It's Cyber Monday - fantastic 70% discount

Buy Now

Limited time offer:

03

Days

/

00

Hrs

/

04

Min

/

04

Sec

Severe Download Trojan - Help :(

Posted 8/5/2009 2:18 AM
#75709
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Those results reflect changes that match some other thread issues I have been involved in. And fortunately also have some corrections from that other thread work that will help here. <br/> <br/> <br/>[code]Windows Registry Editor Version 5.00 <br/> <br/>[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc] <br/> <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc] <br/>"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00 <br/>"Description"="Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start." <br/>"DisplayName"="Cryptographic Services" <br/>"ErrorControl"=dword:00000001 <br/>"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ <br/> 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ <br/> 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ <br/> 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 <br/>"ObjectName"="LocalSystem" <br/>"Start"=dword:00000002 <br/>"Type"=dword:00000020 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Parameters] <br/>"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ <br/> 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ <br/> 63,00,72,00,79,00,70,00,74,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\ <br/> 00 <br/>"ServiceMain"="CryptServiceMain" <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Security] <br/>"Security"=hex:00,00,0e,00,01 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Enum] <br/>"0"="Root\\LEGACY_CRYPTSVC\\0000" <br/>"Count"=dword:00000001 <br/>"NextInstance"=dword:00000001 <br/> <br/>[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon] <br/> <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon] <br/>"Description"="Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start." <br/>"DisplayName"="Secondary Logon" <br/>"ErrorControl"=dword:00000000 <br/>"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ <br/> 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ <br/> 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ <br/> 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 <br/>"Objectname"="LocalSystem" <br/>"Start"=dword:00000002 <br/>"Type"=dword:00000120 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Parameters] <br/>"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ <br/> 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ <br/> 73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,\ <br/> 00 <br/>"ServiceMain"="SvcEntry_Seclogon" <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Security] <br/>"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\ <br/> 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ <br/> 00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\ <br/> 05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ <br/> 20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\ <br/> 01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Enum] <br/>"0"="Root\\LEGACY_SECLOGON\\0000" <br/>"Count"=dword:00000001 <br/>"NextInstance"=dword:00000001 <br/> <br/>[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler] <br/>"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00 <br/>"Description"="Loads files to memory for later printing." <br/>"DisplayName"="Print Spooler" <br/>"ErrorControl"=dword:00000001 <br/>"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,e8,47,0c,\ <br/> 00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00 <br/>"Group"="SpoolerGroup" <br/>"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ <br/> 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ <br/> 00,70,00,6f,00,6f,00,6c,00,73,00,76,00,2e,00,65,00,78,00,65,00,00,00 <br/>"ObjectName"="LocalSystem" <br/>"Start"=dword:00000002 <br/>"Type"=dword:00000110 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Parameters] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Performance] <br/>"Close"="PerfClose" <br/>"Collect"="PerfCollect" <br/>"Collect Timeout"=dword:000007d0 <br/>"Library"="winspool.drv" <br/>"Object List"="1450" <br/>"Open"="PerfOpen" <br/>"Open Timeout"=dword:00000fa0 <br/>"WbemAdapFileSignature"=hex:12,6c,5c,67,9c,9d,52,12,37,ca,57,4b,78,a2,8d,55 <br/>"WbemAdapFileTime"=hex:00,88,ab,ca,c9,e7,a8,01 <br/>"WbemAdapFileSize"=dword:00020400 <br/>"WbemAdapStatus"=dword:00000000 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Security] <br/>"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\ <br/> 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ <br/> 00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\ <br/> 05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ <br/> 20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\ <br/> 01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler\Enum] <br/>"0"="Root\\LEGACY_SPOOLER\\0000" <br/>"Count"=dword:00000001 <br/>"NextInstance"=dword:00000001[/code] <br/>Open Notepad (Start - Run, type Notepad then press OK), and copy the blue text inside the box above and paste it into the open Notepad textbox. <br/> <br/>Save this to your desktop as "bigfix3.reg" <br/> <br/>Be sure to include the "" quotes in the name. <br/> <br/>Then right click bigfix3.reg, select Merge, and allow it to merge the new information with the Registry. <br/> <br/>--------------------- <br/> <br/>Reboot. <br/> <br/>[code]@ECHO OFF <br/>if exist Checkit.txt del /q Checkit.txt <br/>if exist Results.txt del /q Results.txt <br/>sc query Cryptsvc > Checkit.txt <br/>sc query seclogon > Checkit1.txt <br/>sc query spooler > Checkit2.txt <br/>Type Checkit*.txt > Results.txt <br/>del /q Checkit*.txt <br/>Notepad Results.txt[/code] <br/>Open Notepad (Start - Run, type notepad and press Enter). <br/> <br/>Copy/paste the above text (inside the box) into the open text box, then save this to your desktop as "3look.bat" <br/> <br/>Be sure to include the "" quotes in the name. Then click on 3look.bat. When the scan completes a textbox will open - copy/paste those contents back here please.
Posted 8/5/2009 2:39 AM
#75710
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
If you would, also post in your next reply the C:\ComboFix.txt log from the earlier scan you ran. Don't run and create a new log - I would like the one from your first run of it.
Posted 8/5/2009 5:13 AM
#75713
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
Ok :) <br/> <br/>I've checked the date on my ComboFix log.. and yup, this is the right one. <br/> <br/>ComboFix 09-07-28.06 - User 29/07/2009 16:46.1.2 - NTFSx86 <br/>Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.377 [GMT 1:00] <br/>Running from: c:\documents and settings\User\Desktop\FIX\ComboFix.exe <br/>AV: avast! antivirus 4.8.1335 [VPS 090728-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} <br/>AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/> <br/>c:\windows\a3kebook.ini <br/>c:\windows\akebook.ini <br/>c:\windows\ANS2000.INI <br/>c:\windows\system32\msvcsv60.dll <br/>c:\windows\system32\sfcfiles.dll <br/> <br/>. <br/>((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2009-07-29 15:38 . 2009-07-29 15:38 -------- d--h--w- c:\windows\PIF <br/>2009-07-29 11:57 . 2009-07-29 11:57 -------- d-----w- c:\documents and settings\Louise\Application Data\Malwarebytes <br/>2009-07-29 02:12 . 2009-07-29 02:12 -------- d-----w- c:\program files\Trend Micro <br/>2009-07-29 02:09 . 2009-07-29 02:09 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes <br/>2009-07-29 02:09 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2009-07-29 02:09 . 2009-07-29 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes <br/>2009-07-29 02:09 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2009-07-29 02:09 . 2009-07-29 02:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2009-07-28 17:31 . 2009-07-28 17:35 -------- d-----w- c:\documents and settings\User\.housecall6.6 <br/>2009-07-27 21:19 . 2009-07-29 02:48 757760 ----a-w- c:\documents and settings\All Users\Application Data\Drv Audio Dog About\Camp Ball.exe <br/>2009-07-27 21:19 . 2009-07-27 21:19 757760 ----a-w- c:\documents and settings\User\Application Data\Error pure\ngafogcl.exe <br/>2009-07-27 21:17 . 2009-07-27 21:17 -------- d-----w- c:\program files\Error pure <br/>2009-07-27 21:17 . 2009-07-27 21:20 401408 ----a-w- c:\documents and settings\User\Application Data\Error pure\DEFAULTHOLDGRAMLIES.exe <br/>2009-07-27 21:17 . 2009-07-27 21:26 757760 ----a-w- c:\documents and settings\All Users\Application Data\Drv Audio Dog About\Funk Enc.exe <br/>2009-07-27 21:17 . 2009-07-27 21:17 757760 ----a-w- c:\documents and settings\User\Application Data\Error pure\qgwpnmzw.exe <br/>2009-07-19 21:25 . 2009-07-27 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Drv Audio Dog About <br/>2009-07-19 21:25 . 2009-07-19 21:25 831488 ----a-w- c:\documents and settings\User\Application Data\Error pure\gwmdyikj.exe <br/>2009-07-19 21:24 . 2009-07-27 21:20 -------- d-----w- c:\documents and settings\User\Application Data\Error pure <br/>2009-07-19 21:24 . 2009-07-27 21:15 503808 ----a-w- c:\documents and settings\User\Application Data\Error pure\Less Admin.exe <br/>2009-07-19 21:19 . 2009-07-26 15:12 -------- d-----w- c:\program files\Circle Developement <br/>2009-07-10 23:25 . 2009-07-10 23:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard <br/>2009-07-10 23:21 . 2009-07-10 23:20 6944624 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aaw2008_upd.exe <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2009-07-29 15:44 . 2009-04-13 11:00 -------- d-----w- c:\program files\BitComet <br/>2009-07-26 15:17 . 2009-05-10 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL <br/>2009-07-19 21:19 . 2008-01-27 20:06 -------- d-----w- c:\program files\Messenger Plus! Live <br/>2009-07-17 23:32 . 2008-01-28 16:20 -------- d-----w- c:\documents and settings\User\Application Data\OpenOffice.org2 <br/>2009-07-11 00:02 . 2008-01-29 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy <br/>2009-07-10 23:25 . 2008-01-23 13:01 -------- d-----w- c:\program files\Lavasoft <br/>2009-07-10 23:21 . 2008-02-04 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft <br/>2009-07-05 09:36 . 2009-06-27 11:26 2054424 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll <br/>2009-07-05 09:36 . 2008-05-25 06:49 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys <br/>2009-07-05 09:35 . 2009-06-27 11:26 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe <br/>2009-07-05 09:35 . 2009-06-27 11:25 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll <br/>2009-06-27 11:30 . 2009-06-27 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar <br/>2009-06-27 11:24 . 2009-06-27 11:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR <br/>2009-06-27 11:23 . 2008-05-25 06:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll <br/>2009-06-27 11:23 . 2008-01-21 10:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys <br/>2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll <br/>2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll <br/>2009-06-14 15:07 . 2009-06-27 11:30 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll <br/>2009-06-05 19:26 . 2008-05-25 06:49 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys <br/>2009-06-05 19:24 . 2008-05-25 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 <br/>2009-06-04 17:24 . 2008-02-18 18:45 -------- d-----w- c:\documents and settings\User\Application Data\Antares <br/>2009-06-04 17:24 . 2008-02-17 20:09 -------- d-----w- c:\program files\Antares Audio Technologies <br/>2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll <br/>2009-05-26 02:59 . 2009-05-26 03:00 410984 ----a-w- c:\windows\system32\deploytk.dll <br/>2009-05-26 02:59 . 2009-05-26 02:59 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_13\lzma.dll <br/>2009-05-22 17:12 . 2008-12-25 20:20 16 ----a-w- c:\windows\msocreg32.dat <br/>2009-05-11 03:35 . 2008-01-29 08:39 20928 ----a-w- c:\documents and settings\Louise\Local Settings\Application Data\GDIPFONTCACHEV1.DAT <br/>2009-05-10 12:57 . 2009-07-26 16:58 142822 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat <br/>2009-05-07 15:32 . 2006-02-28 12:00 345600 ----a-w- c:\windows\system32\localspl.dll <br/>2009-07-23 20:44 . 2009-03-12 16:09 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll <br/>2006-05-03 10:06 . 2009-03-25 22:18 163328 --sh--r- c:\windows\system32\flvDX.dll <br/>2007-02-21 11:47 . 2009-03-25 22:18 31232 --sh--r- c:\windows\system32\msfDX.dll <br/>2008-03-16 13:30 . 2009-03-25 22:19 216064 --sh--r- c:\windows\system32\nbDX.dll <br/>. <br/> <br/>------- Sigcheck ------- <br/> <br/>[-] 2006-02-28 12:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe <br/>[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe <br/>[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe <br/> <br/>[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll <br/>[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll <br/>[-] 2006-02-28 12:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtServicePackUninstall$\user32.dll <br/>[-] 2006-02-28 12:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll <br/>[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll <br/>[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll <br/>[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll <br/> <br/>[-] 2006-02-28 12:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll <br/>[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll <br/>[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll <br/> <br/>[-] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll <br/>[-] 2007-02-20 09:52 665600 B258C922D22DEEC880B60720531D7627 c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll <br/>[-] 2007-10-11 05:57 666112 80D660A49E0D118144423099B2A9F5DA c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll <br/>[-] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll <br/>[-] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll <br/>[-] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll <br/>[-] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll <br/>[-] 2008-08-20 05:33 667648 C91E3A6EF094202F6B5CA8960DFCF243 c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll <br/>[-] 2008-08-20 05:30 666112 9AF5F25124FBDC36E2B510729CBA2674 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll <br/>[-] 2008-08-20 04:58 666624 94418F53D2612C26DBADC04DAFBC197C c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll <br/>[-] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll <br/>[-] 2008-10-16 10:20 667648 93C9D0A216498EE14EB9B26119BB95EE c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll <br/>[-] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll <br/>[-] 2008-10-16 01:04 667136 E8FCE58A470999350F64C591557F9E42 c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll <br/>[-] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll <br/>[-] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll <br/>[-] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll <br/>[-] 2008-10-16 10:37 659456 6F1E4BFD78C4E0D05FF3725D59B72925 c:\windows\$NtServicePackUninstall$\wininet.dll <br/>[-] 2006-02-28 12:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB928090$\wininet.dll <br/>[-] 2007-01-04 13:37 658944 8C393DF5234CBCBFF1EE31902D6B40AE c:\windows\$NtUninstallKB931768$\wininet.dll <br/>[-] 2007-02-20 09:48 658944 30D1C47E40EFBB792FF8D3C3B51CE507 c:\windows\$NtUninstallKB942615$\wininet.dll <br/>[-] 2006-02-28 12:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB958215$\wininet.dll <br/>[-] 2007-08-13 18:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB942615-IE7\wininet.dll <br/>[-] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll <br/>[-] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll <br/>[-] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll <br/>[-] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB961260-IE7\wininet.dll <br/>[-] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll <br/>[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll <br/>[-] 2008-08-20 05:38 659456 87E694D09893978F22024FEEEDF35342 c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp2gdr\wininet.dll <br/>[-] 2008-08-20 05:33 667648 C91E3A6EF094202F6B5CA8960DFCF243 c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp2qfe\wininet.dll <br/>[-] 2008-08-20 05:30 666112 9AF5F25124FBDC36E2B510729CBA2674 c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp3gdr\wininet.dll <br/>[-] 2008-08-20 04:58 666624 94418F53D2612C26DBADC04DAFBC197C c:\windows\SoftwareDistribution\Download\1185bc01976431096846a9c917b224df\sp3qfe\wininet.dll <br/>[-] 2009-06-29 16:12 827392 A39B7BA7AB9B1CC2A0009F59772DB83C c:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\sp3gdr\wininet.dll <br/>[-] 2009-06-29 16:23 828928 4C6B4138165A4C53FE8A5B1D809526C3 c:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\sp3qfe\wininet.dll <br/>[-] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\system32\wininet.dll <br/>[-] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B c:\windows\system32\dllcache\wininet.dll <br/> <br/>[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys <br/>[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys <br/>[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys <br/>[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys <br/>[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys <br/>[-] 2006-02-28 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtServicePackUninstall$\tcpip.sys <br/>[-] 2006-02-28 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys <br/>[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys <br/>[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys <br/>[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys <br/>[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys <br/>[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys <br/>[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys <br/> <br/>[-] 2006-02-28 12:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe <br/>[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe <br/>[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe <br/> <br/>[-] 2006-02-28 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys <br/>[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys <br/>[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys <br/> <br/>[-] 2006-02-28 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys <br/>[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys <br/>[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys <br/> <br/>[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe <br/>[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe <br/>[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe <br/>[-] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe <br/>[-] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe <br/>[-] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe <br/>[-] 2008-08-14 15:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe <br/>[-] 2008-08-14 09:22 2015744 DC097A896A03B8277457D228FD12D4E6 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe <br/>[-] 2006-02-28 12:00 2015232 FB142B7007CA2EEA76966C6C5CC12150 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe <br/>[-] 2005-03-02 00:34 2015232 3CD941E472DDF3534E53038535719771 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe <br/>[-] 2006-12-19 12:55 2015744 BBB2322EB14AD9AD55B1024FFD4D88BF c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe <br/>[-] 2008-08-14 09:33 2023936 8206B5F94A6A9450E934029420C1693F c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe <br/>[-] 2006-02-28 12:00 2015232 FB142B7007CA2EEA76966C6C5CC12150 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe <br/>[-] 2007-02-28 08:38 2015744 A58AC1C6199EF34228ABEE7FC057AE09 c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe <br/>[-] 2009-02-07 18:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe <br/>[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe <br/>[-] 2004-08-03 22:59 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\SoftwareDistribution\Download\S-1-5-18\3e8d5b713517659e134047f6c6f814a6\backup\sp2gdr\ntkrnlpa.exe <br/>[-] 2004-08-03 22:59 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\SoftwareDistribution\Download\S-1-5-18\3e8d5b713517659e134047f6c6f814a6\backup\sp2qfe\ntkrnlpa.exe <br/>[-] 2009-02-06 10:32 2023936 65D4220799E6FC2CB079070A6393CC0E c:\windows\system32\ntkrnlpa.exe <br/>[-] 2009-02-07 18:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe <br/> <br/>[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe <br/>[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe <br/>[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe <br/>[-] 2009-02-07 18:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe <br/>[-] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe <br/>[-] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe <br/>[-] 2008-08-14 16:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe <br/>[-] 2008-08-14 09:58 2136064 DD31AB4B91C2605601A3C108AF57A0C9 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe <br/>[-] 2006-02-28 12:00 2148352 626309040459C3915997EF98EC1C8D40 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe <br/>[-] 2005-03-02 00:57 2135552 48B3E89AF7074CEE0314A3E0C7FAFFDB c:\windows\$NtUninstallKB929338$\ntoskrnl.exe <br/>[-] 2006-12-19 14:15 2136064 8318ED54797F3E513FD5817A1D4BBD18 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe <br/>[-] 2008-08-14 10:09 2145280 F6F8245B3A2E9CA834DD318E7AE0C6D0 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe <br/>[-] 2006-02-28 12:00 2148352 626309040459C3915997EF98EC1C8D40 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe <br/>[-] 2007-02-28 09:08 2136064 1220FAF071DEA8653EE21DE7DCDA8BFD c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe <br/>[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe <br/>[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe <br/>[-] 2004-08-03 23:20 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\SoftwareDistribution\Download\S-1-5-18\3e8d5b713517659e134047f6c6f814a6\backup\sp2gdr\ntoskrnl.exe <br/>[-] 2004-08-03 23:20 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\SoftwareDistribution\Download\S-1-5-18\3e8d5b713517659e134047f6c6f814a6\backup\sp2qfe\ntoskrnl.exe <br/>[-] 2009-02-06 11:06 2145280 0CBA44D0938D57F334C0862424148B70 c:\windows\system32\ntoskrnl.exe <br/>[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe <br/> <br/>[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe <br/>[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe <br/>[-] 2006-02-28 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtServicePackUninstall$\explorer.exe <br/>[-] 2006-02-28 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe <br/>[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe <br/> <br/>[-] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe <br/>[-] 2006-02-28 12:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe <br/>[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe <br/>[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe <br/>[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe <br/>[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe <br/> <br/>[-] 2006-02-28 12:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe <br/>[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe <br/>[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe <br/> <br/>[-] 2006-02-28 12:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe <br/>[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe <br/>[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe <br/> <br/>[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe <br/>[-] 2006-02-28 12:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtServicePackUninstall$\spoolsv.exe <br/>[-] 2006-02-28 12:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe <br/>[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe <br/>[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe <br/> <br/>[-] 2006-02-28 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe <br/>[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe <br/>[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe <br/> <br/>[-] 2006-02-28 12:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll <br/>[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll <br/>[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll <br/> <br/>[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll <br/>[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll <br/>[-] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll <br/>[-] 2006-02-28 12:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtServicePackUninstall$\kernel32.dll <br/>[-] 2006-02-28 12:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll <br/>[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll <br/>[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll <br/>[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll <br/>[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll <br/>[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll <br/> <br/>[-] 2006-02-28 12:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll <br/>[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll <br/>[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll <br/> <br/>[-] 2006-02-28 12:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll <br/>[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll <br/>[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll <br/> <br/> <br/>[-] 2006-02-28 12:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys <br/>[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys <br/>[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys <br/> <br/>[-] 2006-02-28 12:00 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\$NtServicePackUninstall$\comres.dll <br/>[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\ServicePackFiles\i386\comres.dll <br/>[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\system32\comres.dll <br/> <br/>[-] 2006-02-28 12:00 22016 74D66B3DE265E8789153414E75175F26 c:\windows\$NtServicePackUninstall$\lpk.dll <br/>[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\ServicePackFiles\i386\lpk.dll <br/>[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\system32\lpk.dll <br/> <br/>[-] 2006-02-28 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys <br/>[-] 2006-02-28 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys <br/> <br/>[-] 2006-02-28 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys <br/>[-] 2006-02-28 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys <br/> <br/>[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys <br/>[-] 2006-02-28 12:00 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtServicePackUninstall$\aec.sys <br/>[-] 2004-08-03 22:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtUninstallKB900485$\aec.sys <br/>[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\ServicePackFiles\i386\aec.sys <br/>[-] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\system32\drivers\aec.sys <br/> <br/>[-] 2006-02-28 12:00 924432 DDF8D47ACF8FC3FE5F7F2B95C4D4D136 c:\windows\$NtServicePackUninstall$\mfc40u.dll <br/>[-] 2006-02-28 12:00 924432 DDF8D47ACF8FC3FE5F7F2B95C4D4D136 c:\windows\$NtUninstallKB924667$\mfc40u.dll <br/>[-] 2008-04-14 00:11 927504 CDDD4416B2B4C7295FE3FDB6DDE57E4E c:\windows\ServicePackFiles\i386\mfc40u.dll <br/>[-] 2008-04-14 00:11 927504 CDDD4416B2B4C7295FE3FDB6DDE57E4E c:\windows\system32\mfc40u.dll <br/> <br/>[-] 2005-04-28 19:35 396288 DA383FB39A6F1C445F3AFC94B3EB1248 c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll <br/>[-] 2005-07-26 04:20 398336 C369DF215D352B6F3A0B8C3469AA34F8 c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll <br/>[-] 2009-02-09 10:56 401408 9222562D44021B988B9F9F62207FB6F2 c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll <br/>[-] 2006-02-28 12:00 395776 5C83A4408604F737717AB96371201680 c:\windows\$NtServicePackUninstall$\rpcss.dll <br/>[-] 2006-02-28 12:00 395776 5C83A4408604F737717AB96371201680 c:\windows\$NtUninstallKB894391$\rpcss.dll <br/>[-] 2005-04-28 19:31 395776 C8061F289E000703E7672916B7FE1571 c:\windows\$NtUninstallKB902400$\rpcss.dll <br/>[-] 2008-04-14 00:12 399360 2589FE6015A316C0F5D5112B4DA7B509 c:\windows\$NtUninstallKB956572$\rpcss.dll <br/>[-] 2008-04-14 00:12 399360 2589FE6015A316C0F5D5112B4DA7B509 c:\windows\ServicePackFiles\i386\rpcss.dll <br/>[-] 2009-02-09 12:10 401408 6B27A5C03DFB94B4245739065431322C c:\windows\system32\rpcss.dll <br/>[-] 2009-02-09 12:10 401408 6B27A5C03DFB94B4245739065431322C c:\windows\system32\dllcache\rpcss.dll <br/> <br/>[-] 2006-02-28 12:00 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\$NtServicePackUninstall$\msgsvc.dll <br/>[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\ServicePackFiles\i386\msgsvc.dll <br/>[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\system32\msgsvc.dll <br/> <br/>[-] 2006-02-28 12:00 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\$NtServicePackUninstall$\comctl32.dll <br/>[-] 2006-02-28 12:00 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\$NtUninstallKB923191$\comctl32.dll <br/>[-] 2008-04-14 00:11 617472 06F247492BC786CE5C24A23E178C711A c:\windows\ServicePackFiles\i386\comctl32.dll <br/>[-] 2008-04-14 00:11 617472 06F247492BC786CE5C24A23E178C711A c:\windows\system32\comctl32.dll <br/>[-] 2008-04-14 00:12 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\WinSxS\InstallTemp\5799068\comctl32.dll <br/>[-] 2006-02-28 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\InstallTemp\98406\comctl32.dll <br/>[-] 2006-02-28 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll <br/>[-] 2006-02-28 12:00 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll <br/>[-] 2006-08-25 15:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll <br/>[-] 2008-04-14 00:12 1054208 BD38D1EBE24A46BD3EDA059560AFBA12 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll <br/> <br/>[-] 2006-02-28 12:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys <br/> <br/>[-] 2006-02-28 12:00 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\$NtServicePackUninstall$\sfc.dll <br/>[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\ServicePackFiles\i386\sfc.dll <br/>[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\system32\sfc.dll <br/> <br/>[-] 2006-02-28 12:00 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\$NtServicePackUninstall$\netlogon.dll <br/>[-] 2008-04-14 00:12 407040 1B7F071C51B77C272875C3A23E1E4550 c:\windows\ServicePackFiles\i386\netlogon.dll <br/>[-] 2008-04-14 00:12 407040 1B7F071C51B77C272875C3A23E1E4550 c:\windows\system32\netlogon.dll <br/> <br/>[-] 2006-02-28 12:00 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\$NtServicePackUninstall$\srsvc.dll <br/>[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\ServicePackFiles\i386\srsvc.dll <br/>[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\system32\srsvc.dll <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] <br/>"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896] <br/> <br/>[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] <br/> <br/>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] <br/>2009-06-26 09:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] <br/>"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896] <br/> <br/>[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] <br/>"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896] <br/> <br/>[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] <br/>"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] <br/> <br/>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] <br/>2009-06-27 11:23 11952 ----a-w- c:\windows\system32\avgrsstx.dll <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] <br/>@="Service" <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin] <br/>@="Service" <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys] <br/>@="Driver" <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys] <br/>@="Driver" <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys] <br/>@="Driver" <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver] <br/>@="Service" <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys] <br/>@="FSFilter System Recovery" <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService] <br/>@="Service" <br/> <br/>[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk] <br/>path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk <br/>backup=c:\windows\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] <br/>"vsmon"=2 (0x2) <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= <br/>"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= <br/>"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= <br/>"c:\\Program Files\\Bonjour\\mDNSResponder.exe"= <br/>"c:\\Program Files\\FrostWire\\FrostWire.exe"= <br/>"c:\\Program Files\\iTunes\\iTunes.exe"= <br/>"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= <br/>"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= <br/>"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= <br/>"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"c:\\WINDOWS\\system32\\mmc.exe"= <br/>"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= <br/>"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= <br/>"c:\\Program Files\\Mozilla Firefox\\firefox.exe"= <br/>"c:\\Program Files\\AOL 9.0 VR\\waol.exe"= <br/>"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= <br/>"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= <br/>"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= <br/>"c:\\Program Files\\AOL 9.0 VR\\aol.exe"= <br/>"c:\\Program Files\\AOL 9.0 VR\\AOLphx.exe"= <br/>"c:\\Program Files\\AOL 9.0 VR\\AOLphxex.exe"= <br/>"c:\\Program Files\\AOL 9.0 VR\\shellrestart.exe"= <br/>"c:\\Program Files\\AOL 9.0 VR\\shellmon.exe"= <br/>"c:\\Program Files\\Common Files\\AOL\\1241988343\\ee\\aolsoftware.exe"= <br/>"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= <br/>"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] <br/>"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 <br/>"19956:TCP"= 19956:TCP:BitComet 19956 TCP <br/>"19956:UDP"= 19956:UDP:BitComet 19956 UDP <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 <br/>"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= c:\program files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL <br/>"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= c:\program files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 <br/>"c:\\Program Files\\AOL 9.0\\waol.exe"= c:\program files\AOL 9.0\waol.exe:*:Enabled:AOL <br/>"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= c:\program files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger <br/>"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= c:\program files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) <br/>"c:\\Program Files\\AOL 9.0a\\waol.exe"= c:\program files\AOL 9.0a\waol.exe:*:Enabled:AOL <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] <br/>"DoNotAllowExceptions"= 0 (0x0) <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 <br/>"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= c:\windows\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard <br/>"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= c:\program files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL <br/>"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= c:\program files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL <br/>"c:\\Program Files\\Bonjour\\mDNSResponder.exe"= c:\program files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour <br/>"c:\\Program Files\\FrostWire\\FrostWire.exe"= c:\program files\FrostWire\FrostWire.exe:*:Enabled:LimeWire <br/>"c:\\Program Files\\iTunes\\iTunes.exe"= c:\program files\iTunes\iTunes.exe:*:Enabled:iTunes <br/>"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= c:\program files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger <br/>"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= c:\program files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server <br/>"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= c:\program files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe <br/>"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= c:\program files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 <br/>"c:\\WINDOWS\\system32\\mmc.exe"= c:\windows\system32\mmc.exe:*:Enabled:Microsoft Management Console <br/>"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= c:\program files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger <br/>"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= c:\program files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) <br/>"c:\\Program Files\\Mozilla Firefox\\firefox.exe"= c:\program files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox <br/>"c:\\Program Files\\AOL 9.0 VR\\waol.exe"= c:\program files\AOL 9.0 VR\waol.exe:*:Enabled:AOL <br/>"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed <br/>"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= c:\program files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader <br/>"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= c:\program files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information <br/>"c:\\Program Files\\AOL 9.0 VR\\aol.exe"= c:\program files\AOL 9.0 VR\aol.exe:*:Enabled:AOL 9.0 VR <br/>"c:\\Program Files\\AOL 9.0 VR\\AOLphx.exe"= c:\program files\AOL 9.0 VR\AOLphx.exe:*:Enabled:AOLphx.exe <br/>"c:\\Program Files\\AOL 9.0 VR\\AOLphxex.exe"= c:\program files\AOL 9.0 VR\AOLphxex.exe:*:Enabled:AOLphxex.exe <br/>"c:\\Program Files\\AOL 9.0 VR\\shellrestart.exe"= c:\program files\AOL 9.0 VR\shellrestart.exe:*:Enabled:shellrestart.exe <br/>"c:\\Program Files\\AOL 9.0 VR\\shellmon.exe"= c:\program files\AOL 9.0 VR\shellmon.exe:*:Enabled:shellmon.exe <br/>"c:\\Program Files\\Common Files\\AOL\\1241988343\\ee\\aolsoftware.exe"= c:\program files\Common Files\AOL\1241988343\ee\aolsoftware.exe:*:Enabled:AOL Shared Components <br/>"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= c:\program files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe <br/>"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= c:\program files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List] <br/>"139:TCP"= 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 <br/>"445:TCP"= 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 <br/>"137:UDP"= 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 <br/>"138:UDP"= 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 <br/>"3389:TCP"= 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 <br/>"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 <br/>"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 <br/>"19956:TCP"= 19956:TCP:*:Enabled:BitComet 19956 TCP <br/>"19956:UDP"= 19956:UDP:*:Enabled:BitComet 19956 UDP <br/> <br/>R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [29/01/2008 17:19 11264] <br/>R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/06/2008 21:00 114768] <br/>R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/05/2008 07:49 335752] <br/>R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/05/2008 07:49 108552] <br/>R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/06/2008 21:00 20560] <br/>R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [25/05/2008 07:49 907032] <br/>R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [25/05/2008 07:49 298776] <br/>R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/05/2009 13:59 66048] <br/>R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [26/06/2008 19:03 33792] <br/>R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [12/12/2007 19:35 98328] <br/>S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [12/12/2007 19:35 98328] <br/>S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [12/12/2007 19:36 171032] <br/>S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [12/12/2007 19:36 171032] <br/>S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [12/12/2007 19:35 528920] <br/>S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [12/12/2007 19:35 528920] <br/>S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.sys [12/12/2007 19:36 163352] <br/>S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.sys [12/12/2007 19:36 163352] <br/>S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.sys [12/12/2007 19:36 259096] <br/>S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.sys [12/12/2007 19:36 259096] <br/>S3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.sys [12/12/2007 19:37 134168] <br/>S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.sys [12/12/2007 19:37 134168] <br/>S3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.sys [12/12/2007 19:37 309784] <br/>S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.sys [12/12/2007 19:37 309784] <br/>S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [12/12/2007 19:36 99352] <br/>S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [12/12/2007 19:36 99352] <br/>S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [12/12/2007 19:37 1324056] <br/>S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [12/12/2007 19:37 1324056] <br/>S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [12/12/2007 19:36 72728] <br/>S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [12/12/2007 19:36 72728] <br/>S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [12/12/2007 19:36 534040] <br/>S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [12/12/2007 19:36 534040] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] <br/>HTTPFilter REG_MULTI_SZ HTTPFilter <br/>DcomLaunch REG_MULTI_SZ DcomLaunch TermService <br/>WudfServiceGroup REG_MULTI_SZ WUDFSvc <br/>eapsvcs REG_MULTI_SZ eaphost <br/>dot3svc REG_MULTI_SZ dot3svc <br/> <br/>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService <br/>Alerter <br/>LmHosts <br/> <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] <br/>"c:\program files\Common Files\LightScribe\LSRunOnce.exe" <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/> <br/>2009-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job <br/>- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s <br/>FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ti6n65sr.default\ <br/>FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official <br/>FF - prefs.js: network.proxy.type - 4 <br/>FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ti6n65sr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll <br/>FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll <br/>FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll <br/>FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll <br/>. <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2009-07-29 16:56 <br/>Windows 5.1.2600 Service Pack 3 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}] <br/>@Denied: (A 2) (Everyone) <br/>@="FlashProp Class" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32] <br/>@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash6.ocx" <br/>"ThreadingModel"="Apartment" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\ProgID] <br/>@Denied: (A) (Everyone) <br/>@="{5D7611FB-D5E8-4638-9CBA-68997983B832}" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}\Version] <br/>@Denied: (A) (Everyone) <br/>@="{5D7611FB-D5E8-4638-9CBA-68997983B832}" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version] <br/>@Denied: (A) (Everyone) <br/>@="{8D8763AB-E93B-4812-964E-F04E0008FD50}" <br/>"{21701DD0-9D7E-43f7-A1B2-E92ED6E90A51}"=hex:c7,ff,c7,38,7f,1e,b5,c6,9d,b5,22, <br/> f0,bb,aa,7b,43,7f,02,07,b1,d0,f1,08,10,16,68,c8,01 <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Shockwave Flash Object" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9f.ocx" <br/>"ThreadingModel"="Apartment" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] <br/>@="0" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="ShockwaveFlash.ShockwaveFlash.9" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9f.ocx, 1" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="ShockwaveFlash.ShockwaveFlash" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Macromedia Flash Factory Object" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9f.ocx" <br/>"ThreadingModel"="Apartment" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="FlashFactory.FlashFactory.1" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9f.ocx, 1" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="FlashFactory.FlashFactory" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}] <br/>@Denied: (A 2) (Everyone) <br/>@="FlashBroker" <br/>"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation] <br/>"Enabled"=dword:00000001 <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32] <br/>@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9f.exe" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] <br/>@Denied: (A 2) (Everyone) <br/>@="IFlashBroker" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32] <br/>@="{00020424-0000-0000-C000-000000000046}" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>"Version"="1.0" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] <br/>@="Shockwave Flash" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] <br/>@Denied: (A 2) (Everyone) <br/>@="" <br/> <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] <br/>@="FlashBroker" <br/>. <br/>--------------------- DLLs Loaded Under Running Processes --------------------- <br/> <br/>- - - - - - - > 'explorer.exe'(3896) <br/>c:\windows\system32\WPDShServiceObj.dll <br/>c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll <br/>c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL <br/>c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr <br/>c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr <br/>c:\windows\system32\PortableDeviceTypes.dll <br/>c:\windows\system32\PortableDeviceApi.dll <br/>. <br/>------------------------ Other Running Processes ------------------------ <br/>. <br/>c:\program files\Alwil Software\Avast4\aswUpdSv.exe <br/>c:\program files\Alwil Software\Avast4\ashServ.exe <br/>c:\program files\Common Files\AOL\acs\AOLacsd.exe <br/>c:\windows\system32\nvsvc32.exe <br/>c:\windows\system32\wdfmgr.exe <br/>c:\program files\AVG\AVG8\avgrsx.exe <br/>c:\progra~1\AVG\AVG8\avgnsx.exe <br/>c:\program files\AVG\AVG8\avgcsrvx.exe <br/>c:\program files\Alwil Software\Avast4\ashMaiSv.exe <br/>c:\program files\Alwil Software\Avast4\ashWebSv.exe <br/>c:\program files\AVG\AVG8\avgsrmax.exe <br/>. <br/>************************************************************************** <br/>. <br/>Completion time: 2009-07-29 17:01 - machine was rebooted <br/>ComboFix-quarantined-files.txt 2009-07-29 16:01 <br/> <br/>Pre-Run: 90,643,066,880 bytes free <br/>Post-Run: 90,879,283,200 bytes free <br/> <br/>WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe <br/>[boot loader] <br/>timeout=2 <br/>default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS <br/>[operating systems] <br/>c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons <br/>multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer <br/> <br/>604 --- E O F --- 2009-07-29 02:03 <br/> <br/> <br/> <br/> <br/> <br/>And the 3look.bat file <br/> <br/> <br/> <br/> <br/>SERVICE_NAME: Cryptsvc <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> <br/>SERVICE_NAME: seclogon <br/> TYPE : 120 WIN32_SHARE_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> <br/>SERVICE_NAME: spooler <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0
Posted 8/5/2009 3:12 PM
#75717
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Those services look fixed and up and running now, and you may now also see some good improvements in all the problems you have been having there. A teammate named Mosaic1 has been very helpful in evaluating and providing repair suggestions for these corrupted service issues. <br/> <br/>ComboFix shows some Registry keys with permission restrictions that do not appear to be either necessary, or at least are not helpful when users cannot access normal software functions like those. Let's address those now. <br/> <br/> <br/>Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Also disconnect from net access anytime you run ComboFix, reconnecting after it has completed it's scan. <br/> <br/> <br/>Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it: <br/> <br/>[code]Reglock:: <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}] <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}] <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}] <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}] <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] <br/>[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}][/code] <br/>Save this to your desktop as CFScript.txt <br/> <br/> <br/>You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript file, and drag it into ComboFix to start the scan. <br/> <br/>ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt. <br/> <br/>A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. <br/> <br/>--------- <br/> <br/>Post back that new C:\ComboFix.txt log, as well as an update on any of those problems you were experiencing please.
Posted 8/5/2009 3:57 PM
#75727
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
Huh, combofix seems to have vanished... <br/> <br/>Would this be because I neglectfully clicked it while the internet was on the other day? <br/> <br/>But I'ma download another one...
Posted 8/6/2009 12:09 AM
#75741
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Cryptographic service is altered, so likely failing to start. As well as a few other services related to some unwanted change there.A teammate named Mosaic1 has provided a script we can use to verify these problem service issues, which will allow up to effect needed repairs. <br/> <br/>Also, that iexplore.exe file in the Internet Explorer folder just does not seem to be the correct file size. See if you can send me a copy of that. Let's also see if the existing iexplore.exe file will work for you for now. <br/> <br/> <br/>Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" <br/> <br/>Please locate the following hilighted file(s), zip a copy of it, and send it to jintan @ malwarecrypt.com as an attachment. Please place "Submitted Files - LordBTY/bg/ie" as the email Subject. <br/> <br/>c:\Program Files\Internet Explorer\iexplore.exe <br/> <br/>Then for now also right click that file, and name it to iexplore.exe.bad (agree to any warnings). <br/> <br/>Then locate this copy, click it and see if you can open IE then: <br/> <br/>c:\4bac1b979898353db5fea19d\iexplore.exe <br/> <br/>------------------ <br/> <br/>[code]'Script written by Mosaic1 <br/>'To diagnose a possible problem with CryptoGraphic Services. <br/>'This script makes no changes to your operating system <br/>'It merely reports <br/>'Problem has so far only been seen in Windows XP SP3! <br/>'Be careful not to fix anything unless you have the correct Registry Files for that operating System version. <br/> <br/> <br/>Set fso = Wscript.CreateObject("Scripting.FileSystemObject") <br/>Dim Z <br/>set ts = fso.CreateTextFile("CReport.txt","true") <br/>Ts.write Now & vbcrlf & vbcrlf <br/>Set wshshell = Wscript.CreateObject("Wscript.Shell") <br/> <br/>strComputer = "." <br/>Set objWMIService = GetObject("winmgmts:" _ <br/> & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") <br/>Set colListOfServices = objWMIService.ExecQuery _ <br/> ("Select * from Win32_Service Where Name = 'Cryptsvc'") <br/>For Each objService in colListofServices <br/> <br/>If objService.State = "Stopped" then <br/>ts.writeline "Cryptographic services not running!" <br/>ts.writeline "It's Start mode is set to: " & objService.StartMode <br/> <br/>Wshshell.run "regedit /a Crypt.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc" ,, true <br/>Wshshell.run "regedit /a spooler.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler" ,,true <br/>Wshshell.run "regedit /a Seclogon.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Seclogon" ,,true <br/>If not fso.Fileexists("Crypt.txt") then ts.writeline " Warning! No export of the Cryptsvc key exists." <br/>If fso.Fileexists("Crypt.txt") then <br/>set cs = fso.opentextfile("Crypt.txt",1) <br/>Do while not cs.AtEndOfStream <br/>C = cs.readall <br/>loop <br/>cs.close <br/> <br/>ts.write C & vbcrlf <br/>fso.DeleteFile("Crypt.txt") <br/>End IF <br/>If not fso.Fileexists("spooler.txt") then ts.writeline " Warning! No export of the spooler key exists." <br/>If fso.Fileexists("spooler.txt") then <br/>set cs = fso.opentextfile("spooler.txt",1) <br/>Do while not cs.AtEndOfStream <br/>spool = cs.readall <br/>loop <br/>cs.close <br/>Set cs = nothing <br/> <br/>ts.write spool & vbcrlf <br/>fso.DeleteFile("spooler.txt") <br/>End IF <br/>If not fso.Fileexists("Seclogon.txt") then ts.writeline " Warning! No export of the Seclogon key exists." <br/>If fso.Fileexists("Seclogon.txt") then <br/>set cs = fso.opentextfile("seclogon.txt",1) <br/>Do while not cs.AtEndOfStream <br/>seclogon = cs.readall <br/>loop <br/>cs.close <br/>Set cs = nothing <br/>ts.write seclogon & vbcrlf <br/>fso.DeleteFile("seclogon.txt") <br/>End IF <br/> <br/> <br/> <br/>ts.write vbcrlf & " CryptoGraphic Services Failures Events:" & vbcrlf <br/> <br/> <br/>Else If objService.State = "Running" then <br/>ts.Writeline "Cryptographic Services is running." <br/>Wshshell.run """CReport.txt""" <br/>wscript.quit <br/>End IF <br/>End IF <br/> <br/>Next <br/>strComputer = "." <br/>Set objWMIService = GetObject("winmgmts:" _ <br/> & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") <br/>Set colLoggedEvents = objWMIService.ExecQuery _ <br/> ("Select * from Win32_NTLogEvent Where Logfile = 'System' and " _ <br/> & "EventCode = '7000'") <br/>For Each objEvent in colLoggedEvents <br/>If instr(1,ObjEvent.Message,"cryptsvc",1) <> 0 then <br/> Z = Z + 1 <br/> ts.writeline "Event Code: " & objEvent.EventCode <br/> ts.writeline "Event date: " & WMIDateStringToDate(objEvent.TimeGenerated) <br/> ts.writeline "Description: " & objEvent.Message <br/> <br/>End IF <br/> <br/> <br/>Next <br/> <br/>If Z = 0 then ts.writeline "No failure events found for Cryptographic Services." <br/> <br/> <br/>ts.close <br/> <br/>Wshshell.run """CReport.txt""" <br/> <br/> <br/> <br/> <br/> <br/>Function WMIDateStringToDate(A) <br/> WMIDateStringToDate = CDate(Mid(A, 5, 2) & "/" & _ <br/> Mid(A, 7, 2) & "/" & Left(A, 4) _ <br/> & " " & Mid (A, 9, 2) & ":" & _ <br/> Mid(A, 11, 2) & ":" & Mid(A, _ <br/> 13, 2)) <br/>End Function[/code] <br/>Open Notepad (Start - Run, type notepad and press Enter). <br/> <br/>Copy/paste the above text into the open text box, then save this to your desktop as "Testing Crypto.vbs" <br/> <br/>Be sure to include the "" quotes in the name. Then click on Testing Crypto.vbs. When the scan completes a textbox will open - copy/paste those contents back here please. This will also be saved to the same location as the .vbs file named CReport.txt.
Posted 8/6/2009 3:34 PM
#75764
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
Ok, I renamed it and sent you a mail. <br/> <br/>c:\4bac1b979898353db5fea19d\iexplore.exe opens up fine after renaming the main file. <br/> <br/>O wait... there now appears to be a new c:\Program Files\Internet Explorer\iexplore.exe <br/> <br/>I've renamed it c:\Program Files\Internet Explorer\iexplore.exe.bdd <br/> <br/>And it's created another one... what does this mean? <br/> <br/> <br/> <br/>The report came out with <br/> <br/> <br/>06/08/2009 16:33:27 <br/> <br/>Cryptographic Services is running.
Posted 8/6/2009 8:12 PM
#75767
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
Ok ok, well BitDefender doesn't seem to be work... <br/> <br/>But I did the ESET scan.. these are the results.. <br/> <br/> <br/>C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL Win32/Toolbar.AskSBar application cleaned by deleting - quarantined <br/>C:\System Volume Information\_restore{F623FF31-4737-4A48-A07E-C9B8DEE9AE00}\RP171\A0023952.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined <br/>C:\System Volume Information\_restore{F623FF31-4737-4A48-A07E-C9B8DEE9AE00}\RP171\A0023971.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined <br/>C:\System Volume Information\_restore{F623FF31-4737-4A48-A07E-C9B8DEE9AE00}\RP174\A0024255.dll Win32/Adware.RK application cleaned by deleting - quarantined <br/>C:\System Volume Information\_restore{F623FF31-4737-4A48-A07E-C9B8DEE9AE00}\RP174\A0024257.exe Win32/Adware.RK.AA application cleaned by deleting - quarantined <br/>C:\System Volume Information\_restore{F623FF31-4737-4A48-A07E-C9B8DEE9AE00}\RP185\A0027125.exe a variant of Win32/TrojanDownloader.Swizzor.NCG trojan cleaned by deleting - quarantined <br/>C:\System Volume Information\_restore{F623FF31-4737-4A48-A07E-C9B8DEE9AE00}\RP185\A0027167.exe a variant of Win32/TrojanDownloader.Swizzor.NBT trojan cleaned by deleting - quarantined <br/>C:\System Volume Information\_restore{F623FF31-4737-4A48-A07E-C9B8DEE9AE00}\RP186\A0027228.exe a variant of Win32/TrojanDownloader.Swizzor.NBT trojan cleaned by deleting - quarantined <br/>C:\System Volume Information\_restore{F623FF31-4737-4A48-A07E-C9B8DEE9AE00}\RP187\A0027522.exe a variant of Win32/TrojanDownloader.Swizzor.NBT trojan cleaned by deleting - quarantined <br/>C:\System Volume Information\_restore{F623FF31-4737-4A48-A07E-C9B8DEE9AE00}\RP188\A0027550.exe a variant of Win32/TrojanDownloader.Swizzor.NBT trojan cleaned by deleting - quarantined <br/>C:\System Volume Information\_restore{F623FF31-4737-4A48-A07E-C9B8DEE9AE00}\RP188\A0027595.exe a variant of Win32/TrojanDownloader.Swizzor.NBT trojan cleaned by deleting - quarantined <br/>C:\System Volume Information\_restore{F623FF31-4737-4A48-A07E-C9B8DEE9AE00}\RP189\A0028208.exe a variant of Win32/TrojanDownloader.Swizzor.NBT trojan cleaned by deleting - quarantined <br/>C:\System Volume Information\_restore{F623FF31-4737-4A48-A07E-C9B8DEE9AE00}\RP189\A0028217.exe a variant of Win32/TrojanDownloader.Swizzor.NBT trojan cleaned by deleting - quarantined <br/>C:\System Volume Information\_restore{F623FF31-4737-4A48-A07E-C9B8DEE9AE00}\RP189\A0028220.exe a variant of Win32/TrojanDownloader.Swizzor.NBT trojan cleaned by deleting - quarantined <br/>C:\System Volume Information\_restore{F623FF31-4737-4A48-A07E-C9B8DEE9AE00}\RP189\A0028224.exe a variant of Win32/TrojanDownloader.Swizzor.NBT trojan cleaned by deleting - quarantined <br/>C:\System Volume Information\_restore{F623FF31-4737-4A48-A07E-C9B8DEE9AE00}\RP189\A0028225.exe a variant of Win32/TrojanDownloader.Swizzor.NBT trojan cleaned by deleting - quarantined <br/>C:\System Volume Information\_restore{F623FF31-4737-4A48-A07E-C9B8DEE9AE00}\RP205\A0030251.DLL Win32/Toolbar.AskSBar application cleaned by deleting - quarantined <br/> <br/> <br/>It appears to be a swizzor virus...
Posted 8/6/2009 11:33 PM
#75772
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
No currently active items, as far as those tougher infection the scan located in the System Restore files (System Volume Information). I received that iexplore.exe file, thanks. Not seeing anything wrong with it, though it seems to be for Vista, and not XP. Can't be sure on that though. Windows File Protection likely replaced the renamed file with a backup copy, so the rename suggestion was not the best of ideas for that. Can you open IE using that other file though? <br/> <br/>However, in just glancing back through the logs I realize you have two antivirus softwares installed there: <br/> <br/>c:\program files\Alwil Software\Avast4\aswUpdSv.exe <br/>c:\program files\Alwil Software\Avast4\ashServ.exe <br/>c:\program files\Common Files\AOL\acs\AOLacsd.exe <br/>c:\windows\system32\nvsvc32.exe <br/>c:\windows\system32\wdfmgr.exe <br/>c:\program files\AVG\AVG8\avgrsx.exe <br/>c:\progra~1\AVG\AVG8\avgnsx.exe <br/>c:\program files\AVG\AVG8\avgcsrvx.exe <br/>c:\program files\Alwil Software\Avast4\ashMaiSv.exe <br/>c:\program files\Alwil Software\Avast4\ashWebSv.exe <br/>c:\program files\AVG\AVG8\avgsrmax.exe <br/> <br/>This will cause many problems, and these two may have now corrupted each other as well. May also be part of some of the problems you have going on now. I suggest you choose one of those, disable all security software and then uninstall it. Reboot, disable and uninstall the other. If either are a paid version be sure to save any registration keys/code. <br/> <br/> <br/>Once you have done that and rebooted, post back a new RSIT log please.
Posted 8/7/2009 12:33 PM
#75795
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
I had removed them both and reinstalled them before. <br/> <br/>Here's the RSIT log <br/> <br/> <br/> <br/> <br/>Logfile of random's system information tool 1.06 (written by random/random) <br/>Run by User at 2009-08-07 13:27:24 <br/>Microsoft Windows XP Home Edition Service Pack 3 <br/>System drive C: has 87 GB (37%) free of 238 GB <br/>Total RAM: 1022 MB (49% free) <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 13:27:27, on 07/08/2009 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v7.00 (7.00.6000.16876) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe <br/>C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe <br/>C:\WINDOWS\system32\CTHELPER.EXE <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>C:\Program Files\Common Files\AOL\1249496189\ee\AOLSoftware.exe <br/>C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe <br/>C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe <br/>C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe <br/>C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe <br/>C:\Program Files\AOL Companion\companion.exe <br/>C:\Program Files\Mozilla Firefox\firefox.exe <br/>C:\Program Files\Windows Live\Messenger\usnsvc.exe <br/>C:\Program Files\Windows Live\Messenger\msnmsgr.exe <br/>E:\RSIT.exe <br/>C:\Program Files\Trend Micro\HijackThis\User.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html <br/>R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll <br/>O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) <br/>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll <br/>O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll <br/>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" <br/>O4 - HKLM\..\Run: [nwiz] nwiz.exe /install <br/>O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot <br/>O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe <br/>O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE <br/>O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe <br/>O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1249496189\ee\AOLSoftware.exe <br/>O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe <br/>O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background <br/>O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') <br/>O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') <br/>O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe <br/>O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe <br/>O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ? <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll <br/>O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll <br/>O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll <br/>O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe <br/>O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe <br/>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll <br/>O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab <br/>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 <br/>O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll <br/>O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab <br/>O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab <br/>O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab <br/>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238448251250 <br/>O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab <br/>O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab <br/>O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe <br/>O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe <br/>O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe <br/>O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe <br/>O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe <br/>O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/>O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe <br/>O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe <br/> <br/>-- <br/>End of file - 10314 bytes <br/> <br/>======Scheduled tasks folder====== <br/> <br/>C:\WINDOWS\tasks\AppleSoftwareUpdate.job <br/> <br/>======Registry dump====== <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] <br/>Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] <br/>Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] <br/>SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-05-26 320920] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] <br/>Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-10 657904] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] <br/>Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-26 35840] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] <br/>JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-26 73728] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] <br/>{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504] <br/>{4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll [2004-03-22 385024] <br/>{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384] <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776] <br/>"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152] <br/>"nwiz"=nwiz.exe /install [] <br/>"JMB36X Configure"=C:\WINDOWS\system32\JMRaidTool.exe [2006-08-14 352256] <br/>"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024] <br/>"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2007-12-12 23040] <br/>"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2007-12-07 71008] <br/>"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000] <br/>"HostManager"=C:\Program Files\Common Files\AOL\1249496189\ee\AOLSoftware.exe [2006-09-26 50736] <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"SetDefaultMIDI"=C:\WINDOWS\system32\MIDIDef.exe [2007-12-12 31232] <br/>"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] <br/>"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136] <br/>"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] <br/>C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-05-18 49152] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] <br/>C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-05-15 484904] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] <br/>C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-03-28 1079296] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] <br/>C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] <br/>C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-12-07 30208] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] <br/>"vsmon"=2 <br/> <br/>C:\Documents and Settings\All Users\Start Menu\Programs\Startup <br/>AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe <br/>AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe <br/>WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <br/>WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] <br/>"dontdisplaylastusername"=0 <br/>"legalnoticecaption"= <br/>"legalnoticetext"= <br/>"shutdownwithoutlogon"=1 <br/>"undockwithoutlogon"=1 <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] <br/>"NoDriveTypeAutoRun"=323 <br/>"NoDriveAutoRun"=67108863 <br/>"NoDrives"=0 <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] <br/>"HonorAutoRunSetting"= <br/>"NoDriveAutoRun"= <br/>"NoDriveTypeAutoRun"= <br/>"NoDrives"= <br/> <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] <br/>"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" <br/>"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard" <br/>"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" <br/>"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" <br/>"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" <br/>"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console" <br/>"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" <br/>"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" <br/>"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" <br/>"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information" <br/>"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" <br/>"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" <br/>"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL" <br/>"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0" <br/>"C:\Program Files\Common Files\AOL\1249496189\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1249496189\ee\aolsoftware.exe:*:Enabled:AOL Shared Components" <br/> <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] <br/>"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" <br/>"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" <br/>"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" <br/>"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" <br/>"C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL" <br/>"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" <br/>"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL" <br/>"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0" <br/> <br/>======List of files/folders created in the last 1 months====== <br/> <br/>2009-08-05 21:25:38 ----D---- C:\WINDOWS\BDOSCAN8 <br/>2009-08-05 19:16:12 ----D---- C:\Program Files\AOL <br/>2009-08-05 19:02:23 ----A---- C:\WINDOWS\system32\aswBoot.exe <br/>2009-08-05 18:55:23 ----SHD---- C:\RECYCLER <br/>2009-08-05 17:50:08 ----HDC---- C:\WINDOWS\ie7 <br/>2009-08-05 17:18:39 ----D---- C:\WINDOWS\temp <br/>2009-08-05 17:18:37 ----A---- C:\ComboFix.txt <br/>2009-08-05 17:11:33 ----SD---- C:\ComboFix <br/>2009-08-05 16:53:56 ----D---- C:\Program Files\ESET <br/>2009-08-05 02:44:47 ----A---- C:\find.txt <br/>2009-08-04 19:55:55 ----D---- C:\Program Files\ERUNT <br/>2009-08-04 19:41:16 ----RASHD---- C:\autorun.inf <br/>2009-08-03 19:21:50 ----D---- C:\4bac1b979898353db5fea19d <br/>2009-08-03 18:55:29 ----D---- C:\WINDOWS\system32\CatRoot2 <br/>2009-08-03 01:10:48 ----D---- C:\Program Files\AOL Companion <br/>2009-08-03 01:10:47 ----D---- C:\Program Files\Learn2.com <br/>2009-08-03 01:09:58 ----D---- C:\Program Files\AOL Toolbar <br/>2009-08-03 01:09:29 ----A---- C:\WINDOWS\system32\jgdwmie.dll <br/>2009-08-03 01:07:56 ----D---- C:\Program Files\Common Files\aolshare <br/>2009-08-03 01:07:54 ----D---- C:\Program Files\AOL 9.0 <br/>2009-08-03 01:07:54 ----D---- C:\Documents and Settings\All Users\Application Data\AOL <br/>2009-08-03 00:28:02 ----D---- C:\Program Files\VoyagerModem105Drivers <br/>2009-07-30 21:13:30 ----D---- C:\rsit <br/>2009-07-29 16:45:01 ----A---- C:\Boot.bak <br/>2009-07-29 16:44:57 ----RASHD---- C:\cmdcons <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\zip.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\SWXCACLS.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\SWSC.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\SWREG.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\sed.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\PEV.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\NIRCMD.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\grep.exe <br/>2009-07-29 16:40:06 ----D---- C:\WINDOWS\ERDNT <br/>2009-07-29 16:39:08 ----D---- C:\Qoobox <br/>2009-07-29 16:38:41 ----HD---- C:\WINDOWS\PIF <br/>2009-07-29 03:12:30 ----D---- C:\Program Files\Trend Micro <br/>2009-07-29 03:09:35 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes <br/>2009-07-29 03:09:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes <br/>2009-07-29 03:09:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware <br/>2009-07-27 22:08:22 ----N---- C:\WINDOWS\SchedLgU.Txt <br/>2009-07-16 12:38:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ <br/>2009-07-16 12:38:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ <br/>2009-07-16 12:33:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ <br/>2009-07-11 00:25:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard <br/> <br/>======List of files/folders modified in the last 1 months====== <br/> <br/>2009-08-07 13:03:07 ----D---- C:\Program Files\Mozilla Firefox <br/>2009-08-07 13:02:24 ----D---- C:\WINDOWS <br/>2009-08-07 13:02:14 ----D---- C:\WINDOWS\Prefetch <br/>2009-08-06 21:10:29 ----D---- C:\Downloads <br/>2009-08-06 18:49:00 ----SD---- C:\WINDOWS\Downloaded Program Files <br/>2009-08-06 18:20:15 ----D---- C:\WINDOWS\system32 <br/>2009-08-06 17:59:15 ----D---- C:\WINDOWS\Debug <br/>2009-08-06 16:39:55 ----D---- C:\Program Files\CCleaner <br/>2009-08-06 16:37:35 ----D---- C:\Program Files\Yahoo! <br/>2009-08-06 16:31:28 ----RSHDC---- C:\WINDOWS\system32\dllcache <br/>2009-08-06 16:31:23 ----D---- C:\Program Files\Internet Explorer <br/>2009-08-05 21:25:38 ----HD---- C:\WINDOWS\inf <br/>2009-08-05 21:16:25 ----D---- C:\WINDOWS\Microsoft.NET <br/>2009-08-05 21:02:57 ----D---- C:\WINDOWS\system32\CatRoot <br/>2009-08-05 21:02:04 ----SHD---- C:\WINDOWS\Installer <br/>2009-08-05 21:01:24 ----D---- C:\WINDOWS\ie7updates <br/>2009-08-05 20:43:17 ----D---- C:\Program Files\Common Files\AOL <br/>2009-08-05 19:16:12 ----RD---- C:\Program Files <br/>2009-08-05 19:02:40 ----D---- C:\WINDOWS\system32\drivers <br/>2009-08-05 18:58:12 ----A---- C:\WINDOWS\NeroDigital.ini <br/>2009-08-05 18:44:17 ----A---- C:\VETlog.txt <br/>2009-08-05 18:43:50 ----A---- C:\WINDOWS\win.ini <br/>2009-08-05 17:53:26 ----D---- C:\WINDOWS\Help <br/>2009-08-05 17:51:49 ----D---- C:\WINDOWS\system32\en-US <br/>2009-08-05 17:16:22 ----A---- C:\WINDOWS\system.ini <br/>2009-08-05 17:14:57 ----D---- C:\WINDOWS\AppPatch <br/>2009-08-05 17:14:51 ----D---- C:\Program Files\Common Files <br/>2009-08-05 04:22:03 ----D---- C:\Documents and Settings\User\Application Data\OpenOffice.org2 <br/>2009-08-03 21:20:50 ----D---- C:\WINDOWS\security <br/>2009-08-03 01:11:10 ----A---- C:\WINDOWS\aolback.exe.lnk <br/>2009-08-03 01:10:47 ----SD---- C:\WINDOWS\occache <br/>2009-08-03 01:09:48 ----A---- C:\WINDOWS\system32\rmoc3260.dll <br/>2009-08-02 22:57:57 ----D---- C:\Program Files\VoyagerModemDrivers <br/>2009-08-02 22:36:34 ----D---- C:\Temp <br/>2009-08-02 21:43:26 ----RASH---- C:\boot.ini <br/>2009-08-02 21:40:59 ----D---- C:\Program Files\Opera <br/>2009-08-02 21:28:24 ----D---- C:\Program Files\FrostWire <br/>2009-08-02 21:21:24 ----D---- C:\Documents and Settings\User\Application Data\Yahoo! <br/>2009-08-02 21:21:24 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! <br/>2009-08-02 21:21:09 ----A---- C:\YServer.txt <br/>2009-08-02 21:08:16 ----D---- C:\Documents and Settings\User\Application Data\AOL <br/>2009-08-02 21:08:02 ----A---- C:\WINDOWS\msoffice.ini <br/>2009-07-31 13:47:56 ----D---- C:\WINDOWS\pss <br/>2009-07-30 20:43:42 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft <br/>2009-07-30 20:42:57 ----HD---- C:\$AVG8.VAULT$ <br/>2009-07-29 16:46:29 ----D---- C:\WINDOWS\system32\oldcatroot2 <br/>2009-07-29 16:44:31 ----D---- C:\Program Files\BitComet <br/>2009-07-29 03:46:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP <br/>2009-07-29 03:01:36 ----D---- C:\WINDOWS\WinSxS <br/>2009-07-28 18:28:09 ----HD---- C:\WINDOWS\$hf_mig$ <br/>2009-07-27 23:00:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ <br/>2009-07-27 22:16:12 ----SD---- C:\WINDOWS\Tasks <br/>2009-07-26 18:04:17 ----D---- C:\Documents and Settings <br/>2009-07-19 19:03:04 ----A---- C:\WINDOWS\system32\mshtml.dll <br/>2009-07-19 14:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll <br/>2009-07-12 03:53:04 ----A---- C:\WINDOWS\PhotoSnapViewer.INI <br/>2009-07-11 01:02:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy <br/>2009-07-11 00:25:35 ----D---- C:\Program Files\Lavasoft <br/>2009-07-11 00:21:53 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft <br/> <br/>======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== <br/> <br/>R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944] <br/>R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264] <br/>R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877] <br/>R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768] <br/>R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376] <br/>R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] <br/>R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-01-27 8552] <br/>R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] <br/>R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032] <br/>R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 66048] <br/>R2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys [2001-04-09 17784] <br/>R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [] <br/>R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] <br/>R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152] <br/>R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-10-23 33792] <br/>R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2007-12-12 98328] <br/>R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2007-12-12 511000] <br/>R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2007-12-12 524824] <br/>R3 CTEDSPIO.SYS;CTEDSPIO.SYS; C:\WINDOWS\System32\drivers\CTEDSPIO.SYS [2007-12-12 134168] <br/>R3 CTEDSPSY.SYS;CTEDSPSY.SYS; C:\WINDOWS\System32\drivers\CTEDSPSY.SYS [2007-12-12 309784] <br/>R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2007-12-12 14360] <br/>R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2007-12-12 159256] <br/>R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2007-12-12 95768] <br/>R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] <br/>R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2007-12-12 802840] <br/>R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] <br/>R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] <br/>R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] <br/>R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392] <br/>R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-02-17 34176] <br/>R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-02-17 13056] <br/>R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2007-12-12 129560] <br/>R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] <br/>R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] <br/>R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] <br/>R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] <br/>R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588] <br/>S3 BRIDGE;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552] <br/>S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552] <br/>S3 catchme;catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys [] <br/>S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2007-12-12 98328] <br/>S3 CT20XUT.SYS;CT20XUT.SYS; C:\WINDOWS\System32\drivers\CT20XUT.SYS [2007-12-12 171032] <br/>S3 CT20XUT;CT20XUT; C:\WINDOWS\system32\drivers\CT20XUT.SYS [2007-12-12 171032] <br/>S3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2007-12-12 528920] <br/>S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2007-12-12 528920] <br/>S3 CTEAPSFX.SYS;CTEAPSFX.SYS; C:\WINDOWS\System32\drivers\CTEAPSFX.SYS [2007-12-12 163352] <br/>S3 CTEAPSFX;CTEAPSFX; C:\WINDOWS\system32\drivers\CTEAPSFX.SYS [2007-12-12 163352] <br/>S3 CTEDSPFX.SYS;CTEDSPFX.SYS; C:\WINDOWS\System32\drivers\CTEDSPFX.SYS [2007-12-12 259096] <br/>S3 CTEDSPFX;CTEDSPFX; C:\WINDOWS\system32\drivers\CTEDSPFX.SYS [2007-12-12 259096] <br/>S3 CTEDSPIO;CTEDSPIO; C:\WINDOWS\system32\drivers\CTEDSPIO.SYS [2007-12-12 134168] <br/>S3 CTEDSPSY;CTEDSPSY; C:\WINDOWS\system32\drivers\CTEDSPSY.SYS [2007-12-12 309784] <br/>S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2007-12-12 99352] <br/>S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2007-12-12 99352] <br/>S3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\WINDOWS\System32\drivers\CTEXFIFX.SYS [2007-12-12 1324056] <br/>S3 CTEXFIFX;CTEXFIFX; C:\WINDOWS\system32\drivers\CTEXFIFX.SYS [2007-12-12 1324056] <br/>S3 CTHWIUT.SYS;CTHWIUT.SYS; C:\WINDOWS\System32\drivers\CTHWIUT.SYS [2007-12-12 72728] <br/>S3 CTHWIUT;CTHWIUT; C:\WINDOWS\system32\drivers\CTHWIUT.SYS [2007-12-12 72728] <br/>S3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2007-12-12 534040] <br/>S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2007-12-12 534040] <br/>S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS [] <br/>S3 Freedom;FREEDOM Miniport; C:\WINDOWS\system32\DRIVERS\FREEDOM.SYS [] <br/>S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2007-12-12 163864] <br/>S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] <br/>S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [] <br/>S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160] <br/>S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896] <br/>S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328] <br/>S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] <br/>S3 PPPoEWin;PPPoEWin Miniport; C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [] <br/>S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064] <br/>S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-01-15 30464] <br/>S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] <br/>S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] <br/>S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] <br/>S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] <br/>S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112] <br/>S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064] <br/>S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] <br/>S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688] <br/>S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] <br/>S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032] <br/> <br/>======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== <br/> <br/>R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640] <br/>R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752] <br/>R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680] <br/>R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716] <br/>R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] <br/>R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] <br/>R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040] <br/>R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920] <br/>R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920] <br/>R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] <br/>S3 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664] <br/>S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592] <br/>S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] <br/>S3 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] <br/>S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] <br/>S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] <br/>S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-10 168432] <br/>S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] <br/>S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104] <br/>S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-26 152984] <br/>S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400] <br/>S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112] <br/>S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] <br/>S3 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936] <br/>S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] <br/>S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] <br/>S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] <br/>S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] <br/> <br/>-----------------EOF-----------------
Posted 8/7/2009 4:29 PM
#75803
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
Hmm.... I just downloaded Spyhunter3 unregistered... <br/> <br/>I have <br/> <br/> <br/>A0027702.exe - Malware.DrSmart.A <br/>A0028894.exe - Kontiki <br/>ntoskrnl.exe - Trojan.Dropper <br/> <br/> <br/>What should I do? <br/> <br/>EDIT: I've deleted the first two... not so sure about what to do for the 3rd one though...
Posted 8/7/2009 4:50 PM
#75805
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Those first two, by the looks of the names, are System Restore files, and the last one is an important and essential system file, as long as that file by that name is located in either the System32 folder of the System32\dllcache folder. <br/> <br/>More important is that I not only really need you to not make any independent changes or run your own scans there, but SpyHunter is considered as rogue software itself. You need to uninstall that, and delete any files from it as well. <br/> <br/>Once you have done that, reboot, to make sure all changes were made. Then a good idea now would be to check the system with an updated copy of the same tool that provided the initial verification of problems there. <br/> <br/> <br/>Delete any existing copies of ComboFix, then download ComboFix.exe from here to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it - use right click "Save Target/Link As" ). For this, rename the downloading file to 765out.com, then click the renamed 765out.com to run that scan. <br/> <br/>Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here. <br/> <br/>A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. <br/> <br/>Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Posted 8/7/2009 9:38 PM
#75811
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
Okey dokey <br/> <br/>The infected files were in the windows update backup... the same place where the undeletable iexplore files were <br/> <br/>Here's the ComboFix Log <br/> <br/> <br/>ComboFix 09-08-07.04 - User 07/08/2009 22:28.5.2 - NTFSx86 <br/>Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.593 [GMT 1:00] <br/>Running from: c:\documents and settings\User\Desktop\765out.com.exe <br/>AV: avast! antivirus 4.8.1335 [VPS 090807-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} <br/>. <br/> <br/>((((((((((((((((((((((((( Files Created from 2009-07-07 to 2009-08-07 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2009-08-07 19:55 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys <br/>2009-08-07 19:38 . 2009-08-07 19:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} <br/>2009-08-07 19:38 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe <br/>2009-08-07 16:51 . 2009-08-07 16:51 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe <br/>2009-08-07 16:12 . 2009-08-07 21:19 -------- d-----w- c:\program files\Enigma Software Group <br/>2009-08-05 20:25 . 2009-08-06 20:20 -------- d-----w- c:\windows\BDOSCAN8 <br/>2009-08-05 18:17 . 2009-08-05 18:17 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\AOL <br/>2009-08-05 18:02 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys <br/>2009-08-05 18:02 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys <br/>2009-08-05 18:02 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys <br/>2009-08-05 18:02 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr <br/>2009-08-05 18:02 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys <br/>2009-08-05 18:02 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys <br/>2009-08-05 18:02 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys <br/>2009-08-05 18:02 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys <br/>2009-08-05 18:02 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe <br/>2009-08-05 16:11 . 2009-08-05 16:18 -------- d-s---w- C:\ComboFix <br/>2009-08-05 15:53 . 2009-08-05 15:53 -------- d-----w- c:\program files\ESET <br/>2009-08-04 18:55 . 2009-08-04 18:56 -------- d-----w- c:\program files\ERUNT <br/>2009-08-03 19:46 . 2009-08-03 19:46 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\temp <br/>2009-08-03 19:46 . 2009-08-03 19:46 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\temp <br/>2009-08-03 19:46 . 2009-08-03 19:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\temp <br/>2009-08-03 19:46 . 2009-08-03 19:46 -------- d-----w- c:\documents and settings\Louise\Local Settings\Application Data\temp <br/>2009-08-03 19:46 . 2009-08-03 19:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\temp <br/>2009-08-03 19:46 . 2009-08-03 19:46 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\temp <br/>2009-08-03 19:46 . 2009-08-03 19:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\temp <br/>2009-08-03 18:21 . 2009-08-03 18:21 -------- d-----w- C:\4bac1b979898353db5fea19d <br/>2009-08-03 17:55 . 2009-08-07 21:28 -------- d-----w- c:\windows\system32\CatRoot2 <br/>2009-08-03 00:10 . 2009-08-05 17:44 -------- d-----w- c:\program files\AOL Companion <br/>2009-08-03 00:10 . 2009-08-03 00:10 -------- d-----w- c:\program files\Learn2.com <br/>2009-08-03 00:10 . 2004-06-22 13:03 173184 ----a-w- c:\windows\system32\ygpss.scr <br/>2009-08-03 00:09 . 2009-08-03 00:11 -------- d-----w- c:\program files\AOL Toolbar <br/>2009-08-03 00:09 . 2004-06-22 13:03 153088 ----a-w- c:\windows\system32\jgdwmie.dll <br/>2009-08-03 00:09 . 2004-06-22 13:03 14538 ----a-w- c:\documents and settings\All Users\Application Data\AOL\C_AOL 9.0\ctem.sys <br/>2009-08-03 00:07 . 2009-08-03 00:10 -------- d-----w- c:\program files\Common Files\aolshare <br/>2009-08-03 00:07 . 2009-08-05 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL <br/>2009-08-03 00:07 . 2009-08-05 18:16 -------- d-----w- c:\program files\AOL 9.0 <br/>2009-08-02 23:28 . 2009-08-02 23:28 -------- d-----w- c:\program files\VoyagerModem105Drivers <br/>2009-08-02 21:36 . 2009-08-02 21:54 -------- d-----w- c:\temp\ext256 <br/>2009-08-02 21:36 . 2009-08-02 21:54 -------- d-----w- c:\temp\ext2782 <br/>2009-07-30 20:13 . 2009-07-30 20:13 -------- d-----w- C:\rsit <br/>2009-07-29 15:38 . 2009-07-29 15:38 -------- d--h--w- c:\windows\PIF <br/>2009-07-29 11:57 . 2009-07-29 11:57 -------- d-----w- c:\documents and settings\Louise\Application Data\Malwarebytes <br/>2009-07-29 02:12 . 2009-07-29 02:12 -------- d-----w- c:\program files\Trend Micro <br/>2009-07-29 02:09 . 2009-07-29 02:09 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes <br/>2009-07-29 02:09 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys <br/>2009-07-29 02:09 . 2009-07-29 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes <br/>2009-07-29 02:09 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2009-07-29 02:09 . 2009-08-07 16:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware <br/>2009-07-28 17:31 . 2009-07-28 17:35 -------- d-----w- c:\documents and settings\User\.housecall6.6 <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2009-08-07 21:18 . 2008-05-17 19:04 -------- d-----w- c:\program files\Yahoo! <br/>2009-08-07 19:38 . 2008-01-23 13:01 -------- d-----w- c:\program files\Lavasoft <br/>2009-08-06 15:39 . 2008-01-23 13:10 -------- d-----w- c:\program files\CCleaner <br/>2009-08-05 19:43 . 2008-01-27 16:23 -------- d-----w- c:\program files\Common Files\AOL <br/>2009-08-05 16:24 . 2008-01-24 11:37 20928 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT <br/>2009-08-05 03:22 . 2008-01-28 16:20 -------- d-----w- c:\documents and settings\User\Application Data\OpenOffice.org2 <br/>2009-08-02 21:57 . 2008-01-27 16:13 -------- d-----w- c:\program files\VoyagerModemDrivers <br/>2009-08-02 20:40 . 2009-03-12 17:13 -------- d-----w- c:\program files\Opera <br/>2009-08-02 20:28 . 2008-01-27 21:51 -------- d-----w- c:\program files\FrostWire <br/>2009-08-02 20:21 . 2008-05-30 06:14 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo! <br/>2009-08-02 20:21 . 2008-05-17 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! <br/>2009-08-02 20:08 . 2009-05-10 20:49 -------- d-----w- c:\documents and settings\User\Application Data\AOL <br/>2009-07-29 15:44 . 2009-04-13 11:00 -------- d-----w- c:\program files\BitComet <br/>2009-07-29 02:46 . 2008-02-03 00:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP <br/>2009-07-11 00:02 . 2008-01-29 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy <br/>2009-07-10 23:21 . 2008-02-04 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft <br/>2009-06-29 16:12 . 2006-02-28 12:00 827392 ----a-w- c:\windows\system32\wininet.dll <br/>2009-06-29 16:12 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll <br/>2009-06-29 16:12 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll <br/>2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll <br/>2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll <br/>2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll <br/>2009-05-26 02:59 . 2009-05-26 03:00 410984 ----a-w- c:\windows\system32\deploytk.dll <br/>2009-05-26 02:59 . 2009-05-26 02:59 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_13\lzma.dll <br/>2009-05-22 17:12 . 2008-12-25 20:20 16 ----a-w- c:\windows\msocreg32.dat <br/>2009-05-11 03:35 . 2008-01-29 08:39 20928 ----a-w- c:\documents and settings\Louise\Local Settings\Application Data\GDIPFONTCACHEV1.DAT <br/>2009-05-10 12:57 . 2009-07-26 16:58 142822 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat <br/>2006-05-03 10:06 . 2009-03-25 22:18 163328 --sh--r- c:\windows\system32\flvDX.dll <br/>2007-02-21 11:47 . 2009-03-25 22:18 31232 --sh--r- c:\windows\system32\msfDX.dll <br/>2008-03-16 13:30 . 2009-03-25 22:19 216064 --sh--r- c:\windows\system32\nbDX.dll <br/>. <br/> <br/>((((((((((((((((((((((((((((( SnapShot@2009-07-29_15.56.42 ))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll <br/>+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll <br/>+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll <br/>+ 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll <br/>+ 2008-07-29 05:07 . 2008-07-29 05:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll <br/>+ 2009-08-07 21:20 . 2009-08-07 21:20 16384 c:\windows\temp\Perflib_Perfdata_60c.dat <br/>+ 2006-02-28 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll <br/>+ 2006-02-28 12:00 . 2007-08-13 17:01 48128 c:\windows\system32\mshtmler.dll <br/>+ 2006-02-28 12:00 . 2007-08-13 17:32 45568 c:\windows\system32\mshta.exe <br/>+ 2007-08-13 18:54 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll <br/>- 2007-08-13 18:54 . 2009-04-29 04:55 52224 c:\windows\system32\msfeedsbs.dll <br/>+ 2006-02-28 12:00 . 2007-08-13 17:44 40960 c:\windows\system32\licmgr10.dll <br/>+ 2006-02-28 12:00 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll <br/>+ 2006-02-28 12:00 . 2007-08-13 17:39 92672 c:\windows\system32\inseng.dll <br/>+ 2001-09-25 13:39 . 2004-06-22 13:03 54784 c:\windows\system32\Inetwh32.dll <br/>- 2001-09-25 13:39 . 2001-09-25 13:39 54784 c:\windows\system32\Inetwh32.dll <br/>+ 2006-02-28 12:00 . 2007-08-13 17:36 36352 c:\windows\system32\imgutil.dll <br/>+ 2007-08-13 18:39 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe <br/>- 2007-08-13 18:39 . 2009-04-28 09:05 13824 c:\windows\system32\ieudinit.exe <br/>+ 2006-02-28 12:00 . 2007-08-13 17:39 55296 c:\windows\system32\iesetup.dll <br/>+ 2006-02-28 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll <br/>+ 2006-02-28 12:00 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe <br/>+ 2007-08-13 18:36 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll <br/>- 2007-08-13 18:36 . 2009-04-29 04:55 63488 c:\windows\system32\icardie.dll <br/>+ 2009-08-07 19:55 . 2009-07-03 14:49 64160 c:\windows\system32\DRVSTORE\lbd_4C6E0193F967021F4DECA024CA3950BECD8BF864\Lbd.sys <br/>+ 2007-08-13 17:36 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll <br/>+ 2007-08-13 17:01 . 2007-08-13 17:01 48128 c:\windows\system32\dllcache\mshtmler.dll <br/>+ 2007-08-13 17:32 . 2007-08-13 17:32 45568 c:\windows\system32\dllcache\mshta.exe <br/>+ 2009-04-13 05:15 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll <br/>- 2009-04-13 05:15 . 2009-04-29 04:55 52224 c:\windows\system32\dllcache\msfeedsbs.dll <br/>+ 2007-08-13 17:44 . 2007-08-13 17:44 40960 c:\windows\system32\dllcache\licmgr10.dll <br/>+ 2007-08-13 17:54 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll <br/>+ 2007-08-13 17:39 . 2007-08-13 17:39 92672 c:\windows\system32\dllcache\inseng.dll <br/>+ 2007-08-13 17:36 . 2007-08-13 17:36 36352 c:\windows\system32\dllcache\imgutil.dll <br/>- 2009-04-13 05:15 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe <br/>+ 2009-04-13 05:15 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe <br/>+ 2007-08-13 17:39 . 2007-08-13 17:39 55296 c:\windows\system32\dllcache\iesetup.dll <br/>+ 2007-08-13 17:39 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll <br/>+ 2007-08-13 17:45 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll <br/>+ 2007-08-13 17:44 . 2007-08-13 17:44 69120 c:\windows\system32\dllcache\iedw.exe <br/>+ 2007-08-13 17:39 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe <br/>+ 2009-04-13 05:15 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll <br/>- 2009-04-13 05:15 . 2009-04-29 04:55 63488 c:\windows\system32\dllcache\icardie.dll <br/>+ 2007-08-13 17:18 . 2007-08-13 17:18 60416 c:\windows\system32\dllcache\hmmapi.dll <br/>+ 2007-03-16 08:30 . 2007-08-13 17:54 33792 c:\windows\system32\dllcache\custsat.dll <br/>+ 2007-08-13 17:42 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll <br/>+ 2008-12-25 20:48 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt040d.dll <br/>+ 2008-12-25 20:48 . 2007-04-02 18:25 19456 c:\windows\system32\dllcache\agt0401.dll <br/>+ 2007-08-13 17:39 . 2007-08-13 17:39 71680 c:\windows\system32\dllcache\admparse.dll <br/>+ 2006-02-28 12:00 . 2007-08-13 17:39 71680 c:\windows\system32\admparse.dll <br/>+ 2008-12-25 20:48 . 2007-04-02 18:26 19456 c:\windows\msagent\intl\agt040d.dll <br/>+ 2008-12-25 20:48 . 2007-04-02 18:25 19456 c:\windows\msagent\intl\agt0401.dll <br/>+ 2009-08-05 20:01 . 2009-08-05 20:01 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe <br/>- 2009-06-12 02:04 . 2009-06-12 02:04 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe <br/>+ 2009-08-05 16:51 . 2007-08-13 17:36 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll <br/>+ 2009-08-05 16:51 . 2009-04-29 04:55 52224 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll <br/>+ 2009-08-05 16:51 . 2007-08-13 17:54 27136 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll <br/>+ 2009-08-05 16:51 . 2007-08-13 17:39 13312 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe <br/>+ 2009-08-05 16:51 . 2007-08-13 17:39 43008 c:\windows\ie7updates\KB972260-IE7\iernonce.dll <br/>+ 2009-08-05 16:51 . 2009-04-29 04:55 78336 c:\windows\ie7updates\KB972260-IE7\ieencode.dll <br/>+ 2009-08-05 16:51 . 2007-08-13 17:39 54784 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe <br/>+ 2009-08-05 16:51 . 2009-04-29 04:55 63488 c:\windows\ie7updates\KB972260-IE7\icardie.dll <br/>+ 2009-08-05 16:51 . 2008-04-14 00:11 35328 c:\windows\ie7updates\KB972260-IE7\corpol.dll <br/>+ 2009-08-05 20:01 . 2007-03-06 01:22 14048 c:\windows\ie7updates\KB938127-v2-IE7\spmsg.dll <br/>+ 2009-08-05 20:01 . 2007-03-06 01:22 22752 c:\windows\ie7updates\KB938127-v2-IE7\spcustom.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:12 37888 c:\windows\ie7\url.dll <br/>+ 2009-08-05 16:51 . 2007-08-13 17:52 66048 c:\windows\ie7\spuninst\ieResetIcons.exe <br/>+ 2009-08-05 16:50 . 2007-08-13 17:54 32960 c:\windows\ie7\spuninst\iecustom.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:12 39424 c:\windows\ie7\pngfilt.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:12 96256 c:\windows\ie7\occache.dll <br/>+ 2009-08-05 16:50 . 2008-04-13 16:26 56832 c:\windows\ie7\mshtmler.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:12 29184 c:\windows\ie7\mshta.exe <br/>+ 2009-08-05 16:50 . 2008-04-14 00:11 22016 c:\windows\ie7\licmgr10.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:11 15872 c:\windows\ie7\jsproxy.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:11 96256 c:\windows\ie7\inseng.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:11 35840 c:\windows\ie7\imgutil.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:11 62976 c:\windows\ie7\iesetup.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:11 48640 c:\windows\ie7\iernonce.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:12 18432 c:\windows\ie7\iedw.exe <br/>+ 2009-08-05 16:50 . 2008-04-14 00:12 34304 c:\windows\ie7\ie4uinit.exe <br/>+ 2009-08-05 16:50 . 2008-04-14 00:11 38912 c:\windows\ie7\hmmapi.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:11 55808 c:\windows\ie7\extmgr.dll <br/>+ 2009-08-05 16:50 . 2005-01-28 13:44 28672 c:\windows\ie7\custsat.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:11 99840 c:\windows\ie7\advpack.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:11 61440 c:\windows\ie7\admparse.dll <br/>+ 2009-01-05 14:44 . 2009-01-05 14:44 53248 c:\windows\bdoscandel.exe <br/>+ 2009-08-05 20:26 . 2009-08-05 20:26 86016 c:\windows\BDOSCAN8\librtvr.dll <br/>+ 2009-08-05 20:26 . 2009-08-05 20:26 27136 c:\windows\BDOSCAN8\avxt.dll <br/>+ 2009-08-05 20:26 . 2009-08-05 20:26 10240 c:\windows\BDOSCAN8\avxs.dll <br/>+ 2009-08-05 20:26 . 2009-08-05 20:26 45056 c:\windows\BDOSCAN8\avxdisk.dll <br/>+ 2008-11-26 19:23 . 2008-04-14 00:09 6144 c:\windows\system32\dllcache\kbdpash.dll <br/>+ 2008-11-26 19:23 . 2008-04-14 00:09 6144 c:\windows\system32\dllcache\kbdnepr.dll <br/>+ 2006-02-28 12:00 . 2008-04-14 00:09 6656 c:\windows\system32\dllcache\kbdinmal.dll <br/>+ 2006-02-28 12:00 . 2008-04-14 00:09 6144 c:\windows\system32\dllcache\kbdinben.dll <br/>+ 2006-02-28 12:00 . 2008-04-14 00:09 6144 c:\windows\system32\dllcache\kbdinbe1.dll <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll <br/>+ 2008-07-29 02:54 . 2008-07-29 02:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll <br/>+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll <br/>+ 2006-12-21 14:18 . 2006-12-21 14:18 497496 c:\windows\system32\XceedZip.dll <br/>+ 2006-02-28 12:00 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll <br/>+ 2006-02-28 12:00 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll <br/>- 2008-01-27 16:25 . 2009-05-09 15:57 157696 c:\windows\system32\rmoc3260.dll <br/>+ 2008-01-27 16:25 . 2009-08-03 00:09 157696 c:\windows\system32\rmoc3260.dll <br/>+ 2006-02-28 12:00 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll <br/>+ 2006-02-28 12:00 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll <br/>+ 2006-02-28 12:00 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll <br/>+ 2006-02-28 12:00 . 2007-08-13 17:54 156160 c:\windows\system32\msls31.dll <br/>+ 2006-02-28 12:00 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll <br/>- 2007-08-13 18:54 . 2009-04-29 04:55 459264 c:\windows\system32\msfeeds.dll <br/>+ 2007-08-13 18:54 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll <br/>+ 2007-08-13 18:34 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll <br/>- 2007-08-13 18:34 . 2009-04-29 04:55 268288 c:\windows\system32\iertutil.dll <br/>+ 2006-02-28 12:00 . 2007-08-13 17:54 191488 c:\windows\system32\iepeers.dll <br/>+ 2006-02-28 12:00 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll <br/>+ 2007-07-11 12:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll <br/>+ 2006-02-28 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll <br/>+ 2006-02-28 12:00 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll <br/>+ 2006-02-28 12:00 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll <br/>+ 2007-03-16 08:21 . 2009-08-04 18:33 127704 c:\windows\system32\FNTCACHE.DAT <br/>- 2007-03-16 08:21 . 2009-06-12 02:12 127704 c:\windows\system32\FNTCACHE.DAT <br/>+ 2006-02-28 12:00 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll <br/>+ 2006-02-28 12:00 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll <br/>+ 2006-02-28 12:00 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll <br/>+ 2009-03-03 17:45 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\wininet.dll <br/>+ 2007-08-13 17:54 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll <br/>+ 2007-08-13 17:54 . 2008-05-27 17:23 765952 c:\windows\system32\dllcache\vgx.dll <br/>+ 2007-08-13 17:44 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll <br/>+ 2006-09-23 12:12 . 2006-09-23 12:12 474112 c:\windows\system32\dllcache\shlwapi.dll <br/>+ 2007-08-13 17:44 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll <br/>+ 2007-08-13 17:54 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll <br/>+ 2007-08-13 17:44 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll <br/>+ 2006-02-28 12:00 . 2007-08-13 17:54 156160 c:\windows\system32\dllcache\msls31.dll <br/>+ 2007-08-13 17:54 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll <br/>+ 2009-04-13 05:15 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll <br/>- 2009-04-13 05:15 . 2009-04-29 04:55 459264 c:\windows\system32\dllcache\msfeeds.dll <br/>+ 2007-08-13 17:43 . 2009-06-29 08:35 634632 c:\windows\system32\dllcache\iexplore.exe <br/>- 2009-04-13 05:15 . 2009-04-29 04:55 268288 c:\windows\system32\dllcache\iertutil.dll <br/>+ 2009-04-13 05:15 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll <br/>+ 2007-08-13 17:54 . 2007-08-13 17:54 191488 c:\windows\system32\dllcache\iepeers.dll <br/>+ 2007-08-13 17:39 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll <br/>+ 2009-04-13 05:15 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll <br/>+ 2006-02-28 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll <br/>+ 2007-08-13 17:39 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll <br/>+ 2007-08-13 17:39 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll <br/>+ 2007-08-13 17:54 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll <br/>+ 2007-08-13 17:35 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll <br/>+ 2007-08-13 17:35 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll <br/>+ 2007-08-13 17:39 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll <br/>+ 2008-05-30 19:58 . 2009-07-30 19:58 262144 c:\windows\system32\config\systemprofile\ntuser.dat <br/>+ 2006-02-28 12:00 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll <br/>+ 2009-08-03 00:10 . 2004-06-22 13:03 253952 c:\windows\occache\iestm32.dll <br/>- 2008-01-27 16:25 . 2004-06-22 13:03 253952 c:\windows\occache\iestm32.dll <br/>+ 2009-03-20 10:48 . 2009-03-20 10:48 183808 c:\windows\Installer\5eb74a.msp <br/>+ 2009-08-07 19:38 . 2009-08-07 19:38 236032 c:\windows\Installer\1a36dad.msi <br/>+ 2006-10-26 20:49 . 2006-10-26 20:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\WRD12CVR.DLL <br/>+ 2009-08-05 16:51 . 2007-08-13 17:54 818688 c:\windows\ie7updates\KB972260-IE7\wininet.dll <br/>+ 2009-08-05 16:51 . 2007-08-13 17:54 231424 c:\windows\ie7updates\KB972260-IE7\webcheck.dll <br/>+ 2009-08-05 16:51 . 2007-08-13 17:44 105984 c:\windows\ie7updates\KB972260-IE7\url.dll <br/>+ 2009-08-05 16:51 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll <br/>+ 2009-08-05 16:51 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe <br/>+ 2009-08-05 16:51 . 2007-08-13 17:44 101376 c:\windows\ie7updates\KB972260-IE7\occache.dll <br/>+ 2009-08-05 16:51 . 2007-08-13 17:54 670720 c:\windows\ie7updates\KB972260-IE7\mstime.dll <br/>+ 2009-08-05 16:51 . 2007-08-13 17:44 192000 c:\windows\ie7updates\KB972260-IE7\msrating.dll <br/>+ 2009-08-05 16:51 . 2007-08-13 17:54 475648 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll <br/>+ 2009-08-05 16:51 . 2009-04-29 04:55 459264 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll <br/>+ 2009-08-05 16:51 . 2009-04-25 05:27 636088 c:\windows\ie7updates\KB972260-IE7\iexplore.exe <br/>+ 2009-08-05 16:51 . 2009-04-29 04:55 268288 c:\windows\ie7updates\KB972260-IE7\iertutil.dll <br/>+ 2009-08-05 16:51 . 2007-08-13 17:39 382976 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll <br/>+ 2009-08-05 16:51 . 2009-04-29 04:55 383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll <br/>+ 2009-08-05 16:51 . 2007-08-13 16:56 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll <br/>+ 2009-08-05 16:51 . 2007-08-13 17:39 229376 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll <br/>+ 2009-08-05 16:51 . 2007-08-13 17:39 152064 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll <br/>+ 2009-08-05 16:51 . 2007-08-13 17:54 131584 c:\windows\ie7updates\KB972260-IE7\extmgr.dll <br/>+ 2009-08-05 16:51 . 2007-08-13 17:35 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll <br/>+ 2009-08-05 16:51 . 2007-08-13 17:35 346624 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll <br/>+ 2009-08-05 16:51 . 2007-08-13 17:39 123904 c:\windows\ie7updates\KB972260-IE7\advpack.dll <br/>+ 2009-08-05 20:01 . 2007-08-13 17:54 765952 c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll <br/>+ 2009-08-05 20:01 . 2007-03-06 01:23 371424 c:\windows\ie7updates\KB938127-v2-IE7\updspapi.dll <br/>+ 2009-08-05 20:01 . 2007-03-06 01:22 716000 c:\windows\ie7updates\KB938127-v2-IE7\update.exe <br/>+ 2009-08-05 20:01 . 2007-03-06 01:23 371424 c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll <br/>+ 2009-08-05 20:01 . 2007-03-06 01:22 213216 c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe <br/>+ 2009-08-05 20:01 . 2007-03-06 01:22 213216 c:\windows\ie7updates\KB938127-v2-IE7\spuninst.exe <br/>+ 2009-08-05 16:50 . 2008-10-16 01:00 666112 c:\windows\ie7\wininet.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:12 276480 c:\windows\ie7\webcheck.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:12 851968 c:\windows\ie7\vgx.dll <br/>+ 2009-08-05 16:50 . 2008-10-16 01:00 619520 c:\windows\ie7\urlmon.dll <br/>+ 2009-08-05 16:50 . 2006-09-06 16:43 371424 c:\windows\ie7\spuninst\updspapi.dll <br/>+ 2009-08-05 16:50 . 2006-09-06 16:43 213216 c:\windows\ie7\spuninst\spuninst.exe <br/>+ 2009-08-05 16:50 . 2008-04-14 00:12 532480 c:\windows\ie7\mstime.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:12 146432 c:\windows\ie7\msrating.dll <br/>+ 2009-08-05 16:50 . 2006-02-28 12:00 146432 c:\windows\ie7\msls31.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:11 449024 c:\windows\ie7\mshtmled.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:11 251904 c:\windows\ie7\iepeers.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:11 323584 c:\windows\ie7\iedkcs32.dll <br/>+ 2009-08-05 16:50 . 2006-02-28 12:00 221184 c:\windows\ie7\ieakui.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:11 216576 c:\windows\ie7\ieaksie.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:11 143360 c:\windows\ie7\ieakeng.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:11 205312 c:\windows\ie7\dxtrans.dll <br/>+ 2009-08-05 16:50 . 2008-04-14 00:11 357888 c:\windows\ie7\dxtmsft.dll <br/>+ 2009-08-04 18:56 . 2009-08-04 18:56 192512 c:\windows\ERDNT\04-08-2009\Users\00000002\UsrClass.dat <br/>+ 2009-08-04 18:54 . 2005-10-20 11:02 163328 c:\windows\ERDNT\04-08-2009\ERDNT.EXE <br/>+ 2009-01-05 14:44 . 2009-01-05 14:44 741376 c:\windows\Downloaded Program Files\ipsupd.dll <br/>+ 2009-01-05 14:44 . 2009-01-05 14:44 741376 c:\windows\BDOSCAN8\ipsupd.dll <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll <br/>+ 2008-07-29 07:05 . 2008-07-29 07:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll <br/>+ 2006-02-28 12:00 . 2009-06-29 16:12 1159680 c:\windows\system32\urlmon.dll <br/>+ 2001-09-25 13:39 . 2004-06-22 13:03 1044480 c:\windows\system32\roboex32.dll <br/>- 2001-09-25 13:39 . 2001-09-25 13:39 1044480 c:\windows\system32\roboex32.dll <br/>+ 2006-02-28 12:00 . 2009-07-19 18:03 3597824 c:\windows\system32\mshtml.dll <br/>+ 2008-01-25 20:47 . 2004-06-22 13:03 1060864 c:\windows\system32\MFC71.dll <br/>- 2008-01-25 20:47 . 2004-06-22 14:03 1060864 c:\windows\system32\MFC71.dll <br/>+ 2007-08-13 18:54 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll <br/>+ 2007-02-12 16:10 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat <br/>+ 2009-03-03 17:45 . 2009-06-29 16:12 1159680 c:\windows\system32\dllcache\urlmon.dll <br/>+ 2009-03-03 17:22 . 2009-07-19 18:03 3597824 c:\windows\system32\dllcache\mshtml.dll <br/>+ 2009-04-13 05:15 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll <br/>+ 2009-04-13 05:15 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat <br/>+ 2006-09-23 12:12 . 2006-09-23 12:12 1022976 c:\windows\system32\dllcache\browseui.dll <br/>+ 2009-08-07 19:38 . 2009-08-07 19:38 1859072 c:\windows\Installer\1a36db4.msi <br/>+ 2009-08-05 16:51 . 2007-08-13 17:54 1162240 c:\windows\ie7updates\KB972260-IE7\urlmon.dll <br/>+ 2009-08-05 16:51 . 2007-08-13 17:54 3578368 c:\windows\ie7updates\KB972260-IE7\mshtml.dll <br/>+ 2009-08-05 16:51 . 2009-04-29 04:55 6066176 c:\windows\ie7updates\KB972260-IE7\ieframe.dll <br/>+ 2009-08-05 16:51 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat <br/>+ 2009-08-05 16:50 . 2008-12-12 17:01 3067904 c:\windows\ie7\mshtml.dll <br/>+ 2009-08-04 18:56 . 2009-08-04 18:56 9170944 c:\windows\ERDNT\04-08-2009\Users\00000001\NTUSER.DAT <br/>+ 2009-04-04 06:35 . 2009-04-04 06:35 38325760 c:\windows\Installer\5eb740.msp <br/>. <br/>-- Snapshot reset to current date -- <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] <br/>"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] <br/>"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\system32\MIDIDEF.EXE [2007-12-12 31232] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] <br/>"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] <br/>"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-08-14 352256] <br/>"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024] <br/>"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008] <br/>"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] <br/>"HostManager"="c:\program files\Common Files\AOL\1249496189\ee\AOLSoftware.exe" [2006-09-26 50736] <br/>"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112] <br/>"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2007-12-12 23040] <br/> <br/>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896] <br/> <br/>c:\documents and settings\All Users\Start Menu\Programs\Startup\ <br/>AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2009-8-3 156784] <br/>AOL Companion.lnk - c:\program files\AOL Companion\companion.exe [2009-8-3 250992] <br/>WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2009-5-10 745472] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] <br/>@="Service" <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] <br/>"vsmon"=2 (0x2) <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= <br/>"c:\\Program Files\\Bonjour\\mDNSResponder.exe"= <br/>"c:\\Program Files\\iTunes\\iTunes.exe"= <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"c:\\WINDOWS\\system32\\mmc.exe"= <br/>"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= <br/>"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= <br/>"c:\\Program Files\\Mozilla Firefox\\firefox.exe"= <br/>"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= <br/>"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= <br/>"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= <br/>"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"= <br/>"c:\\Program Files\\AOL 9.0\\waol.exe"= <br/>"c:\\Program Files\\Common Files\\AOL\\1249496189\\ee\\aolsoftware.exe"= <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] <br/>"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 <br/>"19956:TCP"= 19956:TCP:BitComet 19956 TCP <br/>"19956:UDP"= 19956:UDP:BitComet 19956 UDP <br/> <br/>R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07/08/2009 20:55 64160] <br/>R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [29/01/2008 17:19 11264] <br/>R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/08/2009 19:02 114768] <br/>R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/08/2009 19:02 20560] <br/>R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/05/2009 13:59 66048] <br/>R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 15:49 1029456] <br/>R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [26/06/2008 19:03 33792] <br/>R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [12/12/2007 19:35 98328] <br/>R3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\system32\drivers\CTEDSPIO.sys [12/12/2007 19:37 134168] <br/>R3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\system32\drivers\CTEDSPSY.sys [12/12/2007 19:37 309784] <br/>S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [12/12/2007 19:35 98328] <br/>S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [12/12/2007 19:36 171032] <br/>S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [12/12/2007 19:36 171032] <br/>S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [12/12/2007 19:35 528920] <br/>S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [12/12/2007 19:35 528920] <br/>S3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\system32\drivers\CTEAPSFX.sys [12/12/2007 19:36 163352] <br/>S3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.sys [12/12/2007 19:36 163352] <br/>S3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\system32\drivers\CTEDSPFX.sys [12/12/2007 19:36 259096] <br/>S3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.sys [12/12/2007 19:36 259096] <br/>S3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.sys [12/12/2007 19:37 134168] <br/>S3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.sys [12/12/2007 19:37 309784] <br/>S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [12/12/2007 19:36 99352] <br/>S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [12/12/2007 19:36 99352] <br/>S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [12/12/2007 19:37 1324056] <br/>S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [12/12/2007 19:37 1324056] <br/>S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [12/12/2007 19:36 72728] <br/>S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [12/12/2007 19:36 72728] <br/>S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [12/12/2007 19:36 534040] <br/>S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [12/12/2007 19:36 534040] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] <br/>"c:\program files\Common Files\LightScribe\LSRunOnce.exe" <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/> <br/>2009-08-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job <br/>- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49] <br/> <br/>2009-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job <br/>- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] <br/>. <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uStart Page = about:blank <br/>uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s <br/>DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab <br/>FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ti6n65sr.default\ <br/>FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official <br/>FF - prefs.js: network.proxy.type - 4 <br/>FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll <br/>FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll <br/>FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll <br/>FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ <br/>. <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2009-08-07 22:35 <br/>Windows 5.1.2600 Service Pack 3 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/>. <br/>--------------------- DLLs Loaded Under Running Processes --------------------- <br/> <br/>- - - - - - - > 'explorer.exe'(2276) <br/>c:\windows\system32\WININET.dll <br/>c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll <br/>c:\windows\system32\ieframe.dll <br/>c:\windows\system32\WPDShServiceObj.dll <br/>c:\windows\system32\PortableDeviceTypes.dll <br/>c:\windows\system32\PortableDeviceApi.dll <br/>. <br/>Completion time: 2009-08-07 22:37 <br/>ComboFix-quarantined-files.txt 2009-08-07 21:37 <br/>ComboFix2.txt 2009-08-05 16:18 <br/>ComboFix3.txt 2009-08-05 16:07 <br/>ComboFix4.txt 2009-08-03 19:46 <br/>ComboFix5.txt 2009-08-07 21:27 <br/> <br/>Pre-Run: 91,723,845,632 bytes free <br/>Post-Run: 91,768,631,296 bytes free <br/> <br/>467 --- E O F --- 2009-07-29 02:03
Posted 8/8/2009 12:20 AM
#75815
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
That is looking good now. <br/> <br/> <br/>I do not recognize two folders that are showing in the log. Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" <br/> <br/>Right click My Computer, left click Explore, and use the plus + symbols to navigate to the following folders, and just let me know what is in them: <br/> <br/>c:\temp\ext256 <br/>c:\temp\ext2782 <br/> <br/>If they happen to be empty then go ahead and delete them. If their questionable value software is already uninstalled you can delete this folder as well: <br/> <br/>c:\program files\Enigma Software Group <br/> <br/> <br/>And now let's get a current online scan run, to verify nothing malicious remains there. <br/> <br/> <br/>Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes: <br/> <br/>Remove found threats <br/>Scan unwanted applications <br/> <br/>Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please. <br/> <br/> <br/>If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.
Posted 8/8/2009 1:49 AM
#75816
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
In ext256 there's nothing <br/> <br/>In ext2782 there's a file called update.exe <br/> <br/>Should I delete it? <br/> <br/>Tom
Posted 8/8/2009 10:30 AM
#75826
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Let's check a copy of that file. Just go here, press new topic, fill in the needed details and just give a link to your post back here. Then press the browse button and then navigate to & select the file (c:\temp\ext2782\update.exe) on your computer. <br/> <br/>Then for now rename it to update.exe.bad
Posted 8/8/2009 1:37 PM
#75830
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
OK :) <br/> <br/>Here it is <br/> <br/>http://thespykiller.co.uk/index.php/topic,8677.0.html <br/> <br/>and I've renamed it :)
Posted 8/8/2009 10:02 PM
#75840
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
I received the update.exe file, thanks. My best assessment is it is a Windows updater file, though the internal code indicates a Windows 2000 version. Post back the Eset log when ready please.
Posted 8/8/2009 11:43 PM
#75845
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
When you post back that Eset log, also run this scan. We need to check the registry information on all the services there, to make sure all are correct. <br/> <br/> <br/>Go here and download getservices.zip. <br/> <br/>Extract the file to the c:\ drive. Then navigate to the c:\getservice and double-click on the getservices.bat file. A notepad will open up. Please paste the contents of that notepad as a reply to this post.
Posted 8/9/2009 5:06 AM
#75847
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
Ok, here's the ESET log <br/> <br/>C:\System Volume Information\_restore{F623FF31-4737-4A48-A07E-C9B8DEE9AE00}\RP189\A0028221.exe a variant of Win32/TrojanDownloader.Swizzor.NCK trojan cleaned by deleting - quarantined <br/>C:\System Volume Information\_restore{F623FF31-4737-4A48-A07E-C9B8DEE9AE00}\RP189\A0028223.exe a variant of Win32/TrojanDownloader.Swizzor.NCL trojan cleaned by deleting - quarantined <br/> <br/> <br/>And here's the getservice log :) <br/> <br/> <br/> <br/>SERVICE_NAME: ALG <br/>DISPLAY_NAME: Application Layer Gateway Service <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1300 <br/> FLAGS : <br/> DESCRIPTION : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Application Layer Gateway Service <br/> SERVICE_START_NAME : NT AUTHORITY\LocalService <br/> <br/>SERVICE_NAME: AOL ACS <br/>DISPLAY_NAME: AOL Connectivity Service <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1908 <br/> FLAGS : <br/> DESCRIPTION : <br/> <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : AOL Connectivity Service <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: aswUpdSv <br/>DISPLAY_NAME: avast! iAVS4 Control Service <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1376 <br/> FLAGS : <br/> DESCRIPTION : Provides automatic updating for the avast! antivirus. <br/> <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" <br/> LOAD_ORDER_GROUP : ShellSvcGroup <br/> TAG : 0 <br/> DISPLAY_NAME : avast! iAVS4 Control Service <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: AudioSrv <br/>DISPLAY_NAME: Windows Audio <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : AudioGroup <br/> TAG : 0 <br/> DISPLAY_NAME : Windows Audio <br/> DEPENDENCIES : PlugPlay <br/> : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: avast! Antivirus <br/>DISPLAY_NAME: avast! Antivirus <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1508 <br/> FLAGS : <br/> DESCRIPTION : Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler. <br/> <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\ashServ.exe" <br/> LOAD_ORDER_GROUP : ShellSvcGroup <br/> TAG : 0 <br/> DISPLAY_NAME : avast! Antivirus <br/> DEPENDENCIES : aswMon2 <br/> : RpcSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: avast! Mail Scanner <br/>DISPLAY_NAME: avast! Mail Scanner <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 580 <br/> FLAGS : <br/> DESCRIPTION : Implements mail scanning for avast! antivirus. <br/> <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service <br/> LOAD_ORDER_GROUP : ShellSvcGroup <br/> TAG : 0 <br/> DISPLAY_NAME : avast! Mail Scanner <br/> DEPENDENCIES : avast! Antivirus <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: avast! Web Scanner <br/>DISPLAY_NAME: avast! Web Scanner <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 624 <br/> FLAGS : <br/> DESCRIPTION : Implements web (HTTP) scanning for avast! antivirus. <br/> <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service <br/> LOAD_ORDER_GROUP : ShellSvcGroup <br/> TAG : 0 <br/> DISPLAY_NAME : avast! Web Scanner <br/> DEPENDENCIES : avast! Antivirus <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: BITS <br/>DISPLAY_NAME: Background Intelligent Transfer Service <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Background Intelligent Transfer Service <br/> DEPENDENCIES : Rpcss <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: Cryptsvc <br/>DISPLAY_NAME: Cryptsvc <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : CryptSvc <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: DcomLaunch <br/>DISPLAY_NAME: DCOM Server Process Launcher <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 916 <br/> FLAGS : <br/> DESCRIPTION : Provides launch functionality for DCOM services. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k DcomLaunch <br/> LOAD_ORDER_GROUP : Event Log <br/> TAG : 0 <br/> DISPLAY_NAME : DCOM Server Process Launcher <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: Dhcp <br/>DISPLAY_NAME: DHCP Client <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Manages network configuration by registering and updating IP addresses and DNS names. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : TDI <br/> TAG : 0 <br/> DISPLAY_NAME : DHCP Client <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: dmserver <br/>DISPLAY_NAME: Logical Disk Manager <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Logical Disk Manager <br/> DEPENDENCIES : RpcSs <br/> : PlugPlay <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: Dnscache <br/>DISPLAY_NAME: DNS Client <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1160 <br/> FLAGS : <br/> DESCRIPTION : Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k NetworkService <br/> LOAD_ORDER_GROUP : TDI <br/> TAG : 0 <br/> DISPLAY_NAME : DNS Client <br/> DEPENDENCIES : Tcpip <br/> SERVICE_START_NAME : NT AUTHORITY\NetworkService <br/> <br/>SERVICE_NAME: ERSvc <br/>DISPLAY_NAME: Error Reporting Service <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Allows error reporting for services and applictions running in non-standard environments. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 0 IGNORE <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Error Reporting Service <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: Eventlog <br/>DISPLAY_NAME: Event Log <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 720 <br/> FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS <br/> DESCRIPTION : Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe <br/> LOAD_ORDER_GROUP : Event log <br/> TAG : 0 <br/> DISPLAY_NAME : Event Log <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: EventSystem <br/>DISPLAY_NAME: COM+ Event System <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : Network <br/> TAG : 0 <br/> DISPLAY_NAME : COM+ Event System <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: FastUserSwitchingCompatibility <br/>DISPLAY_NAME: Fast User Switching Compatibility <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Provides management for applications that require assistance in a multiple user environment. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Fast User Switching Compatibility <br/> DEPENDENCIES : TermService <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: helpsvc <br/>DISPLAY_NAME: Help and Support <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Help and Support <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: HTTPFilter <br/>DISPLAY_NAME: HTTP SSL <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 936 <br/> FLAGS : <br/> DESCRIPTION : This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k HTTPFilter <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : HTTP SSL <br/> DEPENDENCIES : HTTP <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: lanmanserver <br/>DISPLAY_NAME: Server <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Server <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: Lavasoft Ad-Aware Service <br/>DISPLAY_NAME: Lavasoft Ad-Aware Service <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1388 <br/> FLAGS : <br/> DESCRIPTION : Ad-Aware Service <br/> <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" <br/> LOAD_ORDER_GROUP : ShellSvcGroup <br/> TAG : 0 <br/> DISPLAY_NAME : Lavasoft Ad-Aware Service <br/> DEPENDENCIES : RpcSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: LmHosts <br/>DISPLAY_NAME: TCP/IP NetBIOS Helper <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1276 <br/> FLAGS : <br/> DESCRIPTION : Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService <br/> LOAD_ORDER_GROUP : TDI <br/> TAG : 0 <br/> DISPLAY_NAME : TCP/IP NetBIOS Helper <br/> DEPENDENCIES : NetBT <br/> : Afd <br/> SERVICE_START_NAME : NT AUTHORITY\LocalService <br/> <br/>SERVICE_NAME: Netman <br/>DISPLAY_NAME: Network Connections <br/> TYPE : 120 WIN32_SHARE_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections. <br/> <br/> TYPE : 120 WIN32_SHARE_PROCESS (interactive) <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Network Connections <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: Nla <br/>DISPLAY_NAME: Network Location Awareness (NLA) <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Collects and stores network configuration and location information, and notifies applications when this information changes. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Network Location Awareness (NLA) <br/> DEPENDENCIES : Tcpip <br/> : Afd <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: NMIndexingService <br/>DISPLAY_NAME: NMIndexingService <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1704 <br/> FLAGS : <br/> DESCRIPTION : <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : NMIndexingService <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: NVSvc <br/>DISPLAY_NAME: NVIDIA Display Driver Service <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1980 <br/> FLAGS : <br/> DESCRIPTION : Provides system and desktop level support to the NVIDIA display driver <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\nvsvc32.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : NVIDIA Display Driver Service <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: PlugPlay <br/>DISPLAY_NAME: Plug and Play <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 720 <br/> FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS <br/> DESCRIPTION : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe <br/> LOAD_ORDER_GROUP : PlugPlay <br/> TAG : 0 <br/> DISPLAY_NAME : Plug and Play <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: ProtectedStorage <br/>DISPLAY_NAME: Protected Storage <br/> TYPE : 120 WIN32_SHARE_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 732 <br/> FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS <br/> DESCRIPTION : Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. <br/> <br/> TYPE : 120 WIN32_SHARE_PROCESS (interactive) <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Protected Storage <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: RasMan <br/>DISPLAY_NAME: Remote Access Connection Manager <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Creates a network connection. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Remote Access Connection Manager <br/> DEPENDENCIES : Tapisrv <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: RpcSs <br/>DISPLAY_NAME: Remote Procedure Call (RPC) <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 4 RUNNING <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 964 <br/> FLAGS : <br/> DESCRIPTION : Provides the endpoint mapper and other miscellaneous RPC services. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss <br/> LOAD_ORDER_GROUP : COM Infrastructure <br/> TAG : 0 <br/> DISPLAY_NAME : Remote Procedure Call (RPC) <br/> SERVICE_START_NAME : NT Authority\NetworkService <br/> <br/>SERVICE_NAME: SamSs <br/>DISPLAY_NAME: Security Accounts Manager <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 732 <br/> FLAGS : SERVICE_RUNS_IN_SYSTEM_PROCESS <br/> DESCRIPTION : Stores security information for local user accounts. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe <br/> LOAD_ORDER_GROUP : LocalValidation <br/> TAG : 0 <br/> DISPLAY_NAME : Security Accounts Manager <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: Schedule <br/>DISPLAY_NAME: Task Scheduler <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : SchedulerGroup <br/> TAG : 0 <br/> DISPLAY_NAME : Task Scheduler <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: seclogon <br/>DISPLAY_NAME: Secondary Logon <br/> TYPE : 120 WIN32_SHARE_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 120 WIN32_SHARE_PROCESS (interactive) <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 0 IGNORE <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Secondary Logon <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: SENS <br/>DISPLAY_NAME: System Event Notification <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : Network <br/> TAG : 0 <br/> DISPLAY_NAME : System Event Notification <br/> DEPENDENCIES : EventSystem <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: SharedAccess <br/>DISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS) <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS) <br/> DEPENDENCIES : Netman <br/> : WinMgmt <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: ShellHWDetection <br/>DISPLAY_NAME: Shell Hardware Detection <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Provides notifications for AutoPlay hardware events. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 0 IGNORE <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : ShellSvcGroup <br/> TAG : 0 <br/> DISPLAY_NAME : Shell Hardware Detection <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: spooler <br/>DISPLAY_NAME: Print Spooler <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1824 <br/> FLAGS : <br/> DESCRIPTION : Loads files to memory for later printing. <br/> <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe <br/> LOAD_ORDER_GROUP : SpoolerGroup <br/> TAG : 0 <br/> DISPLAY_NAME : Print Spooler <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: srservice <br/>DISPLAY_NAME: System Restore Service <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : System Restore Service <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: SSDPSRV <br/>DISPLAY_NAME: SSDP Discovery Service <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1276 <br/> FLAGS : <br/> DESCRIPTION : Enables discovery of UPnP devices on your home network. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : SSDP Discovery Service <br/> DEPENDENCIES : HTTP <br/> SERVICE_START_NAME : NT AUTHORITY\LocalService <br/> <br/>SERVICE_NAME: stisvc <br/>DISPLAY_NAME: Windows Image Acquisition (WIA) <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 2032 <br/> FLAGS : <br/> DESCRIPTION : Provides image acquisition services for scanners and cameras. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k imgsvc <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Windows Image Acquisition (WIA) <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: TapiSrv <br/>DISPLAY_NAME: Telephony <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Telephony <br/> DEPENDENCIES : PlugPlay <br/> : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: TermService <br/>DISPLAY_NAME: Terminal Services <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 916 <br/> FLAGS : <br/> DESCRIPTION : Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost -k DComLaunch <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Terminal Services <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: Themes <br/>DISPLAY_NAME: Themes <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Provides user experience theme management. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : UIGroup <br/> TAG : 0 <br/> DISPLAY_NAME : Themes <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: TrkWks <br/>DISPLAY_NAME: Distributed Link Tracking Client <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Maintains links between NTFS files within a computer or across computers in a network domain. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Distributed Link Tracking Client <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: UMWdf <br/>DISPLAY_NAME: Windows User Mode Driver Framework <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 120 <br/> FLAGS : <br/> DESCRIPTION : Enables Windows user mode drivers. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\wdfmgr.exe <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Windows User Mode Driver Framework <br/> DEPENDENCIES : RpcSs <br/> SERVICE_START_NAME : NT AUTHORITY\LocalService <br/> <br/>SERVICE_NAME: usnjsvc <br/>DISPLAY_NAME: Messenger Sharing Folders USN Journal Reader service <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 3796 <br/> FLAGS : <br/> DESCRIPTION : Service installed by Messenger to enable sharing scenarios <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 3 DEMAND_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : "C:\Program Files\Windows Live\Messenger\usnsvc.exe" <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Messenger Sharing Folders USN Journal Reader service <br/> DEPENDENCIES : rpcss <br/> : eventlog <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: WebClient <br/>DISPLAY_NAME: WebClient <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1876 <br/> FLAGS : <br/> DESCRIPTION : Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 10 WIN32_OWN_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService <br/> LOAD_ORDER_GROUP : NetworkProvider <br/> TAG : 0 <br/> DISPLAY_NAME : WebClient <br/> DEPENDENCIES : MRxDAV <br/> SERVICE_START_NAME : NT AUTHORITY\LocalService <br/> <br/>SERVICE_NAME: winmgmt <br/>DISPLAY_NAME: Windows Management Instrumentation <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 0 IGNORE <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Windows Management Instrumentation <br/> DEPENDENCIES : RPCSS <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: wscsvc <br/>DISPLAY_NAME: Security Center <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Monitors system security settings and configurations. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Security Center <br/> DEPENDENCIES : RpcSs <br/> : winmgmt <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: wuauserv <br/>DISPLAY_NAME: Automatic Updates <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : <br/> TAG : 0 <br/> DISPLAY_NAME : Automatic Updates <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: WudfSvc <br/>DISPLAY_NAME: Windows Driver Foundation - User-mode Driver Framework <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1100 <br/> FLAGS : <br/> DESCRIPTION : Manages user-mode driver host processes <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup <br/> LOAD_ORDER_GROUP : PlugPlay <br/> TAG : 0 <br/> DISPLAY_NAME : Windows Driver Foundation - User-mode Driver Framework <br/> DEPENDENCIES : PlugPlay <br/> SERVICE_START_NAME : LocalSystem <br/> <br/>SERVICE_NAME: WZCSVC <br/>DISPLAY_NAME: Wireless Zero Configuration <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 4 RUNNING <br/> (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> PID : 1060 <br/> FLAGS : <br/> DESCRIPTION : Provides automatic configuration for the 802.11 adapters <br/> <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> START_TYPE : 2 AUTO_START <br/> ERROR_CONTROL : 1 NORMAL <br/> BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs <br/> LOAD_ORDER_GROUP : TDI <br/> TAG : 1 <br/> DISPLAY_NAME : Wireless Zero Configuration <br/> DEPENDENCIES : RpcSs <br/> : Ndisuio <br/> SERVICE_START_NAME : LocalSystem
Posted 8/9/2009 11:35 AM
#75855
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Good, those service paths and descriptions are all correct now, and the Eset scan only located infection that had stored itself in the System Restore, which we will be clearing out shortly. Before we consider some last steps to finish our work here post back how things are running please. Any problems we still need to address?
Posted 8/9/2009 4:04 PM
#75866
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
From what I can tell, no. <br/> <br/>The PC is running fine, though I'm concerned about the laptops health. <br/> <br/>Because I had seen the windows update icon appear in the lower-right hand corner without my consent before I used the flash drive thing that made the autorun file. This is what happened with the PC when it was full infected. <br/> <br/>Also, on startup, I'm given the option to run Microsoft Recovery Console or standard windows XP... does this mean something's wrong and should I be worried about it? <br/> <br/>Also, I have an external hard drive with many important files on it, I unplugged it when I caught onto the severity of the virus infestation... what do you recommend for my files safety? <br/> <br/>That's all of the problem at the moment <br/> <br/>Thank you so much :)
Posted 8/9/2009 7:05 PM
#75874
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
When you ran ComboFix it provided the means of installing the Recovery Console there. This is handy to have in case some future problem requires you access the system that way. The option is then added to your boot.ini file, and this is what you see when the computer first starts. As long as it defaults to the normal Windows bootup you should be fine. <br/> <br/>I am not sure about the other two issues. To check the external drive it will need to be installed to a system. But at least we have seen no indications of file infectors, like Virut, so should there be other types of malware on the external drive that become active we can address those. <br/> <br/>For now connect the external drive to this computer we have been working on. Then on both this computer and the latop, run the following scan and post back those logs (be sure to mention which one if from the laptop): <br/> <br/> To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. <br/> <br/> <br/> Then Go here and run the Kaspersky online scan, and post back the log it creates. <br/> <br/>To use the scan, accept the agreement and make sure you allow the ActiveX object to download and install (check the "yellow bar" at the top if needed to allow this). Once the Database download is completed, under Scan in the left column click My Computer to start the scan. This may take a very long time, so allow the scan to run and perhaps find something else to do. <br/> <br/>When the scan completes click View Scan Report. Then click Save Report As, and using the dropdown box save the report as "Files of Type: -> Text file (.txt)" to a location where you can find it again. Use any name you wish for the log. <br/> <br/>Then locate that log and copy/paste those contents back here please. <br/> <br/>The scan requires a good bit of database downloading and can take quite a while to complete.
Posted 8/9/2009 8:50 PM
#75880
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
It doesn't seem to want to work <br/> <br/>It was updating at first, then I got a message saying the download timed out (probably because someone had used the laptop to access the wireless network which slowed the net right down.) <br/> <br/>Now, whenever I open it and run the update <br/> <br/>"ERROR: Key is expired" <br/> <br/>I restarted, but it doesn't seem to work... what should I do?
Posted 8/10/2009 12:19 AM
#75884
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Check in Add/Remove Programs and see if the uninstaller for Kaspersky was created. If so, go ahead and uninstall it and try the scan again. If no uninstall option there do the following instead. <br/> <br/> <br/>Also, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" <br/> <br/>Then right click My Computer, left click Explore, and use the plus + symbols to navigate to the following folder: <br/> <br/>C:\Windows\Downloaded Program Files <br/> <br/>Check those items, and if any indicate being Kaspersky right click - Remove that.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, December 4, 2016, 7:38 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 3 new threads and 4 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.