Page 4 of 7 FirstFirst 1234567 LastLast
Results 31 to 40 of 64

Thread: Help with Virtumonde clean up

  1. #31
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Thats great, yes redo both immunization on both programs. Spybot also has the option to lock the hosts file so that it can't be changed. I am on a computer with no Spybot so I cant direct you, but read the tutorial.

    Take care,
    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  2. #32
    Member al5579's Avatar
    Join Date
    Dec 2008
    Location
    Bronx, New York
    Posts
    40

    Default

    I still have some doubts about the goored.com. I know that I said it seemed to work but last night after my last post when I first clicked on the link it got me directly to the forums. But when I clicked Back and clicked on it again just to make sure it was completely fixed, goored came back again. Perhaps, I missed something? Spybot SD and Malwarebyte's didn't pick anything up.
    NCIS fan | House, M.D. watcher | Terminator: The Sarah Conner Chronicles watcher
    Stargate SG-1 fan | Stargate Atlantis fan | Whose Line Is It Anyway? fan

  3. #33
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    We need to dig deeper, there is a registry key responsible for Goored

    Download DNS Check to your Desktop
    • Double click DNSCheck.exe (allow it through your firewall if asked)
    • Follow the on-screen instructions. When done, a log will open, and be saved to the desktop.
    • Please copy and paste that log in your next reply.



    Download RegQuery to your Desktop.
    • Double click RegQuery.exe to run the program.
    • Copy and paste the following Registry key path into where it says Enter key name.

    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox
    • Click the Query button.
    • A Notepad file opens. Please copy and paste the contents back here.



    Download DirLook
    • Double-click DirLook.exe to run it.
    • Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
    • Copy the content of the following codebox into the textfield labeled "Directory


    Just fill in your user name.

    Code:
    c:\documents and settings\-->user name<--\Local Settings\Application Data
    • Click the DirLook button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply

    Note: The log can also be found at C:\dl_log.txt)
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #34
    Member al5579's Avatar
    Join Date
    Dec 2008
    Location
    Bronx, New York
    Posts
    40

    Default

    Logs as requested.

    DNSCheck v.0.8.14
    Checking No-Exist Redirector
    Fake name: nsaaqadhshspwtvmtkja.com
    192.168.2.1: NSLOOKUP.EXE reverse resolution failed. Failing over to local DNS.
    Local DNS (DNSAPI) error: Fails to reverse resolve. -- WARNING!
    No records found for given DNS query.
    2: NSLOOKUP.EXE reverse resolution failed. Failing over to local DNS.
    Local DNS (DNSAPI) error: Fails to reverse resolve. -- WARNING!
    No records found for given DNS query.
    Checking site: google.com


    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
    "{609E0751-889D-402A-B225-DBA0ACE20764}"="C:\\Documents and Settings\\Allen\\Local Settings\\Application Data\\{609E0751-889D-402A-B225-DBA0ACE20764}"
    "{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\\Program Files\\AVG\\AVG8\\Firefox"
    "{1d5287d1-8a92-0001-1f31-1cec198018d8}"="C:\\Program Files\\AVG\\AVG8\\ToolbarFF"


    DirLook.exe v2.0 by jpshortstuff
    Log created at 19:42 on 10/12/2008
    ==================================
    Contents of "c:\documents and settings\Allen\Local Settings\Application Data"

    ---FOLDERS---

    Adobe (Created on 11/12/2006 at 00:58) d-----
    AOL (Created on 11/08/2008 at 04:52) d-----
    AOL OCP (Created on 11/08/2008 at 04:52) d-----
    ApplicationHistory (Created on 18/11/2006 at 02:10) d-----
    ATI (Created on 18/11/2006 at 02:10) d-----
    BVRP Software (Created on 18/11/2006 at 02:10) d-----
    Freelancer (Created on 15/01/2007 at 00:25) d-----
    Gearbox Software (Created on 26/07/2008 at 21:41) d-----
    Google (Created on 18/11/2006 at 02:10) d-----
    Help (Created on 09/01/2007 at 04:33) d-----
    Identities (Created on 13/02/2007 at 07:45) d-----
    Microsoft (Created on 18/11/2006 at 02:10) d-----
    Mozilla (Created on 18/11/2006 at 03:32) d-----
    My Games (Created on 05/02/2007 at 19:45) d-----
    PCHealth (Created on 14/03/2008 at 06:11) d-----
    The Weather Channel (Created on 21/08/2007 at 01:25) d-----
    World in Conflict (Created on 01/07/2008 at 23:41) d-----
    World in Conflict - DEMO (Created on 01/05/2008 at 23:09) d-----
    Yahoo (Created on 18/11/2006 at 02:10) d-----
    {3248F0A6-6813-11D6-A77B-00B0D0150060} (Created on 18/11/2006 at 02:10) d-----
    {609E0751-889D-402A-B225-DBA0ACE20764} (Created on 04/12/2008 at 00:48) d-----

    ---FILES---

    DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini (50688 bytes - created on 25/12/2006 at 22:31, modified on 30/11/2008 at 01:56) --a---
    fusioncache.dat (128 bytes - created on 18/11/2006 at 02:10, modified on 18/11/2006 at 02:10) --a---
    GDIPFONTCACHEV1.DAT (69672 bytes - created on 18/11/2006 at 13:51, modified on 04/08/2008 at 22:24) --a---
    IconCache.db (2112996 bytes - created on 27/05/2008 at 07:57, modified on 27/05/2008 at 07:57) --ah--

    ==================================
    =EOF=
    NCIS fan | House, M.D. watcher | Terminator: The Sarah Conner Chronicles watcher
    Stargate SG-1 fan | Stargate Atlantis fan | Whose Line Is It Anyway? fan

  5. #35
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Do a windows search and delete this
    nsaaqadhshspwtvmtkja.com


    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
    "{609E0751-889D-402A-B225-DBA0ACE20764}"=-
    Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

    If you saved the file correctly it should look like this
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #36
    Member al5579's Avatar
    Join Date
    Dec 2008
    Location
    Bronx, New York
    Posts
    40

    Default

    I did a Windows search but nothing came up.
    NCIS fan | House, M.D. watcher | Terminator: The Sarah Conner Chronicles watcher
    Stargate SG-1 fan | Stargate Atlantis fan | Whose Line Is It Anyway? fan

  7. #37
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    • Next Go start> Run type cmd and hit OK
    • Type in ipconfig /flushdns then hit enter
      (that space between g and / is needed)
    • Type exit hit enter
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #38
    Member al5579's Avatar
    Join Date
    Dec 2008
    Location
    Bronx, New York
    Posts
    40

    Default

    Ok, did exactly as you told me at the command prompt. I did another search but still no results.
    NCIS fan | House, M.D. watcher | Terminator: The Sarah Conner Chronicles watcher
    Stargate SG-1 fan | Stargate Atlantis fan | Whose Line Is It Anyway? fan

  9. #39
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Did cleaning out the DNS cache help any. I see no mention of Goored in any of the programs or scans we have run.

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #40
    Member al5579's Avatar
    Join Date
    Dec 2008
    Location
    Bronx, New York
    Posts
    40

    Default

    I cleared the DNS cache and did another search on my C drive but nsaaqadhshspwtvmtkja.com didn't show up, even with search hidden files and archives ticked in the checkboxes. I downloaded and ran RSIT but only opened log.txt

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Allen at 2008-12-10 22:26:55
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 23 GB (32%) free of 71 GB
    Total RAM: 2046 MB (65% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:27:10 PM, on 12/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Tall Emu\Online Armor\oacat.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Tall Emu\Online Armor\oaui.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TM1184\ControlUtility\ControlUtility.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Tall Emu\Online Armor\oahlp.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Allen\Desktop\RSIT.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\Allen.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Dell Control Utility.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

    --
    End of file - 7567 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1208991377.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-03 2055960]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
    "DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
    "SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-08-15 282624]
    "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
    "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
    "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
    "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-11-15 98304]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-21 185896]
    "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-03 1261336]
    "@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2008-11-26 6223048]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"=C:\Program Files\Dell Support\DSAgnt.exe [2006-07-16 389120]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Dell Control Utility.lnk - C:\Program Files\TM1184\ControlUtility\ControlUtility.exe
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
    hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="avgrsstx.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
    "{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-11-26 886984]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDrives"=0
    "NoDriveAutoRun"=67108863

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Microsoft Games\Age of Empires III - The WarChiefs Trial\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III - The WarChiefs Trial\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs Trial"
    "C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
    "C:\Program Files\Sierra\SWAT 4\Content\System\Swat4.exe"="C:\Program Files\Sierra\SWAT 4\Content\System\Swat4.exe:*:Enabled:SWAT 4"
    "C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
    "C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
    "C:\Program Files\Rockstar Games\Midnight Club 2\mc2.exe"="C:\Program Files\Rockstar Games\Midnight Club 2\mc2.exe:*:Enabled:mc2"
    "C:\Program Files\Microsoft Games\Freelancer\EXE\Freelancer.exe"="C:\Program Files\Microsoft Games\Freelancer\EXE\Freelancer.exe:*:Enabled:Freelancer"
    "C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe"="C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe:*:Enabled:SWAT 4 - The Stetchkov Syndicate"
    "C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe"="C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe:*:Enabled:SWAT 4 - The Stetchkov Syndicate Dedicated Server"
    "C:\Program Files\WizardWorks\911 - First Responders\Em4.exe"="C:\Program Files\WizardWorks\911 - First Responders\Em4.exe:*:Enabled:Em4"
    "C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe"="C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:*:Enabled:World in Conflict"
    "C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe"="C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:*:Enabled:World in Conflict - Online Only"
    "C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe"="C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server"
    "C:\Program Files\EA Games\James Bond 007 Nightfire\Bond.exe"="C:\Program Files\EA Games\James Bond 007 Nightfire\Bond.exe:*:Enabled:Bond"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\Ubisoft\Silent Hunter Wolves of the Pacific\gu.exe"="C:\Program Files\Ubisoft\Silent Hunter Wolves of the Pacific\gu.exe:*:Enabled:Run Silent Hunter Wolves of the Pacific"
    "C:\Program Files\Ubisoft\Silent Hunter Wolves of the Pacific\sh4.exe"="C:\Program Files\Ubisoft\Silent Hunter Wolves of the Pacific\sh4.exe:*:Enabled:Silent Hunter IV"
    "C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
    "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    shell\AutoRun\command - E:\setup.exe


    ======List of files/folders created in the last 1 months======

    2008-12-10 19:42:03 ----A---- C:\DirLook.txt
    2008-12-09 20:48:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-09 20:48:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-09 20:48:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-09 20:47:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2008-12-09 20:11:19 ----D---- C:\HostsXpert
    2008-12-09 19:18:54 ----D---- C:\Documents and Settings\Allen\Application Data\Mozilla
    2008-12-09 19:12:58 ----D---- C:\Program Files\Mozilla Firefox
    2008-12-09 13:44:34 ----D---- C:\rsit
    2008-12-09 00:51:42 ----D---- C:\WINDOWS\pss
    2008-12-07 22:41:56 ----SHD---- C:\RECYCLER
    2008-12-07 00:06:57 ----D---- C:\WINDOWS\temp
    2008-12-07 00:06:54 ----A---- C:\ComboFix.txt
    2008-12-06 16:11:46 ----A---- C:\Boot.bak
    2008-12-06 16:11:16 ----RASHD---- C:\cmdcons
    2008-12-06 16:08:02 ----A---- C:\WINDOWS\NIRCMD.exe
    2008-12-06 16:07:55 ----D---- C:\WINDOWS\ERDNT
    2008-12-06 15:12:26 ----A---- C:\WINDOWS\ntbtlog.txt
    2008-12-05 21:44:08 ----D---- C:\Program Files\Trend Micro
    2008-12-04 22:30:24 ----D---- C:\Program Files\SpywareBlaster
    2008-12-04 16:41:04 ----D---- C:\Documents and Settings\Allen\Application Data\Malwarebytes
    2008-12-04 16:40:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-12-04 16:40:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-12-03 22:51:07 ----D---- C:\Documents and Settings\Allen\Application Data\OnlineArmor
    2008-12-03 22:51:07 ----D---- C:\Documents and Settings\All Users\Application Data\OnlineArmor
    2008-12-03 22:50:35 ----D---- C:\Program Files\Tall Emu
    2008-12-03 20:39:22 ----HD---- C:\$AVG8.VAULT$
    2008-12-03 20:34:26 ----A---- C:\WINDOWS\system32\avgrsstx.dll
    2008-12-03 20:34:19 ----D---- C:\Documents and Settings\Allen\Application Data\AVGTOOLBAR
    2008-12-03 20:34:00 ----D---- C:\Program Files\AVG
    2008-12-03 20:34:00 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2008-12-03 19:48:32 ----A---- C:\WINDOWS\ijibanovekegubix.dll
    2008-12-03 19:01:11 ----D---- C:\WINDOWS\Minidump
    2008-12-03 18:44:22 ----A---- C:\WINDOWS\system32\4b8e9747-.txt
    2008-11-27 13:25:14 ----D---- C:\Program Files\Common Files\Motorola Shared
    2008-11-27 13:25:02 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software
    2008-11-20 15:44:26 ----A---- C:\WINDOWS\system32\xfcodec.dll
    2008-11-12 01:40:04 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
    2008-11-12 01:39:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
    2008-11-12 01:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

    ======List of files/folders modified in the last 1 months======

    2008-12-10 22:21:50 ----D---- C:\Documents and Settings\Allen\Application Data\Xfire
    2008-12-10 22:11:48 ----D---- C:\WINDOWS\Prefetch
    2008-12-10 20:37:02 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
    2008-12-10 19:35:04 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-12-10 19:33:21 ----D---- C:\WINDOWS
    2008-12-10 19:31:27 ----D---- C:\WINDOWS\Registration
    2008-12-10 01:58:03 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-12-09 21:11:35 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-12-09 20:56:28 ----D---- C:\WINDOWS\system32
    2008-12-09 20:48:54 ----HD---- C:\WINDOWS\inf
    2008-12-09 20:48:38 ----A---- C:\WINDOWS\imsins.BAK
    2008-12-09 20:48:32 ----SHD---- C:\WINDOWS\system32\dllcache
    2008-12-09 20:48:29 ----D---- C:\Program Files\Internet Explorer
    2008-12-09 20:48:13 ----HD---- C:\WINDOWS\$hf_mig$
    2008-12-09 19:12:58 ----D---- C:\Program Files
    2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-12-09 12:23:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-09 12:20:19 ----D---- C:\Program Files\Spybot - Search & Destroy
    2008-12-09 00:35:53 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
    2008-12-08 22:39:46 ----D---- C:\WINDOWS\system32\Restore
    2008-12-08 22:39:45 ----SHD---- C:\System Volume Information
    2008-12-08 21:06:58 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-12-07 00:07:37 ----D---- C:\WINDOWS\system32\drivers
    2008-12-07 00:01:17 ----A---- C:\WINDOWS\system.ini
    2008-12-06 23:58:49 ----D---- C:\WINDOWS\system32\config
    2008-12-06 23:56:17 ----D---- C:\WINDOWS\AppPatch
    2008-12-06 23:56:17 ----D---- C:\Program Files\Common Files
    2008-12-06 23:40:46 ----SD---- C:\WINDOWS\Tasks
    2008-12-06 16:11:46 ----RASH---- C:\boot.ini
    2008-12-04 21:09:05 ----SHD---- C:\WINDOWS\Installer
    2008-12-03 23:55:06 ----SD---- C:\Program Files\Xfire
    2008-12-03 20:33:47 ----D---- C:\WINDOWS\WinSxS
    2008-12-03 20:33:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2008-12-03 20:30:25 ----SD---- C:\Documents and Settings\Allen\Application Data\Microsoft
    2008-12-03 19:31:24 ----A---- C:\WINDOWS\wininit.ini
    2008-11-28 19:19:17 ----D---- C:\Program Files\SmileyPad
    2008-11-27 13:31:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2008-11-22 20:10:17 ----D---- C:\Documents and Settings\Allen\Application Data\Hamachi
    2008-11-22 14:05:32 ----D---- C:\WINDOWS\Help
    2008-11-20 19:27:01 ----D---- C:\Documents and Settings\Allen\Application Data\teamspeak2

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
    R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-03 97928]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-03 26824]
    R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
    R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
    R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
    R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
    R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-03 76040]
    R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
    R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
    R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
    R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
    R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
    R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
    R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
    R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-06-07 1580544]
    R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-14 44544]
    R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-04-15 25280]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
    R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
    R3 IPFilter;Microsoft IntelliPoint Features driver; C:\WINDOWS\system32\DRIVERS\IPFilter.sys [2002-04-11 11136]
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-08-15 1171464]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
    S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
    S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
    S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
    S3 MotoSwitchService;MotoSwitch Service; C:\WINDOWS\system32\DRIVERS\motswch.sys [2007-11-02 6400]
    S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
    S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
    S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
    S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
    S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
    S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
    S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-06-07 409600]
    R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-03 875288]
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-03 231704]
    R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-06-02 86606]
    R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
    R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
    R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
    R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\oacat.exe [2008-11-26 1402568]
    R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2008-11-26 3321032]
    S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
    S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
    S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe []

    -----------------EOF-----------------
    NCIS fan | House, M.D. watcher | Terminator: The Sarah Conner Chronicles watcher
    Stargate SG-1 fan | Stargate Atlantis fan | Whose Line Is It Anyway? fan

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •