View Full Version : help with virus removal!
crazyhazey33
2009-05-20, 06:49
windows will randomly open up a bunch of windows (my documents for example), and sometimes will power off right after signing in.
here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:32 PM, on 5/19/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Safe mode
Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files (x86)\Microsoft Works\WkDStore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
F2 - REG:system.ini: UserInit=userinit
O1 - Hosts: 66.118.142.137 ads.sup.com
O1 - Hosts: 66.118.142.137 servedby.advertising.com
O1 - Hosts: 66.118.142.137 cdn.eyewonder.com
O1 - Hosts: 66.118.142.137 ads.addynamix.com
O1 - Hosts: 66.118.142.137 gfx.klipmart.com
O1 - Hosts: 66.118.142.137 a.tribalfusion.com
O1 - Hosts: 66.118.142.137 mediamgr.ugo.com
O1 - Hosts: 66.118.142.137 dehp.myspace.com
O1 - Hosts: 66.118.142.137 demr.myspace.com
O1 - Hosts: 66.118.142.137 desk.myspace.com
O1 - Hosts: 66.118.142.137 delb.myspace.com
O1 - Hosts: 66.118.142.137 ads1.revenue.net
O1 - Hosts: 66.118.142.137 view.atdmt.com
O1 - Hosts: 66.118.142.137 rad.msn.com
O1 - Hosts: 66.118.142.137 themis.geocities.yahoo.com
O1 - Hosts: 66.118.142.137 ad.n2434.doubleclick.net
O1 - Hosts: 66.118.142.137 n3349ad.doubleclick.net
O1 - Hosts: 66.118.142.137 altfarm.mediaplex.com
O1 - Hosts: 66.118.142.137 ad.doubleclick.net
O1 - Hosts: 66.118.142.137 z1.adserver.com
O1 - Hosts: 66.118.142.137 ar1.atwola.com
O1 - Hosts: 66.118.142.137 disney.go.com
O1 - Hosts: 66.118.142.137 rcm.amazon.com
O1 - Hosts: 66.118.142.137 familyfun.go.com
O1 - Hosts: 66.118.142.137 dist.belnk.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Steve\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Steve\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Virus-Bursters] "C:\Program Files (x86)\Virus-Bursters\virus-bursters.exe" /h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://snyderdrug.lifepics.com/net/Uploader/LPUploader45.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
O22 - SharedTaskScheduler: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
--
any help would be appreciated. thanks guys!!!
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
Please note:-
Your log shows signs that this is a 64 bit machine.
Most of the tools we use don't run on 64 bit machines, so the help I can offer is limited.
I will do my best though :)
The following program/s are regarded as either "Rogue", being bundled with "Adware" or having dubious reputations
virus_bursters (http://www.bleepingcomputer.com/startups/virus_bursters.exe-16544.html)
I recommend that you remove Via Add/Remove Programs
OTScanIt
Please download OTS.exe (http://oldtimer.geekstogo.com/OTS.exe) by OldTimer and save it to your desktop.
Double click on OTS.exe to run it.
Put a checkmark in the Include 64Bit Scans box
Under Drivers section, select Non-Microsoft.
Click on the Run Scan button at the top left hand corner.
OTS will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.
crazyhazey33
2009-05-22, 07:34
Hi there. I really appreciate your help!!
I couldn't find "virus bursters" in the add/remove programs list, or in a file search for that matter...
For the OTS scan, I chose "all" under drivers as there were only "none", "safe-list" and "all" (not "non-microsoft")
Here is the log:
[code]
OTS logfile created on: 5/21/2009 11:28:48 PM - Run 1
OTS by OldTimer - Version 3.0.2.4 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.39 Mb Total Physical Memory | 705.69 Mb Available Physical Memory | 68.96% Memory free
2.44 Gb Paging File | 2.23 Gb Available in Paging File | 91.76% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 110.02 Gb Free Space | 47.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 26.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 1.90 Gb Total Space | 1.89 Gb Free Space | 99.13% Space Free | Partition Type: FAT
Computer Name: HAZELTONDESKTOP
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Include 64bit Scans
Whitelist: On
File Age = 30 Days
[Processes - Safe List]
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/10 14:01:28 | 00,611,664 | ---- | M] (Lavasoft)
iexplore.exe -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2009/03/03 14:43:34 | 00,636,072 | ---- | M] (Microsoft Corporation)
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/05/21 23:22:58 | 00,504,320 | ---- | M] (OldTimer Tools)
[Win32 Services - Safe List]
64bit-(AeLookupSvc) Application Experience Lookup Service [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> -> File not found
64bit-(ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -> [2007/04/12 22:33:24 | 00,045,920 | ---- | M] (Microsoft Corporation)
64bit-(AudioSrv) Windows Audio [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(BITS) Background Intelligent Transfer Service [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(Browser) Computer Browser [Win32_Shared | Auto | Running] -> -> File not found
64bit-(CiSvc) Indexing Service [Win32_Shared | Disabled | Stopped] -> -> File not found
64bit-(ClipSrv) ClipBook [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/04/13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation)
64bit-(clr_optimization_v2.0.50727_64) .NET Runtime Optimization Service v2.0.50727_x64 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2007/04/12 22:33:26 | 00,093,016 | ---- | M] (Microsoft Corporation)
64bit-(COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> -> File not found
64bit-(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> -> File not found
64bit-(Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> -> File not found
64bit-(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(dmserver) Logical Disk Manager [Win32_Shared | Auto | Running] -> -> File not found
64bit-(Dnscache) DNS Client [Win32_Shared | Auto | Running] -> -> File not found
64bit-(ERSvc) Error Reporting Service [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(Eventlog) Event Log [Win32_Shared | Auto | Running] -> -> File not found
64bit-(EventSystem) COM+ Event System [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2007/02/17 00:44:20 | 00,077,312 | ---- | M] (Microsoft Corporation)
64bit-(HidServ) HID Input Service [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(IASJet) IAS Jet Database Access [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\SysWOW64\iasrecst.dll -> [2006/04/04 07:00:00 | 00,162,816 | ---- | M] (Microsoft Corporation)
64bit-(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(lanmanserver) Server [Win32_Shared | Auto | Running] -> -> File not found
64bit-(lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> -> File not found
64bit-(LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> -> File not found
64bit-(Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> -> File not found
64bit-(mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(NetDDE) Network DDE [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(NetDDEdsdm) Network DDE DSDM [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(Netman) Network Connections [Win32_Shared | On_Demand | Running] -> -> File not found
64bit-(Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> -> File not found
64bit-(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> -> File not found
64bit-(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> -> File not found
64bit-(RemoteRegistry) Remote Registry [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(RpcSs) Remote Procedure Call (RPC) [Win32_Own | Auto | Running] -> -> File not found
64bit-(SamSs) Security Accounts Manager [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(Schedule) Task Scheduler [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(seclogon) Secondary Logon [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(SENS) System Event Notification [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> -> File not found
64bit-(ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(Spooler) Print Spooler [Win32_Own | Auto | Stopped] -> -> File not found
64bit-(srservice) System Restore Service [Win32_Shared | Auto | Running] -> -> File not found
64bit-(SSDPSRV) SSDP Discovery Service [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(stisvc) Windows Image Acquisition (WIA) [Win32_Own | Auto | Stopped] -> -> File not found
64bit-(swprv) Microsoft Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(SysmonLog) Performance Logs and Alerts [Win32_Own | Auto | Stopped] -> -> File not found
64bit-(TapiSrv) Telephony [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> -> File not found
64bit-(Themes) Themes [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(TlntSvr) Telnet [Win32_Own | Disabled | Stopped] -> -> File not found
64bit-(TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(upnphost) Universal Plug and Play Device Host [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(vds) Virtual Disk Service [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(W32Time) Windows Time [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(WebClient) WebClient [Win32_Own | Auto | Stopped] -> -> File not found
64bit-(WinHttpAutoProxySvc) WinHTTP Web Proxy Auto-Discovery Service [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> -> File not found
64bit-(Wmi) Windows Management Instrumentation Driver Extensions [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(wscsvc) Security Center [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(wuauserv) Automatic Updates [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(WZCSVC) Wireless Configuration [Win32_Shared | Auto | Running] -> -> File not found
64bit-(xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> -> File not found
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/10 14:01:28 | 00,611,664 | ---- | M] (Lavasoft)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -> [2007/04/12 22:33:24 | 00,045,920 | ---- | M] (Microsoft Corporation)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Stopped] -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/04/13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) .NET Runtime Optimization Service v2.0.50727_x64 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2007/04/12 22:33:26 | 00,093,016 | ---- | M] (Microsoft Corporation)
(gusvc) Google Software Updater [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/04/24 20:05:47 | 00,182,768 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2007/02/17 00:44:20 | 00,077,312 | ---- | M] (Microsoft Corporation)
(IASJet) IAS Jet Database Access [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\SysWOW64\iasrecst.dll -> [2006/04/04 07:00:00 | 00,162,816 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 02:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Stopped] -> C:\Program Files (x86)\Java\jre6\bin\jqs.exe -> [2008/11/10 06:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\SysWow64\netlogon.dll -> [2007/02/18 11:05:42 | 00,430,592 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -> [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
[Driver Services - All]
64bit-(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
64bit-(ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> -> File not found
64bit-(ACPIEC) ACPIEC [Kernel | Disabled | Stopped] -> -> File not found
64bit-(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
64bit-(adpu320) adpu320 [Kernel | Disabled | Stopped] -> -> File not found
64bit-(aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(AFD) AFD [Kernel | System | Running] -> -> File not found
64bit-(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
64bit-(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
64bit-(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
64bit-(AmdIde) AmdIde [Kernel | Disabled | Stopped] -> -> File not found
64bit-(AmdK8) AMD Processor Driver [Kernel | System | Stopped] -> -> File not found
64bit-(arc) arc [Kernel | Disabled | Stopped] -> -> File not found
64bit-(Arp1394) 1394 ARP Client Protocol [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> -> File not found
64bit-(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
64bit-(Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(audstub) Audio Stub Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Beep) Beep [Kernel | System | Running] -> -> File not found
64bit-(BlueletAudio) Bluetooth Audio Service [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(BlueletSCOAudio) Bluetooth SCO Audio Service [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(BT) Bluetooth PAN Network Adapter [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Btcsrusb) Bluetooth USB For Bluetooth Service [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(BTHidEnum) Bluetooth HID Enumerator [Kernel | Boot | Stopped] -> -> File not found
64bit-(BTHidMgr) Bluetooth HID Manager Service [Kernel | Boot | Stopped] -> -> File not found
64bit-(CdaC15BA) CdaC15BA [Kernel | Auto | Stopped] -> -> File not found
64bit-(CdaD10BA) CdaD10BA [Kernel | Auto | Stopped] -> -> File not found
64bit-(CDAVFS) CDAVFS [File_System | On_Demand | Stopped] -> -> File not found
64bit-(Cdfs) Cdfs [File_System | Disabled | Running] -> -> File not found
64bit-(Cdrom) CD-ROM Driver [Kernel | System | Running] -> -> File not found
64bit-(Changer) Changer [Kernel | System | Stopped] -> -> File not found
64bit-(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
64bit-(crcdisk) CRC Disk Filter Driver [Kernel | Boot | Running] -> -> File not found
64bit-(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Disk) Disk Driver [Kernel | Boot | Running] -> -> File not found
64bit-(dmboot) dmboot [Kernel | Disabled | Stopped] -> -> File not found
64bit-(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> -> File not found
64bit-(dmload) dmload [Kernel | Boot | Running] -> -> File not found
64bit-(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
64bit-(Fastfat) Fastfat [File_System | Disabled | Running] -> -> File not found
64bit-(Fdc) Floppy Disk Controller Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(Fips) Fips [Kernel | System | Stopped] -> -> File not found
64bit-(Flpydisk) Floppy Disk Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(FltMgr) FltMgr [File_System | Boot | Running] -> -> File not found
64bit-(Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> -> File not found
64bit-(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(GMSIPCI) GMSIPCI [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Gpc) Generic Packet Classifier [Kernel | On_Demand | Running] -> -> File not found
64bit-(HidUsb) Microsoft HID Class Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(HTTP) HTTP [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
64bit-(i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> -> File not found
64bit-(iirsp) iirsp [Kernel | Disabled | Stopped] -> -> File not found
64bit-(imapi) CD-Burning Filter Driver [Kernel | System | Running] -> -> File not found
64bit-(IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found
64bit-(Ip6Fw) IPv6 Windows Firewall Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(IpNat) IP Network Address Translator [Kernel | On_Demand | Running] -> -> File not found
64bit-(IPSec) IPSEC driver [Kernel | System | Running] -> -> File not found
64bit-(IRENUM) IR Enumerator Service [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> -> File not found
64bit-(Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> -> File not found
64bit-(kbdhid) Keyboard HID Driver [Kernel | System | Stopped] -> -> File not found
64bit-(kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(KSecDD) KSecDD [Kernel | Boot | Running] -> -> File not found
64bit-(ksthunk) Kernel Streaming WOW64 Thunk Service [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(mnmdd) mnmdd [Kernel | System | Stopped] -> -> File not found
64bit-(Modem) Modem [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Mouclass) Mouse Class Driver [Kernel | System | Running] -> -> File not found
64bit-(mouhid) Mouse HID Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(MountMgr) Mount Point Manager [Kernel | Boot | Running] -> -> File not found
64bit-(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
64bit-(MRxDAV) WebDav Client Redirector [File_System | On_Demand | Stopped] -> -> File not found
64bit-(MRxSmb) MRxSmb [File_System | System | Running] -> -> File not found
64bit-(Msfs) Msfs [File_System | System | Running] -> -> File not found
64bit-(MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(Mup) Mup [File_System | Boot | Running] -> -> File not found
64bit-(NDIS) NDIS System Driver [Kernel | Boot | Running] -> -> File not found
64bit-(NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Running] -> -> File not found
64bit-(NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> -> File not found
64bit-(NetBIOS) NetBIOS Interface [File_System | System | Running] -> -> File not found
64bit-(NetBT) NetBios over Tcpip [Kernel | System | Running] -> -> File not found
64bit-(NIC1394) 1394 Net Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Npfs) Npfs [File_System | System | Running] -> -> File not found
64bit-(Ntfs) Ntfs [File_System | Disabled | Running] -> -> File not found
64bit-(Null) Null [Kernel | System | Running] -> -> File not found
64bit-(nv) nv [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(nvata64) nvata64 [Kernel | Boot | Running] -> -> File not found
64bit-(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> -> File not found
64bit-(ohci1394) Texas Instruments OHCI Compliant IEEE 1394 Host Controller [Kernel | Boot | Running] -> -> File not found
64bit-(ossrv) Creative OS Services Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(P1764) Sound Blaster Audigy [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Parport) Parallel port driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(PartMgr) Partition Manager [Kernel | Boot | Running] -> -> File not found
64bit-(PCI) PCI Bus Driver [Kernel | Boot | Running] -> -> File not found
64bit-(PCIIde) PCIIde [Kernel | Boot | Running] -> -> File not found
64bit-(Pcmcia) Pcmcia [Kernel | Disabled | Stopped] -> -> File not found
64bit-(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> -> File not found
64bit-(Processor) Processor Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(PSched) QoS Packet Scheduler [Kernel | On_Demand | Running] -> -> File not found
64bit-(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(RasAcd) Remote Access Auto Connection Driver [Kernel | System | Running] -> -> File not found
64bit-(Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Running] -> -> File not found
64bit-(RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(Raspti) Direct Parallel [Kernel | On_Demand | Running] -> -> File not found
64bit-(Rdbss) Rdbss [File_System | System | Running] -> -> File not found
64bit-(RDPCDD) RDPCDD [Kernel | System | Running] -> -> File not found
64bit-(rdpdr) Terminal Server Device Redirector Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(RDPWD) RDPWD [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(redbook) Digital CD Audio Playback Filter Driver [Kernel | System | Running] -> -> File not found
64bit-(ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Secdrv) Security Driver [Kernel | Auto | Stopped] -> -> File not found
64bit-(serenum) Serenum Filter Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Serial) Serial port driver [Kernel | System | Stopped] -> -> File not found
64bit-(Sfloppy) Sfloppy [Kernel | System | Stopped] -> -> File not found
64bit-(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
64bit-(splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(sr) System Restore Filter Driver [File_System | Boot | Running] -> -> File not found
64bit-(Srv) Srv [File_System | On_Demand | Running] -> -> File not found
64bit-(swenum) Software Bus Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(swmidi) Microsoft Kernel GS Wavetable Synthesizer [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
64bit-(symmpi) symmpi [Kernel | Disabled | Stopped] -> -> File not found
64bit-(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
64bit-(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
64bit-(sysaudio) Microsoft Kernel System Audio Device [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> -> File not found
64bit-(TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(TermDD) Terminal Device Driver [Kernel | System | Running] -> -> File not found
64bit-(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
64bit-(Udfs) Udfs [File_System | Disabled | Stopped] -> -> File not found
64bit-(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
64bit-(Update) Microcode Update Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(usbccgp) Microsoft USB Generic Parent Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(usbhub) Microsoft USB Standard Hub Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(usbohci) Microsoft USB Open Host Controller Miniport Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(usbprint) Microsoft USB PRINTER Class [Kernel | On_Demand | Running] -> -> File not found
64bit-(usbscan) USB Scanner Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(USBSTOR) USB Mass Storage Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(VComm) Virtual Serial port driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(VcommMgr) Bluetooth VComm Manager Service [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(vga) vga [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(VgaSave) VGA Display Controller. [Kernel | System | Running] -> -> File not found
64bit-(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
64bit-(VolSnap) Storage volumes [Kernel | Boot | Running] -> -> File not found
64bit-(Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Wdf01000) Wdf01000 [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(winusb) WinUSB Service [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(WmBEnum) Logitech Virtual Bus Enumerator Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(WmFilter) Logitech Gaming HID Filter Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(WmVirHid) Logitech Virtual Hid Device Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(WmXlCore) Logitech WingMan Translation Layer Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [Kernel | Boot | Running] -> -> File not found
64bit-(WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [Kernel | On_Demand | Stopped] -> -> File not found
(CDAVFS) CDAVFS [File_System | On_Demand | Stopped] -> C:\WINDOWS\SysWow64\DRIVERS\CDAVFS.sys -> [2009/04/26 08:00:28 | 00,067,424 | ---- | M] (CyberDefender Corp.)
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SysWow64\Drivers\GEARAspiWDM.sys -> [2006/09/19 16:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.)
(mnmdd) mnmdd [Kernel | System | Stopped] -> C:\WINDOWS\SysWow64\mnmdd.dll -> [2006/04/04 07:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation)
(wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SysWow64\wdmaud.drv -> [2006/04/04 07:00:00 | 00,023,552 | ---- | M] (Microsoft Corporation)
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"First Home Page" -> http://go.microsoft.com/fwlink/?LinkId=54843 ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions -> ->
HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com -> C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/11/27 16:57:26 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
Hosts file not found -> ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/23 00:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{201f27d4-3704-41d6-89c1-aa35e39143ed} [HKLM] -> C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [AskBar BHO] -> [2008/08/06 16:20:04 | 00,279,944 | ---- | M] (Ask.com)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/11/10 06:43:31 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} [HKLM] -> C:\Documents and Settings\Steve\Local Settings\Application Data\CyberDefender\cdmyidd.dll [MyIdentityDefender] -> [2009/04/26 08:00:27 | 03,962,184 | ---- | M] (CyberDefender Corp.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009/04/24 19:54:25 | 00,259,696 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/04/15 22:52:56 | 00,668,656 | ---- | M] (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [Google Dictionary Compression sdch] -> [2009/04/24 19:54:24 | 00,470,512 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/11/10 06:43:16 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/11/10 06:43:17 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> [2009/04/24 19:54:25 | 00,259,696 | ---- | M] (Google Inc.)
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}" [HKLM] -> C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> [2008/08/06 16:20:04 | 00,279,944 | ---- | M] (Ask.com)
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}" [HKLM] -> C:\Documents and Settings\Steve\Local Settings\Application Data\CyberDefender\cdmyidd.dll [MyIdentityDefender] -> [2009/04/26 08:00:27 | 03,962,184 | ---- | M] (CyberDefender Corp.)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"NvCplDaemon" -> C:\WINDOWS\SysNative\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> File not found
"NvMediaCenter" -> C:\WINDOWS\SysNative\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> File not found
"nwiz" -> [nwiz.exe /install] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/01/11 23:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"CTSysVol" -> C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe ["C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r] -> [2005/02/15 18:10:16 | 00,057,344 | ---- | M] (Creative Technology Ltd)
"iTunesHelper" -> C:\Program Files (x86)\iTunes\iTunesHelper.exe ["C:\Program Files (x86)\iTunes\iTunesHelper.exe"] -> [2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.)
"P17Helper" -> C:\WINDOWS\SysWow64\P17.DLL [Rundll32 P17.dll,P17Helper] -> [2005/05/03 06:38:42 | 00,064,512 | R--- | M] ()
"QuickTime Task" -> C:\Program Files (x86)\QuickTime\qttask.exe ["C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime] -> [2008/09/06 15:09:14 | 00,413,696 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe ["C:\Program Files (x86)\Java\jre6\bin\jusched.exe"] -> [2008/11/10 06:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"UpdReg" -> C:\WINDOWS\UpdReg.EXE [C:\WINDOWS\UpdReg.EXE] -> [2000/05/11 03:00:00 | 00,090,112 | ---- | M] (Creative Technology Ltd.)
"Virus-Bursters" -> C:\Program Files (x86)\Virus-Bursters\virus-bursters.exe ["C:\Program Files (x86)\Virus-Bursters\virus-bursters.exe" /h] -> File not found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 03:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation)
< 64bit-CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"ForceActiveDesktopOn" -> [0] -> File not found
\\"HonorAutoRunSetting" -> [1] -> File not found
< 64bit-CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"scforceoption" -> [0] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"ForceActiveDesktopOn" -> [0] -> File not found
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"scforceoption" -> [0] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2007/02/18 11:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2007/02/18 11:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec [HKLM] -> C:\WINDOWS\bdoscandel.exe [Menu: Uninstall BitDefender Online Scanner v8] -> [2006/05/25 02:22:06 | 00,053,248 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
64bit-CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2007/02/18 11:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2007/02/18 11:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://www.apple.com/qtactivex/qtplugin.cab [QuickTime Object] ->
{0C92900E-4D5A-4F04-ACC9-729E1767BBAE} [HKLM] -> http://snyderdrug.lifepics.com/net/Uploader/LPUploader45.cab [Image Uploader Control] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] ->
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [HKLM] -> http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab [Reg Error: Key error.] ->
{1D6711C8-7154-40BB-8380-3DEA45B69CBF} [HKLM] -> [Reg Error: Key error.] ->
{4C39376E-FA9D-4349-BACC-D305C1750EF3} [HKLM] -> http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab [EPUImageControl Class] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab [MSN Photo Upload Tool] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> http://download.bitdefender.com/resources/scan8/oscan8.cab [BDSCANONLINE Control] ->
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} [HKLM] -> http://www3.ca.com/securityadvisor/virusinfo/webscan.cab [WScanCtl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} [HKLM] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab [ActiveScan Installer Class] ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab [Shockwave Flash Object] ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\Explorer.exe -> [2007/02/17 00:20:36 | 01,364,480 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
64bit-*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
%SystemRoot%\system32\logonui.exe -> C:\WINDOWS\SysNative\logonui.exe -> File not found
*MultiFile Done* -> ->
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL "sysdm.cpl" -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\SysWow64\Explorer.exe -> [2007/02/18 11:05:28 | 01,053,184 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*System* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System ->
lsass.exe -> -> File not found
*MultiFile Done* -> ->
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
crypt32chain -> -> File not found
cryptnet -> -> File not found
cscdll -> -> File not found
dimsntfy -> -> File not found
ScCertProp -> -> File not found
Schedule -> -> File not found
sclgntfy -> -> File not found
SensLogn -> -> File not found
termsrv -> -> File not found
wlballoon -> -> File not found
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
ScCertProp -> -> File not found
Schedule -> -> File not found
SensLogn -> -> File not found
wlballoon -> -> File not found
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKLM] -> C:\WINDOWS\SysNative\stobject.dll [SysTray] -> File not found
"{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKLM] -> C:\WINDOWS\SysNative\WPDShServiceObj.dll [WPDShServiceObj] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{588599f4-de26-4c28-ba14-f4eb17e33481}" [HKLM] -> Reg Error: Key error. [emptins] -> File not found
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
"{588599f4-de26-4c28-ba14-f4eb17e33481}" [HKLM] -> Reg Error: Key error. [emptins] -> File not found
< 64bit-ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\
crazyhazey33
2009-05-22, 07:36
Hi there. I really appreciate your help!!
I couldn't find "virus bursters" in the add/remove programs list, or in a file search for that matter...
For the OTS scan, I chose "all" under drivers as there were only "none", "safe-list" and "all" (not "non-microsoft")
Here is the log:
[code]
OTS logfile created on: 5/21/2009 11:28:48 PM - Run 1
OTS by OldTimer - Version 3.0.2.4 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.39 Mb Total Physical Memory | 705.69 Mb Available Physical Memory | 68.96% Memory free
2.44 Gb Paging File | 2.23 Gb Available in Paging File | 91.76% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 110.02 Gb Free Space | 47.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 26.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 1.90 Gb Total Space | 1.89 Gb Free Space | 99.13% Space Free | Partition Type: FAT
Computer Name: HAZELTONDESKTOP
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Include 64bit Scans
Whitelist: On
File Age = 30 Days
[Processes - Safe List]
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/10 14:01:28 | 00,611,664 | ---- | M] (Lavasoft)
iexplore.exe -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2009/03/03 14:43:34 | 00,636,072 | ---- | M] (Microsoft Corporation)
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/05/21 23:22:58 | 00,504,320 | ---- | M] (OldTimer Tools)
[Win32 Services - Safe List]
64bit-(AeLookupSvc) Application Experience Lookup Service [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> -> File not found
64bit-(ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -> [2007/04/12 22:33:24 | 00,045,920 | ---- | M] (Microsoft Corporation)
64bit-(AudioSrv) Windows Audio [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(BITS) Background Intelligent Transfer Service [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(Browser) Computer Browser [Win32_Shared | Auto | Running] -> -> File not found
64bit-(CiSvc) Indexing Service [Win32_Shared | Disabled | Stopped] -> -> File not found
64bit-(ClipSrv) ClipBook [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/04/13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation)
64bit-(clr_optimization_v2.0.50727_64) .NET Runtime Optimization Service v2.0.50727_x64 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2007/04/12 22:33:26 | 00,093,016 | ---- | M] (Microsoft Corporation)
64bit-(COMSysApp) COM+ System Application [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> -> File not found
64bit-(DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> -> File not found
64bit-(Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> -> File not found
64bit-(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(dmserver) Logical Disk Manager [Win32_Shared | Auto | Running] -> -> File not found
64bit-(Dnscache) DNS Client [Win32_Shared | Auto | Running] -> -> File not found
64bit-(ERSvc) Error Reporting Service [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(Eventlog) Event Log [Win32_Shared | Auto | Running] -> -> File not found
64bit-(EventSystem) COM+ Event System [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2007/02/17 00:44:20 | 00,077,312 | ---- | M] (Microsoft Corporation)
64bit-(HidServ) HID Input Service [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(IASJet) IAS Jet Database Access [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\SysWOW64\iasrecst.dll -> [2006/04/04 07:00:00 | 00,162,816 | ---- | M] (Microsoft Corporation)
64bit-(ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(lanmanserver) Server [Win32_Shared | Auto | Running] -> -> File not found
64bit-(lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> -> File not found
64bit-(LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> -> File not found
64bit-(Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> -> File not found
64bit-(mnmsrvc) NetMeeting Remote Desktop Sharing [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(NetDDE) Network DDE [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(NetDDEdsdm) Network DDE DSDM [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(Netman) Network Connections [Win32_Shared | On_Demand | Running] -> -> File not found
64bit-(Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> -> File not found
64bit-(PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> -> File not found
64bit-(PolicyAgent) IPSEC Services [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(ProtectedStorage) Protected Storage [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> -> File not found
64bit-(RemoteRegistry) Remote Registry [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(RpcSs) Remote Procedure Call (RPC) [Win32_Own | Auto | Running] -> -> File not found
64bit-(SamSs) Security Accounts Manager [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(Schedule) Task Scheduler [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(seclogon) Secondary Logon [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(SENS) System Event Notification [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> -> File not found
64bit-(ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(Spooler) Print Spooler [Win32_Own | Auto | Stopped] -> -> File not found
64bit-(srservice) System Restore Service [Win32_Shared | Auto | Running] -> -> File not found
64bit-(SSDPSRV) SSDP Discovery Service [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(stisvc) Windows Image Acquisition (WIA) [Win32_Own | Auto | Stopped] -> -> File not found
64bit-(swprv) Microsoft Software Shadow Copy Provider [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(SysmonLog) Performance Logs and Alerts [Win32_Own | Auto | Stopped] -> -> File not found
64bit-(TapiSrv) Telephony [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> -> File not found
64bit-(Themes) Themes [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(TlntSvr) Telnet [Win32_Own | Disabled | Stopped] -> -> File not found
64bit-(TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(upnphost) Universal Plug and Play Device Host [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(vds) Virtual Disk Service [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(W32Time) Windows Time [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(WebClient) WebClient [Win32_Own | Auto | Stopped] -> -> File not found
64bit-(WinHttpAutoProxySvc) WinHTTP Web Proxy Auto-Discovery Service [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> -> File not found
64bit-(Wmi) Windows Management Instrumentation Driver Extensions [Win32_Shared | On_Demand | Stopped] -> -> File not found
64bit-(WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> -> File not found
64bit-(wscsvc) Security Center [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(wuauserv) Automatic Updates [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | Auto | Stopped] -> -> File not found
64bit-(WZCSVC) Wireless Configuration [Win32_Shared | Auto | Running] -> -> File not found
64bit-(xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> -> File not found
(aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe -> [2008/09/10 14:01:28 | 00,611,664 | ---- | M] (Lavasoft)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -> [2007/04/12 22:33:24 | 00,045,920 | ---- | M] (Microsoft Corporation)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Stopped] -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/04/13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) .NET Runtime Optimization Service v2.0.50727_x64 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2007/04/12 22:33:26 | 00,093,016 | ---- | M] (Microsoft Corporation)
(gusvc) Google Software Updater [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/04/24 20:05:47 | 00,182,768 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2007/02/17 00:44:20 | 00,077,312 | ---- | M] (Microsoft Corporation)
(IASJet) IAS Jet Database Access [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\SysWOW64\iasrecst.dll -> [2006/04/04 07:00:00 | 00,162,816 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 02:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Stopped] -> C:\Program Files (x86)\Java\jre6\bin\jqs.exe -> [2008/11/10 06:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\SysWow64\netlogon.dll -> [2007/02/18 11:05:42 | 00,430,592 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -> [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
[Driver Services - All]
64bit-(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
64bit-(ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> -> File not found
64bit-(ACPIEC) ACPIEC [Kernel | Disabled | Stopped] -> -> File not found
64bit-(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
64bit-(adpu320) adpu320 [Kernel | Disabled | Stopped] -> -> File not found
64bit-(aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(AFD) AFD [Kernel | System | Running] -> -> File not found
64bit-(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
64bit-(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
64bit-(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
64bit-(AmdIde) AmdIde [Kernel | Disabled | Stopped] -> -> File not found
64bit-(AmdK8) AMD Processor Driver [Kernel | System | Stopped] -> -> File not found
64bit-(arc) arc [Kernel | Disabled | Stopped] -> -> File not found
64bit-(Arp1394) 1394 ARP Client Protocol [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> -> File not found
64bit-(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
64bit-(Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(audstub) Audio Stub Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Beep) Beep [Kernel | System | Running] -> -> File not found
64bit-(BlueletAudio) Bluetooth Audio Service [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(BlueletSCOAudio) Bluetooth SCO Audio Service [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(BT) Bluetooth PAN Network Adapter [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Btcsrusb) Bluetooth USB For Bluetooth Service [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(BTHidEnum) Bluetooth HID Enumerator [Kernel | Boot | Stopped] -> -> File not found
64bit-(BTHidMgr) Bluetooth HID Manager Service [Kernel | Boot | Stopped] -> -> File not found
64bit-(CdaC15BA) CdaC15BA [Kernel | Auto | Stopped] -> -> File not found
64bit-(CdaD10BA) CdaD10BA [Kernel | Auto | Stopped] -> -> File not found
64bit-(CDAVFS) CDAVFS [File_System | On_Demand | Stopped] -> -> File not found
64bit-(Cdfs) Cdfs [File_System | Disabled | Running] -> -> File not found
64bit-(Cdrom) CD-ROM Driver [Kernel | System | Running] -> -> File not found
64bit-(Changer) Changer [Kernel | System | Stopped] -> -> File not found
64bit-(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
64bit-(crcdisk) CRC Disk Filter Driver [Kernel | Boot | Running] -> -> File not found
64bit-(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Disk) Disk Driver [Kernel | Boot | Running] -> -> File not found
64bit-(dmboot) dmboot [Kernel | Disabled | Stopped] -> -> File not found
64bit-(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> -> File not found
64bit-(dmload) dmload [Kernel | Boot | Running] -> -> File not found
64bit-(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
64bit-(Fastfat) Fastfat [File_System | Disabled | Running] -> -> File not found
64bit-(Fdc) Floppy Disk Controller Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(Fips) Fips [Kernel | System | Stopped] -> -> File not found
64bit-(Flpydisk) Floppy Disk Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(FltMgr) FltMgr [File_System | Boot | Running] -> -> File not found
64bit-(Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> -> File not found
64bit-(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(GMSIPCI) GMSIPCI [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Gpc) Generic Packet Classifier [Kernel | On_Demand | Running] -> -> File not found
64bit-(HidUsb) Microsoft HID Class Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(HTTP) HTTP [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
64bit-(i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> -> File not found
64bit-(iirsp) iirsp [Kernel | Disabled | Stopped] -> -> File not found
64bit-(imapi) CD-Burning Filter Driver [Kernel | System | Running] -> -> File not found
64bit-(IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found
64bit-(Ip6Fw) IPv6 Windows Firewall Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(IpNat) IP Network Address Translator [Kernel | On_Demand | Running] -> -> File not found
64bit-(IPSec) IPSEC driver [Kernel | System | Running] -> -> File not found
64bit-(IRENUM) IR Enumerator Service [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> -> File not found
64bit-(Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> -> File not found
64bit-(kbdhid) Keyboard HID Driver [Kernel | System | Stopped] -> -> File not found
64bit-(kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(KSecDD) KSecDD [Kernel | Boot | Running] -> -> File not found
64bit-(ksthunk) Kernel Streaming WOW64 Thunk Service [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(mnmdd) mnmdd [Kernel | System | Stopped] -> -> File not found
64bit-(Modem) Modem [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Mouclass) Mouse Class Driver [Kernel | System | Running] -> -> File not found
64bit-(mouhid) Mouse HID Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(MountMgr) Mount Point Manager [Kernel | Boot | Running] -> -> File not found
64bit-(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
64bit-(MRxDAV) WebDav Client Redirector [File_System | On_Demand | Stopped] -> -> File not found
64bit-(MRxSmb) MRxSmb [File_System | System | Running] -> -> File not found
64bit-(Msfs) Msfs [File_System | System | Running] -> -> File not found
64bit-(MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(Mup) Mup [File_System | Boot | Running] -> -> File not found
64bit-(NDIS) NDIS System Driver [Kernel | Boot | Running] -> -> File not found
64bit-(NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Running] -> -> File not found
64bit-(NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> -> File not found
64bit-(NetBIOS) NetBIOS Interface [File_System | System | Running] -> -> File not found
64bit-(NetBT) NetBios over Tcpip [Kernel | System | Running] -> -> File not found
64bit-(NIC1394) 1394 Net Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Npfs) Npfs [File_System | System | Running] -> -> File not found
64bit-(Ntfs) Ntfs [File_System | Disabled | Running] -> -> File not found
64bit-(Null) Null [Kernel | System | Running] -> -> File not found
64bit-(nv) nv [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(nvata64) nvata64 [Kernel | Boot | Running] -> -> File not found
64bit-(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> -> File not found
64bit-(ohci1394) Texas Instruments OHCI Compliant IEEE 1394 Host Controller [Kernel | Boot | Running] -> -> File not found
64bit-(ossrv) Creative OS Services Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(P1764) Sound Blaster Audigy [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Parport) Parallel port driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(PartMgr) Partition Manager [Kernel | Boot | Running] -> -> File not found
64bit-(PCI) PCI Bus Driver [Kernel | Boot | Running] -> -> File not found
64bit-(PCIIde) PCIIde [Kernel | Boot | Running] -> -> File not found
64bit-(Pcmcia) Pcmcia [Kernel | Disabled | Stopped] -> -> File not found
64bit-(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> -> File not found
64bit-(Processor) Processor Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(PSched) QoS Packet Scheduler [Kernel | On_Demand | Running] -> -> File not found
64bit-(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(RasAcd) Remote Access Auto Connection Driver [Kernel | System | Running] -> -> File not found
64bit-(Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Running] -> -> File not found
64bit-(RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(Raspti) Direct Parallel [Kernel | On_Demand | Running] -> -> File not found
64bit-(Rdbss) Rdbss [File_System | System | Running] -> -> File not found
64bit-(RDPCDD) RDPCDD [Kernel | System | Running] -> -> File not found
64bit-(rdpdr) Terminal Server Device Redirector Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(RDPWD) RDPWD [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(redbook) Digital CD Audio Playback Filter Driver [Kernel | System | Running] -> -> File not found
64bit-(ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Secdrv) Security Driver [Kernel | Auto | Stopped] -> -> File not found
64bit-(serenum) Serenum Filter Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Serial) Serial port driver [Kernel | System | Stopped] -> -> File not found
64bit-(Sfloppy) Sfloppy [Kernel | System | Stopped] -> -> File not found
64bit-(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
64bit-(splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(sr) System Restore Filter Driver [File_System | Boot | Running] -> -> File not found
64bit-(Srv) Srv [File_System | On_Demand | Running] -> -> File not found
64bit-(swenum) Software Bus Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(swmidi) Microsoft Kernel GS Wavetable Synthesizer [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
64bit-(symmpi) symmpi [Kernel | Disabled | Stopped] -> -> File not found
64bit-(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
64bit-(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
64bit-(sysaudio) Microsoft Kernel System Audio Device [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> -> File not found
64bit-(TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(TermDD) Terminal Device Driver [Kernel | System | Running] -> -> File not found
64bit-(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
64bit-(Udfs) Udfs [File_System | Disabled | Stopped] -> -> File not found
64bit-(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
64bit-(Update) Microcode Update Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(usbccgp) Microsoft USB Generic Parent Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(usbhub) Microsoft USB Standard Hub Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(usbohci) Microsoft USB Open Host Controller Miniport Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(usbprint) Microsoft USB PRINTER Class [Kernel | On_Demand | Running] -> -> File not found
64bit-(usbscan) USB Scanner Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(USBSTOR) USB Mass Storage Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(VComm) Virtual Serial port driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(VcommMgr) Bluetooth VComm Manager Service [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(vga) vga [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(VgaSave) VGA Display Controller. [Kernel | System | Running] -> -> File not found
64bit-(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
64bit-(VolSnap) Storage volumes [Kernel | Boot | Running] -> -> File not found
64bit-(Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(Wdf01000) Wdf01000 [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(winusb) WinUSB Service [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(WmBEnum) Logitech Virtual Bus Enumerator Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(WmFilter) Logitech Gaming HID Filter Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(WmVirHid) Logitech Virtual Hid Device Driver [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(WmXlCore) Logitech WingMan Translation Layer Driver [Kernel | On_Demand | Running] -> -> File not found
64bit-(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> -> File not found
64bit-(WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [Kernel | Boot | Running] -> -> File not found
64bit-(WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [Kernel | On_Demand | Stopped] -> -> File not found
(CDAVFS) CDAVFS [File_System | On_Demand | Stopped] -> C:\WINDOWS\SysWow64\DRIVERS\CDAVFS.sys -> [2009/04/26 08:00:28 | 00,067,424 | ---- | M] (CyberDefender Corp.)
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SysWow64\Drivers\GEARAspiWDM.sys -> [2006/09/19 16:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.)
(mnmdd) mnmdd [Kernel | System | Stopped] -> C:\WINDOWS\SysWow64\mnmdd.dll -> [2006/04/04 07:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation)
(wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\SysWow64\wdmaud.drv -> [2006/04/04 07:00:00 | 00,023,552 | ---- | M] (Microsoft Corporation)
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"First Home Page" -> http://go.microsoft.com/fwlink/?LinkId=54843 ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions -> ->
HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com -> C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2008/11/27 16:57:26 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
Hosts file not found -> ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/23 00:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{201f27d4-3704-41d6-89c1-aa35e39143ed} [HKLM] -> C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [AskBar BHO] -> [2008/08/06 16:20:04 | 00,279,944 | ---- | M] (Ask.com)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/11/10 06:43:31 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} [HKLM] -> C:\Documents and
crazyhazey33
2009-05-22, 07:37
Settings\Steve\Local Settings\Application Data\CyberDefender\cdmyidd.dll [MyIdentityDefender] -> [2009/04/26 08:00:27 | 03,962,184 | ---- | M] (CyberDefender Corp.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009/04/24 19:54:25 | 00,259,696 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [Google Toolbar Notifier BHO] -> [2009/04/15 22:52:56 | 00,668,656 | ---- | M] (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [Google Dictionary Compression sdch] -> [2009/04/24 19:54:24 | 00,470,512 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/11/10 06:43:16 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/11/10 06:43:17 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar] -> [2009/04/24 19:54:25 | 00,259,696 | ---- | M] (Google Inc.)
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}" [HKLM] -> C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> [2008/08/06 16:20:04 | 00,279,944 | ---- | M] (Ask.com)
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}" [HKLM] -> C:\Documents and Settings\Steve\Local Settings\Application Data\CyberDefender\cdmyidd.dll [MyIdentityDefender] -> [2009/04/26 08:00:27 | 03,962,184 | ---- | M] (CyberDefender Corp.)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"NvCplDaemon" -> C:\WINDOWS\SysNative\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> File not found
"NvMediaCenter" -> C:\WINDOWS\SysNative\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> File not found
"nwiz" -> [nwiz.exe /install] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/01/11 23:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"CTSysVol" -> C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe ["C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r] -> [2005/02/15 18:10:16 | 00,057,344 | ---- | M] (Creative Technology Ltd)
"iTunesHelper" -> C:\Program Files (x86)\iTunes\iTunesHelper.exe ["C:\Program Files (x86)\iTunes\iTunesHelper.exe"] -> [2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.)
"P17Helper" -> C:\WINDOWS\SysWow64\P17.DLL [Rundll32 P17.dll,P17Helper] -> [2005/05/03 06:38:42 | 00,064,512 | R--- | M] ()
"QuickTime Task" -> C:\Program Files (x86)\QuickTime\qttask.exe ["C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime] -> [2008/09/06 15:09:14 | 00,413,696 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe ["C:\Program Files (x86)\Java\jre6\bin\jusched.exe"] -> [2008/11/10 06:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"UpdReg" -> C:\WINDOWS\UpdReg.EXE [C:\WINDOWS\UpdReg.EXE] -> [2000/05/11 03:00:00 | 00,090,112 | ---- | M] (Creative Technology Ltd.)
"Virus-Bursters" -> C:\Program Files (x86)\Virus-Bursters\virus-bursters.exe ["C:\Program Files (x86)\Virus-Bursters\virus-bursters.exe" /h] -> File not found
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 03:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation)
< 64bit-CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"ForceActiveDesktopOn" -> [0] -> File not found
\\"HonorAutoRunSetting" -> [1] -> File not found
< 64bit-CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
64bit-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"scforceoption" -> [0] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"ForceActiveDesktopOn" -> [0] -> File not found
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"scforceoption" -> [0] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2007/02/18 11:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2007/02/18 11:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec [HKLM] -> C:\WINDOWS\bdoscandel.exe [Menu: Uninstall BitDefender Online Scanner v8] -> [2006/05/25 02:22:06 | 00,053,248 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
64bit-CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2007/02/18 11:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2007/02/18 11:05:40 | 01,681,920 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://www.apple.com/qtactivex/qtplugin.cab [QuickTime Object] ->
{0C92900E-4D5A-4F04-ACC9-729E1767BBAE} [HKLM] -> http://snyderdrug.lifepics.com/net/Uploader/LPUploader45.cab [Image Uploader Control] ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] ->
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} [HKLM] -> http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab [Reg Error: Key error.] ->
{1D6711C8-7154-40BB-8380-3DEA45B69CBF} [HKLM] -> [Reg Error: Key error.] ->
{4C39376E-FA9D-4349-BACC-D305C1750EF3} [HKLM] -> http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab [EPUImageControl Class] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab [MSN Photo Upload Tool] ->
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> http://download.bitdefender.com/resources/scan8/oscan8.cab [BDSCANONLINE Control] ->
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} [HKLM] -> http://www3.ca.com/securityadvisor/virusinfo/webscan.cab [WScanCtl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} [HKLM] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab [ActiveScan Installer Class] ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab [Shockwave Flash Object] ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\Explorer.exe -> [2007/02/17 00:20:36 | 01,364,480 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
64bit-*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
%SystemRoot%\system32\logonui.exe -> C:\WINDOWS\SysNative\logonui.exe -> File not found
*MultiFile Done* -> ->
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL "sysdm.cpl" -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\SysWow64\Explorer.exe -> [2007/02/18 11:05:28 | 01,053,184 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*System* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System ->
lsass.exe -> -> File not found
*MultiFile Done* -> ->
< 64bit-Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
crypt32chain -> -> File not found
cryptnet -> -> File not found
cscdll -> -> File not found
dimsntfy -> -> File not found
ScCertProp -> -> File not found
Schedule -> -> File not found
sclgntfy -> -> File not found
SensLogn -> -> File not found
termsrv -> -> File not found
wlballoon -> -> File not found
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
ScCertProp -> -> File not found
Schedule -> -> File not found
SensLogn -> -> File not found
wlballoon -> -> File not found
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKLM] -> C:\WINDOWS\SysNative\stobject.dll [SysTray] -> File not found
"{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKLM] -> C:\WINDOWS\SysNative\WPDShServiceObj.dll [WPDShServiceObj] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{588599f4-de26-4c28-ba14-f4eb17e33481}" [HKLM] -> Reg Error: Key error. [emptins] -> File not found
< SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
"{588599f4-de26-4c28-ba14-f4eb17e33481}" [HKLM] -> Reg Error: Key error. [emptins] -> File not found
< 64bit-ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" [HKLM] -> [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\
\SecurityProviders ->
64bit-*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
msapsspc.dll -> -> File not found
schannel.dll -> -> File not found
digest.dll -> -> File not found
msnsspc.dll -> -> File not found
*MultiFile Done* -> ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\SysWow64\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found
"C:\Documents and Settings\John\Application Data\U3\0000060424060026\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe" -> C:\Documents and Settings\John\Application Data\U3\0000060424060026\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe [C:\Documents and Settings\John\Application Data\U3\0000060424060026\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Disabled:Skype] -> File not found
"C:\Games\NFS Carbon\nfsc.exe" -> C:\Games\NFS Carbon\nfsc.exe [C:\Games\NFS Carbon\nfsc.exe:*:Enabled:nfsc] -> File not found
"C:\Games\NFSCarbon\NFSC.exe" -> C:\Games\NFSCarbon\NFSC.exe [C:\Games\NFSCarbon\NFSC.exe:*:Enabled:NFSC] -> File not found
"C:\Program Files (x86)\BitTornado\btdownloadgui.exe" -> C:\Program Files (x86)\BitTornado\btdownloadgui.exe [C:\Program Files (x86)\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui] -> File not found
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe" -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe [C:\Program Files (x86)\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files (x86)\CyberDefender\AntiSpyware\cdas4.exe" -> C:\Program Files (x86)\CyberDefender\AntiSpyware\cdas4.exe [C:\Program Files (x86)\CyberDefender\AntiSpyware\cdas4.exe:*:Enabled:CyberDefender Internet Security] -> [2009/04/26 08:00:30 | 00,669,000 | ---- | M] (CyberDefender Corp.)
"C:\Program Files (x86)\iTunes\iTunes.exe" -> C:\Program Files (x86)\iTunes\iTunes.exe [C:\Program Files (x86)\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/09/10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.)
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe" -> C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe [C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Disabled:BlueSoleil] -> File not found
"C:\Program Files (x86)\Kazaa\kazaa.exe" -> C:\Program Files (x86)\Kazaa\kazaa.exe [C:\Program Files (x86)\Kazaa\kazaa.exe:*:Disabled:Kazaa] -> File not found
"C:\Program Files (x86)\LimeWire\LimeWire.exe" -> C:\Program Files (x86)\LimeWire\LimeWire.exe [C:\Program Files (x86)\LimeWire\LimeWire.exe:*:Disabled:LimeWire] -> File not found
"C:\Program Files (x86)\Morpheus\Morpheus.exe" -> C:\Program Files (x86)\Morpheus\Morpheus.exe [C:\Program Files (x86)\Morpheus\Morpheus.exe:*:Disabled:Morpheus] -> File not found
"C:\Program Files (x86)\Nero\Nero ShowTime\ShowTime.exe" -> C:\Program Files (x86)\Nero\Nero ShowTime\ShowTime.exe [C:\Program Files (x86)\Nero\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime] -> [2005/06/13 16:59:00 | 03,608,576 | ---- | M] (Nero Software AG)
"C:\Program Files (x86)\Speeditup Free\PCCheckUp\PCCheckUp.exe" -> C:\Program Files (x86)\Speeditup Free\PCCheckUp\PCCheckUp.exe [C:\Program Files (x86)\Speeditup Free\PCCheckUp\PCCheckUp.exe:*:Disabled:PCCheckUp] -> [2007/08/01 19:08:38 | 03,965,440 | ---- | M] (MicroSmarts LLC.)
"C:\StubInstaller.exe" -> C:\StubInstaller.exe [C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer] -> File not found
"C:\WINDOWS\system32\usmt\migwiz.exe" -> C:\WINDOWS\SysWow64\usmt\migwiz.exe [C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard] -> [2007/02/18 11:05:36 | 00,246,272 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\SysWOW64\P2P Networking\P2P Networking.exe" -> C:\WINDOWS\SysWOW64\P2P Networking\P2P Networking.exe [C:\WINDOWS\SysWOW64\P2P Networking\P2P Networking.exe:*:Disabled:P2P Networking] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> C:\WINDOWS\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/09/06 16:51:17 | 00,000,000 | ---- | M] ()
F:\autorun.inf [[AutoRun] | open=LaunchU3.exe -a | icon=LaunchU3.exe,0 | | [Definitions] | Launchpad=LaunchPad.exe | Vtype=2 | | [CopyFiles] | FileNumber=1 | File1=LaunchPad.zip | | [Update] | URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.4.0.4&brand=cruzer | | | [Comment] | brand=cruzer | ] -> F:\autorun.inf [ CDFS ] -> [2007/02/12 14:53:42 | 00,000,277 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/05/21 23:22:52 | 00,504,320 | ---- | C] (OldTimer Tools)
reg backup -> C:\Documents and Settings\Administrator\Desktop\reg backup -> [2009/05/19 19:21:01 | 00,000,000 | ---D | C]
NTREGOPT.lnk -> C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk -> [2009/05/19 19:20:25 | 00,000,641 | ---- | C] ()
ERUNT.lnk -> C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk -> [2009/05/19 19:20:25 | 00,000,622 | ---- | C] ()
ERUNT -> C:\Program Files (x86)\ERUNT -> [2009/05/19 19:20:25 | 00,000,000 | ---D | C]
wklnhst.dat -> C:\Documents and Settings\Administrator\Application Data\wklnhst.dat -> [2009/05/19 19:19:55 | 00,000,144 | ---- | C] ()
erunt-setup.exe -> C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe -> [2009/05/19 19:14:58 | 00,791,393 | ---- | C] (Lars Hederer )
HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2009/05/19 19:10:11 | 00,001,788 | ---- | C] ()
Trend Micro -> C:\Program Files (x86)\Trend Micro -> [2009/05/19 19:10:11 | 00,000,000 | ---D | C]
Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk -> [2009/05/19 19:08:51 | 00,000,975 | ---- | C] ()
Spybot - Search & Destroy -> C:\Program Files (x86)\Spybot - Search & Destroy -> [2009/05/19 19:08:48 | 00,000,000 | ---D | C]
instructions.rtf -> C:\Documents and Settings\Administrator\Desktop\instructions.rtf -> [2009/05/19 19:07:29 | 00,008,319 | ---- | C] ()
Macromedia -> C:\Documents and Settings\Administrator\Application Data\Macromedia -> [2009/05/19 18:55:45 | 00,000,000 | ---D | C]
Adobe -> C:\Documents and Settings\Administrator\Application Data\Adobe -> [2009/05/19 18:50:30 | 00,000,000 | ---D | C]
st_affiliate.ini -> C:\WINDOWS\st_affiliate.ini -> [2009/04/26 08:03:38 | 00,000,070 | ---- | C] ()
av_affiliate.ini -> C:\WINDOWS\av_affiliate.ini -> [2009/04/26 08:01:54 | 00,000,060 | ---- | C] ()
as_affiliate.ini -> C:\WINDOWS\as_affiliate.ini -> [2009/04/26 08:01:53 | 00,000,060 | ---- | C] ()
CDAVFS.sys -> C:\WINDOWS\SysWow64\drivers\CDAVFS.sys -> [2009/04/26 08:00:45 | 00,067,424 | ---- | C] (CyberDefender Corp.)
CyberDefender -> C:\Program Files (x86)\CyberDefender -> [2009/04/26 08:00:43 | 00,000,000 | ---D | C]
P1010066[1].JPG -> C:\Documents and Settings\All Users\Documents\P1010066[1].JPG -> [2009/04/25 21:58:06 | 03,538,636 | ---- | C] ()
MPLAYER.INI -> C:\WINDOWS\MPLAYER.INI -> [2008/06/29 15:44:37 | 00,000,074 | ---- | C] ()
lffpx7.dll -> C:\WINDOWS\SysWow64\lffpx7.dll -> [2008/06/29 15:44:05 | 00,338,944 | ---- | C] ()
LFKODAK.DLL -> C:\WINDOWS\SysWow64\LFKODAK.DLL -> [2008/06/29 15:44:05 | 00,122,880 | ---- | C] ()
nview.dll -> C:\WINDOWS\SysWow64\nview.dll -> [2008/05/02 22:46:00 | 01,486,848 | ---- | C] ()
nvwimg.dll -> C:\WINDOWS\SysWow64\nvwimg.dll -> [2008/05/02 22:46:00 | 01,019,904 | ---- | C] ()
devenum.dll -> C:\WINDOWS\SysWow64\devenum.dll -> [2007/05/26 14:59:47 | 00,061,440 | ---- | C] ()
quartz.dll -> C:\WINDOWS\SysWow64\quartz.dll -> [2007/05/26 14:59:26 | 01,274,880 | ---- | C] ()
smdat32m.sys -> C:\WINDOWS\smdat32m.sys -> [2007/02/12 20:04:31 | 00,000,010 | ---- | C] ()
CTWave32.ini -> C:\WINDOWS\CTWave32.ini -> [2006/12/27 21:32:38 | 00,000,098 | ---- | C] ()
sbwin.ini -> C:\WINDOWS\sbwin.ini -> [2006/12/27 21:28:15 | 00,000,072 | ---- | C] ()
ZPORT4AS.dll -> C:\WINDOWS\SysWow64\ZPORT4AS.dll -> [2006/12/02 02:30:13 | 00,011,776 | ---- | C] ()
nfsc_patch.ini -> C:\WINDOWS\nfsc_patch.ini -> [2006/11/24 21:19:18 | 00,000,046 | ---- | C] ()
Speed Video to Audio Converter.INI -> C:\WINDOWS\Speed Video to Audio Converter.INI -> [2006/11/14 21:42:52 | 00,000,067 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2006/11/01 20:17:36 | 00,000,060 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2006/09/13 00:02:07 | 00,000,116 | ---- | C] ()
SIERRA.INI -> C:\WINDOWS\SIERRA.INI -> [2006/09/11 00:27:00 | 00,000,441 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/09/09 03:02:49 | 00,000,376 | ---- | C] ()
PerfStringBackup.INI -> C:\WINDOWS\SysWow64\PerfStringBackup.INI -> [2006/09/09 02:59:52 | 00,501,436 | ---- | C] ()
Ludap17.ini -> C:\WINDOWS\SysWow64\Ludap17.ini -> [2006/09/06 17:04:44 | 00,005,627 | R--- | C] ()
ctzapxx.ini -> C:\WINDOWS\SysWow64\ctzapxx.ini -> [2006/09/06 17:04:44 | 00,000,039 | R--- | C] ()
win.ini -> C:\WINDOWS\win.ini -> [2006/09/06 16:49:36 | 00,000,544 | ---- | C] ()
system.ini -> C:\WINDOWS\system.ini -> [2006/09/06 09:41:13 | 00,000,150 | ---- | C] ()
qedwipes.dll -> C:\WINDOWS\SysWow64\qedwipes.dll -> [2006/04/04 07:00:00 | 00,733,696 | ---- | C] ()
qedit.dll -> C:\WINDOWS\SysWow64\qedit.dll -> [2006/04/04 07:00:00 | 00,512,512 | ---- | C] ()
dxmasf.dll -> C:\WINDOWS\SysWow64\dxmasf.dll -> [2006/04/04 07:00:00 | 00,498,742 | ---- | C] ()
encdec.dll -> C:\WINDOWS\SysWow64\encdec.dll -> [2006/04/04 07:00:00 | 00,396,288 | ---- | C] ()
qdvd.dll -> C:\WINDOWS\SysWow64\qdvd.dll -> [2006/04/04 07:00:00 | 00,385,536 | ---- | C] ()
msjetoledb40.dll -> C:\WINDOWS\SysWow64\msjetoledb40.dll -> [2006/04/04 07:00:00 | 00,355,112 | ---- | C] ()
qdv.dll -> C:\WINDOWS\SysWow64\qdv.dll -> [2006/04/04 07:00:00 | 00,279,040 | ---- | C] ()
sbe.dll -> C:\WINDOWS\SysWow64\sbe.dll -> [2006/04/04 07:00:00 | 00,276,992 | ---- | C] ()
ir32_32.dll -> C:\WINDOWS\SysWow64\ir32_32.dll -> [2006/04/04 07:00:00 | 00,199,168 | ---- | C] ()
qcap.dll -> C:\WINDOWS\SysWow64\qcap.dll -> [2006/04/04 07:00:00 | 00,192,512 | ---- | C] ()
msencode.dll -> C:\WINDOWS\SysWow64\msencode.dll -> [2006/04/04 07:00:00 | 00,114,688 | ---- | C] ()
amstream.dll -> C:\WINDOWS\SysWow64\amstream.dll -> [2006/04/04 07:00:00 | 00,072,704 | ---- | C] ()
mciqtz32.dll -> C:\WINDOWS\SysWow64\mciqtz32.dll -> [2006/04/04 07:00:00 | 00,062,464 | ---- | C] ()
tsd32.dll -> C:\WINDOWS\SysWow64\tsd32.dll -> [2006/04/04 07:00:00 | 00,016,896 | ---- | C] ()
msdmo.dll -> C:\WINDOWS\SysWow64\msdmo.dll -> [2006/04/04 07:00:00 | 00,014,336 | ---- | C] ()
msdxmlc.dll -> C:\WINDOWS\SysWow64\msdxmlc.dll -> [2006/04/04 07:00:00 | 00,004,126 | ---- | C] ()
P17.dll -> C:\WINDOWS\SysWow64\P17.dll -> [2005/05/03 06:38:42 | 00,064,512 | R--- | C] ()
bdoscandellang.ini -> C:\WINDOWS\bdoscandellang.ini -> [2005/03/01 16:30:20 | 00,000,453 | ---- | C] ()
P17CPI.dll -> C:\WINDOWS\SysWow64\P17CPI.dll -> [2003/10/02 05:48:18 | 00,053,248 | R--- | C] ()
A3d.dll -> C:\WINDOWS\SysWow64\A3d.dll -> [2002/04/10 20:41:06 | 00,065,536 | R--- | C] ( )
iyvu9_32.dll -> C:\WINDOWS\SysWow64\iyvu9_32.dll -> [1997/06/13 19:56:08 | 00,056,832 | ---- | C] ()
[Files/Folders - Modified Within 30 Days]
10 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp ->
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2009/05/21 23:22:58 | 00,504,320 | ---- | M] (OldTimer Tools)
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/05/21 23:19:50 | 00,002,048 | --S- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/05/21 23:18:59 | 00,000,006 | -H-- | M] ()
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [2009/05/21 13:29:25 | 00,214,838 | ---- | M] ()
SDMsgUpdate (TE).job -> C:\WINDOWS\tasks\SDMsgUpdate (TE).job -> [2009/05/20 15:01:53 | 00,000,444 | ---- | M] ()
NTUSER.DAT -> C:\Documents and Settings\Administrator\NTUSER.DAT -> [2009/05/19 19:22:10 | 01,048,576 | -H-- | M] ()
ntuser.ini -> C:\Documents and Settings\Administrator\ntuser.ini -> [2009/05/19 19:22:10 | 00,000,178 | -HS- | M] ()
IconCache.db -> C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db -> [2009/05/19 19:22:08 | 03,712,656 | -H-- | M] ()
NTREGOPT.lnk -> C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk -> [2009/05/19 19:20:25 | 00,000,641 | ---- | M] ()
ERUNT.lnk -> C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk -> [2009/05/19 19:20:25 | 00,000,622 | ---- | M] ()
wklnhst.dat -> C:\Documents and Settings\Administrator\Application Data\wklnhst.dat -> [2009/05/19 19:20:09 | 00,000,144 | ---- | M] ()
erunt-setup.exe -> C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe -> [2009/05/19 19:15:00 | 00,791,393 | ---- | M] (Lars Hederer )
HijackThis.lnk -> C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk -> [2009/05/19 19:10:11 | 00,001,788 | ---- | M] ()
Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk -> [2009/05/19 19:08:51 | 00,000,975 | ---- | M] ()
instructions.rtf -> C:\Documents and Settings\Administrator\Desktop\instructions.rtf -> [2009/05/19 19:07:29 | 00,008,319 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/05/15 00:56:42 | 00,005,508 | ---- | M] ()
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/05/15 00:56:42 | 00,004,232 | ---- | M] ()
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2009/05/08 12:10:00 | 00,065,536 | -HS- | M] ()
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [2009/05/08 12:10:00 | 00,016,384 | -HS- | M] ()
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [2009/05/08 12:10:00 | 00,016,384 | -HS- | M] ()
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2009/05/08 12:10:00 | 00,000,296 | ---- | M] ()
st_affiliate.ini -> C:\WINDOWS\st_affiliate.ini -> [2009/04/26 08:03:38 | 00,000,070 | ---- | M] ()
av_affiliate.ini -> C:\WINDOWS\av_affiliate.ini -> [2009/04/26 08:01:54 | 00,000,060 | ---- | M] ()
as_affiliate.ini -> C:\WINDOWS\as_affiliate.ini -> [2009/04/26 08:01:53 | 00,000,060 | ---- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2009/04/26 08:01:41 | 00,000,544 | ---- | M] ()
CDAVFS.sys -> C:\WINDOWS\SysWow64\drivers\CDAVFS.sys -> [2009/04/26 08:00:28 | 00,067,424 | ---- | M] (CyberDefender Corp.)
P1010066[1].JPG -> C:\Documents and Settings\All Users\Documents\P1010066[1].JPG -> [2009/04/25 21:56:35 | 03,538,636 | ---- | M] ()
iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2009/04/22 22:24:07 | 00,002,161 | ---- | M] ()
CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat -> [2006/09/24 18:08:36 | 00,001,036 | ---- | M] ()
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [2006/09/09 03:17:09 | 00,016,384 | ---- | M] ()
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [2006/09/09 03:13:46 | 00,001,372 | ---- | M] ()
< End of report >
[/code]
Open OTS.exe Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
[Registry - Safe List]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Virus-Bursters" -> C:\Program Files (x86)\Virus-Bursters\virus-bursters.exe ["C:\Program Files (x86)\Virus-Bursters\virus-bursters.exe" /h]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files (x86)\BitTornado\btdownloadgui.exe" -> C:\Program Files (x86)\BitTornado\btdownloadgui.exe [C:\Program Files (x86)\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui]
YN -> "C:\Program Files (x86)\Kazaa\kazaa.exe" -> C:\Program Files (x86)\Kazaa\kazaa.exe [C:\Program Files (x86)\Kazaa\kazaa.exe:*:Disabled:Kazaa]
YN -> "C:\Program Files (x86)\LimeWire\LimeWire.exe" -> C:\Program Files (x86)\LimeWire\LimeWire.exe [C:\Program Files (x86)\LimeWire\LimeWire.exe:*:Disabled:LimeWire]
YN -> "C:\Program Files (x86)\Morpheus\Morpheus.exe" -> C:\Program Files (x86)\Morpheus\Morpheus.exe [C:\Program Files (x86)\Morpheus\Morpheus.exe:*:Disabled:Morpheus]
YN -> "C:\StubInstaller.exe" -> C:\StubInstaller.exe [C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer]
YN -> "C:\WINDOWS\SysWOW64\P2P Networking\P2P Networking.exe" -> C:\WINDOWS\SysWOW64\P2P Networking\P2P Networking.exe [C:\WINDOWS\SysWOW64\P2P Networking\P2P Networking.exe:*:Disabled:P2P Networking]
[Files/Folders - Modified Within 30 Days]
NY -> 10 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp
NY -> 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.
Warning: This fix is for this user only. DO NOT duplicate this fix or you risk damaging your own system
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
crazyhazey33
2009-05-24, 03:52
Malwarebytes' Anti-Malware 1.36
Database version: 2171
Windows 5.2.3790 Service Pack 2
5/23/2009 2:30:55 PM
mbam-log-2009-05-23 (14-30-55).txt
Scan type: Full Scan (C:\|K:\|)
Objects scanned: 209385
Time elapsed: 30 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 34
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{cd24eb02-9831-4838-99d0-726d411b1328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f20da564-9254-49fe-a678-cc3cef172252} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\Steve\Start Menu\Programs\WhenU (Adware.WhenUSave) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Steve\Local Settings\Application Data\CyberDefender\cdmyidd.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Application Data\jswscl.dll (Trojan.Agent.V) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\pdfupd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\Start Menu\Programs\WhenU\Customer Support.lnk (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\Start Menu\Programs\WhenU\Learn More About WhenU Save.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\Start Menu\Programs\WhenU\Uninstall Instructions.lnk (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve\Start Menu\Programs\WhenU\WhenU.com Website.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN11.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN13.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN14.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN17.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN18.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN19.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN1A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN1B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN1C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN1D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN1E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN1F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sarah\Local Settings\Temp\BN20.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
Well, that certainly cleared some dross :)
How are things running now ?
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
crazyhazey33
2009-05-27, 04:55
when i try to run this scanner it says:
starting java applet has failed, please go online to use this program
any idea what's causing that?
when i try to run this scanner it says:
starting java applet has failed, please go online to use this program
any idea what's causing that?
Are you connected to the internet ?
Please try this other scan
Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK
Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.
crazyhazey33
2009-05-29, 19:43
I'm definitely connected to the internet....
Now when I try to run active scan it says this:
ActiveScan 2.0 update: Update error
Sorry, updating is incomplete due to an error. Please try again.
Please post a fresh HJT log
crazyhazey33
2009-05-30, 20:09
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:28 PM, on 5/30/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O1 - Hosts: 66.118.142.137 ads.sup.com
O1 - Hosts: 66.118.142.137 servedby.advertising.com
O1 - Hosts: 66.118.142.137 cdn.eyewonder.com
O1 - Hosts: 66.118.142.137 ads.addynamix.com
O1 - Hosts: 66.118.142.137 gfx.klipmart.com
O1 - Hosts: 66.118.142.137 a.tribalfusion.com
O1 - Hosts: 66.118.142.137 mediamgr.ugo.com
O1 - Hosts: 66.118.142.137 dehp.myspace.com
O1 - Hosts: 66.118.142.137 demr.myspace.com
O1 - Hosts: 66.118.142.137 desk.myspace.com
O1 - Hosts: 66.118.142.137 delb.myspace.com
O1 - Hosts: 66.118.142.137 ads1.revenue.net
O1 - Hosts: 66.118.142.137 view.atdmt.com
O1 - Hosts: 66.118.142.137 rad.msn.com
O1 - Hosts: 66.118.142.137 themis.geocities.yahoo.com
O1 - Hosts: 66.118.142.137 ad.n2434.doubleclick.net
O1 - Hosts: 66.118.142.137 n3349ad.doubleclick.net
O1 - Hosts: 66.118.142.137 altfarm.mediaplex.com
O1 - Hosts: 66.118.142.137 ad.doubleclick.net
O1 - Hosts: 66.118.142.137 z1.adserver.com
O1 - Hosts: 66.118.142.137 ar1.atwola.com
O1 - Hosts: 66.118.142.137 disney.go.com
O1 - Hosts: 66.118.142.137 rcm.amazon.com
O1 - Hosts: 66.118.142.137 familyfun.go.com
O1 - Hosts: 66.118.142.137 dist.belnk.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://snyderdrug.lifepics.com/net/Uploader/LPUploader45.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
O22 - SharedTaskScheduler: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
--
End of file - 9070 bytes
What problems are you having at the moment ?
Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
O1 - Hosts: 66.118.142.137 ads.sup.com
O1 - Hosts: 66.118.142.137 servedby.advertising.com
O1 - Hosts: 66.118.142.137 cdn.eyewonder.com
O1 - Hosts: 66.118.142.137 ads.addynamix.com
O1 - Hosts: 66.118.142.137 gfx.klipmart.com
O1 - Hosts: 66.118.142.137 a.tribalfusion.com
O1 - Hosts: 66.118.142.137 mediamgr.ugo.com
O1 - Hosts: 66.118.142.137 dehp.myspace.com
O1 - Hosts: 66.118.142.137 demr.myspace.com
O1 - Hosts: 66.118.142.137 desk.myspace.com
O1 - Hosts: 66.118.142.137 delb.myspace.com
O1 - Hosts: 66.118.142.137 ads1.revenue.net
O1 - Hosts: 66.118.142.137 view.atdmt.com
O1 - Hosts: 66.118.142.137 rad.msn.com
O1 - Hosts: 66.118.142.137 themis.geocities.yahoo.com
O1 - Hosts: 66.118.142.137 ad.n2434.doubleclick.net
O1 - Hosts: 66.118.142.137 n3349ad.doubleclick.net
O1 - Hosts: 66.118.142.137 altfarm.mediaplex.com
O1 - Hosts: 66.118.142.137 ad.doubleclick.net
O1 - Hosts: 66.118.142.137 z1.adserver.com
O1 - Hosts: 66.118.142.137 ar1.atwola.com
O1 - Hosts: 66.118.142.137 disney.go.com
O1 - Hosts: 66.118.142.137 rcm.amazon.com
O1 - Hosts: 66.118.142.137 familyfun.go.com
O1 - Hosts: 66.118.142.137 dist.belnk.com
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
O22 - SharedTaskScheduler: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis
Please try running the Kaspersky scan again.
This topic has been closed due to inactivity.
As it has been five days or more since your last post, and your helper posted a response to which you did not reply, this topic has been archived and will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread.
Applies only to the original poster, anyone else with similar problems please start a new topic.
Thank you katana. :)