs[2009/05/23 06:57:23 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\MyPlayCity\RadioPlayer[2009/07/01 00:19:09 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\MyPlayCity\rss[2009/05/23 06:57:23 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\MyPlayCity\UserDefinedItems< c:|tbMyP0;true;true;true; /FP >< c:|crossride;true;true;true; /FP >< c:|conduit;true;true;true; /FP >[2012/06/25 19:00:29 | 000,000,000 | ---D | M] -- c:\Program Files\Handspring\Outlook Conduits[2009/05/23 06:49:58 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\iWin\drive\C\Program Files\Conduit[2009/05/23 06:49:58 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\iWin\drive\C\Program Files\Conduit\Community Alerts[2009/05/23 06:55:07 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\iWin\user\current\Local Settings\Application Data\Conduit[2009/05/23 06:55:07 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\iWin\user\current\Local Settings\Application Data\Conduit\Community Alerts[2009/05/23 06:56:50 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\drive\C\Program Files\Conduit[2009/05/23 06:56:51 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\drive\C\Program Files\Conduit\Community Alerts[2009/05/23 06:57:21 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\Conduit[2009/05/23 06:57:21 | 000,000,000 | ---D | M] -- c:\Sandbox\Administrator\MyPlayCity\user\current\Local Settings\Application Data\Conduit\Community Alerts< c:|Fun4IM;true;true;true; /FP >< c:|Bandoo;true;true;true; /FP >< c:|Searchn;true;true;true; /FP >< c:|Searchq;true;true;true; /FP >< c:|datamngr;true;true;true; /FP >< c:|iLivid;true;true;true; /FP >< c:|whitesmoke;true;true;true; /FP >< c:|services.ex;true;true;true; /FP >< %USERPROFILE%\..|smtmp;true;true;true /FP >< HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >< HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >< HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >< HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >< HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >< HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL: http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC< HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|url /rs >< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options|exe /rs >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe\\DisableExceptionChainValidation: 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32.exe\\MitigationOptions: Reg Error: Unknown registry data type File not foundHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe\\DisableExceptionChainValidation: 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AcroRd32Info.exe\\MitigationOptions: Reg Error: Unknown registry data type File not foundHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe\\ApplicationGoo: 14 02 00 00 10 02 00 00 00 02 00 00 90 04 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 00 00 07 00 0B 00 00 00 00 00 07 00 0B 00 00 00 3F 00 00 00 02 00 00 00 04 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 00 00 00 01 00 56 00 61 00 72 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 00 00 24 00 04 00 00 00 54 00 72 00 61 00 6E 00 73 00 6C 00 61 00 74 00 69 00 6F 00 6E 00 00 00 00 00 09 04 E4 04 F0 03 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 CC 03 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 45 00 34 00 00 00 4A 00 19 00 01 00 43 00 6F 00 6D 00 6D 00 65 00 6E 00 74 00 73 00 00 00 43 00 72 00 79 00 73 00 74 00 61 00 6C 00 20 00 53 00 51 00 4C 00 20 00 44 00 65 00 73 00 69 00 67 00 6E 00 65 00 72 00 20 00 37 00 2E 00 30 00 00 00 00 00 88 00 34 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 53 00 65 00 61 00 67 00 61 00 74 00 65 00 20 00 53 00 6F 00 66 00 74 00 77 00 61 00 72 00 65 00 20 00 49 00 6E 00 66 00 6F 00 72 00 6D 00 61 00 74 00 69 00 6F 00 6E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 00 6D 00 65 00 6E 00 74 00 20 00 47 00 72 00 6F 00 75 00 70 00 2C 00 20 00 49 00 6E 00 63 00 2E 00 00 00 AE 00 45 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 28 00 63 00 29 00 20 00 31 00 39 00 39 00 31 00 2D 00 31 00 39 00 39 00 10 00 00 00 00 00 00 00 [binary data over 200 bytes]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE\\DisableHeapLookAside: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerApp.exe\\DisableExceptionChainValidation: 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FlashPlayerUpdateService.exe\\DisableExceptionChainValidation: 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe\\ApplicationGoo: 54 09 00 00 54 02 00 00 00 02 00 00 8C 03 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 02 00 A8 11 2E 04 00 00 02 00 A8 11 2E 04 00 00 3F 00 00 00 20 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EC 02 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 C8 02 00 00 01 00 30 00 30 00 30 00 30 00 30 00 34 00 62 00 30 00 00 00 38 00 10 00 01 00 43 00 6F 00 6D 00 6D 00 65 00 6E 00 74 00 73 00 00 00 4F 00 72 00 69 00 67 00 6E 00 61 00 6C 00 20 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 42 00 11 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 53 00 41 00 50 00 20 00 41 00 47 00 2C 00 20 00 57 00 61 00 6C 00 6C 00 64 00 6F 00 72 00 66 00 00 00 00 00 5A 00 19 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 53 00 41 00 50 00 20 00 46 00 72 00 6F 00 6E 00 74 00 65 00 6E 00 64 00 20 00 66 00 6F 00 72 00 20 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 00 00 00 00 3C 00 0E 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 34 00 35 00 32 00 30 00 2E 00 32 00 2E 00 30 00 2E 00 31 00 30 00 37 00 30 00 00 00 32 00 09 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 46 00 45 00 57 00 46 00 52 00 4F 00 4E 00 54 00 00 00 00 00 7A 00 2B 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 02 00 00 00 00 00 00 00 01 00 00 00 4C 00 00 00 3C FD 06 00 04 00 00 00 00 00 00 00 65 05 00 00 02 00 00 00 03 00 00 00 00 00 01 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 33 00 00 00 23 00 54 02 00 00 00 02 00 00 8C 03 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 03 00 9E 11 26 04 00 00 03 00 9E 11 26 04 00 00 3F 00 00 00 20 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EC 02 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 C8 02 00 00 01 00 30 00 30 00 30 00 30 00 30 00 34 00 62 00 30 00 00 00 38 00 10 00 01 00 43 00 6F 00 6D 00 6D 00 65 00 6E 00 74 00 73 00 00 00 4F 00 72 00 69 00 67 00 6E 00 61 00 6C 00 20 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 42 00 11 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 53 00 41 00 50 00 20 00 41 00 47 00 2C 00 20 00 57 00 61 00 6C 00 6C 00 64 00 6F 00 72 00 66 00 00 00 00 00 5A 00 19 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 53 00 41 00 50 00 20 00 46 00 72 00 6F 00 6E 00 74 00 65 00 6E 00 64 00 20 00 66 00 6F 00 72 00 20 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 00 00 00 00 3C 00 0E 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 34 00 35 00 31 00 30 00 2E 00 33 00 2E 00 30 00 2E 00 31 00 30 00 36 00 32 00 00 00 32 00 09 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 46 00 45 00 57 00 46 00 52 00 4F 00 4E 00 54 00 00 00 00 00 7A 00 2B 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 02 00 00 00 00 00 00 00 01 00 00 00 4C 00 00 00 3C FD 06 00 04 00 00 00 00 00 00 00 65 05 00 00 02 00 00 00 03 00 00 00 00 00 01 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 33 00 00 00 23 00 54 02 00 00 00 02 00 00 20 03 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 00 00 04 00 F0 03 00 00 00 00 04 00 F0 03 00 00 3F 00 00 00 00 00 00 00 04 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7E 02 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 5A 02 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 45 00 34 00 00 00 2E 00 07 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 53 00 41 00 50 00 20 00 41 00 47 00 00 00 00 00 5A 00 19 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 53 00 41 00 50 00 20 00 46 00 72 00 6F 00 6E 00 74 00 65 00 6E 00 64 00 20 00 66 00 6F 00 72 00 20 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 00 00 00 00 36 00 0B 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 34 00 2E 00 30 00 2E 00 30 00 2E 00 31 00 30 00 30 00 38 00 00 00 00 00 2C 00 06 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 46 00 52 00 4F 00 4E 00 54 00 00 00 5E 00 1D 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 A9 00 20 00 31 00 39 00 39 00 33 00 2D 00 31 00 39 00 39 00 37 00 20 00 53 00 41 00 50 00 20 00 41 00 47 00 00 00 00 00 28 00 00 00 01 00 4C 00 65 00 67 00 61 00 6C 00 54 00 72 00 61 00 64 00 02 00 00 00 00 00 00 00 01 00 00 00 4C 00 00 00 3C FD 06 00 04 00 00 00 00 00 00 00 65 05 00 00 02 00 00 00 03 00 00 00 00 00 01 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 33 00 00 00 23 00 54 02 00 00 00 02 00 00 18 03 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 00 00 04 00 DD 03 00 00 00 00 04 00 DD 03 00 00 3F 00 00 00 00 00 00 00 04 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 02 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 54 02 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 45 00 34 00 00 00 2E 00 07 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 53 00 41 00 50 00 20 00 41 00 47 00 00 00 00 00 5A 00 19 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 53 00 41 00 50 00 20 00 46 00 72 00 6F 00 6E 00 74 00 65 00 6E 00 64 00 20 00 66 00 6F 00 72 00 20 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 00 00 00 00 34 00 0A 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 34 00 2E 00 30 00 2E 00 30 00 2E 00 39 00 38 00 39 00 00 00 2C 00 06 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 46 00 52 00 4F 00 4E 00 54 00 00 00 5E 00 1D 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 A9 00 20 00 31 00 39 00 39 00 33 00 2D 00 31 00 39 00 39 00 37 00 20 00 53 00 41 00 50 00 20 00 41 00 47 00 00 00 00 00 28 00 00 00 01 00 4C 00 65 00 67 00 61 00 6C 00 54 00 72 00 61 00 64 00 65 00 6D 00 02 00 00 00 00 00 00 00 01 00 00 00 4C 00 00 00 3C FD 06 00 04 00 00 00 00 00 00 00 65 05 00 00 02 00 00 00 03 00 00 00 00 00 01 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 33 00 00 00 23 00 [binary data over 200 bytes]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\\DisableExceptionChainValidation: 0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\\ApplicationGoo: 58 02 00 00 54 02 00 00 00 02 00 00 6C 07 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 05 00 05 00 07 00 A8 07 05 00 05 00 07 00 A8 07 3F 00 00 00 00 00 00 00 04 00 04 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CC 06 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 54 03 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 42 00 30 00 00 00 18 00 00 00 01 00 43 00 6F 00 6D 00 6D 00 65 00 6E 00 74 00 73 00 00 00 4C 00 16 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 43 00 6F 00 72 00 70 00 6F 00 72 00 61 00 74 00 69 00 6F 00 6E 00 00 00 68 00 20 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 45 00 78 00 63 00 68 00 61 00 6E 00 67 00 65 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 53 00 65 00 74 00 75 00 70 00 00 00 36 00 0B 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 35 00 2E 00 35 00 2E 00 31 00 39 00 36 00 30 00 2E 00 37 00 00 00 00 00 2C 00 06 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 53 00 65 00 74 00 75 00 70 00 00 00 9C 00 3C 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 02 00 00 00 00 00 00 00 01 00 00 00 4C 00 00 00 3C FD 06 00 05 00 00 00 00 00 00 00 65 05 00 00 02 00 00 00 03 00 00 00 02 00 00 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 34 00 00 00 23 00 [binary data over 200 bytes]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe\\ApplicationGoo: 58 02 00 00 54 02 00 00 00 02 00 00 44 02 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 01 00 01 00 0C 00 00 00 01 00 01 00 0C 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 00 00 00 00 00 56 00 61 00 72 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 00 00 24 00 04 00 00 00 54 00 72 00 61 00 6E 00 73 00 6C 00 61 00 74 00 69 00 6F 00 6E 00 00 00 00 00 09 04 B0 04 A4 01 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 80 01 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 42 00 30 00 00 00 40 00 20 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 44 00 65 00 4C 00 6F 00 72 00 6D 00 65 00 20 00 4D 00 61 00 70 00 70 00 69 00 6E 00 67 00 00 00 44 00 22 00 01 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 4E 00 61 00 6D 00 65 00 00 00 00 00 52 00 65 00 67 00 20 00 28 00 44 00 4C 00 69 00 62 00 62 00 79 00 5C 00 6D 00 73 00 66 00 29 00 00 00 00 00 34 00 14 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 31 00 2E 00 30 00 31 00 2E 00 30 00 30 00 31 00 32 00 00 00 38 00 14 00 01 00 50 00 72 00 6F 00 64 00 75 00 63 00 74 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 31 00 2E 00 30 00 31 00 2E 00 30 00 30 00 31 00 32 00 00 00 34 00 12 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 4D 00 4E 00 47 00 52 00 45 00 47 00 33 00 32 00 00 00 00 00 02 00 00 00 00 00 00 00 01 00 00 00 4C 00 00 00 3C FD 06 00 04 00 00 00 00 00 00 00 65 05 00 00 02 00 00 00 03 00 00 00 00 00 01 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 33 00 00 00 23 00 [binary data over 200 bytes]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE\\GlobalFlag: 0x00200000HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE\\GlobalFlag: 0x00200000HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE\\DisableHeapLookAside: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE\\DisableHeapLookAside: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe\\ApplicationGoo: 14 02 00 00 10 02 00 00 00 02 00 00 B4 02 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 35 00 07 00 00 00 00 00 35 00 07 00 00 00 00 00 3F 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12 02 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 EE 01 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 62 00 30 00 00 00 42 00 11 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 50 00 65 00 6F 00 70 00 6C 00 65 00 53 00 6F 00 66 00 74 00 2C 00 20 00 49 00 6E 00 63 00 2E 00 00 00 00 00 28 00 00 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 2A 00 05 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 37 00 2E 00 35 00 33 00 00 00 00 00 9C 00 3C 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 A9 00 20 00 31 00 39 00 38 00 38 00 2D 00 31 00 39 00 39 00 38 00 20 00 50 00 65 00 6F 00 70 00 6C 00 65 00 53 00 6F 00 66 00 74 00 2C 00 20 00 49 00 6E 00 63 00 2E 00 20 00 20 00 41 00 6C 00 6C 00 20 00 52 00 69 00 67 00 68 00 74 00 73 00 20 00 52 00 65 00 73 00 65 00 72 00 76 00 65 00 64 00 00 00 3C 00 0A 00 01 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 70 00 73 00 64 00 6D 00 74 00 2E 00 10 00 00 00 00 00 00 00 [binary data over 200 bytes]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE\\DisableHeapLookAside: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE\\DisableHeapLookAside: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\\ApplicationGoo: 00 07 00 00 54 02 00 00 00 02 00 00 84 07 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 05 00 05 00 07 00 A8 07 05 00 05 00 07 00 A8 07 3F 00 00 00 00 00 00 00 04 00 04 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E4 06 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 60 03 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 42 00 30 00 00 00 18 00 00 00 01 00 43 00 6F 00 6D 00 6D 00 65 00 6E 00 74 00 73 00 00 00 4C 00 16 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 43 00 6F 00 72 00 70 00 6F 00 72 00 61 00 74 00 69 00 6F 00 6E 00 00 00 68 00 20 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 45 00 78 00 63 00 68 00 61 00 6E 00 67 00 65 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 53 00 65 00 74 00 75 00 70 00 00 00 36 00 0B 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 35 00 2E 00 35 00 2E 00 31 00 39 00 36 00 30 00 2E 00 37 00 00 00 00 00 2C 00 06 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 53 00 65 00 74 00 75 00 70 00 00 00 9E 00 3D 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 02 00 00 00 00 00 00 00 01 00 00 00 4C 00 00 00 3C FD 06 00 05 00 00 00 00 00 00 00 65 05 00 00 02 00 00 00 00 00 00 00 00 00 00 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 33 00 00 00 24 00 54 02 00 00 00 02 00 00 A4 08 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 05 00 05 00 07 00 A8 07 05 00 05 00 07 00 A8 07 3F 00 00 00 00 00 00 00 04 00 04 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 08 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 F0 03 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 42 00 30 00 00 00 18 00 00 00 01 00 43 00 6F 00 6D 00 6D 00 65 00 6E 00 74 00 73 00 00 00 4C 00 16 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 43 00 6F 00 72 00 70 00 6F 00 72 00 61 00 74 00 69 00 6F 00 6E 00 00 00 68 00 20 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 45 00 78 00 63 00 68 00 61 00 6E 00 67 00 65 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 53 00 65 00 74 00 75 00 70 00 00 00 36 00 0B 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 35 00 2E 00 35 00 2E 00 31 00 39 00 36 00 30 00 2E 00 37 00 00 00 00 00 2C 00 06 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 53 00 65 00 74 00 75 00 70 00 00 00 A6 00 41 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 02 00 00 00 00 00 00 00 01 00 00 00 4C 00 00 00 3C FD 06 00 05 00 00 00 00 00 00 00 65 05 00 00 02 00 00 00 00 00 00 00 00 00 00 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 33 00 00 00 24 00 54 02 00 00 00 02 00 00 18 04 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 05 00 05 00 07 00 A8 07 05 00 05 00 07 00 A8 07 3F 00 00 00 00 00 00 00 04 00 04 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 03 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 54 03 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 42 00 30 00 00 00 18 00 00 00 01 00 43 00 6F 00 6D 00 6D 00 65 00 6E 00 74 00 73 00 00 00 4C 00 16 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 43 00 6F 00 72 00 70 00 6F 00 72 00 61 00 74 00 69 00 6F 00 6E 00 00 00 68 00 20 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 20 00 45 00 78 00 63 00 68 00 61 00 6E 00 67 00 65 00 20 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 53 00 65 00 74 00 75 00 70 00 00 00 36 00 0B 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 35 00 2E 00 35 00 2E 00 31 00 39 00 36 00 30 00 2E 00 37 00 00 00 00 00 2C 00 06 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 53 00 65 00 74 00 75 00 70 00 00 00 9A 00 3B 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 02 00 00 00 00 00 00 00 01 00 00 00 4C 00 00 00 3C FD 06 00 05 00 00 00 00 00 00 00 65 05 00 00 02 00 00 00 00 00 00 00 00 00 00 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 61 00 63 00 6B 00 20 00 33 00 00 00 24 00 [binary data over 200 bytes]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll\\ApplicationGoo: 14 02 00 00 10 02 00 00 00 02 00 00 04 03 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 1C 00 08 00 00 00 00 00 00 00 08 00 00 00 00 00 3F 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 02 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 40 02 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 62 00 30 00 00 00 44 00 12 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 43 00 6F 00 72 00 65 00 6C 00 20 00 43 00 6F 00 72 00 70 00 6F 00 72 00 61 00 74 00 69 00 6F 00 6E 00 00 00 4E 00 13 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 43 00 6F 00 72 00 65 00 6C 00 20 00 53 00 65 00 74 00 75 00 70 00 20 00 57 00 69 00 7A 00 61 00 72 00 64 00 00 00 00 00 2C 00 06 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 38 00 2E 00 30 00 32 00 38 00 00 00 46 00 13 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 43 00 6F 00 72 00 65 00 6C 00 20 00 53 00 65 00 74 00 75 00 70 00 20 00 57 00 69 00 7A 00 61 00 72 00 64 00 00 00 00 00 6C 00 24 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 A9 00 20 00 31 00 39 00 39 00 37 00 2C 00 20 00 43 00 6F 00 72 00 65 00 6C 00 20 00 43 00 6F 00 72 00 70 00 6F 00 72 00 08 00 00 00 00 00 00 00 [binary data over 200 bytes]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe\\ApplicationGoo: 14 02 00 00 10 02 00 00 00 02 00 00 38 03 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 02 00 0A 00 01 00 0A 00 02 00 0A 00 01 00 0A 00 00 00 00 00 00 00 00 00 04 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 02 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 74 02 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 45 00 34 00 00 00 4A 00 15 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 53 00 79 00 6D 00 61 00 6E 00 74 00 65 00 63 00 20 00 43 00 6F 00 72 00 70 00 6F 00 72 00 61 00 74 00 69 00 6F 00 6E 00 00 00 00 00 60 00 1C 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 53 00 79 00 6D 00 61 00 6E 00 74 00 65 00 63 00 20 00 53 00 79 00 6D 00 65 00 76 00 65 00 6E 00 74 00 20 00 49 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 65 00 72 00 00 00 34 00 0A 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 31 00 30 00 2E 00 32 00 2E 00 31 00 30 00 2E 00 31 00 00 00 30 00 08 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 53 00 45 00 56 00 49 00 4E 00 53 00 54 00 00 00 7E 00 2D 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 20 00 28 00 43 00 29 00 20 00 53 00 79 00 6D 00 61 00 6E 00 74 00 65 00 63 00 20 00 43 00 6F 00 72 00 01 00 00 00 00 00 00 00 [binary data over 200 bytes]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE\\DisableHeapLookAside: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE\\DisableHeapLookAside: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll\\CheckAppHelp: 1HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE\\ApplicationGoo: 14 02 00 00 10 02 00 00 00 02 00 00 7C 03 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 00 00 01 00 09 00 26 00 00 00 01 00 09 00 26 00 3F 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 DC 02 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 B8 02 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 62 00 30 00 00 00 66 00 27 00 01 00 43 00 6F 00 6D 00 6D 00 65 00 6E 00 74 00 73 00 00 00 42 00 75 00 73 00 69 00 6E 00 65 00 73 00 73 00 20 00 49 00 6E 00 74 00 65 00 6C 00 6C 00 69 00 67 00 65 00 6E 00 63 00 65 00 20 00 6F 00 6E 00 20 00 45 00 76 00 65 00 72 00 79 00 20 00 44 00 65 00 73 00 6B 00 74 00 6F 00 70 00 00 00 00 00 48 00 14 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 43 00 6F 00 67 00 6E 00 6F 00 73 00 20 00 49 00 6E 00 63 00 6F 00 72 00 70 00 6F 00 72 00 61 00 74 00 65 00 64 00 00 00 60 00 1C 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 43 00 6F 00 67 00 6E 00 6F 00 73 00 20 00 47 00 65 00 6E 00 65 00 72 00 69 00 63 00 20 00 49 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 61 00 74 00 69 00 6F 00 6E 00 00 00 38 00 0C 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 31 00 2C 00 20 00 30 00 2C 00 20 00 33 00 38 00 2C 00 20 00 39 00 00 00 30 00 08 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 01 00 00 00 00 00 00 00 [binary data over 200 bytes]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path\\Debugger: ntsd -d [2005/02/04 09:01:22 | 000,031,744 | ---- | M] (Microsoft Corporation)HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path\\GlobalFlag: 0x000010F0HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE\\ApplicationGoo: 14 02 00 00 10 02 00 00 00 02 00 00 A4 02 34 00 00 00 56 00 53 00 5F 00 56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 49 00 4E 00 46 00 4F 00 00 00 00 00 BD 04 EF FE 00 00 01 00 00 00 01 00 01 00 00 00 00 00 01 00 01 00 00 00 3F 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 02 00 00 01 00 53 00 74 00 72 00 69 00 6E 00 67 00 46 00 69 00 6C 00 65 00 49 00 6E 00 66 00 6F 00 00 00 E0 01 00 00 01 00 30 00 34 00 30 00 39 00 30 00 34 00 45 00 34 00 00 00 20 00 00 00 01 00 43 00 6F 00 6D 00 70 00 61 00 6E 00 79 00 4E 00 61 00 6D 00 65 00 00 00 00 00 58 00 18 00 01 00 46 00 69 00 6C 00 65 00 44 00 65 00 73 00 63 00 72 00 69 00 70 00 74 00 69 00 6F 00 6E 00 00 00 00 00 49 00 4E 00 53 00 54 00 41 00 4C 00 4C 00 20 00 4D 00 46 00 43 00 20 00 41 00 70 00 70 00 6C 00 69 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 00 30 00 08 00 01 00 46 00 69 00 6C 00 65 00 56 00 65 00 72 00 73 00 69 00 6F 00 6E 00 00 00 00 00 31 00 2E 00 30 00 2E 00 30 00 30 00 31 00 00 00 30 00 08 00 01 00 49 00 6E 00 74 00 65 00 72 00 6E 00 61 00 6C 00 4E 00 61 00 6D 00 65 00 00 00 49 00 4E 00 53 00 54 00 41 00 4C 00 4C 00 00 00 24 00 00 00 01 00 4C 00 65 00 67 00 61 00 6C 00 43 00 6F 00 70 00 79 00 72 00 69 00 67 00 68 00 74 00 00 00 28 00 00 00 01 00 4C 00 65 00 67 00 61 00 6C 00 54 00 72 00 61 00 64 00 65 00 6D 00 61 00 72 00 6B 00 73 00 00 00 00 00 40 00 0C 00 01 00 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 49 00 4E 00 53 00 54 00 41 00 4C 00 4C 00 2E 00 45 00 58 00 45 00 00 00 30 00 08 00 08 00 00 00 00 00 00 00 [binary data over 200 bytes]< %systemroot%\*. /mp /s >< End of report > Link to post Share on other sites More sharing options...
spaceclick Posted December 31, 2012 Author ID:629033 Share Posted December 31, 2012 I forgot to mention that the "Security Center" and Firewall seem to be working now and the services are running.Thanks Link to post Share on other sites More sharing options...
Recommended Posts