Thats great, yes redo both immunization on both programs. Spybot also has the option to lock the hosts file so that it can't be changed. I am on a computer with no Spybot so I cant direct you, but read the tutorial.
Take care,
Ken
Thats great, yes redo both immunization on both programs. Spybot also has the option to lock the hosts file so that it can't be changed. I am on a computer with no Spybot so I cant direct you, but read the tutorial.
Take care,
Ken
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
I still have some doubts about the goored.com. I know that I said it seemed to work but last night after my last post when I first clicked on the link it got me directly to the forums. But when I clicked Back and clicked on it again just to make sure it was completely fixed, goored came back again. Perhaps, I missed something? Spybot SD and Malwarebyte's didn't pick anything up.
NCIS fan | House, M.D. watcher | Terminator: The Sarah Conner Chronicles watcher
Stargate SG-1 fan | Stargate Atlantis fan | Whose Line Is It Anyway? fan
We need to dig deeper, there is a registry key responsible for Goored
Download DNS Check to your Desktop
- Double click DNSCheck.exe (allow it through your firewall if asked)
- Follow the on-screen instructions. When done, a log will open, and be saved to the desktop.
- Please copy and paste that log in your next reply.
Download RegQuery to your Desktop.
- Double click RegQuery.exe to run the program.
- Copy and paste the following Registry key path into where it says Enter key name.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox
- Click the Query button.
- A Notepad file opens. Please copy and paste the contents back here.
Download DirLook
- Double-click DirLook.exe to run it.
- Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
- Copy the content of the following codebox into the textfield labeled "Directory
Just fill in your user name.
Code:c:\documents and settings\-->user name<--\Local Settings\Application Data
- Click the DirLook button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply
Note: The log can also be found at C:\dl_log.txt)
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Logs as requested.
DNSCheck v.0.8.14
Checking No-Exist Redirector
Fake name: nsaaqadhshspwtvmtkja.com
192.168.2.1: NSLOOKUP.EXE reverse resolution failed. Failing over to local DNS.
Local DNS (DNSAPI) error: Fails to reverse resolve. -- WARNING!
No records found for given DNS query.
2: NSLOOKUP.EXE reverse resolution failed. Failing over to local DNS.
Local DNS (DNSAPI) error: Fails to reverse resolve. -- WARNING!
No records found for given DNS query.
Checking site: google.com
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox]
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{609E0751-889D-402A-B225-DBA0ACE20764}"="C:\\Documents and Settings\\Allen\\Local Settings\\Application Data\\{609E0751-889D-402A-B225-DBA0ACE20764}"
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\\Program Files\\AVG\\AVG8\\Firefox"
"{1d5287d1-8a92-0001-1f31-1cec198018d8}"="C:\\Program Files\\AVG\\AVG8\\ToolbarFF"
DirLook.exe v2.0 by jpshortstuff
Log created at 19:42 on 10/12/2008
==================================
Contents of "c:\documents and settings\Allen\Local Settings\Application Data"
---FOLDERS---
Adobe (Created on 11/12/2006 at 00:58) d-----
AOL (Created on 11/08/2008 at 04:52) d-----
AOL OCP (Created on 11/08/2008 at 04:52) d-----
ApplicationHistory (Created on 18/11/2006 at 02:10) d-----
ATI (Created on 18/11/2006 at 02:10) d-----
BVRP Software (Created on 18/11/2006 at 02:10) d-----
Freelancer (Created on 15/01/2007 at 00:25) d-----
Gearbox Software (Created on 26/07/2008 at 21:41) d-----
Google (Created on 18/11/2006 at 02:10) d-----
Help (Created on 09/01/2007 at 04:33) d-----
Identities (Created on 13/02/2007 at 07:45) d-----
Microsoft (Created on 18/11/2006 at 02:10) d-----
Mozilla (Created on 18/11/2006 at 03:32) d-----
My Games (Created on 05/02/2007 at 19:45) d-----
PCHealth (Created on 14/03/2008 at 06:11) d-----
The Weather Channel (Created on 21/08/2007 at 01:25) d-----
World in Conflict (Created on 01/07/2008 at 23:41) d-----
World in Conflict - DEMO (Created on 01/05/2008 at 23:09) d-----
Yahoo (Created on 18/11/2006 at 02:10) d-----
{3248F0A6-6813-11D6-A77B-00B0D0150060} (Created on 18/11/2006 at 02:10) d-----
{609E0751-889D-402A-B225-DBA0ACE20764} (Created on 04/12/2008 at 00:48) d-----
---FILES---
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini (50688 bytes - created on 25/12/2006 at 22:31, modified on 30/11/2008 at 01:56) --a---
fusioncache.dat (128 bytes - created on 18/11/2006 at 02:10, modified on 18/11/2006 at 02:10) --a---
GDIPFONTCACHEV1.DAT (69672 bytes - created on 18/11/2006 at 13:51, modified on 04/08/2008 at 22:24) --a---
IconCache.db (2112996 bytes - created on 27/05/2008 at 07:57, modified on 27/05/2008 at 07:57) --ah--
==================================
=EOF=
NCIS fan | House, M.D. watcher | Terminator: The Sarah Conner Chronicles watcher
Stargate SG-1 fan | Stargate Atlantis fan | Whose Line Is It Anyway? fan
Do a windows search and delete this
nsaaqadhshspwtvmtkja.com
Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{609E0751-889D-402A-B225-DBA0ACE20764}"=-
If you saved the file correctly it should look like this
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
I did a Windows search but nothing came up.
NCIS fan | House, M.D. watcher | Terminator: The Sarah Conner Chronicles watcher
Stargate SG-1 fan | Stargate Atlantis fan | Whose Line Is It Anyway? fan
- Next Go start> Run type cmd and hit OK
- Type in ipconfig /flushdns then hit enter
(that space between g and / is needed)- Type exit hit enter
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Ok, did exactly as you told me at the command prompt. I did another search but still no results.
NCIS fan | House, M.D. watcher | Terminator: The Sarah Conner Chronicles watcher
Stargate SG-1 fan | Stargate Atlantis fan | Whose Line Is It Anyway? fan
Did cleaning out the DNS cache help any. I see no mention of Goored in any of the programs or scans we have run.
- Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
- Double click on RSIT.exe to run RSIT.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
I cleared the DNS cache and did another search on my C drive but nsaaqadhshspwtvmtkja.com didn't show up, even with search hidden files and archives ticked in the checkboxes. I downloaded and ran RSIT but only opened log.txt
Logfile of random's system information tool 1.04 (written by random/random)
Run by Allen at 2008-12-10 22:26:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (32%) free of 71 GB
Total RAM: 2046 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:10 PM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TM1184\ControlUtility\ControlUtility.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Allen\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Allen.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Dell Control Utility.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
--
End of file - 7567 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1208991377.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-03 2055960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-08-15 282624]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-11-15 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-21 185896]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-03 1261336]
"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2008-11-26 6223048]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\Dell Support\DSAgnt.exe [2006-07-16 389120]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Dell Control Utility.lnk - C:\Program Files\TM1184\ControlUtility\ControlUtility.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-11-26 886984]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Games\Age of Empires III - The WarChiefs Trial\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III - The WarChiefs Trial\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs Trial"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Sierra\SWAT 4\Content\System\Swat4.exe"="C:\Program Files\Sierra\SWAT 4\Content\System\Swat4.exe:*:Enabled:SWAT 4"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Rockstar Games\Midnight Club 2\mc2.exe"="C:\Program Files\Rockstar Games\Midnight Club 2\mc2.exe:*:Enabled:mc2"
"C:\Program Files\Microsoft Games\Freelancer\EXE\Freelancer.exe"="C:\Program Files\Microsoft Games\Freelancer\EXE\Freelancer.exe:*:Enabled:Freelancer"
"C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe"="C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe:*:Enabled:SWAT 4 - The Stetchkov Syndicate"
"C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe"="C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe:*:Enabled:SWAT 4 - The Stetchkov Syndicate Dedicated Server"
"C:\Program Files\WizardWorks\911 - First Responders\Em4.exe"="C:\Program Files\WizardWorks\911 - First Responders\Em4.exe:*:Enabled:Em4"
"C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe"="C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:*:Enabled:World in Conflict"
"C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe"="C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:*:Enabled:World in Conflict - Online Only"
"C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe"="C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server"
"C:\Program Files\EA Games\James Bond 007 Nightfire\Bond.exe"="C:\Program Files\EA Games\James Bond 007 Nightfire\Bond.exe:*:Enabled:Bond"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Ubisoft\Silent Hunter Wolves of the Pacific\gu.exe"="C:\Program Files\Ubisoft\Silent Hunter Wolves of the Pacific\gu.exe:*:Enabled:Run Silent Hunter Wolves of the Pacific"
"C:\Program Files\Ubisoft\Silent Hunter Wolves of the Pacific\sh4.exe"="C:\Program Files\Ubisoft\Silent Hunter Wolves of the Pacific\sh4.exe:*:Enabled:Silent Hunter IV"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe
======List of files/folders created in the last 1 months======
2008-12-10 19:42:03 ----A---- C:\DirLook.txt
2008-12-09 20:48:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-09 20:48:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-09 20:48:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-09 20:47:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-09 20:11:19 ----D---- C:\HostsXpert
2008-12-09 19:18:54 ----D---- C:\Documents and Settings\Allen\Application Data\Mozilla
2008-12-09 19:12:58 ----D---- C:\Program Files\Mozilla Firefox
2008-12-09 13:44:34 ----D---- C:\rsit
2008-12-09 00:51:42 ----D---- C:\WINDOWS\pss
2008-12-07 22:41:56 ----SHD---- C:\RECYCLER
2008-12-07 00:06:57 ----D---- C:\WINDOWS\temp
2008-12-07 00:06:54 ----A---- C:\ComboFix.txt
2008-12-06 16:11:46 ----A---- C:\Boot.bak
2008-12-06 16:11:16 ----RASHD---- C:\cmdcons
2008-12-06 16:08:02 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-06 16:07:55 ----D---- C:\WINDOWS\ERDNT
2008-12-06 15:12:26 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-05 21:44:08 ----D---- C:\Program Files\Trend Micro
2008-12-04 22:30:24 ----D---- C:\Program Files\SpywareBlaster
2008-12-04 16:41:04 ----D---- C:\Documents and Settings\Allen\Application Data\Malwarebytes
2008-12-04 16:40:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-04 16:40:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-03 22:51:07 ----D---- C:\Documents and Settings\Allen\Application Data\OnlineArmor
2008-12-03 22:51:07 ----D---- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-12-03 22:50:35 ----D---- C:\Program Files\Tall Emu
2008-12-03 20:39:22 ----HD---- C:\$AVG8.VAULT$
2008-12-03 20:34:26 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-03 20:34:19 ----D---- C:\Documents and Settings\Allen\Application Data\AVGTOOLBAR
2008-12-03 20:34:00 ----D---- C:\Program Files\AVG
2008-12-03 20:34:00 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-03 19:48:32 ----A---- C:\WINDOWS\ijibanovekegubix.dll
2008-12-03 19:01:11 ----D---- C:\WINDOWS\Minidump
2008-12-03 18:44:22 ----A---- C:\WINDOWS\system32\4b8e9747-.txt
2008-11-27 13:25:14 ----D---- C:\Program Files\Common Files\Motorola Shared
2008-11-27 13:25:02 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-11-20 15:44:26 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-11-12 01:40:04 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 01:39:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 01:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
======List of files/folders modified in the last 1 months======
2008-12-10 22:21:50 ----D---- C:\Documents and Settings\Allen\Application Data\Xfire
2008-12-10 22:11:48 ----D---- C:\WINDOWS\Prefetch
2008-12-10 20:37:02 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2008-12-10 19:35:04 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-10 19:33:21 ----D---- C:\WINDOWS
2008-12-10 19:31:27 ----D---- C:\WINDOWS\Registration
2008-12-10 01:58:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 21:11:35 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-09 20:56:28 ----D---- C:\WINDOWS\system32
2008-12-09 20:48:54 ----HD---- C:\WINDOWS\inf
2008-12-09 20:48:38 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 20:48:32 ----SHD---- C:\WINDOWS\system32\dllcache
2008-12-09 20:48:29 ----D---- C:\Program Files\Internet Explorer
2008-12-09 20:48:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 19:12:58 ----D---- C:\Program Files
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 12:23:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-09 12:20:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-09 00:35:53 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2008-12-08 22:39:46 ----D---- C:\WINDOWS\system32\Restore
2008-12-08 22:39:45 ----SHD---- C:\System Volume Information
2008-12-08 21:06:58 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-07 00:07:37 ----D---- C:\WINDOWS\system32\drivers
2008-12-07 00:01:17 ----A---- C:\WINDOWS\system.ini
2008-12-06 23:58:49 ----D---- C:\WINDOWS\system32\config
2008-12-06 23:56:17 ----D---- C:\WINDOWS\AppPatch
2008-12-06 23:56:17 ----D---- C:\Program Files\Common Files
2008-12-06 23:40:46 ----SD---- C:\WINDOWS\Tasks
2008-12-06 16:11:46 ----RASH---- C:\boot.ini
2008-12-04 21:09:05 ----SHD---- C:\WINDOWS\Installer
2008-12-03 23:55:06 ----SD---- C:\Program Files\Xfire
2008-12-03 20:33:47 ----D---- C:\WINDOWS\WinSxS
2008-12-03 20:33:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-03 20:30:25 ----SD---- C:\Documents and Settings\Allen\Application Data\Microsoft
2008-12-03 19:31:24 ----A---- C:\WINDOWS\wininit.ini
2008-11-28 19:19:17 ----D---- C:\Program Files\SmileyPad
2008-11-27 13:31:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-22 20:10:17 ----D---- C:\Documents and Settings\Allen\Application Data\Hamachi
2008-11-22 14:05:32 ----D---- C:\WINDOWS\Help
2008-11-20 19:27:01 ----D---- C:\Documents and Settings\Allen\Application Data\teamspeak2
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-03 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-03 26824]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-03 76040]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-06-07 1580544]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-14 44544]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-04-15 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 IPFilter;Microsoft IntelliPoint Features driver; C:\WINDOWS\system32\DRIVERS\IPFilter.sys [2002-04-11 11136]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-08-15 1171464]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotoSwitchService;MotoSwitch Service; C:\WINDOWS\system32\DRIVERS\motswch.sys [2007-11-02 6400]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-06-07 409600]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-03 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-03 231704]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-06-02 86606]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\oacat.exe [2008-11-26 1402568]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2008-11-26 3321032]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe []
-----------------EOF-----------------
NCIS fan | House, M.D. watcher | Terminator: The Sarah Conner Chronicles watcher
Stargate SG-1 fan | Stargate Atlantis fan | Whose Line Is It Anyway? fan