Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

security tool? plus....


  • This topic is locked This topic is locked
2 replies to this topic

#1 sompa

sompa

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 17 November 2009 - 11:11 AM

I started out here http://www.bleepingcomputer.com/forums/t/271164/ddsscr-problem/ and was told to post my rsit log here. I tried to follow the prep guide, but could not run dds. I was only able to run rsit in safe mode (with networking) , and now, a new symptom is I can only boot into safe mode. If I try to boot normally, it makes it to the user sign in screen then immediately reboots.

here is my rsit log, posting here as per boopme's instructions

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-11-17 10:46:59
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 7 GB (19%) free of 38 GB
Total RAM: 511 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:46 AM, on 11/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winamp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
C:\Documents and Settings\Sales\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: C:\WINDOWS\system32\hr8z5u.dll - {A45A4B15-23F2-42AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\hr8z5u.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mwa9uNRfC.exe" /runcleanupscript
O4 - HKLM\..\Run: [lsdefrag] C:\DOCUME~1\Sales\LOCALS~1\Temp\ie13.tmp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [49660025] C:\Documents and Settings\All Users\Application Data\49660025\49660025.exe
O4 - HKLM\..\Run: [wuretatat] Rundll32.exe "c:\windows\system32\homefebe.dll",a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Sales\Application Data\AntiVirus Plus\AntiVirus Plus.70367201.dll", start 70367201 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112288201295
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://12.17.141.66/activex/AxisCamControl.ocx
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{11FE86A4-121D-4AFE-AC52-DEEEAF8466B1}: NameServer = 77.74.48.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0765ED0-6F01-4B2A-B6EC-A642DC9991F4}: NameServer = 77.74.48.113
O17 - HKLM\System\CS1\Services\Tcpip\..\{11FE86A4-121D-4AFE-AC52-DEEEAF8466B1}: NameServer = 71.242.0.12,68.237.161.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{11FE86A4-121D-4AFE-AC52-DEEEAF8466B1}: NameServer = 77.74.48.113
O17 - HKLM\System\CS3\Services\Tcpip\..\{11FE86A4-121D-4AFE-AC52-DEEEAF8466B1}: NameServer = 77.74.48.113
O20 - AppInit_DLLs: petageyo.dll c:\windows\system32\homefebe.dll
O21 - SSODL: lowojirar - {be782db4-3f24-461b-8ed8-6d2dd0221b9d} - c:\windows\system32\jijivafo.dll (file missing)
O21 - SSODL: nejerovuh - {f9aa28c7-4e3b-47c5-b54c-7b4f942ffc54} - c:\windows\system32\homefebe.dll
O22 - SharedTaskScheduler: kjaf83hfriunf3sf9sfinoi\sufh\87sefhuhdd - {A45A4B15-23F2-42AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\hr8z5u.dll
O22 - SharedTaskScheduler: jugezatag - {be782db4-3f24-461b-8ed8-6d2dd0221b9d} - c:\windows\system32\jijivafo.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {f9aa28c7-4e3b-47c5-b54c-7b4f942ffc54} - c:\windows\system32\homefebe.dll
O23 - Service: Active Wall (ActiveWall) - Active Network CO., LTD - C:\Program Files\AWall\AWall.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: HAVA Service (havasvc) - Monsoon Multimedia Inc. - C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe
O23 - Service: PCTV Service (pctvsvc) - Pinnacle Systems Inc. - C:\Program Files\Pinnacle\PCTV To Go Setup Wizard\..\Drivers\pctvsvc.exe
O23 - Service: Хос-процесс для служб Windows (svchosts) - Unknown owner - C:\WINDOWS\system32\svchosts.exe
O23 - Service: Монитор системных событий DNS (sysmon32) - Unknown owner - C:\WINDOWS\system32\sysmon32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8968 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\act_backup.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\qdgvaamc.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\SyncBack Jim.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A45A4B15-23F2-42AD-F4E4-00AAC39C0004}]
C:\WINDOWS\system32\hr8z5u.dll - C:\WINDOWS\system32\hr8z5u.dll [2009-11-10 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2002-12-04 110592]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-12-17 1666888]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2002-07-09 28672]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2002-04-23 282624]
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2002-07-19 339968]
"TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2002-07-25 45056]
"MP10_EnsureFileVer"=C:\WINDOWS\inf\unregmp2.exe [2004-08-04 208896]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mwa9uNRfC.exe [2009-11-11 1312080]
"lsdefrag"=C:\DOCUME~1\Sales\LOCALS~1\Temp\ie13.tmp [2009-11-13 23587]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-09-09 77824]
"49660025"=C:\Documents and Settings\All Users\Application Data\49660025\49660025.exe []
"wuretatat"=c:\windows\system32\homefebe.dll [2009-08-16 93696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"asg984jgkfmgasi8ug98jgkfgfb"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe [2009-11-17 22532]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Abi]
C:\WINDOWS\system32\Apv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-04-18 2321600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aee]
C:\WINDOWS\Nqn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe [2003-08-01 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ana]
C:\WINDOWS\Qcb.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ap9h4qmo]
C:\WINDOWS\System32\ap9h4qmo.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2002-03-29 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bqh]
C:\WINDOWS\Guu.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bqp]
C:\WINDOWS\system32\Uft.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bqt]
C:\WINDOWS\Vga.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bud]
C:\WINDOWS\system32\Vgs.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bvt]
C:\WINDOWS\system32\Gmh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Can]
C:\WINDOWS\Tst.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cgc]
C:\WINDOWS\Ggf.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Che]
C:\WINDOWS\Vke.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmc]
C:\WINDOWS\Esn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Print House 2000]
C:\WINDOWS\COREL\StpLnch.exe [2000-04-11 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPATR10]
C:\PROGRA~1\EzButton\CPATR10.EXE [2002-08-16 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpb]
C:\WINDOWS\system32\Rid.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Crt]
C:\WINDOWS\system32\Drs.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cve]
C:\WINDOWS\Rhs.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dbv]
C:\WINDOWS\system32\Ejo.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dhp]
C:\WINDOWS\Bbb.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dic]
C:\WINDOWS\system32\Eog.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dim]
C:\WINDOWS\system32\Kdq.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Djq]
C:\WINDOWS\system32\Hov.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dka]
C:\WINDOWS\Arr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dkq]
C:\WINDOWS\system32\Jpt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dlv]
C:\WINDOWS\System32\Hem.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dsc]
C:\WINDOWS\System32\Fnm.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ehj]
C:\WINDOWS\Uim.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eif]
C:\WINDOWS\System32\Nrc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ekb]
C:\WINDOWS\system32\Ous.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eld]
C:\WINDOWS\Vtg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eos]
C:\WINDOWS\Uhl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eqd]
C:\WINDOWS\Nln.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eqs]
C:\WINDOWS\Tqq.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
C:\WINDOWS\System32\ezSP_Px.exe [2002-07-03 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezurgpmf]
C:\WINDOWS\ezurgpmf.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fga]
C:\WINDOWS\Tsv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fgn]
C:\WINDOWS\Bfs.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fhj]
C:\WINDOWS\Unb.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fkv]
C:\WINDOWS\system32\Lnh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\For]
C:\WINDOWS\system32\Qlu.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fvd]
C:\WINDOWS\Sce.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6]
C:\WINDOWS\System32\gah95on6.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gbm]
C:\WINDOWS\Snb.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gcf]
C:\WINDOWS\system32\Vua.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gdk]
C:\WINDOWS\Ols.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ggp]
C:\WINDOWS\Apf.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Goesri]
C:\WINDOWS\System32\??rss.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gvi]
C:\WINDOWS\Vqf.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hak]
C:\WINDOWS\Vuo.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hgb]
C:\WINDOWS\Lvg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hoo]
C:\WINDOWS\Qfc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hsc]
C:\WINDOWS\Nvi.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hsq]
C:\WINDOWS\system32\Mbl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iar]
C:\WINDOWS\System32\Ujf.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ibe]
C:\WINDOWS\Iqf.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ibh]
C:\WINDOWS\Mjl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ilh]
C:\WINDOWS\system32\Cmg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
C:\Program Files\Internet Optimizer\optimize.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ioh]
C:\WINDOWS\system32\Ksq.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iqv]
C:\WINDOWS\Sqj.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ium]
C:\WINDOWS\Ukk.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jav]
C:\WINDOWS\system32\Bfu.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet]
C:\WINDOWS\system32\Tfv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jfs]
C:\WINDOWS\System32\Qhn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jmq]
C:\WINDOWS\Hjj.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Joq]
C:\WINDOWS\Kmn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jpu]
C:\WINDOWS\system32\Qbl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jqa]
C:\WINDOWS\System32\Ikb.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kdk]
C:\WINDOWS\Gnt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kfa]
C:\WINDOWS\Khp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kjs]
C:\WINDOWS\Lin.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kkl]
C:\WINDOWS\Jlr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kls]
C:\WINDOWS\Ocp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kms]
C:\WINDOWS\Qik.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Krg]
C:\WINDOWS\Bgv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kuq]
C:\WINDOWS\System32\Asu.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kuu]
C:\WINDOWS\System32\Hah.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lbe]
C:\WINDOWS\Jif.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ldc]
C:\WINDOWS\Ihj.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lge]
C:\WINDOWS\Omd.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lho]
C:\WINDOWS\system32\Smk.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Llt]
C:\WINDOWS\Kcb.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
C:\WINDOWS\Logi_MwX.Exe [2003-11-07 19968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mds]
C:\WINDOWS\Ong.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mfd]
C:\WINDOWS\system32\Ibm.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mic]
C:\WINDOWS\Hic.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mpi]
C:\WINDOWS\Rgc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nfc]
C:\WINDOWS\system32\Kob.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Njt]
C:\WINDOWS\system32\Huk.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nma]
C:\WINDOWS\system32\Mjg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nrj]
C:\WINDOWS\system32\Odm.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nsi]
C:\WINDOWS\Rcv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntddetect]
C:\WINDOWS\system32\ntddetect.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvi]
C:\WINDOWS\system32\Oom.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvp]
C:\WINDOWS\system32\Anv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-01-30 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZESOFT"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="petageyo.dll c:\windows\system32\homefebe.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
C:\WINDOWS\system32\PCANotify.dll [2003-10-31 8704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
lowojirar - {be782db4-3f24-461b-8ed8-6d2dd0221b9d} - c:\windows\system32\jijivafo.dll []
nejerovuh - {f9aa28c7-4e3b-47c5-b54c-7b4f942ffc54} - c:\windows\system32\homefebe.dll [2009-08-16 93696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
kjaf83hfriunf3sf9sfinoi\sufh\87sefhuhdd - {A45A4B15-23F2-42AD-F4E4-00AAC39C0004} - C:\WINDOWS\system32\hr8z5u.dll [2009-11-10 15000]
jugezatag - {be782db4-3f24-461b-8ed8-6d2dd0221b9d} - c:\windows\system32\jijivafo.dll []
mujuzedij - {f9aa28c7-4e3b-47c5-b54c-7b4f942ffc54} - c:\windows\system32\homefebe.dll [2009-08-16 93696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"=C:\Program Files\Symantec\WinFax\WfxSeh32.Dll [1998-07-27 38400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
wuziviba.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\ntddetect.exe"="C:\WINDOWS\system32\ntddetect.exe:*:Disabled:ntddetect"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE"="C:\Program Files\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application"
"C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE:*:Enabled:OUTLOOK"
"C:\Program Files\RealVNC\VNC4\winvnc4.exe"="C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:iexplore"
"C:\WINDOWS\system32\dwwin.exe"="C:\WINDOWS\system32\dwwin.exe:*:Enabled:dwwin"
"C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe"="C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe:*:Enabled:AcroRd32"
"C:\Program Files\QuickTime\qttask.exe"="C:\Program Files\QuickTime\qttask.exe:*:Enabled:qttask"
"C:\Documents and Settings\Sales\Local Settings\Temp\mdm.exe"="C:\Documents and Settings\Sales\Local Settings\Temp\mdm.exe:*:Enabled:mdm"
"C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE"="C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE:*:Enabled:AUpdate"
"C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe"="C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe:*:Enabled:HelpSvc"
"C:\Documents and Settings\Sales\Local Settings\Temp\win16.exe"="C:\Documents and Settings\Sales\Local Settings\Temp\win16.exe:*:Enabled:win16"
"C:\Documents and Settings\Sales\Local Settings\Temp\winamp.exe"="C:\Documents and Settings\Sales\Local Settings\Temp\winamp.exe:*:Enabled:winamp"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.bat - edit -
.cmd - edit -
.inf - open -
.ini - open - notepad.exe %1
.js - edit -
.reg - edit -
.txt - open - notepad.exe %1
.vbs - edit -

======List of files/folders created in the last 1 months======

2009-11-17 10:47:00 ----D---- C:\Program Files\trend micro
2009-11-17 10:46:59 ----D---- C:\rsit
2009-11-17 09:16:48 ----D---- C:\WINDOWS\All Users
2009-11-16 09:19:40 ----D---- C:\Documents and Settings\All Users\Application Data\49660025
2009-11-14 16:23:18 ----S---- C:\WINDOWS\system32\svchosts.exe
2009-11-14 16:23:18 ----AS---- C:\WINDOWS\system32\svchosts909.exe
2009-11-14 16:23:14 ----S---- C:\WINDOWS\system32\sysmon32.exe
2009-11-14 16:23:14 ----AS---- C:\WINDOWS\system32\sysmon855.exe
2009-11-13 14:58:27 ----A---- C:\WINDOWS\system32\vhosts.exe
2009-11-12 14:24:34 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-11 12:24:09 ----A---- C:\cLQAK.bat
2009-11-11 12:24:01 ----D---- C:\SafetyCenter
2009-11-10 16:37:45 ----D---- C:\Program Files\WinPcap
2009-11-10 16:29:18 ----A---- C:\WINDOWS\system32\wininit.dll
2009-11-10 16:15:41 ----N---- C:\WINDOWS\system32\hr8z5u.dll
2009-11-10 16:03:06 ----A---- C:\onchtjgp.exe
2009-11-10 16:02:30 ----A---- C:\WINDOWS\system32\stu2.exe
2009-11-04 10:32:44 ----A---- C:\WINDOWS\isRS-000.tmp
2009-10-30 15:34:01 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2009-10-30 15:33:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-30 15:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-30 15:27:48 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-30 15:27:20 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-30 15:26:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-30 15:26:43 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-10-30 15:26:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-30 15:25:38 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-30 15:17:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-30 15:16:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-30 15:16:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-30 15:15:48 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-10-30 15:15:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-30 15:15:13 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-22 10:21:42 ----D---- C:\Budget 2010

======List of files/folders modified in the last 1 months======

2009-11-17 10:47:00 ----AD---- C:\Program Files
2009-11-17 09:32:25 ----D---- C:\Program Files\Mozilla Firefox
2009-11-17 09:25:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-17 09:19:47 ----D---- C:\WINDOWS\Prefetch
2009-11-17 09:19:08 ----D---- C:\WINDOWS\Temp
2009-11-17 09:19:08 ----D---- C:\WINDOWS\system32\ias
2009-11-17 09:18:24 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2009-11-17 09:18:12 ----A---- C:\WINDOWS\win.ini
2009-11-17 09:16:49 ----AD---- C:\WINDOWS\system32
2009-11-17 09:16:48 ----AD---- C:\WINDOWS
2009-11-16 21:19:33 ----SD---- C:\WINDOWS\Tasks
2009-11-16 09:18:53 ----A---- C:\WINDOWS\system32\userinit.exe
2009-11-15 00:26:24 ----D---- C:\Program Files\AWall
2009-11-13 12:19:36 ----D---- C:\WINDOWS\system32\drivers
2009-11-12 14:41:03 ----ASH---- C:\boot.ini
2009-11-12 14:41:03 ----A---- C:\WINDOWS\system.ini
2009-11-11 16:06:56 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-11 13:52:52 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-11 12:28:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-11 12:19:07 ----HD---- C:\WINDOWS\inf
2009-11-04 02:18:17 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-03 07:33:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-03 07:32:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-30 15:34:34 ----D---- C:\Program Files\Internet Explorer
2009-10-30 15:34:22 ----RSD---- C:\WINDOWS\assembly
2009-10-30 15:33:27 ----A---- C:\WINDOWS\imsins.BAK
2009-10-30 15:33:24 ----D---- C:\WINDOWS\WinSxS
2009-10-30 15:31:00 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-30 15:24:45 ----SHD---- C:\Config.Msi
2009-10-30 15:24:05 ----SHD---- C:\WINDOWS\Installer
2009-10-30 15:15:09 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-30 14:17:36 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2003-10-24 16984]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2002-03-27 62353]
R3 BoosterKey;PCTV key Service; C:\WINDOWS\system32\DRIVERS\pctvkey.sys [2007-06-27 16384]
R3 Capture;Active Capture Driver; C:\WINDOWS\system32\DRIVERS\capture.sys [2009-09-27 19840]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-02-25 139776]
R3 EPOWER;Compal E-POWER Driver; C:\WINDOWS\System32\Drivers\hkdrv.sys [2002-08-07 7632]
R3 havabus;HAVA Bus Enumerator; C:\WINDOWS\system32\DRIVERS\havabus.sys [2009-01-13 37376]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 KBFiltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\KBFiltr.sys [2001-11-16 14538]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-11-07 25502]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-11-07 37884]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-11-07 70798]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wlluc48;Wireless LAN PC Card Driver; C:\WINDOWS\System32\DRIVERS\wlluc48.sys [2001-12-19 155136]
S1 ATMhelpr;ATMhelpr; C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 4064]
S1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2003-04-21 10901]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
S1 mbmiodrvr;mbmiodrvr; \??\C:\WINDOWS\system32\mbmiodrvr.sys []
S1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2002-04-08 3059]
S1 SrvcEPIOMngr;SrvcEPIOMngr; C:\WINDOWS\System32\Drivers\EPIoMngr.sys [2002-04-08 3059]
S1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2002-04-09 3059]
S1 SrvcTPIOMngr;SrvcTPIOMngr; C:\WINDOWS\System32\Drivers\TPIoMngr.sys [2002-07-17 4183]
S2 DPortIO;Dritek Port I/O Driver; C:\WINDOWS\System32\Drivers\DPortIO.sys [2001-04-12 3674]
S2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-04 87424]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-15 34064]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2002-06-21 1133440]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2002-04-23 426624]
S3 ATWPKT2;ATWPKT2; \??\C:\Program Files\America Online 8.0a\ATWPKT2.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\Sales\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-04 14080]
S3 cs429x;Crystal WDM Audio Codec Driver; C:\WINDOWS\system32\drivers\cwawdm.sys [2001-12-20 376192]
S3 havanet;HAVA NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\havanet.sys [2009-01-13 20480]
S3 HAVATV;Hava Video Device; C:\WINDOWS\system32\DRIVERS\HAVATV.sys [2009-04-23 324224]
S3 HavaTV_10;Hava Remote Video Device; C:\WINDOWS\system32\DRIVERS\HavaTV_10.sys [2009-04-23 324224]
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2002-12-13 129875]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 QCDonner;Logitech QuickCam Express(PID_0840); C:\WINDOWS\System32\DRIVERS\LVCD.sys [2002-06-10 39936]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 TBiosDrv;TBiosDrv; C:\WINDOWS\system32\drivers\TBiosDrv.sys [2002-01-24 6528]
S3 TOSHIBASoftModem;Toshiba Soft Modem; C:\WINDOWS\System32\DRIVERS\LTSMT.sys [2001-08-17 797500]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-04-09 12672]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-04-09 21248]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-04-09 22912]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 vncmirror;vncmirror; C:\WINDOWS\system32\DRIVERS\vncmirror.sys [2008-06-12 4608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-21 104064]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 ActiveWall;Active Wall; C:\Program Files\AWall\AWall.exe [2009-10-29 226816]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2002-04-23 118784]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 havasvc;HAVA Service; C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe [2009-04-03 145408]
S2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 msupdate;Microsoft security update service; c:\windows\system32\vhosts.exe [2009-11-13 18432]
S2 pctvsvc;PCTV Service; C:\Program Files\Pinnacle\PCTV To Go Setup Wizard\..\Drivers\pctvsvc.exe [2007-06-27 125952]
S2 svchosts;Хос-процесс для служб Windows; C:\WINDOWS\system32\svchosts.exe [2009-11-16 196608]
S2 sysmon32;Монитор системных событий DNS; C:\WINDOWS\system32\sysmon32.exe [2009-11-16 196608]
S2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
S2 wfxsvc;WinFax PRO; C:\WINDOWS\System32\WFXSVC.EXE [2000-02-14 129536]
S2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2008-06-12 2159992]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-06-01 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2003-10-31 106496]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 sompa

sompa
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 24 November 2009 - 02:08 PM

This thread can be closed, my problem is fixed. Thank you.

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:40 PM

Posted 24 November 2009 - 02:11 PM

Closed at users request.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users