View Full Version : Virus keeps returning
Initially I noticed that Java had stopped working, throwing errors any time a Java program was opened. After attempting to reinstall it and restart the computer, at least one very visible virus was present, prompting me with messages that pretended to be an antivirus program.
I ran Spybot Search & Destroy, which removed this virus and its effects. However, another virus (or multiple) lingered on the system, causing interstitial ads when clicking website links.
AVG names two viruses, SHeur3.BIYC and Delf.TGE. It finds these viruses repeatedly, despite moving them to the virus vault.
All logs are below.
DDS log:
DDS (Ver_10-10-10.03) - NTFSx86
Run by Ben McAlpin at 15:40:30.31 on Tue 10/19/2010
internet explorer: 8.0.6001.18702
browserjavaversion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2353 [GMT -5:00]
AV: Antivirus *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
============== Running Processes ===============
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
E:\Program Files\Zmud\Zmud.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\IoctlSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trillian\trillian.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ben McAlpin\Desktop\dds.com
============== Running Processes ===============
Spybot S&D log for initial virus removal:
--- Report generated: 2010-10-15 03:24 ---
Fraud.Antivirus: [SBI $2919E597] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\AnVi
Fraud.Antivirus: [SBI $61681116] Uninstall settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus
Fraud.Antivirus: [SBI $7BE1C34F] Picture (File, fixed)
C:\Program Files\AnVi\about.ico
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $C2B42095] Picture (File, fixed)
C:\Program Files\AnVi\activate.ico
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $B3794BDE] Picture (File, fixed)
C:\Program Files\AnVi\buy.ico
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $45EEE5BB] Picture (File, fixed)
C:\Program Files\AnVi\help.ico
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $F51F32BB] Picture (File, fixed)
C:\Program Files\AnVi\scan.ico
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $02626465] Picture (File, fixed)
C:\Program Files\AnVi\settings.ico
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $0A960285] Picture (File, fixed)
C:\Program Files\AnVi\update.ico
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $4619B341] Picture (File, fixed)
C:\Program Files\AnVi\avt.db
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $D2C6E450] Sound file (File, fixed)
C:\Program Files\AnVi\splash.mp3
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $74303778] Executable (File, fixed)
C:\Program Files\AnVi\Uninstall.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $23E92FA5] Sound file (File, fixed)
C:\Program Files\AnVi\virus.mp3
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $B6E649D5] Data (File, fixed)
C:\Documents and Settings\Ben McAlpin\Local Settings\Temp\avt.dat
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $59B08D64] Data (File, fixed)
C:\Documents and Settings\Ben McAlpin\Local Settings\Temp\avtr.dat
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $D83577AB] Link (File, fixed)
C:\Documents and Settings\Ben McAlpin\Start Menu\Programs\AnVi\About.lnk
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $1E3F15BA] Link (File, fixed)
C:\Documents and Settings\Ben McAlpin\Start Menu\Programs\AnVi\Activate.lnk
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $9C01FC90] Link (File, fixed)
C:\Documents and Settings\Ben McAlpin\Start Menu\Programs\AnVi\Antivirus Support.lnk
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $CFA55AC0] Link (File, fixed)
C:\Documents and Settings\Ben McAlpin\Start Menu\Programs\AnVi\Antivirus.lnk
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $CD82E3CE] Link (File, fixed)
C:\Documents and Settings\Ben McAlpin\Start Menu\Programs\AnVi\Buy.lnk
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $62ECE999] Link (File, fixed)
C:\Documents and Settings\Ben McAlpin\Start Menu\Programs\AnVi\Scan.lnk
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $D9C2DE7B] Link (File, fixed)
C:\Documents and Settings\Ben McAlpin\Start Menu\Programs\AnVi\Settings.lnk
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $91F9A906] Link (File, fixed)
C:\Documents and Settings\Ben McAlpin\Start Menu\Programs\AnVi\Update.lnk
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $A05D7CA1] Program directory (Directory, fixed)
C:\Documents and Settings\Ben McAlpin\Start Menu\Programs\AnVi\
Fraud.Antivirus: [SBI $405A8027] Program directory (Directory, fixed)
C:\Program Files\AnVi\
Fraud.Antivirus: [SBI $4F1220C3] Link (File, fixed)
C:\Documents and Settings\Ben McAlpin\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus.lnk
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $DF28923E] Link (File, fixed)
C:\Documents and Settings\Ben McAlpin\Desktop\Antivirus Support.lnk
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.Antivirus: [SBI $21E969E1] Link (File, fixed)
C:\Documents and Settings\Ben McAlpin\Desktop\Antivirus.lnk
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.DefenseCenter: [SBI $400D394B] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start
Virtumonde.prx: [SBI $B6BF2145] Autorun settings (Ivehuneh) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ivehuneh
Virtumonde.prx: [SBI $B6BF2145] Program file (File, fixed)
C:\WINDOWS\eqobuqaget.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.FraudLoad.ss: [SBI $A163FF72] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\f7c5da73-b4a5-4947-8f40-08f2871eb36b
Win32.FraudLoad.ss: [SBI $C932C2FA] Executable (File, fixed)
C:\Documents and Settings\Ben McAlpin\Local Settings\Temp\wscsvc32.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.FraudLoad.ss: [SBI $E7792B98] Picture (File, fixed)
C:\Documents and Settings\Ben McAlpin\Local Settings\Temp\8892.tmp
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.FraudLoad.ss: [SBI $E7792B98] Picture (File, fixed)
C:\Documents and Settings\Ben McAlpin\Local Settings\Temp\asd2C.tmp
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.FraudLoad.ss: [SBI $E7792B98] Picture (File, fixed)
C:\Documents and Settings\Ben McAlpin\Local Settings\Temp\asd2D.tmp
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.FraudLoad.ss: [SBI $E7792B98] Picture (File, fixed)
C:\Documents and Settings\Ben McAlpin\Local Settings\Temp\dceb.tmp
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.FraudLoad.ss: [SBI $E7792B98] Picture (File, fixed)
C:\Documents and Settings\Ben McAlpin\Local Settings\Temp\e008.tmp
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.FraudLoad.ss: [SBI $E7792B98] Picture (File, fixed)
C:\Documents and Settings\Ben McAlpin\Local Settings\Temp\e0d3.tmp
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.FraudLoad.ss: [SBI $E7792B98] Picture (File, fixed)
C:\Documents and Settings\Ben McAlpin\Local Settings\Temp\e20c.tmp
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.FraudLoad.ss: [SBI $E7792B98] Picture (File, fixed)
C:\Documents and Settings\Ben McAlpin\Local Settings\Temp\jar_cache1777189214900526169.tmp
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.FraudLoad.ss: [SBI $E7792B98] Picture (File, fixed)
C:\Documents and Settings\Ben McAlpin\Local Settings\Temp\jar_cache7578204596435630288.tmp
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.TDSS.rtk: [SBI $DFD725CE] Library (File, fixed)
C:\WINDOWS\PRAGMAnseoriyusp\PRAGMAc.dll
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.TDSS.rtk: [SBI $C13C1A61] Data (File, fixed)
C:\WINDOWS\PRAGMAnseoriyusp\PRAGMAcfg.ini
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.TDSS.rtk: [SBI $D12A7E8E] Data (File, fixed)
C:\WINDOWS\PRAGMAnseoriyusp\PRAGMAsrcr.dat
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.TDSS.rtk: [SBI $C116A1D2] Data (File, fixed)
C:\WINDOWS\Temp\PRAGMAb3b7.tmp
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-07-09 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-10-12 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-09-22 Includes\Dialer.sbi (*)
2010-10-12 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-10-12 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-10-12 Includes\KeyloggersC.sbi (*)
2010-09-13 Includes\Malware.sbi (*)
2010-10-12 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-10-12 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-10-12 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-10-12 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-08-04 Includes\Trojans.sbi (*)
2010-10-12 Includes\TrojansC-02.sbi (*)
2010-10-12 Includes\TrojansC-03.sbi (*)
2010-10-12 Includes\TrojansC-04.sbi (*)
2010-10-12 Includes\TrojansC-05.sbi (*)
2010-10-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
AVG Virus Vault info:
"Infection";"Trojan horse SHeur3.BIYC";"c:\WINDOWS\Temp\mqxt.tmp.exe";"N/A";"10/18/2010, 6:53:04 PM"
"Infection";"Trojan horse Delf.TGE";"c:\WINDOWS\Temp\ksqv.tmp.exe";"N/A";"10/18/2010, 6:53:05 PM"
"Infection";"Trojan horse Delf.TGE";"c:\WINDOWS\Temp\ksqv.tmp.exe";"N/A";"10/19/2010, 8:31:12 AM"
"Infection";"May be infected by unknown virus Win32/DH.CAFF840167";"c:\System Volume Information\_restore{C2E7D54B-DA71-4B89-B5B4-13BBC369CAF7}\RP580\A0036409.dll";"N/A";"10/19/2010, 8:31:12 AM"
"Infection";"Trojan horse SHeur3.BIYC";"c:\WINDOWS\Temp\mqxt.tmp.exe";"N/A";"10/19/2010, 8:31:12 AM"
"Infection";"Trojan horse Delf.TGE";"c:\WINDOWS\Temp\ksqv.tmp.exe";"N/A";"10/19/2010, 3:29:57 PM"
"Infection";"Trojan horse SHeur3.BIYC";"c:\System Volume Information\_restore{C2E7D54B-DA71-4B89-B5B4-13BBC369CAF7}\RP580\A0038415.exe";"N/A";"10/19/2010, 3:29:57 PM"
"Infection";"Trojan horse SHeur3.BIYC";"c:\WINDOWS\Temp\mqxt.tmp.exe";"N/A";"10/19/2010, 3:29:57 PM"
"Infection";"Trojan horse SHeur3.BIYC";"c:\WINDOWS\Temp\mqxt.tmp.exe";"N/A";"10/19/2010, 3:54:03 PM"
"Infection";"Trojan horse Delf.TGE";"c:\WINDOWS\Temp\ksqv.tmp.exe";"N/A";"10/19/2010, 3:54:03 PM"
DDS did not produce any attach.txt file for me to attach. The file dds.txt never opened either, but I was able to retrieve it by searching my computer for the filename (it was in the recycle bin, for some reason). I searched my computer for attach.txt and found nothing.
I tried both the .com and .scr versions of DDS and they both had the same result. I am running Windows XP. Not sure if DDS just isn't working, or if the virus is somehow blocking its files from opening after it runs.
airscape
2010-10-24, 18:56
Hello and welcome to the forum.
My name is Airscape and I'll be helping you with your malware issues.
The logs can take a while to research. Please be patient with me.
Take note of the following before we begin.
Post to this thread only and please stick to it until I say your pc is clean.
The instructions I give are for This computer only and should not be used on any other pc.
Do NOT run any tools/scans unless I instruct you to.
Try not to install/uninstall any programs while we work. This will add extra time researching your logs.
If you have found assistance elsewhere and no longer require our help, please say so, and this topic will be closed.
If you have any problems, please stop and ask before proceeding with any fixes.
Note: As I'm still in training everything I post must be checked by a teacher first. So there may be a slight delay in between posts.
Thanks
airscape
2010-10-27, 18:31
By chance you still need help, please do the following:
Remove P2P programs
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
uTorrent
Please read the forum P2P Policy (http://forums.spybot.info/showthread.php?t=282)
Note: If you choose not to remove the P2P programs, please say so in your next post, and this topic will be closed.
You can remove them via Control Panel > Add/Remove Programs
Also take note that remnants of the above program/s and any other P2P program found will be removed when cleaning.
-----------------------------------------------
Download/run Rkill
Please download Rkill and save it to the desktop.
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.scr
http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe
Double click on the Rkill desktop icon.
A command window will open then disappear upon completion, this is normal.
Please leave Rkill on the Desktop until otherwise advised.
Note: If your security software warns about Rkill, please ignore and allow it to continue.
Now try DDS again (dds.com & dds.scr) and post both logs in your next reply. If it won't run, let me know.
Thanks for getting back to me. I do still need help.
I have uninstalled utorrent as requested.
I ran rkill and it opened the following logfile. Afterwards I ran DDS. No log file was opened automatically, but by searching my hard drive I found that it had been created in my Documents and Settings\<User>\Local Settings\Temp folder.
rkill log:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Ben McAlpin on 10/29/2010 at 13:08:57.
Services Stopped:
Processes terminated by Rkill or while it was running:
C:\WINDOWS\TEMP\ksqv.tmp.exe
C:\Documents and Settings\Ben McAlpin\Desktop\rkill.com
Rkill completed on 10/29/2010 at 13:10:13.
DDS log:
DDS (Ver_10-10-21.02) - NTFSx86
Run by Ben McAlpin at 13:10:48.01 on Fri 10/29/2010
internet explorer: 8.0.6001.18702
browserjavaversion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2356 [GMT -5:00]
AV: Antivirus *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\IoctlSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trillian\trillian.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\Program Files\Zmud\Zmud.exe
C:\Program Files\Steam\steam.exe
E:\Program Files\mIRC\mirc.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Programmers Notepad\pn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ben McAlpin\Desktop\dds.com
============== Running Processes ===============
airscape
2010-10-31, 15:15
sorry for the delay
Disable Spybot's TeaTimer. This is a two step process.
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
-----------------------------------------------------
If you already have this program installed, please remove it via Control Panel > Add/Remove Programs
Re-run Rkill on the desktop.
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) and save it to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end of installation make sure you leave a checkmark next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Make sure everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please copy/paste the log into your next reply.
The log can also be opened by going to Start > All programs > Malwarebytes' Anti-Malware > Logs > Log- date.txt
Note: If the program fails to update or run see the steps in this link:
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial
Restart the computer and then try DDS again and post both logs in your next reply with the Malwarebytes log
Opening the settings screen of Spybot S&D consistently causes my computer to freeze up and die. I was able to terminate TeaTimer through the Process Manager and then do the other steps.
Rkill log:
Processes terminated by Rkill or while it was running:
C:\WINDOWS\TEMP\ksqv.tmp.exe
C:\Documents and Settings\Ben McAlpin\Desktop\rkill.com
Rkill completed on 10/31/2010 at 22:56:23.
Malwarebytes log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5010
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10/31/2010 11:10:18 PM
mbam-log-2010-10-31 (23-10-18).txt
Scan type: Quick scan
Objects scanned: 180106
Time elapsed: 7 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\iorimel.dll (Trojan.Hiloti) -> Delete on reboot.
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wkadej (Trojan.Hiloti) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrywm (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\registrymonitor2 (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\PRAGMAnseoriyusp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\iorimel.dll (Trojan.Hiloti) -> Delete on reboot.
C:\WINDOWS\PRAGMAnseoriyusp\PRAGMAcfg.ini (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\PRAGMAnseoriyusp\PRAGMAsrcr.dat (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ben McAlpin\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fjhdyfhsn.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
At this point Malwarebytes told me it had to restart the computer to complete the removal. I allowed it to restart.
After restarting, an error message appeared. The process name was RUNDLL. The dialogue box said:
Error loading C:\WINDOWS\iorimel.dll
The specified module could not be found.
While I was writing this message down, before I hit the OK button on the error message, AVG Resident Shield Alert popped up telling me that the trojan horse SHeur3.BIYC was found in file C:\WINDOWS\Temp\mqxt.tmp.exe and was detected on open. This is one of the same viruses AVG has been telling me about once an hour for the past week and a half.
I went ahead and ran DDS again anyway.
DDS.txt log:
DDS (Ver_10-10-21.02) - NTFSx86
Run by Ben McAlpin at 23:20:42.98 on Sun 10/31/2010
internet explorer: 8.0.6001.18702
browserjavaversion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2592 [GMT -5:00]
AV: Antivirus *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
============== Running Processes ===============
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\IoctlSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
E:\Program Files\Programmers Notepad\pn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\TEMP\ksqv.tmp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Ben McAlpin\Desktop\dds.com
============== Running Processes ===============
Not sure if it's helpful, but DDS created this file also.
svclist.dat log:
S4 Abiosdsk;Abiosdsk; [x]
S4 abp480n5;abp480n5; [x]
R0 ACPI;Microsoft ACPI Driver;C:\WINDOWS\system32\drivers\acpi.sys [2008-4-14 187776]
S4 ACPIEC;ACPIEC;C:\WINDOWS\system32\drivers\acpiec.sys [2008-4-14 11648]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\drivers\ADM8511.SYS [2009-7-21 20160]
S4 adpu160m;adpu160m; [x]
S3 aec;Microsoft Kernel Acoustic Echo Canceller;C:\WINDOWS\system32\drivers\aec.sys [2008-12-23 142592]
R1 AFD;AFD;C:\WINDOWS\system32\drivers\afd.sys [2008-4-14 138496]
S4 Aha154x;Aha154x; [x]
S4 aic78u2;aic78u2; [x]
S4 aic78xx;aic78xx; [x]
S4 AliIde;AliIde; [x]
S4 amsint;amsint; [x]
S4 asc;asc; [x]
S4 asc3350p;asc3350p; [x]
S4 asc3550;asc3550; [x]
S3 AsyncMac;RAS Asynchronous Media Driver;C:\WINDOWS\system32\drivers\asyncmac.sys [2008-4-14 14336]
R0 atapi;Standard IDE/ESDI Hard Disk Controller;C:\WINDOWS\system32\drivers\atapi.sys [2008-4-14 96512]
S4 Atdisk;Atdisk; [x]
S3 Atmarpc;ATM ARP Client Protocol;C:\WINDOWS\system32\drivers\atmarpc.sys [2008-4-14 59904]
R3 audstub;Audio Stub Driver;C:\WINDOWS\system32\drivers\audstub.sys [2008-12-22 3072]
R0 AVGIDSEH;AVGIDSEH;C:\WINDOWS\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R1 Avgldx86;AVG AVI Loader Driver;C:\WINDOWS\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;C:\WINDOWS\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R0 Avgrkx86;AVG Anti-Rootkit Driver;C:\WINDOWS\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Beep;Beep;C:\WINDOWS\system32\drivers\beep.sys [2008-4-14 4224]
S4 cbidf2k;cbidf2k;C:\WINDOWS\system32\drivers\cbidf2k.sys [2008-4-14 13952]
S3 CCDECODE;Closed Caption Decoder;C:\WINDOWS\system32\drivers\CCDECODE.sys [2009-12-8 17024]
S4 cd20xrnt;cd20xrnt; [x]
S1 Cdaudio;Cdaudio;C:\WINDOWS\system32\drivers\cdaudio.sys [2001-8-17 18688]
R4 Cdfs;Cdfs;C:\WINDOWS\system32\drivers\cdfs.sys [2008-4-14 63744]
R1 Cdrom;CD-ROM Driver;C:\WINDOWS\system32\drivers\cdrom.sys [2008-4-14 62976]
S1 Changer;Changer; [x]
S4 CmdIde;CmdIde; [x]
S4 Cpqarray;Cpqarray; [x]
S4 dac960nt;dac960nt; [x]
R0 Disk;Disk Driver;C:\WINDOWS\system32\drivers\disk.sys [2008-4-14 36352]
S4 dmboot;dmboot;C:\WINDOWS\system32\drivers\dmboot.sys [2008-4-14 799744]
R0 dmio;Logical Disk Manager Driver;C:\WINDOWS\system32\drivers\dmio.sys [2008-4-14 153344]
R0 dmload;dmload;C:\WINDOWS\system32\drivers\dmload.sys [2008-4-14 5888]
S3 DMusic;Microsoft Kernel DLS Syntheiszer;C:\WINDOWS\system32\drivers\DMusic.sys [2008-12-23 52864]
S4 dpti2o;dpti2o; [x]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler;C:\WINDOWS\system32\drivers\drmkaud.sys [2008-12-23 2944]
R4 Fastfat;Fastfat;C:\WINDOWS\system32\drivers\fastfat.sys [2008-4-14 143744]
R3 Fdc;Floppy Disk Controller Driver;C:\WINDOWS\system32\drivers\fdc.sys [2008-4-14 27392]
R1 Fips;Fips;C:\WINDOWS\system32\drivers\fips.sys [2008-4-14 44544]
R3 Flpydisk;Floppy Disk Driver;C:\WINDOWS\system32\drivers\flpydisk.sys [2008-4-14 20480]
R0 FltMgr;FltMgr;C:\WINDOWS\system32\drivers\fltMgr.sys [2008-12-23 129792]
R1 FsVga;FsVga;C:\WINDOWS\system32\drivers\fsvga.sys [2001-8-17 12160]
R0 Ftdisk;Volume Manager Driver;C:\WINDOWS\system32\drivers\ftdisk.sys [2008-4-14 125056]
R3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-12-23 16608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver;C:\WINDOWS\system32\drivers\GEARAspiWDM.sys [2010-1-8 26600]
R3 Gpc;Generic Packet Classifier;C:\WINDOWS\system32\drivers\msgpc.sys [2008-4-14 35072]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\WINDOWS\system32\drivers\hdaudbus.sys [2008-4-14 144384]
R3 hidusb;Microsoft HID Class Driver;C:\WINDOWS\system32\drivers\hidusb.sys [2008-4-14 10368]
S4 hpn;hpn; [x]
R3 HTTP;HTTP;C:\WINDOWS\system32\drivers\http.sys [2008-4-14 264832]
S1 i2omgmt;i2omgmt; [x]
S4 i2omp;i2omp; [x]
R1 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\WINDOWS\system32\drivers\i8042prt.sys [2008-12-29 52480]
R1 Imapi;CD-Burning Filter Driver;C:\WINDOWS\system32\drivers\imapi.sys [2008-4-14 42112]
S4 ini910u;ini910u; [x]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM);C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-23 4742656]
S4 IntelIde;IntelIde; [x]
R1 intelppm;Intel Processor Driver;C:\WINDOWS\system32\drivers\intelppm.sys [2008-4-14 36352]
S3 Ip6Fw;IPv6 Windows Firewall Driver;C:\WINDOWS\system32\drivers\ip6fw.sys [2008-4-14 36608]
S3 IpFilterDriver;IP Traffic Filter Driver;C:\WINDOWS\system32\drivers\ipfltdrv.sys [2008-4-14 32896]
S3 IpInIp;IP in IP Tunnel Driver;C:\WINDOWS\system32\drivers\ipinip.sys [2008-4-14 20864]
R3 IpNat;IP Network Address Translator;C:\WINDOWS\system32\drivers\ipnat.sys [2008-4-14 152832]
R1 IPSec;IPSEC driver;C:\WINDOWS\system32\drivers\ipsec.sys [2008-4-14 75264]
S3 IRENUM;IR Enumerator Service;C:\WINDOWS\system32\drivers\irenum.sys [2008-12-22 11264]
R0 isapnp;PnP ISA/EISA Bus Driver;C:\WINDOWS\system32\drivers\isapnp.sys [2008-4-14 37248]
R1 Kbdclass;Keyboard Class Driver;C:\WINDOWS\system32\drivers\kbdclass.sys [2008-4-14 24576]
S1 kbdhid;Keyboard HID Driver;C:\WINDOWS\system32\drivers\kbdhid.sys [2008-4-14 14592]
S3 kmixer;Microsoft Kernel Wave Audio Mixer;C:\WINDOWS\system32\drivers\kmixer.sys [2008-12-23 172416]
R0 KSecDD;KSecDD;C:\WINDOWS\system32\drivers\ksecdd.sys [2008-4-14 92928]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\drivers\L8042Kbd.sys [2008-12-23 20496]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\drivers\LBeepKE.sys [2008-12-23 10640]
S1 lbrtfdc;lbrtfdc; [x]
R3 LVUSBSta;Logitech USB Monitor Filter;C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-5-9 41888]
R3 mcdbus;Driver for MagicISO SCSI Host Controller;C:\WINDOWS\system32\drivers\mcdbus.sys [2010-2-21 116736]
R1 mnmdd;mnmdd;C:\WINDOWS\system32\drivers\mnmdd.sys [2008-4-14 4224]
S3 Modem;Modem;C:\WINDOWS\system32\drivers\modem.sys [2008-4-13 30080]
R1 Mouclass;Mouse Class Driver;C:\WINDOWS\system32\drivers\mouclass.sys [2008-4-13 23040]
R3 mouhid;Mouse HID Driver;C:\WINDOWS\system32\drivers\mouhid.sys [2001-8-17 12160]
R0 MountMgr;MountMgr;C:\WINDOWS\system32\drivers\mountmgr.sys [2008-4-14 42368]
S4 mraid35x;mraid35x; [x]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2009-5-18 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS --> C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [?]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2009-5-18 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS --> C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [?]
R3 MRxDAV;WebDav Client Redirector;C:\WINDOWS\system32\drivers\mrxdav.sys [2008-4-14 180608]
R1 MRxSmb;MRXSMB;C:\WINDOWS\system32\drivers\mrxsmb.sys [2008-4-14 455680]
R1 Msfs;Msfs;C:\WINDOWS\system32\drivers\msfs.sys [2008-4-14 19072]
S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\WINDOWS\system32\drivers\MSKSSRV.sys [2008-12-23 7552]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\WINDOWS\system32\drivers\MSPCLOCK.sys [2008-12-23 5376]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\WINDOWS\system32\drivers\MSPQM.sys [2008-12-23 4992]
R3 mssmbios;Microsoft System Management BIOS Driver;C:\WINDOWS\system32\drivers\mssmbios.sys [2008-4-13 15488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\WINDOWS\system32\drivers\MSTEE.sys [2009-12-8 5504]
R0 Mup;Mup;C:\WINDOWS\system32\drivers\mup.sys [2008-4-14 105344]
S3 NABTSFEC;NABTS/FEC VBI Codec;C:\WINDOWS\system32\drivers\NABTSFEC.sys [2009-12-8 85248]
R0 NDIS;NDIS System Driver;C:\WINDOWS\system32\drivers\ndis.sys [2008-4-14 182656]
S3 NdisIP;Microsoft TV/Video Connection;C:\WINDOWS\system32\drivers\NdisIP.sys [2009-12-8 10880]
R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\WINDOWS\system32\drivers\ndistapi.sys [2008-4-14 10112]
R3 Ndisuio;NDIS Usermode I/O Protocol;C:\WINDOWS\system32\drivers\ndisuio.sys [2008-4-13 14592]
R3 NdisWan;Remote Access NDIS WAN Driver;C:\WINDOWS\system32\drivers\ndiswan.sys [2008-4-14 91520]
R3 NDProxy;NDIS Proxy;C:\WINDOWS\system32\drivers\ndproxy.sys [2008-4-14 40576]
R1 NetBIOS;NetBIOS Interface;C:\WINDOWS\system32\drivers\netbios.sys [2008-4-14 34688]
R1 NetBT;NetBios over Tcpip;C:\WINDOWS\system32\drivers\netbt.sys [2008-4-14 162816]
R1 Npfs;Npfs;C:\WINDOWS\system32\drivers\npfs.sys [2008-4-14 30848]
R4 Ntfs;Ntfs;C:\WINDOWS\system32\drivers\ntfs.sys [2008-4-14 574976]
R1 Null;Null;C:\WINDOWS\system32\drivers\null.sys [2008-4-14 2944]
R3 nv;nv;C:\WINDOWS\system32\drivers\nv4_mini.sys [2008-7-25 10235968]
S3 NwlnkFlt;IPX Traffic Filter Driver;C:\WINDOWS\system32\drivers\nwlnkflt.sys [2008-4-14 12416]
S3 NwlnkFwd;IPX Traffic Forwarder Driver;C:\WINDOWS\system32\drivers\nwlnkfwd.sys [2008-4-14 32512]
R3 Parport;Parallel port driver;C:\WINDOWS\system32\drivers\parport.sys [2008-4-13 80128]
R0 PartMgr;PartMgr;C:\WINDOWS\system32\drivers\partmgr.sys [2008-4-14 19712]
R2 ParVdm;ParVdm;C:\WINDOWS\system32\drivers\parvdm.sys [2008-4-14 6784]
R0 PCI;PCI Bus Driver;C:\WINDOWS\system32\drivers\pci.sys [2008-4-14 68224]
S1 PCIDump;PCIDump; [x]
R0 PCIIde;PCIIde;C:\WINDOWS\system32\drivers\pciide.sys [2008-4-14 3328]
S4 Pcmcia;Pcmcia;C:\WINDOWS\system32\drivers\pcmcia.sys [2008-4-14 120192]
S3 PDCOMP;PDCOMP; [x]
S3 PDFRAME;PDFRAME; [x]
S3 PDRELI;PDRELI; [x]
S3 PDRFRAME;PDRFRAME; [x]
S4 perc2;perc2; [x]
S4 perc2hib;perc2hib; [x]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);C:\WINDOWS\system32\drivers\LV302V32.SYS [2007-5-9 1276832]
R2 pnarp;Pure Networks Device Discovery Driver;C:\WINDOWS\system32\drivers\pnarp.sys [2009-8-19 23984]
R3 PptpMiniport;WAN Miniport (PPTP);C:\WINDOWS\system32\drivers\raspptp.sys [2008-4-14 48384]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\drivers\psched.sys [2008-4-14 69120]
R3 Ptilink;Direct Parallel Link Driver;C:\WINDOWS\system32\drivers\ptilink.sys [2008-4-14 17792]
R2 purendis;Pure Networks Wireless Driver;C:\WINDOWS\system32\drivers\purendis.sys [2009-8-19 25264]
R0 PxHelp20;PxHelp20;C:\WINDOWS\system32\drivers\PxHelp20.sys [2009-6-15 43528]
S4 ql1080;ql1080; [x]
S4 Ql10wnt;Ql10wnt; [x]
S4 ql12160;ql12160; [x]
S4 ql1240;ql1240; [x]
S4 ql1280;ql1280; [x]
R1 RasAcd;Remote Access Auto Connection Driver;C:\WINDOWS\system32\drivers\rasacd.sys [2008-4-14 8832]
R3 Rasl2tp;WAN Miniport (L2TP);C:\WINDOWS\system32\drivers\rasl2tp.sys [2008-4-14 51328]
R3 RasPppoe;Remote Access PPPOE Driver;C:\WINDOWS\system32\drivers\raspppoe.sys [2008-4-14 41472]
R3 Raspti;Direct Parallel;C:\WINDOWS\system32\drivers\raspti.sys [2008-4-14 16512]
R1 Rdbss;Rdbss;C:\WINDOWS\system32\drivers\rdbss.sys [2008-4-14 175744]
R1 RDPCDD;RDPCDD;C:\WINDOWS\system32\drivers\rdpcdd.sys [2008-4-14 4224]
R3 rdpdr;Terminal Server Device Redirector Driver;C:\WINDOWS\system32\drivers\rdpdr.sys [2008-12-23 196224]
S3 RDPWD;RDPWD;C:\WINDOWS\system32\drivers\rdpwd.sys [2008-12-23 139656]
R1 redbook;Digital CD Audio Playback Filter Driver;C:\WINDOWS\system32\drivers\redbook.sys [2008-12-22 57600]
S3 Revoflt;Revoflt;C:\WINDOWS\system32\drivers\revoflt.sys [2010-10-15 27064]
S4 RsFx0103;RsFx0103 Driver;C:\WINDOWS\system32\drivers\RsFx0103.sys [2009-3-30 239336]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver;C:\WINDOWS\system32\drivers\Rtenicxp.sys [2008-12-23 109184]
S3 Secdrv;Secdrv;C:\WINDOWS\system32\drivers\secdrv.sys [2008-4-14 20480]
R3 serenum;Serenum Filter Driver;C:\WINDOWS\system32\drivers\serenum.sys [2008-4-14 15744]
R1 Serial;Serial port driver;C:\WINDOWS\system32\drivers\serial.sys [2008-4-14 64512]
S1 Sfloppy;Sfloppy;C:\WINDOWS\system32\drivers\sfloppy.sys [2008-4-14 11392]
S4 Simbad;Simbad; [x]
S3 SLIP;BDA Slip De-Framer;C:\WINDOWS\system32\drivers\SLIP.sys [2009-12-8 11136]
S4 Sparrow;Sparrow; [x]
S3 splitter;Microsoft Kernel Audio Splitter;C:\WINDOWS\system32\drivers\splitter.sys [2008-12-23 6272]
R0 sr;System Restore Filter Driver;C:\WINDOWS\system32\drivers\sr.sys [2008-12-23 73472]
R3 Srv;Srv;C:\WINDOWS\system32\drivers\srv.sys [2008-4-14 354304]
S3 streamip;BDA IPSink;C:\WINDOWS\system32\drivers\StreamIP.sys [2009-12-8 15232]
R3 swenum;Software Bus Driver;C:\WINDOWS\system32\drivers\swenum.sys [2008-4-13 4352]
S3 swmidi;Microsoft Kernel GS Wavetable Synthesizer;C:\WINDOWS\system32\drivers\swmidi.sys [2008-12-23 56576]
S4 symc810;symc810; [x]
S4 symc8xx;symc8xx; [x]
S4 sym_hi;sym_hi; [x]
S4 sym_u3;sym_u3; [x]
R3 sysaudio;Microsoft Kernel System Audio Device;C:\WINDOWS\system32\drivers\sysaudio.sys [2008-12-23 60800]
R1 Tcpip;TCP/IP Protocol Driver;C:\WINDOWS\system32\drivers\tcpip.sys [2008-4-14 361600]
S3 TDPIPE;TDPIPE;C:\WINDOWS\system32\drivers\tdpipe.sys [2008-12-23 12040]
S3 TDTCP;TDTCP;C:\WINDOWS\system32\drivers\tdtcp.sys [2008-12-23 21896]
R1 TermDD;Terminal Device Driver;C:\WINDOWS\system32\drivers\termdd.sys [2008-12-23 40840]
S4 TosIde;TosIde; [x]
S4 Udfs;Udfs;C:\WINDOWS\system32\drivers\udfs.sys [2008-4-14 66048]
S4 ultra;ultra; [x]
R3 Update;Microcode Update Driver;C:\WINDOWS\system32\drivers\update.sys [2008-4-14 384768]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\drivers\usbaapl.sys [2010-1-8 41984]
R3 usbaudio;USB Audio Driver (WDM);C:\WINDOWS\system32\drivers\USBAUDIO.sys [2009-12-8 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\drivers\usbccgp.sys [2008-4-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\drivers\usbehci.sys [2008-4-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver;C:\WINDOWS\system32\drivers\usbhub.sys [2008-4-14 59520]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\drivers\usbprint.sys [2009-1-2 25856]
S3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\drivers\USBSTOR.SYS [2009-1-21 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\drivers\usbuhci.sys [2008-4-14 20608]
R1 VgaSave;VgaSave;C:\WINDOWS\system32\drivers\vga.sys [2008-4-14 20992]
S4 ViaIde;ViaIde; [x]
R0 VolSnap;VolSnap;C:\WINDOWS\system32\drivers\volsnap.sys [2008-4-14 52352]
R3 Wanarp;Remote Access IP ARP Driver;C:\WINDOWS\system32\drivers\wanarp.sys [2008-4-14 34560]
S3 WDICA;WDICA; [x]
R3 wdmaud;Microsoft WINMM WDM Audio Compatibility Driver;C:\WINDOWS\system32\drivers\wdmaud.sys [2008-12-23 83072]
S3 WSTCODEC;World Standard Teletext Codec;C:\WINDOWS\system32\drivers\WSTCODEC.SYS [2009-12-8 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver;C:\WINDOWS\system32\drivers\WudfPf.sys [2006-9-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector;C:\WINDOWS\system32\drivers\WudfRd.sys [2006-9-28 82944]
SUnknown GVTDrv;GVTDrv; [x]
R2 Alerter;Alerter;C:\WINDOWS\system32\svchost.exe -k LocalService [2008-4-14 14336]
R3 ALG;Application Layer Gateway Service;C:\WINDOWS\system32\alg.exe [2008-4-14 44544]
R2 Apple Mobile Device;Apple Mobile Device;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-8-13 144672]
S3 AppMgmt;Application Management;C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 aspnet_state;ASP.NET State Service;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-3-18 35160]
R2 AudioSrv;Windows Audio;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 avgwd;AVG WatchDog;C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-9-10 265400]
S3 BITS;Background Intelligent Transfer Service;C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 Bonjour Service;Bonjour Service;C:\Program Files\Bonjour\mDNSResponder.exe [2010-7-27 345376]
R2 Browser;Computer Browser;C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 CiSvc;Indexing Service;C:\WINDOWS\system32\cisvc.exe [2008-4-14 5632]
S4 ClipSrv;ClipBook;C:\WINDOWS\system32\clipsrv.exe [2008-4-14 33280]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-7-25 69632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 COMSysApp;COM+ System Application;C:\WINDOWS\system32\dllhost.exe [2008-4-14 5120]
R2 CryptSvc;Cryptographic Services;C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-11-19 25832]
R2 DcomLaunch;DCOM Server Process Launcher;C:\WINDOWS\system32\svchost -k DcomLaunch --> C:\WINDOWS\system32\svchost -k DcomLaunch [?]
R2 Dhcp;DHCP Client;C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 dmadmin;Logical Disk Manager Administrative Service;C:\WINDOWS\system32\dmadmin.exe [2008-4-14 224768]
R2 dmserver;Logical Disk Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 Dnscache;DNS Client;C:\WINDOWS\system32\svchost.exe -k NetworkService [2008-4-14 14336]
S3 Dot3svc;Wired AutoConfig;C:\WINDOWS\System32\svchost.exe -k dot3svc [2008-4-14 14336]
S3 EapHost;Extensible Authentication Protocol Service;C:\WINDOWS\System32\svchost.exe -k eapsvcs [2008-4-14 14336]
R2 ERSvc;Error Reporting Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 Eventlog;Event Log;C:\WINDOWS\system32\services.exe [2008-4-14 110592]
R3 EventSystem;COM+ Event System;C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 FastUserSwitchingCompatibility;Fast User Switching Compatibility;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-7-29 46104]
S3 GEST Service;GEST Service for program management.;C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-12-21 80392]
R2 helpsvc;Help and Support;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 HidServ;HID Input Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 hkmsvc;Health Key and Certificate Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
R3 HTTPFilter;HTTP SSL;C:\WINDOWS\System32\svchost.exe -k HTTPFilter [2008-4-14 14336]
S3 IDriverT;InstallDriver Table Manager;C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace;C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-7-29 881664]
S3 ImapiService;IMAPI CD-Burning COM Service;C:\WINDOWS\system32\imapi.exe [2008-4-14 150528]
R3 iPod Service;iPod Service;C:\Program Files\iPod\bin\iPodService.exe [2010-9-24 820008]
R2 LanmanServer;Server;C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 lanmanworkstation;Workstation;C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service;C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-6-9 73728]
S2 LinksysUpdater;Linksys Updater;C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S3 LiveTurbineMessageService;Turbine Message Service - Live;E:\Games\Turbine Download Manager\TurbineMessageService.exe [2009-9-16 267760]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;E:\Games\Turbine Download Manager\TurbineNetworkService.exe [2009-9-16 218608]
R2 LmHosts;TCP/IP NetBIOS Helper;C:\WINDOWS\system32\svchost.exe -k LocalService [2008-4-14 14336]
R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2009-5-18 303104]
S3 Messenger;Messenger;C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 mnmsrvc;NetMeeting Remote Desktop Sharing;C:\WINDOWS\system32\mnmsrvc.exe [2008-12-23 32768]
S3 MSDTC;Distributed Transaction Coordinator;C:\WINDOWS\system32\msdtc.exe [2008-12-23 6144]
S3 MSIServer;Windows Installer;C:\WINDOWS\system32\msiexec.exe [2008-4-14 95744]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-3-30 43010392]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 47128]
S3 napagent;Network Access Protection Agent;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-6-10 877864]
R2 NetDDE;Network DDE;C:\WINDOWS\system32\netdde.exe [2008-4-14 111104]
R2 NetDDEdsdm;Network DDE DSDM;C:\WINDOWS\system32\netdde.exe [2008-4-14 111104]
S3 Netlogon;Net Logon;C:\WINDOWS\system32\lsass.exe [2008-4-14 13312]
R3 Netman;Network Connections;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
R?2 NetTcpPortSharing;Net.Tcp Port Sharing Service;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
R3 Nla;Network Location Awareness (NLA);C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 nmservice;Pure Networks Platform Service;"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" --> C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [?]
S3 NtLmSsp;NT LM Security Support Provider;C:\WINDOWS\system32\lsass.exe [2008-4-14 13312]
S3 NtmsSvc;Removable Storage;C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 NVSvc;NVIDIA Display Driver Service;C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service;C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PlugPlay;Plug and Play;C:\WINDOWS\system32\services.exe [2008-4-14 110592]
R2 PolicyAgent;IPSEC Services;C:\WINDOWS\system32\lsass.exe [2008-4-14 13312]
R2 ProtectedStorage;Protected Storage;C:\WINDOWS\system32\lsass.exe [2008-4-14 13312]
S3 RasAuto;Remote Access Auto Connection Manager;C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R3 RasMan;Remote Access Connection Manager;C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 RDSessMgr;Remote Desktop Help Session Manager;C:\WINDOWS\system32\sessmgr.exe [2008-12-23 141312]
S3 RemoteAccess;Routing and Remote Access;C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 RemoteRegistry;Remote Registry;C:\WINDOWS\system32\svchost.exe -k LocalService [2008-4-14 14336]
S3 RpcLocator;Remote Procedure Call (RPC) Locator;C:\WINDOWS\system32\locator.exe [2008-4-14 75264]
R2 RpcSs;Remote Procedure Call (RPC);C:\WINDOWS\system32\svchost -k rpcss --> C:\WINDOWS\system32\svchost -k rpcss [?]
S3 RSVP;QoS RSVP;C:\WINDOWS\system32\rsvp.exe [2008-4-14 132608]
R2 SamSs;Security Accounts Manager;C:\WINDOWS\system32\lsass.exe [2008-4-14 13312]
S3 SCardSvr;Smart Card;C:\WINDOWS\system32\scardsvr.exe [2008-4-14 95744]
R2 Schedule;Task Scheduler;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 seclogon;Secondary Logon;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 SENS;System Event Notification;C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 SharedAccess;Windows Firewall/Internet Connection Sharing (ICS);C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 ShellHWDetection;Shell Hardware Detection;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 Spooler;Print Spooler;C:\WINDOWS\system32\spoolsv.exe [2008-4-14 58880]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
S4 SQLBrowser;SQL Server Browser;C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-3-30 254808]
R2 SQLWriter;SQL Server VSS Writer;C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-7-10 98840]
R2 srservice;System Restore Service;C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R3 SSDPSRV;SSDP Discovery Service;C:\WINDOWS\system32\svchost.exe -k LocalService [2008-4-14 14336]
R2 stisvc;Windows Image Acquisition (WIA);C:\WINDOWS\system32\svchost.exe -k imgsvc [2008-4-14 14336]
S3 SwPrv;MS Software Shadow Copy Provider;C:\WINDOWS\system32\dllhost.exe [2008-4-14 5120]
S3 SysmonLog;Performance Logs and Alerts;C:\WINDOWS\system32\smlogsvc.exe [2008-4-14 89600]
R3 TapiSrv;Telephony;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
R3 TermService;Terminal Services;C:\WINDOWS\System32\svchost -k DComLaunch --> C:\WINDOWS\System32\svchost -k DComLaunch [?]
R2 Themes;Themes;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
S4 TlntSvr;Telnet;C:\WINDOWS\system32\tlntsvr.exe [2008-4-14 73216]
R2 TrkWks;Distributed Link Tracking Client;C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 upnphost;Universal Plug and Play Device Host;C:\WINDOWS\system32\svchost.exe -k LocalService [2008-4-14 14336]
S3 UPS;Uninterruptible Power Supply;C:\WINDOWS\system32\ups.exe [2008-4-14 18432]
S3 VSS;Volume Shadow Copy;C:\WINDOWS\system32\vssvc.exe [2008-4-14 289792]
R2 W32Time;Windows Time;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 WebClient;WebClient;C:\WINDOWS\system32\svchost.exe -k LocalService [2008-4-14 14336]
R2 winmgmt;Windows Management Instrumentation;C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 WmdmPmSN;Portable Media Serial Number Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 Wmi;Windows Management Instrumentation Driver Extensions;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 WmiApSrv;WMI Performance Adapter;C:\WINDOWS\system32\wbem\wmiapsrv.exe [2008-12-23 126464]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service;C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wscsvc;Security Center;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
R2 wuauserv;Automatic Updates;C:\WINDOWS\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework;C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup [2008-4-14 14336]
R2 WZCSVC;Wireless Zero Configuration;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 xmlprov;Network Provisioning Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2008-4-14 14336]
So yeah, still have the virus. I assume that my inability to properly disable TeaTimer is at fault - it was closed when MalwareBytes was scanning, but naturally started running again when MalwareBytes restarted the computer. Should I completely uninstall Spybot and try again?
airscape
2010-11-02, 23:15
Hi LockeZ,
Sorry for the delay.
Should I completely uninstall Spybot and try again?
Yes do that now please you can install it again when clean
We need to get a closer look at the pc (since DDS won't run) before anything else, to see what is still active.
Security Application Check
Please download SecurityCheck.exe by screen317 from Here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or Here (http://screen317.changelog.fr/SecurityCheck.exe) and save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt
Please post the contents of that document in your next reply.
-------------------------------------------------
Random's System Information Tool (RSIT)
Please download RSIT by random/random from here (http://randomsdomain.co.uk/downloads/RSIT.exe) or here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double-click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two text files will open.
Please copy/paste the contents of both log.txt (will be maximized) and info.txt (will be minimized)
Note: both logs can be found in the C:\rsit folder if you lose them.
-----------------------------------------------
Please download GMER Rootkit Scanner from Here (http://www.gmer.net/download.php).
Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
See image below
http://i314.photobucket.com/albums/ll435/melboy08/GMER_2.png
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in your next reply**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.
Uninstalled Spybot before I started.
SecurityCheck log:
Results of screen317's Security Check version 0.99.6
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
AVG 2011
AVG 2011
AVG 2011
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Adobe Flash Player 10.1.82.76
Adobe Reader 8.1.4
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.10) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
````````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)
``````````End of Log````````````
As a note, I don't have a wireless connection. What I do have is a wired connection to my personal router, which in turn is plugged into the building's network.
Anyway. Next are the RSIT logs. I left the scan setting in RSIT at the default value of 1 month. I think that should be enough since the first virus symptoms were about 17 days ago.
RSIT's log.txt:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Ben McAlpin at 2010-11-02 22:39:15
Microsoft Windows XP Professional Service Pack 3
System drive C: has 216 GB (45%) free of 477 GB
Total RAM: 3326 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:39:29 PM, on 11/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\IoctlSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\TEMP\ksqv.tmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ben McAlpin\Desktop\SecurityCheck.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\notepad.exe
E:\Program Files\Windows Media Player\MP Classic\mplayerc.exe
C:\Documents and Settings\Ben McAlpin\Desktop\RSIT.exe
C:\Program Files\trend micro\Ben McAlpin.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Media Players\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Ivehuneh] rundll32.exe "C:\WINDOWS\uvamikagoxutuxu.dll",Startup
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1287123287843
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - E:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - E:\Games\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - E:\Games\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 7002 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\debutShakeIcon.job
C:\WINDOWS\tasks\videopadShakeIcon.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]
"EasyTuneVI"=C:\Program Files\GIGABYTE\ET6\ETcall.exe [2007-07-26 20480]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-03-25 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-10 2221352]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-05-21 198160]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-12 1135912]
"QuickTime Task"=C:\Program Files\Media Players\QuickTime\QTTask.exe [2010-09-08 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-09-24 421160]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Ivehuneh"=C:\WINDOWS\uvamikagoxutuxu.dll [2008-04-14 190464]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2010-09-15 2745696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\Ben McAlpin\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
Trillian.lnk - C:\Program Files\Trillian\trillian.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMMyPictures"=0x01000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"E:\Program Files\WS_FTP\WS_FTP95.exe"="E:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"E:\Games\Neverwinter Nights II\nwn2main.exe"="E:\Games\Neverwinter Nights II\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"E:\Games\Neverwinter Nights II\nwn2main_amdxp.exe"="E:\Games\Neverwinter Nights II\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"E:\Games\Neverwinter Nights II\nwupdate.exe"="E:\Games\Neverwinter Nights II\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"E:\Games\Neverwinter Nights II\nwn2server.exe"="E:\Games\Neverwinter Nights II\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"E:\Games\Altitude\altitude.exe"="E:\Games\Altitude\altitude.exe:*:Enabled:altitude"
"C:\Program Files\Steam\SteamApps\common\xcom apocalypse\dosbox.exe"="C:\Program Files\Steam\SteamApps\common\xcom apocalypse\dosbox.exe:*:Enabled:X-COM: Apocalypse"
"C:\Program Files\Steam\SteamApps\common\bioshock\Builds\Release\Bioshock.exe"="C:\Program Files\Steam\SteamApps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:Bioshock"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Steam\SteamApps\common\sid meier's pirates!\Pirates!.exe"="C:\Program Files\Steam\SteamApps\common\sid meier's pirates!\Pirates!.exe:*:Enabled:Sid Meier's Pirates!"
"E:\Games\Turbine Download Manager\TurbineMessageService.exe"="E:\Games\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService"
"E:\Games\Turbine Download Manager\TurbineNetworkService.exe"="E:\Games\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService"
"C:\Program Files\Steam\SteamApps\common\sid meier's civilization iv\Civilization4.exe"="C:\Program Files\Steam\SteamApps\common\sid meier's civilization iv\Civilization4.exe:*:Enabled:Sid Meier's Civilization IV"
"E:\Games\Dragon Age\bin_ship\daorigins.exe"="E:\Games\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"E:\Games\Dragon Age\DAOriginsLauncher.exe"="E:\Games\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe"="E:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"E:\Games\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe"="E:\Games\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum"
"C:\Program Files\Steam\SteamApps\common\railroad tycoon 3\RT3.exe"="C:\Program Files\Steam\SteamApps\common\railroad tycoon 3\RT3.exe:*:Enabled:Railroad Tycoon 3"
"C:\Program Files\Steam\SteamApps\common\sid meier's railroads\RailRoads.exe"="C:\Program Files\Steam\SteamApps\common\sid meier's railroads\RailRoads.exe:*:Enabled:Sid Meier's Railroads!"
"C:\Program Files\Steam\SteamApps\common\prey\prey.exe"="C:\Program Files\Steam\SteamApps\common\prey\prey.exe:*:Enabled:Prey"
"C:\Program Files\Steam\SteamApps\common\shattered union\ShatteredUnion.exe"="C:\Program Files\Steam\SteamApps\common\shattered union\ShatteredUnion.exe:*:Enabled:Shattered Union"
"C:\Program Files\Steam\SteamApps\common\civilization iv colonization\Colonization.exe"="C:\Program Files\Steam\SteamApps\common\civilization iv colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV: Colonization"
"C:\Program Files\Steam\SteamApps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords.exe"="C:\Program Files\Steam\SteamApps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization IV: Warlords"
"C:\Program Files\Steam\SteamApps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords_PitBoss.exe"="C:\Program Files\Steam\SteamApps\common\sid meier's civilization iv warlords\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization IV: Warlords"
"C:\Program Files\Steam\SteamApps\common\mafia ii - public demo\launcher.exe"="C:\Program Files\Steam\SteamApps\common\mafia ii - public demo\launcher.exe:*:Enabled:Mafia II - Demo"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Steam\SteamApps\common\borderlands\Binaries\Borderlands.exe"="C:\Program Files\Steam\SteamApps\common\borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer"
"C:\Program Files\Steam\SteamApps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\SteamApps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"C:\Program Files\AVG\AVG10\avgdiagex.exe"="C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011"
"C:\Program Files\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe"="C:\Program Files\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"
"C:\Program Files\Steam\SteamApps\common\left 4 dead 2\bin\SDKLauncher.exe"="C:\Program Files\Steam\SteamApps\common\left 4 dead 2\bin\SDKLauncher.exe:*:Enabled:Left 4 Dead 2 Authoring Tools"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2020-09-18 23:17:22 ----A---- C:\WINDOWS\system32\FontInstaller2.dll
2020-09-18 23:17:21 ----D---- C:\Program Files\High-Logic FontCreator
2020-09-18 23:17:21 ----D---- C:\Documents and Settings\Ben McAlpin\Application Data\FontCreator
2010-11-02 22:39:15 ----D---- C:\rsit
2010-11-02 22:39:15 ----D---- C:\Program Files\trend micro
2010-10-31 23:00:46 ----D---- C:\Documents and Settings\Ben McAlpin\Application Data\Malwarebytes
2010-10-31 23:00:38 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-10-31 23:00:37 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-10-31 23:00:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-10-31 23:00:33 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-10-27 16:06:16 ----D---- C:\Documents and Settings\Ben McAlpin\Application Data\Camfrog
2010-10-27 16:05:59 ----D---- C:\Program Files\Camfrog
2010-10-27 01:46:58 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-10-27 01:45:10 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2010-10-27 01:45:10 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
2010-10-27 01:45:09 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller
2010-10-19 15:57:02 ----D---- C:\WINDOWS\ERDNT
2010-10-19 15:56:25 ----D---- C:\Program Files\ERUNT
2010-10-18 13:11:54 ----HD---- C:\WINDOWS\PIF
2010-10-17 02:46:07 ----HD---- C:\$AVG
2010-10-17 02:44:37 ----D---- C:\Documents and Settings\Ben McAlpin\Application Data\AVG10
2010-10-16 22:18:17 ----HD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
2010-10-16 22:17:56 ----D---- C:\WINDOWS\system32\drivers\AVG
2010-10-16 22:17:56 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG10
2010-10-16 22:06:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
2010-10-15 14:48:04 ----A---- C:\WINDOWS\system32\drivers\revoflt.sys
2010-10-15 14:48:03 ----D---- C:\Program Files\Revo Uninstaller Pro
2010-10-15 14:39:29 ----D---- C:\Program Files\Common Files\Java
2010-10-15 14:39:19 ----A---- C:\WINDOWS\system32\javaws.exe
2010-10-15 14:39:19 ----A---- C:\WINDOWS\system32\javaw.exe
2010-10-15 14:39:19 ----A---- C:\WINDOWS\system32\java.exe
2010-10-15 14:23:14 ----D---- C:\Program Files\Windows Installer Clean Up
2010-10-15 14:22:55 ----D---- C:\Program Files\MSECACHE
2010-10-15 02:57:19 ----A---- C:\WINDOWS\ntbtlog.txt
2010-10-15 01:59:47 ----A---- C:\WINDOWS\system32\MRT.INI
2010-10-15 01:57:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2010-10-15 01:57:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-15 01:57:16 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-15 01:57:12 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-15 01:57:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-15 01:56:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-15 01:56:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-15 01:56:32 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-15 01:56:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-10-15 01:56:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-10-15 01:56:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-10-15 01:56:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-10-15 01:56:08 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-10-15 01:56:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-10-15 01:55:56 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-10-15 01:55:49 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-10-15 01:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-10-15 01:55:39 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-10-15 01:55:29 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-10-15 01:55:18 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-10-15 01:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-10-15 01:54:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-10-15 01:52:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-10-15 01:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-10-15 01:51:36 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-10-15 01:51:32 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-10-15 01:51:28 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-10-15 01:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-10-15 01:51:18 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-10-15 01:51:14 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-10-15 01:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-10-15 01:51:06 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-10-15 01:51:02 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-10-15 01:50:58 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-10-15 01:50:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-10-15 01:50:49 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-10-15 01:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-10-15 01:50:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-10-15 01:50:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-10-15 01:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-10-15 01:50:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-10-15 01:50:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-10-15 01:50:08 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-10-15 01:50:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-10-15 01:50:00 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-10-15 01:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-10-15 01:49:15 ----D---- C:\WINDOWS\ie8updates
2010-10-15 01:46:50 ----HDC---- C:\WINDOWS\ie8
2010-10-15 01:15:26 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-10-15 00:49:14 ----AH---- C:\WINDOWS\system32\ctfmfmon.dll
2010-10-14 17:25:30 ----AH---- C:\WINDOWS\system32\ctfmager.dll
2010-10-12 16:55:58 ----D---- C:\Program Files\XPort 360
2010-10-08 15:29:52 ----D---- C:\Program Files\RPG Maker VX
======List of files/folders modified in the last 1 months======
2010-11-02 22:39:15 ----RD---- C:\Program Files
2010-11-02 22:38:26 ----D---- C:\WINDOWS\Prefetch
2010-11-02 22:37:53 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-02 22:07:07 ----D---- C:\Program Files\Trillian
2010-11-02 22:05:36 ----D---- C:\WINDOWS\system32
2010-11-02 22:05:26 ----D---- C:\WINDOWS\Temp
2010-11-02 22:01:56 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-11-02 21:59:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-02 21:59:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-11-01 22:22:34 ----D---- C:\Program Files\RPG Maker XP
2010-11-01 17:51:04 ----D---- C:\Program Files\iMule-1.4.5
2010-10-31 23:12:13 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-10-31 23:12:13 ----D---- C:\WINDOWS\system32\drivers
2010-10-31 23:12:13 ----D---- C:\WINDOWS
2010-10-31 22:36:37 ----SHD---- C:\WINDOWS\CSC
2010-10-31 14:36:00 ----SD---- C:\WINDOWS\Tasks
2010-10-29 13:56:38 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-29 13:56:30 ----D---- C:\Documents and Settings\Ben McAlpin\Application Data\mIRC
2010-10-29 06:33:39 ----A---- C:\WINDOWS\win.ini
2010-10-28 09:15:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-28 09:15:51 ----SHD---- C:\WINDOWS\Installer
2010-10-28 01:12:43 ----D---- C:\Program Files\Steam
2010-10-27 16:01:08 ----D---- C:\Program Files\CamStudio
2010-10-27 01:46:58 ----D---- C:\Program Files\Common Files
2010-10-16 22:18:10 ----HD---- C:\WINDOWS\inf
2010-10-16 22:17:45 ----D---- C:\Program Files\AVG
2010-10-15 14:42:22 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
2010-10-15 14:39:11 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-10-15 03:34:37 ----D---- C:\WINDOWS\Microsoft.NET
2010-10-15 02:57:58 ----D---- C:\Documents and Settings
2010-10-15 02:28:17 ----D---- C:\WINDOWS\system32\en-US
2010-10-15 02:28:17 ----D---- C:\WINDOWS\AppPatch
2010-10-15 02:28:16 ----D---- C:\WINDOWS\Media
2010-10-15 02:28:16 ----D---- C:\WINDOWS\Help
2010-10-15 02:28:16 ----D---- C:\Program Files\Internet Explorer
2010-10-15 01:57:28 ----HD---- C:\WINDOWS\$hf_mig$
2010-10-15 01:57:25 ----A---- C:\WINDOWS\imsins.BAK
2010-10-15 01:57:05 ----RSD---- C:\WINDOWS\assembly
2010-10-15 01:56:39 ----D---- C:\WINDOWS\WinSxS
2010-10-15 01:55:41 ----D---- C:\Program Files\Movie Maker
2010-10-15 01:53:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-15 01:51:24 ----D---- C:\Program Files\Outlook Express
2010-10-15 01:15:35 ----D---- C:\WINDOWS\SoftwareDistribution
2010-10-15 01:15:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-10-14 23:51:15 ----D---- C:\Documents and Settings\Ben McAlpin\Application Data\Azureus
2010-10-07 10:46:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-10-04 19:36:05 ----D---- C:\Program Files\RPG Maker 2003
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-05-01 43528]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2008-04-14 12160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2007-04-11 10640]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-26 4742656]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2007-05-09 41888]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-20 10235968]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-06-16 109184]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 PRAGMAnseoriyusp;PRAGMAnseoriyusp; C:\WINDOWS\PRAGMAnseoriyusp\PRAGMAd.sys []
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 RsFx0103;RsFx0103 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-01-26 303104]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-10 877864]
R2 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-24 820008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; E:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-07-11 80392]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveTurbineMessageService;Turbine Message Service - Live; E:\Games\Turbine Download Manager\TurbineMessageService.exe [2009-09-16 267760]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; E:\Games\Turbine Download Manager\TurbineNetworkService.exe [2009-09-16 218608]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 47128]
S4 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe []
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]
-----------------EOF-----------------
RSIT's info.txt:
info.txt logfile of random's system information tool 1.08 2010-11-02 22:39:31
======Uninstall list======
-->C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Media Players\DivX\DivXCodecUninstall.exe /CODEC
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adventure Game Studio 3.1.2 SP1-->"C:\Program Files\Adventure Game Studio 3.1.2 SP1\unins000.exe"
Altitude Beta-->E:\Games\Altitude\uninstall.exe
Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}
Apple Mobile Device Support-->MsiExec.exe /I{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATT-PRT22-->C:\PROGRA~1\ATT-PR~1\UNWISE.EXE C:\PROGRA~1\ATT-PR~1\INSTALL.LOG
AVG 2011-->"C:\Program Files\AVG\AVG10\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2011-->MsiExec.exe /I{0323CB96-221A-4042-84A3-93EDE47099FC}
AVG 2011-->MsiExec.exe /I{1A258E63-8DF5-4ADB-9832-38A0121D65EB}
Batman: Arkham Asylum-->"C:\Program Files\InstallShield Installation Information\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}\setup.exe" -runfromtemp -l0x0009 -removeonly
Bioshock-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7670
Bitmap Font Writer (remove only)-->"C:\Program Files\Bitmap Font Writer\uninstall.exe"
Bonjour-->MsiExec.exe /X{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}
Borderlands-->"C:\Program Files\Steam\steam.exe" steam://uninstall/8980
Browser Configuration Utility-->"C:\Program Files\InstallShield Installation Information\{E8AEA11B-E60A-455E-B008-E4E763604612}\setup.exe" -runfromtemp -l0x0009 -removeonly
Camfrog Video Chat 5.5-->"C:\Program Files\Camfrog\Camfrog Video Chat\uninstall.exe"
CamStudio-->C:\Program Files\CamStudio\uninstall.exe
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
Data Lifeguard Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
Debut Video Capture Software-->C:\Program Files\NCH Software\Debut\uninst.exe
DivX Converter-->C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\DivX7\DivX Player\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Setup-->C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
DivX Web Player-->C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX\DivX7\DivX Web Player\DivXWebPlayerUninstall.exe /PLUGIN
Dragon Age: Origins-->C:\Program Files\Common Files\BioWare\Uninstall Dragon Age.exe
Dungeons and Dragons Online - Eberron Unlimited - Live-->"E:\Games\Dungeons and Dragons Online\Uninstall.exe" /silent /query 15b35190-c6f9-11d9-9669-0800200c9a66_is1
Easy Tune 6 B08.0708.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{457D7505-D665-4F95-91C3-ECB8C56E9ACA}
eMule-->"E:\Program Files\File Sharing\eMule\Uninstall.exe"
Energy Saver Advance B8.0711.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7ED169D4-5053-4166-93DF-53B12AE6C539}\setup.exe" -l0x9 -removeonly
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
EVGA Precision 1.3.1-->"C:\Program Files\EVGA Precision\uninstall.exe"
FileAlyzer-->"C:\Program Files\FileAlyzer\unins000.exe"
FileZilla Client 3.2.8-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Fraps-->"C:\Fraps\uninstall.exe"
FreeRIP v3.30-->"C:\Program Files\FreeRIP\unins000.exe"
Game Maker 7.0-->C:\Program Files\Game Maker 7\Uninstal.exe
GIMP 2.6.8-->"C:\Program Files\Gimp\setup\unins000.exe"
GOM Player-->"C:\Program Files\Media Players\GomPlayer\Uninstall.exe"
High-Logic FontCreator 6.1-->"C:\Program Files\High-Logic FontCreator\unins000.exe"
HijackThis 2.0.2-->"E:\Program Files\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB938759)-->"C:\WINDOWS\$NtUninstallKB938759$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB958655-v2)-->"C:\WINDOWS\$NtUninstallKB958655-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
iDraw3.32 Chara Maker-->C:\WINDOWS\UnGins.exe "C:\Program Files\ASCII\TOOLS\iDraw\install.log"
Inno Setup version 5.3.6-->"C:\Program Files\Inno Setup 5\unins000.exe"
iTunes-->MsiExec.exe /I{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}
KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
Left 4 Dead 2 Add-on Support-->"C:\Program Files\Steam\steam.exe" steam://uninstall/564
Left 4 Dead 2 Authoring Tools-->"C:\Program Files\Steam\steam.exe" steam://uninstall/563
Left 4 Dead 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/550
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
Linksys EasyLink Advisor-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{35ACA973-70F0-495F-9092-74A130711865}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Linksys EasyLink Advisor-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{35ACA973-70F0-495F-9092-74A130711865}\setup.exe
Logitech Registration-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
Mafia II - Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/50280
MagicDisc 2.7.106-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft .NET Framework 4 Multi-Targeting Pack-->MsiExec.exe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C}
Microsoft Help Viewer 1.0-->C:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0\install.exe
Microsoft Help Viewer 1.0-->MsiExec.exe /X{47C39E4A-28F2-33B1-B9B7-97F24E52D917}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8}
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}
Microsoft SQL Server 2008 Setup Support Files -->MsiExec.exe /X{D441BD04-E548-4F8E-97A4-1B66135BAAA8}
Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86
Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86
Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /I{3A9FC03D-C685-4831-94CF-4EDFD3749497}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974-->MsiExec.exe /X{B7E38540-E355-3503-AFD7-635B2F2F76E1}
Microsoft Visual C++ 2010 Express - ENU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual C++ 2010 Express - ENU\setup.exe
Microsoft Visual C++ 2010 Express - ENU-->MsiExec.exe /X{46F8CF66-AB83-38A7-99B2-A5BE507EE472}
Mozilla Firefox (3.6.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MUSHclient (remove only)-->C:\Program Files\MUSHclient\uninstall.exe
NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
Nero 8 Essentials-->MsiExec.exe /X{8651784F-123E-4E8F-A5AD-60B8BE121033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Neverwinter Nights 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
osu!-->"C:\WINDOWS\osu!\uninstall.exe" "/U:E:\Games\Osu\Uninstall\uninstall.xml"
PCSX2 - Playstation 2 Emulator-->"E:\Games\PS2\pcsx2-r1888\uninstall-r1888.exe"
Phenomenon 32 v1.4-->"E:\Games\Ph32\unins000.exe"
Prey-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3970
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
Railroad Tycoon 3-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7610
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
Revo Uninstaller Pro 2.4.1-->"C:\Program Files\Revo Uninstaller Pro\unins000.exe"
RGSS-RTP Standard-->MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
RM2K3 English Beta - by Delta Xtream Entertainment-->C:\Program Files\Enterbrain\RPG2003\Uninstal.exe
ROM CHECK FAIL 1.0-->"E:\Games\Rom Check Fail\unins000.exe"
RPG Maker 2000 1.07b-->C:\WINDOWS\UnGins.exe "C:\Program Files\RPG Maker 2000\install.log"
RPG Maker 2003 v1.08-->"C:\Program Files\RPG Maker 2003\unins000.exe"
RPG Maker VX RTP-->"C:\Program Files\RPG Maker VX\RTP\unins000.exe"
RPG Maker VX-->"C:\Program Files\RPG Maker VX\unins000.exe"
RPGcN[2003 - Vindication-->C:\WINDOWS\gamedelete.exe "E:\My Documents\Vindication\RPG_RT.ind"
RPGMaker 2003 1.03e Release3-->C:\WINDOWS\iun506.exe C:\Program Files\Enterbrain\RPG2003\irunin.ini
RPGXP-->MsiExec.exe /I{9B34CAC6-738F-4A20-B428-A115C3E3474C}
RTP 1.32 Add-On for RM2k-->C:\WINDOWS\UnGins.exe "C:\Program Files\RPG Maker 2000\RTP\install.log"
RTP2003-->C:\WINDOWS\unvise32.exe c:\program files\rpg maker 2003\rtp\uninstal.log
SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe"
Security Update for Windows Internet Explorer 7 (KB2360131)-->"C:\WINDOWS\ie7updates\KB2360131-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Service Pack 1 for SQL Server 2008 (KB968369)-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB968369\ServicePack\setup.exe" /Action=RemovePatch /AllInstances
Shattered Union-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3960
Sid Meier's Civilization IV: Beyond the Sword-->"C:\Program Files\Steam\steam.exe" steam://uninstall/8800
Sid Meier's Civilization IV: Colonization-->"C:\Program Files\Steam\steam.exe" steam://uninstall/16810
Sid Meier's Civilization IV: Warlords-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3990
Sid Meier's Civilization IV-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3900
Sid Meier's Pirates!-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3920
Sid Meier's Railroads!-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7600
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7}
SSH Secure Shell-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
Timershot Powertoy for Windows XP-->MsiExec.exe /I{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}
Torchlight-->E:\Games\Torchlight\uninstall.exe
Trillian-->C:\Program Files\Trillian\Trillian.exe /uninstall
Turbine Download Manager - Live-->"E:\Games\Turbine Download Manager\UninstallTDM.exe" /silent /query 62289540-dc30-11dc-95ff-0800200c9a66_is1
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB2362765)-->"C:\WINDOWS\ie8updates\KB2362765-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoPad Video Editor-->C:\Program Files\NCH Software\VideoPad\uninst.exe
Vindication 2.2.12-->"C:\Program Files\Vindication\unins000.exe"
VLC media player 0.9.9-->C:\Program Files\Media Players\VLC\uninstall.exe
VobSub v2.23 (Remove Only)-->"C:\Program Files\Media Players\VobSub\uninstall.exe"
Warcraft II BNE-->C:\WINDOWS\W2BNEUnin.exe C:\WINDOWS\W2BNEUnin.dat
Warcraft III-->C:\Program Files\Common Files\Blizzard Entertainment\Warcraft III\Uninstall.exe
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
X-COM: Apocalypse-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7660
Xiph QuickTime Components-->"C:\Program Files\QuickTime\QTComponents\XiphQTuninstall.exe"
XPort 360-->"C:\Program Files\XPort 360\unins000.exe"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Antivirus (outdated)
======System event log======
Computer Name: WAFFLES
Event Code: 4321
Message: The name "WORKGROUP :1d" could not be registered on the Interface with IP address 10.11.100.208.
The machine with the IP address 10.11.100.130 did not allow the name to be claimed by
this machine.
Record Number: 3935
Source Name: NetBT
Time Written: 20100131225434.000000-360
Event Type: error
User:
Computer Name: WAFFLES
Event Code: 4321
Message: The name "WORKGROUP :1d" could not be registered on the Interface with IP address 10.11.100.208.
The machine with the IP address 10.11.100.130 did not allow the name to be claimed by
this machine.
Record Number: 3934
Source Name: NetBT
Time Written: 20100130162807.000000-360
Event Type: error
User:
Computer Name: WAFFLES
Event Code: 4321
Message: The name "WORKGROUP :1d" could not be registered on the Interface with IP address 10.11.100.208.
The machine with the IP address 10.11.100.130 did not allow the name to be claimed by
this machine.
Record Number: 3927
Source Name: NetBT
Time Written: 20100127163909.000000-360
Event Type: error
User:
Computer Name: WAFFLES
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Record Number: 3926
Source Name: W32Time
Time Written: 20100127160719.000000-360
Event Type: warning
User:
Computer Name: WAFFLES
Event Code: 7023
Message: The SSHNAS service terminated with the following error:
The specified module could not be found.
Record Number: 3901
Source Name: Service Control Manager
Time Written: 20100127022752.000000-360
Event Type: error
User:
=====Application event log=====
Computer Name: WAFFLES
Event Code: 15151
Message: Cannot find the object 'database_audit_specifications', because it does not exist or you do not have permission.
Record Number: 1400
Source Name: MSSQL$SQLEXPRESS
Time Written: 20100919103922.000000-300
Event Type: error
User:
Computer Name: WAFFLES
Event Code: 15151
Message: Cannot find the object 'database_audit_specification_details', because it does not exist or you do not have permission.
Record Number: 1399
Source Name: MSSQL$SQLEXPRESS
Time Written: 20100919103922.000000-300
Event Type: error
User:
Computer Name: WAFFLES
Event Code: 15151
Message: Cannot find the object 'fulltext_index_fragments', because it does not exist or you do not have permission.
Record Number: 1398
Source Name: MSSQL$SQLEXPRESS
Time Written: 20100919103922.000000-300
Event Type: error
User:
Computer Name: WAFFLES
Event Code: 15151
Message: Cannot find the object 'fulltext_stoplists', because it does not exist or you do not have permission.
Record Number: 1397
Source Name: MSSQL$SQLEXPRESS
Time Written: 20100919103922.000000-300
Event Type: error
User:
Computer Name: WAFFLES
Event Code: 15151
Message: Cannot find the object 'fulltext_stopwords', because it does not exist or you do not have permission.
Record Number: 1396
Source Name: MSSQL$SQLEXPRESS
Time Written: 20100919103922.000000-300
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files\Media Players\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"asl.log"=Destination=file;OnFirstLog=command,environment
"VS100COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 10.0\Common7\Tools\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
I then ran GMER. It gave me no warnings about rootkit activity or anything else. But it did something really weird.
Even though I scanned only my C: drive with "Show all" turned off (which is the default setting, by the way), GMER produced an 82000 line file which contains the filenames of every single file on my E: drive. But in all the filenames, it called the drive C: instead of E:. So, for example, GMER's log lists all my installed games files as being in C:\Games\ even though on my computer they are really in E:\Games\. It does this for all the files.
I read through the files and confirmed that every single file in the log is actually on the E: drive. And also that every single file on the E: drive is in the log.
C: is my system drive, and was the only drive that was checked in GMER when I hit the scan button. E: is an internal storage drive that used to be my main hard drive on my old computer.
I promise I didn't have "Show all" turned on. I tested it again to make sure, and it did the same thing.
I don't feel comfortable posting my entire hard drive's contents on a public forum. I'm only posting the first part of the log that has the non-file-related content, and the first and last few lines of the files so you can see an example of what it was doing.
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-11-03 01:35:50
Windows 5.1.2600 Service Pack 3
Running: 8cdrtezi.exe; Driver: C:\DOCUME~1\BENMCA~1\LOCALS~1\Temp\pwldqpob.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB73E2380, 0x5414D5, 0xE8000020]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A530AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A530AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A530AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A530AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A530AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 8A530AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 8A530AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-10 8A530AF1
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Files - GMER 1.0.15 ----
File C:\arcldr.exe 150528 bytes
File C:\arcsetup.exe 163840 bytes
File C:\Documents and Settings\Administrator\Application Data\Adobe 0 bytes
File C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat 0 bytes
File C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0 0 bytes
File C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\AdobeCMapFnt09.lst 979 bytes
File C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\AdobeSysFnt09.lst 20696 bytes
File C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\Collab 0 bytes
File C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\Forms 0 bytes
File C:\Documents and Settings\Administrator\Application Data\Adobe\Acrobat\9.0\JavaScripts 0 bytes
...
(this continues for another 82000+ lines)
(these files are really all on my E: drive, despite the C: in the filenames in this log)
...
File C:\WINNT\RegisteredPackages\{F1CAE27D-85D3-4642-B9E9-48D7F9F56C82}\MDACXPAK.CAB 2337434 bytes
File C:\WINNT\RegisteredPackages\{F1CAE27D-85D3-4642-B9E9-48D7F9F56C82}\MDACXPAK.CAT 31784 bytes
File C:\WINNT\RegisteredPackages\{F1CAE27D-85D3-4642-B9E9-48D7F9F56C82}\MDACXPAK.INF 6355 bytes
File C:\WINNT\Registration 0 bytes
File C:\WINNT\Registration\R0000000000d4.clb 15456 bytes
File C:\WINNT\Registration\R0000000000d3.clb 15456 bytes
File C:\WINNT\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.crmlog 1048576 bytes
File C:\WINNT\REGLOCS.OLD 8192 bytes
---- EOF - GMER 1.0.15 ----
For kicks, even though you didn't ask for it, I then scanned my E: drive. Here are the results. No files this time, brilliantly. It still scanned all the same files, but it listed the correct letter this time, and none of them made it to the results log. The three filenames listed under Kernel Code and User Code are really on the real C: drive.
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-11-03 03:30:16
Windows 5.1.2600 Service Pack 3
Running: 8cdrtezi.exe; Driver: C:\DOCUME~1\BENMCA~1\LOCALS~1\Temp\pwldqpob.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB73E2380, 0x5414D5, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[248] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 103FDDE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A530AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A530AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A530AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A530AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A530AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 8A530AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 8A530AF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-10 8A530AF1
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
airscape
2010-11-04, 18:39
Hello,
As per forum policy (I would prefer you to) please remove eMule via Start > Control Panel > Add/Remove Programs
If you value your pc at all, I would stay well away from these programs. This may have been the reason the pc got infected.
Also, please let me know if this pc is used for business purposes?
Sorry, I didn't realize I had eMule installed, or I would have uninstalled it initially at the same time as I uninstalled uTorrent. eMule hasn't been used in over a year. I have uninstalled it now.
Yes, I run a web design business from home and this PC is used for my work. However it is also used for non-work-related activities.
airscape
2010-11-06, 20:09
Hello,
Unfortunately, we cannot help remove malware from a computer, used for any kind of business purposes.
Many of these type systems may have specific modifications made..which could be removed or damaged by the tools we use. These altered systems may also hinder our tools, possibly reducing their effectiveness in removing the malware.
Please read this topic where we explain why we don't help with these machines:
http://forums.spybot.info/showpost.php?p=25712&postcount=5
The scans we run often reveal information that most businesses would not want exposed in an open forum, and there are other legal constraints and ramifications involved with business machines that we are not equipped or trained to deal with.
I'm sorry, that I am not able to offer you more assistance. Thank you, for your understanding in this matter.
I will now ask for this topic to be closed.