Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe constantly using my internet -- sgavykb.dll trojan to blame?


  • Please log in to reply
28 replies to this topic

#1 Gorguruga

Gorguruga

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 22 March 2013 - 12:22 PM

I've had this problem for around 3 weeks after I noticed my slow USB Mobile Broadband manager was constantly uploading about 20Kbps data. 

 

TCPEye shows that svchost.exe is continuously accessing the internet and eating up my bandwidth. Here is an image of TCPEye in action when it's recording the activity: 

 

bje1wj.jpg

 

I've tried running Malware Bytes and Ad-Aware. Have also tried searching this forum and many others. No solutions found.

 

 netstat -a -b in cmd.exe shows stuff like this: 

 


TCP sb:4498 86.54.236.118:microsoft-ds SYN_SENT 1260

C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
-- unknown component(s) --
[svchost.exe]

TCP sb:4499 152.95.22.72:microsoft-ds SYN_SENT 1260
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
-- unknown component(s) --
[svchost.exe]

TCP sb:4500 pa175-36-114-66.pa.vic.optusnet.com.au:microsoft
-ds SYN_SENT 1260
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
-- unknown component(s) --
[svchost.exe]

etc..etc.. (it just keeps repeating very similar info)
 

Ad-Aware found a number of trojans so after removing them there seems to be one persistent .dll which is found but never fully removed/quarantined.

 

sgavykb.dll 

 

 

I have attached the most recent Ad-Aware scan log to this post. 

 

After the Ad-Aware scan completes I reboot the machine on request, then an XP Boot cleaner screen loads first and tries to remove this file before I'm presented with my windows login screen. After logging on, rescan with Ad-Aware, it always finds this trojan again and the svchost bandwidth problem still persists.

 

I'm not sure if this trojan is even the source to my svchost problem but help would be appreciated to fix both issues. One thing to note: When the Ad-aware scan finishes and the file gets temporarily removed/quarantined I notice that the svchost problem still carries on and the bandwidth is still getting drained. 

 

Another issue which may or may not be related is that when I start the PC I can't access microsoft.com site. I have to use the command net stop dnscache in cmd.exe and then I'm able to access microsoft.com. 

 

I'm also wondering if the SVCHost problem could be responsible for a very bad connection in an online game called Wolfenstein Enemy Territory. Since this problem started, the game has become unplayable due to poor connectivity, it keeps saying "connection interrupted". Truth is I never had a good connection for the game before due to my USB Mobile internet connection but it does seem that things got worse since the svchost issue started. 

Attached Files


Edited by hamluis, 22 March 2013 - 12:52 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:44 PM

Posted 22 March 2013 - 01:23 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run
  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply
  • Due to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient

===================================================

RKILL
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another.) and save it to your desktop:
  • Link 1
  • Link 2
  • Link 3
  • Link 4

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    esetsmartinstaller_enu.png

    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button

===================================================

Junkware Removal Tool by thisisu
  • Please download Junkware Removal Tool
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply.

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • TDSSKiller log
  • RKILL log
  • ESET log
  • Junkware removal tool log



#3 Gorguruga

Gorguruga
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 22 March 2013 - 04:45 PM

Thank you for the reply and instructions Narenxp.

 

The ESET scan is now currently running, log coming soon. A few issues came up which I felt I should mention first.

 

  • I couldn't access the kaspersky site without first performing the net stop dnscache (only experienced that problem with microsoft.com before.)
  • When I rebooted after performing the TDSS scan I couldn't access the ESET site without the net stop dnscache 
  • Junkware removal tool didn't leave a log and reported scanning errors. (see image below). 

 

TDSS Killer log 

 

 

19:03:19.0734 5828  Scan finished
19:03:19.0734 5828  ============================================================
19:03:19.0750 5816  Detected object count: 4
19:03:19.0750 5816  Actual detected object count: 4
19:03:49.0843 5816  dtscsi ( LockedFile.Multi.Generic ) - skipped by user
19:03:49.0843 5816  dtscsi ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:49.0859 5816  sptd ( LockedFile.Multi.Generic ) - skipped by user
19:03:49.0859 5816  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
19:03:49.0859 5816  tspqtq ( LockedService.Multi.Generic ) - skipped by user
19:03:49.0859 5816  tspqtq ( LockedService.Multi.Generic ) - User select action: Skip 
19:03:49.0859 5816  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:03:49.0859 5816  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
 
 
RKILL Log
 
Rkill 2.4.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/22/2013 07:09:58 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe (PID: 1700) [SFI]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled
 
 * Automatic Updates (wuauserv) is not Running.
   Startup Type set to: Disabled
 
 * Dot3svc [Missing Service]
 * EapHost [Missing Service]
 * hkmsvc [Missing Service]
 * napagent [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 03/22/2013 07:11:07 PM
Execution time: 0 hours(s), 1 minute(s), and 9 seconds(s)
 
 
Junkware removal tool error example - No Log created
 
2ue1rop.jpg
 
...Errors carry on in the same fashion. I had already shut down both Ad-Aware, Malware Bytes, turned off Windows Firewall.
 
 
ESET log - coming soon

Edited by Gorguruga, 22 March 2013 - 04:49 PM.


#4 Gorguruga

Gorguruga
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 22 March 2013 - 11:46 PM

ESET log 

 


C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinZBot7.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\S Bizzy\Local Settings\Application Data\Opera\Opera\cache\g_000A\opr036U0.tmp HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\S Bizzy\Local Settings\Application Data\Opera\Opera\cache\g_000D\opr0373R.tmp HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\S Bizzy\Local Settings\Application Data\Opera\Opera\cache\g_000E\opr03786.tmp HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\S Bizzy\My Documents\cbsidlm-tr1_10a-TCPEye-BP-75104118.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Documents and Settings\S Bizzy\My Documents\cnet2_amr-mp3-converter-setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\S Bizzy\My Documents\FreemakeVideoDownloader_3.1.0.2.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\S Bizzy\My Documents\Downloads\Afreecodec_downloader_For_Anime_Studio_Debut.exe a variant of Win32/BSDownloader application cleaned by deleting - quarantined
C:\Documents and Settings\S Bizzy\My Documents\Downloads\cnet2_FeedDemonInstall_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\S Bizzy\My Documents\Downloads\FreemakeVideoDownloaderSetup.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\S Bizzy\My Documents\Downloads\InternationalPrimoPDF.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\S Bizzy\My Documents\Downloads\YOUTUBE TEMP\cnet2_BlazeDTVProSetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Downloads\INDEX.HTM HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Program Files\Counter-Strike\cstrike\cl_dlls\GameUI.dll Win32/SuspLibLoad.A trojan cleaned - quarantined
C:\WINDOWS\ehiilm.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\Config\vdrcr.bak1 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\Config\vdrcr.bak2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\Config\vdrcr.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\Config\vdrcr.ini2 Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\Config\vdrcr.tmp Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\nqstv.tmp Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\WINDOWS\system32\DirectX\ykenbi.tmp Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined


#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:44 PM

Posted 22 March 2013 - 11:51 PM

Malwarebytes

Please download Malwarebytes Anti-Malware and save it to your desktop. If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

Farbar's MiniToolBox

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================

Farbar's Service Scanner

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================

AdwCleaner by Xplode - Search for Adware

  • Please download AdwCleaner by Xplode onto your desktop.
  • Security softwares may flag it as malicious.This is a false positive and can be ignored.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • Click YES if you receive a warning for reboot
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================

Malwarebytes Anti-Rootkit

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
  • Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • MBAR log

Edited by narenxp, 22 March 2013 - 11:51 PM.


#6 Gorguruga

Gorguruga
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 23 March 2013 - 01:35 AM

Malwarebytes log - no threats found

 

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.03.22.09
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
S Bizzy :: SB [administrator]
 
23/03/2013 04:54:16
mbam-log-2013-03-23 (04-54-16).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238571
Time elapsed: 7 minute(s), 59 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
MiniToolBox log
 
 
 
MiniToolBox by Farbar  Version:05-03-2013
Ran by S Bizzy (administrator) on 23-03-2013 at 05:18:46
Running from "C:\Documents and Settings\S Bizzy\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Could not flush the DNS Resolver Cache: Function failed during execution.
 
 
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1       localhost
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Realtek RTL8139 Family PCI Fast Ethernet NIC = Local Area Connection 5 (Media disconnected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection 5"
 
set address name="Local Area Connection 5" source=dhcp 
set dns name="Local Area Connection 5" source=dhcp register=PRIMARY
set wins name="Local Area Connection 5" source=dhcp
 
# Interface IP Configuration for "Local Area Connection 6"
 
set address name="Local Area Connection 6" source=dhcp 
set dns name="Local Area Connection 6" source=dhcp register=PRIMARY
set wins name="Local Area Connection 6" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : sb
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Unknown
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Local Area Connection 5:
 
 
 
        Media State . . . . . . . . . . . : Media disconnected
 
        Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC
 
        Physical Address. . . . . . . . . : 00-13-8F-88-41-F4
 
 
 
Ethernet adapter Local Area Connection 6:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : USB-USB Network Bridge Adapter
 
        Physical Address. . . . . . . . . : 00-50-77-01-22-9A
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        Autoconfiguration IP Address. . . : 169.254.43.128
 
        Subnet Mask . . . . . . . . . . . : 255.255.0.0
 
        IP Address. . . . . . . . . . . . : fe80::250:77ff:fe01:229a%5
 
        Default Gateway . . . . . . . . . : 
 
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
 
                                            fec0:0:0:ffff::2%1
 
                                            fec0:0:0:ffff::3%1
 
 
 
PPP adapter T-Mobile UK:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
 
        Physical Address. . . . . . . . . : 00-53-45-00-00-00
 
        Dhcp Enabled. . . . . . . . . . . : No
 
        IP Address. . . . . . . . . . . . : 178.104.254.241
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
 
        Default Gateway . . . . . . . . . : 178.104.254.241
 
        DNS Servers . . . . . . . . . . . : 149.254.230.7
 
                                            149.254.192.126
 
        Primary WINS Server . . . . . . . : 10.11.12.13
 
        Secondary WINS Server . . . . . . : 10.11.12.14
 
        NetBIOS over Tcpip. . . . . . . . : Disabled
 
 
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
 
        Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
 
        Dhcp Enabled. . . . . . . . . . . : No
 
        IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%6
 
        Default Gateway . . . . . . . . . : 
 
        NetBIOS over Tcpip. . . . . . . . : Disabled
 
 
 
Tunnel adapter 6to4 Tunneling Pseudo-Interface:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : 6to4 Tunneling Pseudo-Interface
 
        Physical Address. . . . . . . . . : B2-68-FE-F1
 
        Dhcp Enabled. . . . . . . . . . . : No
 
        IP Address. . . . . . . . . . . . : 2002:b268:fef1::b268:fef1
 
        Default Gateway . . . . . . . . . : 
 
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
 
                                            fec0:0:0:ffff::2%1
 
                                            fec0:0:0:ffff::3%1
 
        NetBIOS over Tcpip. . . . . . . . : Disabled
 
 
 
Tunnel adapter Automatic Tunneling Pseudo-Interface:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
 
        Physical Address. . . . . . . . . : B2-68-FE-F1
 
        Dhcp Enabled. . . . . . . . . . . : No
 
        IP Address. . . . . . . . . . . . : fe80::5efe:178.104.254.241%2
 
        Default Gateway . . . . . . . . . : 
 
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
 
                                            fec0:0:0:ffff::2%1
 
                                            fec0:0:0:ffff::3%1
 
        NetBIOS over Tcpip. . . . . . . . : Disabled
 
 
 
Tunnel adapter Automatic Tunneling Pseudo-Interface:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
 
        Physical Address. . . . . . . . . : A9-FE-2B-80
 
        Dhcp Enabled. . . . . . . . . . . : No
 
        IP Address. . . . . . . . . . . . : fe80::5efe:169.254.43.128%2
 
        Default Gateway . . . . . . . . . : 
 
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
 
                                            fec0:0:0:ffff::2%1
 
                                            fec0:0:0:ffff::3%1
 
        NetBIOS over Tcpip. . . . . . . . : Disabled
 
DNS request timed out.
    timeout was 2 seconds.
Server:  cdns-be.t-mobile.co.uk
Address:  149.254.192.126
 
Name:    google.com
Addresses:  173.194.34.104, 173.194.34.103, 173.194.34.110, 173.194.34.98
 173.194.34.102, 173.194.34.97, 173.194.34.99, 173.194.34.105, 173.194.34.101
 173.194.34.96, 173.194.34.100
 
 
 
Pinging google.com [173.194.34.69] with 32 bytes of data:
 
 
 
Reply from 173.194.34.69: bytes=32 time=187ms TTL=46
 
Reply from 173.194.34.69: bytes=32 time=116ms TTL=46
 
 
 
Ping statistics for 173.194.34.69:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 116ms, Maximum = 187ms, Average = 151ms
 
DNS request timed out.
    timeout was 2 seconds.
Server:  cdns-be.t-mobile.co.uk
Address:  149.254.192.126
 
Name:    yahoo.com
Addresses:  206.190.36.45, 98.139.183.24, 98.138.253.109
 
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
 
 
 
Reply from 206.190.36.45: bytes=32 time=277ms TTL=48
 
Reply from 206.190.36.45: bytes=32 time=416ms TTL=48
 
 
 
Ping statistics for 206.190.36.45:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 277ms, Maximum = 416ms, Average = 346ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 8f 88 41 f4 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 50 77 01 22 9a ...... USB-USB Network Bridge Adapter - Packet Scheduler Miniport
0x20005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0  178.104.254.241  178.104.254.241  1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      169.254.0.0      255.255.0.0   169.254.43.128  169.254.43.128  20
   169.254.43.128  255.255.255.255        127.0.0.1       127.0.0.1  30
  169.254.255.255  255.255.255.255   169.254.43.128  169.254.43.128  30
  178.104.254.241  255.255.255.255        127.0.0.1       127.0.0.1  50
  178.104.255.255  255.255.255.255  178.104.254.241  178.104.254.241  50
        224.0.0.0        240.0.0.0   169.254.43.128  169.254.43.128  30
        224.0.0.0        240.0.0.0  178.104.254.241  178.104.254.241  1
  255.255.255.255  255.255.255.255   169.254.43.128  169.254.43.128  1
  255.255.255.255  255.255.255.255  178.104.254.241  178.104.254.241  1
  255.255.255.255  255.255.255.255  178.104.254.241               2  1
Default Gateway:   178.104.254.241
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [144384] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/22/2013 07:09:58 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/6252DC40F71143A22FDE9EF7348E064251B18118.crt> with error: This network connection does not exist.
 
Error: (03/22/2013 07:09:58 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/6252DC40F71143A22FDE9EF7348E064251B18118.crt> with error: The server name or address could not be resolved
 
Error: (03/22/2013 07:09:44 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/6252DC40F71143A22FDE9EF7348E064251B18118.crt> with error: This network connection does not exist.
 
Error: (03/22/2013 07:09:44 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/6252DC40F71143A22FDE9EF7348E064251B18118.crt> with error: The server name or address could not be resolved
 
Error: (03/22/2013 04:50:43 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/6252DC40F71143A22FDE9EF7348E064251B18118.crt> with error: The server name or address could not be resolved
 
Error: (03/22/2013 04:48:23 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/6252DC40F71143A22FDE9EF7348E064251B18118.crt> with error: This network connection does not exist.
 
Error: (03/22/2013 04:48:23 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/6252DC40F71143A22FDE9EF7348E064251B18118.crt> with error: The server name or address could not be resolved
 
Error: (03/22/2013 04:40:21 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/6252DC40F71143A22FDE9EF7348E064251B18118.crt> with error: The server name or address could not be resolved
 
Error: (03/22/2013 03:34:47 PM) (Source: Application Error) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]
 
Error: (03/22/2013 03:33:40 PM) (Source: Application Error) (User: )
Description: Faulting application uimain.exe, version 1.0.0.1, faulting module biservice.dll, version 1.0.0.1, fault address 0x00001ce6.
Processing media-specific event for [uimain.exe!ws!]
 
 
System errors:
=============
Error: (03/22/2013 07:10:16 PM) (Source: Service Control Manager) (User: )
Description: The UI Assistant Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/22/2013 06:49:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Shell service terminated with the following error: 
%%1114
 
Error: (03/22/2013 06:49:07 PM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service failed to start due to the following error: 
%%1053
 
Error: (03/22/2013 06:49:07 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect.
 
Error: (03/22/2013 06:47:23 PM) (Source: 0) (User: )
Description: 
 
Error: (03/22/2013 06:47:23 PM) (Source: 0) (User: )
Description: 
 
Error: (03/22/2013 03:29:46 PM) (Source: Service Control Manager) (User: )
Description: The Windows Shell service terminated with the following error: 
%%1114
 
Error: (03/22/2013 03:29:46 PM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service failed to start due to the following error: 
%%1053
 
Error: (03/22/2013 03:29:46 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the avast! Antivirus service to connect.
 
Error: (03/22/2013 03:28:14 PM) (Source: 0) (User: )
Description: 
 
 
Microsoft Office Sessions:
=========================
Error: (03/22/2013 07:09:58 PM) (Source: crypt32)(User: )
 
Error: (03/22/2013 07:09:58 PM) (Source: crypt32)(User: )
 
Error: (03/22/2013 07:09:44 PM) (Source: crypt32)(User: )
 
Error: (03/22/2013 07:09:44 PM) (Source: crypt32)(User: )
 
Error: (03/22/2013 04:50:43 PM) (Source: crypt32)(User: )
 
Error: (03/22/2013 04:48:23 PM) (Source: crypt32)(User: )
 
Error: (03/22/2013 04:48:23 PM) (Source: crypt32)(User: )
 
Error: (03/22/2013 04:40:21 PM) (Source: crypt32)(User: )
 
Error: (03/22/2013 03:34:47 PM) (Source: Application Error)(User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.21800001295d
 
Error: (03/22/2013 03:33:40 PM) (Source: Application Error)(User: )
Description: uimain.exe1.0.0.1biservice.dll1.0.0.100001ce6
 
 
=========================== Installed Programs ============================
 
µTorrent (Version: 1.8.3)
3RVX 1.0.4
7-Zip 4.65
AAS - Lounge Lizard EP-4
Abilis Systems WinXP Vista32 BDA Driver (Version: 1.2.4.5894)
AcusticaAudio Nebula2
AcusticaAudio Nebula3
Ad-Aware (Version: 9.5.0)
Ad-Aware SE Personal (Version: 1.06)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.6.602.168)
Adobe Reader 7.0.8 (Version: 7.0.8)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
AIC Audio Player 1.5
Aika Online: Epic III (Version: 20111209)
Alarm Me 3.4 (Version: 3.4)
AlgoMusic Enceladus v2.0 VSTi
AMR Player 1.3
AnalogX SayIt
AnalogX TapTempo
Anarchy Online Classic Edition
Anime Studio Pro 8.0 (Version: 8.0)
Antares Auto-Tune v4.39
Antares Avox 1.06
Antares Kantos v1.0
ANWIDA Soft Parametric Equalizer Pro 3.0
Any Video Converter 3.1.5
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Applied Accoustics String Studio VS 1 VST DX v1.0
ArtsAcoustic Reverb 1.2.0 (Version: 1.2.0)
ASIO4ALL
ATI - Software Uninstall Utility (Version: 6.14.10.1022)
ATI AVIVO Codecs (Version: 10.0.0.40103)
ATI Catalyst Control Center (Version: 1.2.2467.36655)
ATI Display Driver (Version: 8.302-061003a-037437C)
ATI HYDRAVISION (Version: 3.25.9006)
ATI Parental Control & Encoder (Version: 3.0)
ATI Problem Report Wizard (Version: 8.10)
ATITool Overclocking Utility (Version: 0.26)
Audacity 1.2.6
AutoUpdate (Version: 1.0)
avast! Antivirus (Version: 4.8)
AVIcodec (remove only)
AVIVO Codecs (Version: 9.14.0.60504)
BCC 7 OFX 32Bit (Version: 7.0.4)
BeatHarness for Winamp 2x (remove only)
BigSeq VST plug-in (Version: 1.0)
BitTorrent (Version: 7.8.0.29112)
Black and White
BlazeVideo HDTV Player 6.6 Standard
Blender (remove only)
Bome's Mouse Keyboard 2.0beta6
Bome's Mouse Keyboard Reason Integration 1.0
Bonjour (Version: 3.0.0.10)
Camel Audio Cameleon 5000 VSTi v1.6
CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)
CBR Reader
CCleaner (Version: 3.00)
CDDRV_Installer (Version: 4.60)
Chainer v1.0
Change Default Browser
Creative Prodikeys PC-MIDI (Version: 1.0)
Creative System Information
Cursor Hider
Decimort 1.3.1 (32bit) (Version: 1.3.1.0)
Delta (Version: 5.10.00.0048a)
Dev-C++ 5 beta 9 release (4.9.9.2)
DFX for Windows Media Player (Version: 9.107.0.0)
DH Driver Cleaner Professional Edition (Version: Version 1.5)
DivX (Version: 5.2.1)
DivX Converter (Version: 6.2.1)
DivX Web Player (Version: 1.3.1)
Docx Reader version 1.0 (Version: 1.0)
Doom 3 (Version: 1.00.0000)
Dropbox (Version: 1.6.16)
ECrawl Shareware  (Version: )
Edirol HQ Orchestral v1.01
eFax Messenger 4.3 (Version: 4.3)
eLicenser Control
eMule
ErrorEND (Version: 1.0.6.1)
ERUNT 1.1j
ESET Online Scanner v3
FeedDemon (Version: 4.1.0.0)
FL Studio 7 public beta
Free Natural Text to Speech Reader 2007 (Version: 6.6)
Freemake Video Downloader (Version: 3.1.0)
FreeStar Free AMR MP3 Converter 1.0.5 (Version: 1.0.5)
Geiss2 for Winamp 2x (remove only)
GetRight
GForce - impOSCar
G-Force (Version: 2.7.3)
GoldWave v5.14
Google Drive (Version: 1.8.4357.4863)
Google Gmail Notifier
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
Google Updater (Version: 2.4.2432.1652)
H.G.Fortune STS-26 Pro
HijackThis 1.99.1 (Version: 1.99.1)
Hipno 1.0.4
Hi-Speed USB Bridge-Network Cable
HyperPrism v1.55
IL Download Manager
IndieVolume 1.2.24.90
IrisAPE 1.0 (Version: 1.0)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Kaspersky Online Scanner (Version: 5.0.83.0)
keFIR VST plugin (Version: 1.0.0)
KhalInstallWrapper (Version: 4.60.122)
Kjaerhus Audio MPL-1 v1.02 VST
K-Lite Mega Codec Pack 9.1.0 (Version: 9.1.0)
LeapFTP
Linplug Albino v2.1
Live 6.0.1
Logitech QuickCam (Version: 11.70.1200)
Logitech QuickCam Driver Package
Logitech SetPoint (Version: 4.60)
LUXONIX Ravity R VSTi v1.4.3
Magnifier (Version: 2.3)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Marblesound Maple VMidi Cable v3.52 (Version: 3.52)
Maxthon 3 (Version: )
McAfee Security Scan Plus (Version: 2.0.181.2)
MediaJoin
MediaJoin (Version: 2.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Excel Viewer 2003 (Version: 11.0.6412.0)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Office Word Viewer 2003 (Version: 11.0.6506.0)
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) (Version: 8.00.761)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MIDI Yoke (Version: 1.72.0)
mIRC (Version: 6.35)
Mojo Master Winamp Visualizer for Winamp (remove only)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 14.0.1468.721)
MyDVD-VR Recorder (Version: 1.0)
NVIDIA nTune (Version: 1.00.0000)
Open Video Joiner version 3.3.0.0
OpenAL
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Opera 12.14 (Version: 12.14.1738)
Outsim Synthmaker v1.1.2
PakkISO 0.4 (Version: PakkISO 0.4 by zorted, installer by BitLooter)
Paltalk Messenger  10.2 (Version: 10.2.0)
Panda ActiveScan
Pando Media Booster (Version: 2.3.1.3)
PC-Linq
PCM Native Reverb VST Plug-in
PCM Native Reverb VST Plug-in (Version: 1.0.0)
Pentagon I 1.3
PhaseTwo VST plug-in (Version: 1.0.0)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
Privatefirewall 6.1 (Version: 6.1.20.24)
QuickTime (Version: 7.1)
RAR Password Cracker 4.12
Real Alternative 1.51 (Version: 1.51)
RealPlayer
RealProducer Basic 11
REALTEK DTV USB DEVICE (Version: 1.00.0000)
REALTEK DVB-T USB DEVICE (Version: 1.00.0000)
RealWorld Cursor Editor (Version: 12.1.0)
Reason 3.0 (Version: 3.0)
RivaTuner v2.23 (Version: v2.23)
rNSV for RealPlayer 1.0 Beta
Roxio Creator 9 LE (Version: 9.0.170)
RSS Checker
Safari (Version: 5.34.50.0)
Segoe UI (Version: 14.0.4327.805)
Skype web features (Version: 1.0.3971)
Skype™ 6.0 (Version: 6.0.126)
SMPlayer 0.6.8 (Version: 0.6.8)
SMS (Version: 5.2.041)
Software Midi Keyboard Special
Some PDF to Txt Converter 2.0
Sonalksis Plug-in Manager 3.00
Sonic MyDVD-VR (Version: 1.0)
Sony Media Manager 2.2 (Version: 2.2.136)
Sony Noise Reduction Plug-In 2.0h (Version: 2.0.451)
Sony Sound Forge 9.0 (Version: 9.0.441)
Sony Vegas 7.0 (Version: 7.0.216)
SopCast 1.1.2 (Version: 1.1.2)
SoundToys Native Effects VST RTAS v4.0.2
Spybot - Search & Destroy (Version: 1.6.2)
Spybot - Search & Destroy 1.4 (Version: 1.4)
SpywareBlaster v3.5.1 (Version: 3.5.1)
Steam (Version: 1.0.0.0)
Steinberg Hypersonic 2
Stereo Tool 4.03
StreamTorrent 1.0
SyncroSoft Emu (Remove only)
Syncrosoft's License Control
System Requirements Lab
Taksi Desktop Video Recorder (Version: 0.7.49)
TCPEye 1.0
The StarMessage Diary 2.1
Thief - Deadly Shadows (Version: 1.0)
Ticker Tycoon
T-Mobile Mobile Broadband Manager (Version: 1.0.0.2)
TSimLite 1.1.0
TVUPlayer 2.4.9.1 (Version: 2.4.9.1)
Ultra Video Joiner 4.7.1127
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB908531) (Version: 2)
Update for Windows XP (KB910437) (Version: 1)
Update for Windows XP (KB911280) (Version: 2)
Update for Windows XP (KB932823-v3) (Version: 3)
USB Disk Win98 Driver
USB-USB Network Bridge v1.8.0.0
VB:FFX-4 Rack
Vectorian Giotto 3.0.0
Veetle TV (Version: 0.9.19)
VH Screen Capture Driver 1.5.0
Virtuadrum (Version: 1.1)
VLC media player 0.9.4 (Version: 0.9.4)
VST Adapter v1.01 Demo
WebFldrs XP (Version: 9.50.6513)
web'n'walk USB manager (Version: 1.0)
Windows Installer 3.1 (KB893803) (Version: 3.1)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339 (Version: 20041117.092459)
Windows XP Hotfix - KB885835 (Version: 20041027.181713)
Windows XP Hotfix - KB885836 (Version: 20041028.173203)
Windows XP Hotfix - KB888302 (Version: 20041207.111426)
Windows XP Hotfix - KB890859 (Version: 1)
Windows XP Hotfix - KB891781 (Version: 20050110.165439)
Windows XP Service Pack 2 (Version: 20040803.231319)
WinImage
WinRAR archiver
Wolfenstein - Enemy Territory
X-Lite 3.0
 
========================= Devices: ================================
 
Name: PCI Device
Description: PCI Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is not configured correctly. (Code1)
Resolution: You may be prompted to provide the path of the driver. Windows may have the driver built-in, or may still have the driver files installed from the last time that you set up the device. If you are asked for the driver and you do not have it, you can try to download the latest driver from the hardware vendor’s Web site.
In the device properties dialog box, click the "Driver" tab, and then click "Update Driver" to start the "Hardware Update Wizard". Follow the instructions to update the driver. If updating the driver does not work, see your hardware documentation for more information.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 44%
Total physical RAM: 3327.23 MB
Available physical RAM: 1835.95 MB
Total Pagefile: 3937.61 MB
Available Pagefile: 2725.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.86 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:111.79 GB) (Free:1.22 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\SB
 
Administrator            ASPNET                   Guest                    
HelpAssistant            S Bizzy                  SUPPORT_388945a0         
 
 
**** End of log ****
 

 

 

 

Farbar's Service Scanner log

 

 

 

Farbar Service Scanner Version: 03-03-2013
Ran by S Bizzy (administrator) on 23-03-2013 at 05:20:32
Running from "C:\Documents and Settings\S Bizzy\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
 
 
Connection Status:
==============
Localhost is accessible.
WAN connected
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\System32\wuauserv.dll".
 
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\System32\qmgr.dll".
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2002-08-29 03:40] - [2006-05-19 12:59] - 0111616 ____A (Microsoft Corporation) EF545E1A4B043DA4C84E230DD471C55F
 
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2002-08-29 02:01] - [2004-08-03 23:14] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B
 
C:\WINDOWS\system32\Drivers\tcpip.sys
[2002-08-29 01:58] - [2006-04-20 11:51] - 0359808 ____A (Microsoft Corporation) 1DBF125862891817F374F407626967F4
 
C:\WINDOWS\system32\Drivers\ipsec.sys
[2002-08-29 02:07] - [2004-08-03 23:14] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1
 
C:\WINDOWS\system32\dnsrslvr.dll
[2001-08-23 12:00] - [2004-08-04 00:56] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D
 
C:\WINDOWS\system32\ipnathlp.dll
[2007-06-11 02:27] - [2004-08-04 00:56] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF
 
C:\WINDOWS\system32\netman.dll
[2005-08-22 18:36] - [2005-08-22 18:29] - 0197632 ____A (Microsoft Corporation) 36739B39267914BA69AD0610A0299732
 
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2006-08-26 17:43] - [2004-08-04 00:56] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E
 
C:\WINDOWS\system32\srsvc.dll
[2006-08-26 17:45] - [2004-08-04 00:56] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838
 
C:\WINDOWS\system32\Drivers\sr.sys
[2006-08-26 17:45] - [2004-08-03 23:06] - 0073472 ___AC (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24
 
C:\WINDOWS\system32\wscsvc.dll
[2011-02-08 14:15] - [2004-08-04 00:56] - 0081408 ____C (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A
 
C:\WINDOWS\system32\wbem\WMIsvc.dll
[2006-08-26 17:43] - [2004-08-04 00:56] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E
 
C:\WINDOWS\system32\wuauserv.dll
[2006-08-26 17:43] - [2004-08-04 00:56] - 0006656 ___AC (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8
 
C:\WINDOWS\system32\qmgr.dll
[2006-08-26 17:45] - [2004-08-04 00:56] - 0382464 ___AC (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA
 
C:\WINDOWS\system32\es.dll
[2005-07-26 04:31] - [2005-07-26 04:39] - 0243200 ____A (Microsoft Corporation) 34BBD9ACC1538818F2C878898C64E793
 
C:\WINDOWS\system32\cryptsvc.dll
[2002-08-29 03:40] - [2004-08-04 00:56] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B
 
C:\WINDOWS\system32\svchost.exe
[2001-08-23 12:00] - [2004-08-04 00:56] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716
 
C:\WINDOWS\system32\rpcss.dll
[2005-07-26 04:31] - [2005-07-26 04:39] - 0397824 ____A (Microsoft Corporation) CE94A2BD25E3E9F4D46A7373FF455C6D
 
C:\WINDOWS\system32\services.exe
[2001-08-23 12:00] - [2004-08-04 00:56] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4
 
 
Extra List:
=======
aswTdi(11) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(13) NwlnkNb(14) PSched(7) pwipf6(10) Tcpip(4) Tcpip6(15) tcpipBM(16) 
0x0F0000000500000001000000020000000300000004000000100000000B0000000A000000080000000600000007000000090000000D0000000E0000000F000000
IpSec Tag value is correct.
 
**** End of log ****
 
 
 
AdwCleaner log
 
# AdwCleaner v2.115 - Logfile created 03/23/2013 at 05:27:08
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : S Bizzy - SB
# Boot Mode : Normal
# Running from : C:\Documents and Settings\S Bizzy\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Documents and Settings\S Bizzy\Desktop\Software
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\Software\Headlight
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\TENCENT
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v14.0.1 (en-US)
 
File : C:\Documents and Settings\S Bizzy\Application Data\Mozilla\Firefox\Profiles\1ci7dhca.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v [Unable to get version]
 
File : C:\Documents and Settings\S Bizzy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
-\\ Opera v12.14.1738.0
 
File : C:\Documents and Settings\S Bizzy\Application Data\Opera\Opera\operaprefs.ini
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [1639 octets] - [23/03/2013 05:27:09]
 
########## EOF - C:\AdwCleaner[S1].txt - [1699 octets] ##########
 
 
MBAR log - mbar-log.txt - (I had to use net stop dnscache to access the site to download)
* No Threats were found
 
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
 
Database version: v2013.02.15.09
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
S Bizzy :: SB [administrator]
 
23/03/2013 06:17:14
mbar-log-2013-03-23 (06-17-14).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28343
Time elapsed: 24 minute(s), 11 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 MBAR log system-log.txt
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
Java version: 1.6.0_30
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.797000 GHz
Memory total: 3488854016, free: 2167521280
 
------------ Kernel report ------------
     03/23/2013 05:51:29
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
sptd.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SPTD3757.SYS
ACPI.sys
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
Lbd.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
BMLoad.sys
\SystemRoot\System32\DRIVERS\ATITool.sys
\SystemRoot\System32\DRIVERS\tunmp.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\ati2mtag.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\kx.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\DRIVERS\ctljystk.sys
\SystemRoot\System32\DRIVERS\gameenum.sys
\SystemRoot\System32\DRIVERS\RTL8139.SYS
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\Drivers\dtscsi.sys
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\NIC2000.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\Drivers\c2scsi.SYS
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\cledx.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\mapledxp.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\tcpipBM.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\system32\drivers\pwipf6.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\DRIVERS\tcpip6.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\drivers\ip6fw.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\usbccgp.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\DRIVERS\ZTEusbser6k.sys
\SystemRoot\System32\DRIVERS\ZTEusbnmea.sys
\SystemRoot\System32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\DRIVERS\ZTEusbmdm6k.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\drivers\LVUSBSta.sys
\SystemRoot\system32\DRIVERS\lvuvc.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs.sys
\SystemRoot\System32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\DRIVERS\atinavt2.sys
\SystemRoot\System32\DRIVERS\BdaSup.SYS
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\DRIVERS\nwlnkipx.sys
\SystemRoot\System32\DRIVERS\nwlnknb.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\System32\DRIVERS\nwrdr.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\DRIVERS\nwlnkspx.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\drivers\enodpl.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\DRIVERS\secdrv.sys
\SystemRoot\System32\drivers\tandpl.sys
\SystemRoot\system32\DRIVERS\LVPr2Mon.sys
\??\C:\WINDOWS\nvoclock.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\asyncmac.sys
\??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xffffffff8ac406a0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000009c\
Lower Device Object: 0xffffffff8af5c938
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8b177ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-3\
Lower Device Object: 0xffffffff8b0f9d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.03.23.05
Initializing...
Cancelled update
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8b177ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b176e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8b177ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b17af18, DeviceName: \Device\00000084\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8b0f9d98, DeviceName: \Device\Ide\IdeDeviceP0T1L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe17fb438, 0xffffffff8b177ab8, 0xffffffff8a0a9ab8
Lower DeviceData: 0xffffffffe22719b0, 0xffffffff8b0f9d98, 0xffffffff8a0a67a0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
The directory C:\WINDOWS\system32\drivers seems inaccessible or encrypted.
Drivers scan is aborted.
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3DACD1F0
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 234436482
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 120034123776 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-234421648-234441648)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8ac406a0, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ac565f8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8ac406a0, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8af5c938, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
 
 


#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:44 PM

Posted 23 March 2013 - 06:01 AM

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply

 



#8 Gorguruga

Gorguruga
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 23 March 2013 - 06:18 AM

AutoRuns Log

 
 
"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdclip" "" "" "File not found: rdclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AlarmMe" "" "" "c:\program files\alarm me\alarmme.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "ATICCC" "" "" "c:\program files\ati technologies\ati.ace\clistart.exe"
+ "avast!" "avast! service GUI component" "ALWIL Software" "c:\program files\alwil software\avast4\ashdisp.exe"
+ "CTHotKeys" "HotKeys Manager" "Creative Technology Ltd" "c:\program files\creative\prodikeys pc-midi\hotkeysmanager\hkmanager.exe"
+ "H2O" "" "" "File not found: C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "Kernel and Hardware Abstraction Layer" "Logitech KHAL Main Process" "Logitech, Inc." "c:\windows\khalmnpr.exe"
+ "kX Mixer" "kX mixer" "Eugene Gavrilov" "c:\program files\kx project\kxmixer.exe"
+ "LogitechCommunicationsManager" "Communications Manager" "Logitech Inc." "c:\program files\common files\logishrd\lcommgr\communications_helper.exe"
+ "LogitechQuickCamRibbon" "Camera Software" "Logitech Inc." "c:\program files\logitech\quickcam\quickcam.exe"
+ "Privatefirewall" "Privatefirewall 6.1 Application" "Privacyware/PWI, Inc." "c:\program files\privacyware\privatefirewall 6.1\pf6.exe"
+ "RoxWatchTray" "RoxMMTrayApp Module" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "UIExec" "" "" "c:\program files\t-mobile mobile broadband manager\uiexec.exe"
+ "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" "Gmail Notifier" "Google Inc." "c:\program files\google\gmail notifier\gnotify.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "Z1" "Malwarebytes Anti-Rootkit utility" "Malwarebytes Corporation" "c:\documents and settings\s bizzy\my documents\mbar-1.01.0.1021\mbar\mbar.exe"
"C:\Documents and Settings\S Bizzy\Start Menu\Programs\Startup" "" "" ""
+ "Dropbox.lnk" "Dropbox" "Dropbox, Inc." "c:\documents and settings\s bizzy\application data\dropbox\bin\dropbox.exe"
+ "PalTalk.lnk" "Paltalk Messenger" "AVM Software Inc." "c:\program files\paltalk messenger\paltalk.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "n/a" "" "" "File not found: C:\WINDOWS\System32\cvncdhmv.exe"
+ "n/a" "" "" "File not found: C:\WINDOWS\System32\rciuuyxi.exe"
+ "n/a" "" "" "File not found: C:\WINDOWS\System32\lqhuwwju.exe"
+ "n/a" "" "" "File not found: C:\WINDOWS\System32\hoprtcah.exe"
+ "n/a" "" "" "File not found: C:\WINDOWS\System32\xphpvjhs.exe"
+ "n/a" "" "" "File not found: C:\WINDOWS\System32\kzpfuhqs.exe"
+ "n/a" "" "" "File not found: C:\WINDOWS\System32\lkryxoyf.exe"
+ "n/a" "" "" "File not found: C:\WINDOWS\System32\ojgsziwu.exe"
+ "n/a" "" "" "File not found: C:\WINDOWS\System32\nwizwmsjs.exe"
+ "n/a" "" "" "File not found: C:\WINDOWS\System32\opnrgwgb.exe"
+ "n/a" "" "" "File not found: C:\WINDOWS\System32\hrhrawrt.exe"
+ "n/a" "" "" "File not found: C:\WINDOWS\System32\yspltdje.exe"
+ "n/a" "" "" "File not found: C:\WINDOWS\System32\gobxexed.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "3RVX.exe" "3RVX" "matt.malensek.net" "c:\program files\3rvx\3rvx.exe"
+ "IndieVolume" "IndieVolume" "GerixSoft, Ltd." "c:\program files\indievolume\indievolume.exe"
+ "Journey To The Center OLR" "BVRPOlr" "Avanquest Software" "c:\program files\bvrp software\journey to the center\bvrpolr.exe"
+ "LogitechSetup" "" "" "File not found: F:\setup.exe /skip_all_checks /p  /start /restart /l:enu"
+ "NVIDIA nTune" "NVIDIA nTune Command" "NVIDIA" "c:\program files\nvidia corporation\ntune\ntunecmd.exe"
+ "{F3F97C84-888B-7010-E7F1-ED0DE408DC4D}" "" "" "File not found: C:\Documents and Settings\S Bizzy\Application Data\Macromedia\Flash Player\#SharedObjects\L3QNKYGP\fhg.ocreampies.com\flowplayer\flowplayer-3.2.7.swf\blastcln.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8117.0416.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8117.0416.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\s bizzy\application data\dropbox\bin\dropboxext.17.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "AICAudioPlayer" "Shell.dll" "AIC-Media" "c:\program files\aic-media\audioplayer\shell.dll"
+ "avast" "avast! Shell Extension" "ALWIL Software" "c:\program files\alwil software\avast4\ashshell.dll"
+ "GDContextMenu" "Google Drive shell extension" "Google" "c:\program files\google\drive\contextmenu32.dll"
+ "HotShellExt_40" "eFax Messenger - Shell Extension" "j2 Global Communications, Inc." "c:\program files\efax messenger 4.3\j2gshell.dll"
+ "LavasoftShellExt" "Shell Extension                                          " "Lavasoft Limited" "c:\program files\lavasoft\ad-aware\shellext.dll"
+ "RXDCExtSvr" "Roxio Disc Copier Shell Extension" "Sonic Solutions" "c:\program files\roxio\virtual drive 9\dc_shellext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\s bizzy\application data\dropbox\bin\dropboxext.17.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "GDContextMenu" "Google Drive shell extension" "Google" "c:\program files\google\drive\contextmenu32.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\s bizzy\application data\dropbox\bin\dropboxext.17.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "ACE Context Menu" "" "c:\program files\ati technologies\ati.ace\atiacmxx.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "Apache Software Foundation" "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "ALWIL Software" "c:\program files\alwil software\avast4\ashshell.dll"
+ "LavasoftShellExt" "Shell Extension                                          " "Lavasoft Limited" "c:\program files\lavasoft\ad-aware\shellext.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "RXDCExtSvr" "Roxio Disc Copier Shell Extension" "Sonic Solutions" "c:\program files\roxio\virtual drive 9\dc_shellext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\s bizzy\application data\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\s bizzy\application data\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\s bizzy\application data\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\s bizzy\application data\dropbox\bin\dropboxext.17.dll"
+ "GDriveBlacklistedOverlay" "Google Drive shell extension" "Google" "c:\program files\google\drive\googledrivesync32.dll"
+ "GDriveSharedOverlay" "Google Drive shell extension" "Google" "c:\program files\google\drive\googledrivesync32.dll"
+ "GDriveSyncedOverlay" "Google Drive shell extension" "Google" "c:\program files\google\drive\googledrivesync32.dll"
+ "GDriveSyncingOverlay" "Google Drive shell extension" "Google" "c:\program files\google\drive\googledrivesync32.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "bho2gr Class" "GetRight's IE & NS Click Monitoring.  www.getright.com" "Headlight Software, Inc." "c:\program files\getright\xx2gr.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "PalTalk" "Paltalk Messenger" "AVM Software Inc." "c:\program files\paltalk messenger\paltalk.exe"
+ "Spybot - Search && Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Ad-Aware Update (Weekly).job" "Ad-Aware Admin Application                                        " "Lavasoft Limited                                                      " "c:\program files\lavasoft\ad-aware\ad-awareadmin.exe"
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "ErrorEND.job" "ErrorEND for Registry optimaization" "ErrorEND" "c:\program files\errorend\errorend.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "aswUpdSv" "Provides automatic updating for the avast! antivirus." "ALWIL Software" "c:\program files\alwil software\avast4\aswupdsv.exe"
+ "Ati HotKey Poller" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "ATI Smart" "ATI Smart" "" "c:\windows\system32\ati2sgag.exe"
+ "avast! Antivirus" "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler." "ALWIL Software" "c:\program files\alwil software\avast4\ashserv.exe"
+ "avast! Mail Scanner" "Implements mail scanning for avast! antivirus." "ALWIL Software" "c:\program files\alwil software\avast4\ashmaisv.exe"
+ "avast! Web Scanner" "Implements web (HTTP) scanning for avast! antivirus." "ALWIL Software" "c:\program files\alwil software\avast4\ashwebsv.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "Lavasoft Ad-Aware Service" "Lavasoft Ad-Aware Service" "Lavasoft Limited" "c:\program files\lavasoft\ad-aware\aawservice.exe"
+ "LBTServ" "Logitech Bluetooth Service" "Logitech, Inc." "c:\program files\common files\logitech\bluetooth\lbtserv.exe"
+ "LVCOMSer" "Logitech Video COM Service" "Logitech Inc." "c:\program files\common files\logishrd\lvcomser\lvcomser.exe"
+ "LVPrcSrv" "Injector service" "Logitech Inc." "c:\program files\common files\logishrd\lvmvfm\lvprcsrv.exe"
+ "LVSrvLauncher" "Launcher for Logitech Video Components." "Logitech Inc." "c:\program files\common files\logishrd\srvlnch\srvlnch.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "McComponentHostService" "McAfee Security Scan Component Host Service" "McAfee, Inc." "c:\program files\mcafee security scan\2.0.181\mcchsvc.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "MSSQL$SONY_MEDIAMGR" "SQL Server Windows NT" "Microsoft Corporation" "c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlservr.exe"
+ "MSSQLServerADHelper" "Microsoft SQL Server Active Directory Helper Service" "Microsoft Corporation" "c:\program files\microsoft sql server\80\tools\binn\sqladhlp.exe"
+ "npggsvc" "nProtect GameGuard Service" "INCA Internet Co., Ltd." "c:\windows\system32\gamemon.des"
+ "nTuneService" "Service to allow a remote administrator to access this machine for gathering information, and performing performance updates" "NVIDIA" "c:\program files\nvidia corporation\ntune\ntuneservice.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "PFNet" " " "Privacyware/PWI, Inc." "c:\program files\privacyware\privatefirewall 6.1\pfsvc.exe"
+ "PnkBstrA" "PunkBuster Service Component [v1034] http://www.evenbalance.com" "" "c:\windows\system32\pnkbstra.exe"
+ "RoxMediaDB9" "Roxio RoxMediaDB9 Service" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\sharedcom\roxmediadb9.exe"
+ "RoxWatch9" "RoxSniffer9 Module" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\sharedcom\roxwatch9.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe"
+ "SQLAgent$SONY_MEDIAMGR" "Microsoft SQL Server Agent" "Microsoft Corporation" "c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlagent.exe"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files\common files\surething shared\stllssvr.exe"
+ "UI Assistant Service" "" "" "c:\program files\t-mobile mobile broadband manager\assistantservices.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Aavmker4" "avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP" "ALWIL Software" "c:\windows\system32\drivers\aavmker4.sys"
+ "arasacd" "" "" "File not found: C:\DOCUME~1\SBIZZY~1\LOCALS~1\Temp\arasacd.sys"
+ "aswMon2" "avast! File System Filter Driver for Windows XP" "ALWIL Software" "c:\windows\system32\drivers\aswmon2.sys"
+ "aswRdr" "avast! TDI RDR Driver" "ALWIL Software" "c:\windows\system32\drivers\aswrdr.sys"
+ "aswSP" "avast! self protection module" "ALWIL Software" "c:\windows\system32\drivers\aswsp.sys"
+ "aswTdi" "avast! TDI Filter Driver" "ALWIL Software" "c:\windows\system32\drivers\aswtdi.sys"
+ "ati2mtag" "ATI Radeon WindowsNT Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mtag.sys"
+ "ATIAVAIW" "ATI T200 Unified AVStream Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atinavt2.sys"
+ "ATITool" "Low-Level Driver" "" "c:\windows\system32\drivers\atitool.sys"
+ "BMLoad" "Bytemobile Kernel Driver Loader" "Bytemobile, Inc." "c:\windows\system32\drivers\bmload.sys"
+ "c2scsi" "Roxio virtual SCSI miniport" "Sonic Solutions" "c:\windows\system32\drivers\c2scsi.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "CLEDX" "Team H2O CLEDX DevWhore" "Team H2O" "c:\windows\system32\drivers\cledx.sys"
+ "ctljystk" "Creative Joyport Enabler" "Creative Technology Ltd." "c:\windows\system32\drivers\ctljystk.sys"
+ "CtPmFilt" "CtPmFilt.sys" "Creative Technology Ltd." "c:\windows\system32\drivers\ctpmfilt.sys"
+ "DELTA" "M-Audio Delta Audio Driver (WDM)" "Midiman/M-Audio" "c:\windows\system32\drivers\delta.sys"
+ "dtscsi" "" "" "c:\windows\system32\drivers\dtscsi.sys"
+ "EagleNT" "" "" "File not found: C:\WINDOWS\system32\drivers\EagleNT.sys"
+ "emu10k" "Creative SB Live! Adapter Driver" "Creative Technology Ltd." "c:\windows\system32\drivers\emu10k1m.sys"
+ "emu10k1" "Creative SB Live! Interface Driver" "Creative Technology Ltd." "c:\windows\system32\drivers\ctlfacem.sys"
+ "enodpl" "" "" "c:\windows\system32\drivers\enodpl.sys"
+ "FA312" "NETGEAR FA312 Fast Ethernet NDIS 5.0 Miniport Driver" "NETGEAR Corp." "c:\windows\system32\drivers\fa312nd5.sys"
+ "FilterService" "Logitech USB Video Class Filter Driver" "Logitech Inc." "c:\windows\system32\drivers\lvuvcflt.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hwdatacard" "USB Modem/Serial Device Driver" "Huawei Technologies Co., Ltd." "c:\windows\system32\drivers\ewusbmdm.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "kxwdmdrv" "kX Audio Driver" "Eugene Gavrilov" "c:\windows\system32\drivers\kx.sys"
+ "L8042Kbd" "Logitech PS2 Keyboard Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\l8042kbd.sys"
+ "L8042mou" "Logitech PS/2 Mouse Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\l8042mou.sys"
+ "Lavasoft Kernexplorer" "" "" "c:\program files\lavasoft\ad-aware\kernexplorer.sys"
+ "Lbd" "Ad-Aware mini-filter driver" "Lavasoft AB" "c:\windows\system32\drivers\lbd.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "LHidFilt" "Logitech HID Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lhidfilt.sys"
+ "LHidKe" "Logitech HID Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lhidke.sys"
+ "LHidUsbK" "Logitech SetPoint USB Receiver" "Logitech, Inc." "c:\windows\system32\drivers\lhidusbk.sys"
+ "LMouFilt" "Logitech Mouse Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lmoufilt.sys"
+ "LMouKE" "Logitech Filter Driver for Mouse Class." "Logitech, Inc." "c:\windows\system32\drivers\lmouke.sys"
+ "LUsbFilt" "Logitech USB Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lusbfilt.sys"
+ "LVcKap" "Logitech Kernel Audio Processing Filter Driver" "Logitech Inc." "c:\windows\system32\drivers\lvckap.sys"
+ "LVPr2Mon" "Logitech ProcMon Driver" "Logitech Inc." "c:\windows\system32\drivers\lvpr2mon.sys"
+ "LVRS" "Logitech Kernel Audio Improvement Filter Driver" "Logitech Inc." "c:\windows\system32\drivers\lvrs.sys"
+ "LVUSBSta" "USB Statistic Driver" "Logitech Inc." "c:\windows\system32\drivers\lvusbsta.sys"
+ "LVUVC" "Logitech USB Video Class Driver" "Logitech Inc." "c:\windows\system32\drivers\lvuvc.sys"
+ "mapledxp" "Marble Sound Maple XP midi driver" "Jeff Hurchalla and Marble Sound" "c:\windows\system32\drivers\mapledxp.sys"
+ "massfilter" "ZTE CDROM Filter" "ZTE Incorporated" "c:\windows\system32\drivers\massfilter.sys"
+ "mbamchameleon" "" "" "c:\windows\system32\drivers\mbamchameleon.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "NIC2000" "USB-USB Network Bridge NIC Driver" "Prolific Technology Inc.
www.prolific.com.tw" "c:\windows\system32\drivers\nic2000.sys"
+ "NVR0Dev" "NVidia System Utility Driver" "NVidia Corp." "c:\windows\nvoclock.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "PLUsbbc2" "High Speed USB-USB Bridge Cable Driver" "Prolific Technology Inc." "c:\windows\system32\drivers\usbbc2.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "pwipf6" "pwipf6" "Privacyware/PWI, Inc." "c:\windows\system32\drivers\pwipf6.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "RivaTuner32" "" "" "c:\program files\rivatuner v2.23\rivatuner32.sys"
+ "RTL2832U_IRHID" "Realtek Virtual Hid IR Device" "Realtek" "c:\windows\system32\drivers\rtl2832u_irhid.sys"
+ "RTL2832UBDA" "RTL2832UBDA Driver" "REALTEK SEMICONDUCTOR Corp." "c:\windows\system32\drivers\rtl2832ubda.sys"
+ "RTL2832UUSB" "RTL2832UUSB Driver" "REALTEK SEMICONDUCTOR Corp." "c:\windows\system32\drivers\rtl2832uusb.sys"
+ "rtl8139" "Realtek RTL8139 NDIS 5.0 Driver" "Realtek Semiconductor Corporation" "c:\windows\system32\drivers\rtl8139.sys"
+ "Secdrv" "SafeDisc driver" "" "c:\windows\system32\drivers\secdrv.sys"
+ "sfman" "SoundFont® Manager" "Creative Technology Ltd." "c:\windows\system32\drivers\sfmanm.sys"
+ "sptd" "" "" "c:\windows\system32\drivers\sptd.sys"
+ "tandpl" "" "" "c:\windows\system32\drivers\tandpl.sys"
+ "tcpipBM" "Bytemobile Kernel Network Provider" "Bytemobile, Inc." "c:\windows\system32\drivers\tcpipbm.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "WlanUIG" "Wireless LAN NDIS 5.1 Driver" " " "c:\windows\system32\drivers\wlanuig.sys"
+ "XDva281" "" "" "File not found: C:\WINDOWS\System32\XDva281.sys"
+ "XDva399" "" "" "File not found: C:\WINDOWS\system32\XDva399.sys"
+ "ZDCndis5" "" "" "File not found: C:\WINDOWS\System32\ZDCndis5.SYS"
+ "ZTEusbmdm6k" "USB Modem/Serial Device Driver" "ZTE Incorporated" "c:\windows\system32\drivers\zteusbmdm6k.sys"
+ "ZTEusbnmea" "USB Modem/Serial Device Driver" "ZTE Incorporated" "c:\windows\system32\drivers\zteusbnmea.sys"
+ "ZTEusbser6k" "USB Modem/Serial Device Driver" "ZTE Incorporated" "c:\windows\system32\drivers\zteusbser6k.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "aux" "Creative WDM Driver" "Creative Technology Ltd." "c:\windows\system32\ctwdm32.dll"
+ "Midi1" "Driver DLL for Marble Sound Maple Midi" "Jeff Hurchalla and Marble Sound" "c:\windows\system32\mapledxp.dll"
+ "Midi2" "MIDI Yoke Junction NT" "Jamie O'Connell" "c:\windows\system32\myokent.dll"
+ "midi9" "" "" "C:\Program Files\Creative\Prodikeys PC-MIDI\CtPmMidi.dll"
+ "msacm.ac3acm" "AC-3 ACM Codec" "fccHandler" "c:\windows\system32\ac3acm.acm"
+ "msacm.l3acm" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecp.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "msacm.vorbis" "Ogg Vorbis CODEC for MSACM" "HMS http://hp.vector.co.jp/authors/VA012897/" "c:\windows\system32\vorbis.acm"
+ "VIDC.CFHD" "CineForm VFW CODEC" "CineForm Inc." "c:\windows\system32\cfhd.dll"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX" "DivX® Codec for Windows" "DivXNetworks, Inc." "c:\windows\system32\divx.dll"
+ "VIDC.FFDS" "ffdshow VFW" "" "c:\windows\system32\ff_vfw.dll"
+ "VIDC.I420" "Video Codec" "Logitech Inc." "c:\windows\system32\lvcodec2.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "VIDC.LAGS" "Lagarith" " " "c:\windows\system32\lagarith.dll"
+ "VIDC.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
+ "vidc.yv12" "DivX® Codec for Windows" "DivXNetworks, Inc." "c:\windows\system32\divx.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "AMSB:Source" "WAV-Source." "Audio Mechanic & Sound Breeder" "c:\program files\vb\ffx4\ffx4_am_in.ax"
+ "AMSB:Source" "WAV-Source." "Audio Mechanic & Sound Breeder" "c:\program files\vb\ffx4\ffx4_am_in.ax"
+ "IL FL Studio DXi" "" "Image-Line bvba" "c:\program files\image-line\fl studio 7 public beta\system\plugin\dxi\fl studio dxi.dll"
+ "IL FL Studio DXi" "" "Image-Line bvba" "c:\program files\image-line\fl studio 7 public beta\system\plugin\dxi\fl studio dxi.dll"
+ "IL Multi FL Studio DXi" "" "Image-Line bvba" "c:\program files\image-line\fl studio 7 public beta\system\plugin\dxi\fl studio dxi (multi).dll"
+ "IL Multi FL Studio DXi" "" "Image-Line bvba" "c:\program files\image-line\fl studio 7 public beta\system\plugin\dxi\fl studio dxi (multi).dll"
+ "NI Gary Garritan - Jazz Big Band" "Gary Garritan - Jazz Big Band" "Native Instruments Software Synthesis GmbH" "c:\program files\garritan jazz big band\dxi\garritan jazzdxi.dll"
+ "NI Gary Garritan - Jazz Big Band" "Gary Garritan - Jazz Big Band" "Native Instruments Software Synthesis GmbH" "c:\program files\garritan jazz big band\dxi\garritan jazzdxi.dll"
+ "PSP VintageMeter" "" "" "c:\program files\psp vintagewarmer 1.6.5\dxversion\pspvmdx.dll"
+ "PSP VintageMeter" "" "" "c:\program files\psp vintagewarmer 1.6.5\dxversion\pspvmdx.dll"
+ "PSP VintageWarmer" "" "" "c:\program files\psp vintagewarmer 1.6.5\dxversion\pspvwdx.dll"
+ "PSP VintageWarmer" "" "" "c:\program files\psp vintagewarmer 1.6.5\dxversion\pspvwdx.dll"
+ "PSP VintageWarmer2" "" "" "c:\program files\pspaudioware\psp vintagewarmer 2.0.0\pspvw2dx.dll"
+ "PSP VintageWarmer2" "" "" "c:\program files\pspaudioware\psp vintagewarmer 2.0.0\pspvw2dx.dll"
+ "Sonic MP4 Demultiplexer" "Sonic MP4 Demultiplexer" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicmp4demux.ax"
+ "Sonic MP4 Demultiplexer" "Sonic MP4 Demultiplexer" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicmp4demux.ax"
+ "Sony Audio Restoration" "Sony Noise Reduction Plug-In Pack" "Sony Creative Software Inc." "c:\program files\sony\noise reduction plug-in\sfnrpack.dll"
+ "Sony Audio Restoration" "Sony Noise Reduction Plug-In Pack" "Sony Creative Software Inc." "c:\program files\sony\noise reduction plug-in\sfnrpack.dll"
+ "Sony Click and Crackle Removal" "Sony Noise Reduction Plug-In Pack" "Sony Creative Software Inc." "c:\program files\sony\noise reduction plug-in\sfnrpack.dll"
+ "Sony Click and Crackle Removal" "Sony Noise Reduction Plug-In Pack" "Sony Creative Software Inc." "c:\program files\sony\noise reduction plug-in\sfnrpack.dll"
+ "Sony Clipped Peak Restoration" "Sony Noise Reduction Plug-In Pack" "Sony Creative Software Inc." "c:\program files\sony\noise reduction plug-in\sfnrpack.dll"
+ "Sony Clipped Peak Restoration" "Sony Noise Reduction Plug-In Pack" "Sony Creative Software Inc." "c:\program files\sony\noise reduction plug-in\sfnrpack.dll"
+ "Sony Dither" "Sony TrackFX 1" "Sony Creative Software Inc" "c:\program files\sony\shared plug-ins\audio\sftrkfx1.dll"
+ "Sony Dither" "Sony TrackFX 1" "Sony Creative Software Inc" "c:\program files\sony\shared plug-ins\audio\sftrkfx1.dll"
+ "Sony ExpressFX Amplitude Modulation" "Sony ExpressFX 2 " "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx2.dll"
+ "Sony ExpressFX Amplitude Modulation" "Sony ExpressFX 2 " "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx2.dll"
+ "Sony ExpressFX Audio Restoration" "Sony ExpressFX Audio Restoration" "Sony Creative Software Inc" "c:\program files\sony\shared plug-ins\audio\xpvinyl.dll"
+ "Sony ExpressFX Audio Restoration" "Sony ExpressFX Audio Restoration" "Sony Creative Software Inc" "c:\program files\sony\shared plug-ins\audio\xpvinyl.dll"
+ "Sony ExpressFX Chorus" "Sony ExpressFX 2 " "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx2.dll"
+ "Sony ExpressFX Chorus" "Sony ExpressFX 2 " "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx2.dll"
+ "Sony ExpressFX Delay" "Sony ExpressFX 2 " "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx2.dll"
+ "Sony ExpressFX Delay" "Sony ExpressFX 2 " "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx2.dll"
+ "Sony ExpressFX Distortion" "Sony ExpressFX 1" "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx1.dll"
+ "Sony ExpressFX Distortion" "Sony ExpressFX 1" "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx1.dll"
+ "Sony ExpressFX Dynamics" "Sony ExpressFX 3 " "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx3.dll"
+ "Sony ExpressFX Dynamics" "Sony ExpressFX 3 " "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx3.dll"
+ "Sony ExpressFX Equalization" "Sony ExpressFX 2 " "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx2.dll"
+ "Sony ExpressFX Equalization" "Sony ExpressFX 2 " "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx2.dll"
+ "Sony ExpressFX Flange/Wah-Wah" "Sony ExpressFX 1" "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx1.dll"
+ "Sony ExpressFX Flange/Wah-Wah" "Sony ExpressFX 1" "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx1.dll"
+ "Sony ExpressFX Graphic EQ" "Sony ExpressFX 3 " "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx3.dll"
+ "Sony ExpressFX Graphic EQ" "Sony ExpressFX 3 " "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx3.dll"
+ "Sony ExpressFX Noise Gate" "Sony ExpressFX 3 " "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx3.dll"
+ "Sony ExpressFX Noise Gate" "Sony ExpressFX 3 " "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx3.dll"
+ "Sony ExpressFX Reverb" "Sony ExpressFX 1" "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx1.dll"
+ "Sony ExpressFX Reverb" "Sony ExpressFX 1" "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx1.dll"
+ "Sony ExpressFX Stutter" "Sony ExpressFX 1" "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx1.dll"
+ "Sony ExpressFX Stutter" "Sony ExpressFX 1" "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx1.dll"
+ "Sony ExpressFX Time Stretch" "Sony ExpressFX 3 " "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx3.dll"
+ "Sony ExpressFX Time Stretch" "Sony ExpressFX 3 " "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sfxpfx3.dll"
+ "Sony Noise Reduction" "Sony Noise Reduction Plug-In Pack" "Sony Creative Software Inc." "c:\program files\sony\noise reduction plug-in\sfnrpack.dll"
+ "Sony Noise Reduction" "Sony Noise Reduction Plug-In Pack" "Sony Creative Software Inc." "c:\program files\sony\noise reduction plug-in\sfnrpack.dll"
+ "Sony Pan" "Sound Forge Pan and Volume 1" "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sffrgpnv.dll"
+ "Sony Pan" "Sound Forge Pan and Volume 1" "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sffrgpnv.dll"
+ "Sony Resonant Filter" "Sony Resonant Filter" "Sony Creative Software Inc" "c:\program files\sony\shared plug-ins\audio\sfresfilter.dll"
+ "Sony Resonant Filter" "Sony Resonant Filter" "Sony Creative Software Inc" "c:\program files\sony\shared plug-ins\audio\sfresfilter.dll"
+ "Sony Track Compressor" "Sony TrackFX 1" "Sony Creative Software Inc" "c:\program files\sony\shared plug-ins\audio\sftrkfx1.dll"
+ "Sony Track Compressor" "Sony TrackFX 1" "Sony Creative Software Inc" "c:\program files\sony\shared plug-ins\audio\sftrkfx1.dll"
+ "Sony Track EQ" "Sony TrackFX 1" "Sony Creative Software Inc" "c:\program files\sony\shared plug-ins\audio\sftrkfx1.dll"
+ "Sony Track EQ" "Sony TrackFX 1" "Sony Creative Software Inc" "c:\program files\sony\shared plug-ins\audio\sftrkfx1.dll"
+ "Sony Track Noise Gate" "Sony TrackFX 1" "Sony Creative Software Inc" "c:\program files\sony\shared plug-ins\audio\sftrkfx1.dll"
+ "Sony Track Noise Gate" "Sony TrackFX 1" "Sony Creative Software Inc" "c:\program files\sony\shared plug-ins\audio\sftrkfx1.dll"
+ "Sony Volume" "Sound Forge Pan and Volume 1" "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sffrgpnv.dll"
+ "Sony Volume" "Sound Forge Pan and Volume 1" "Sony Creative Software Inc." "c:\program files\sony\shared plug-ins\audio\sffrgpnv.dll"
+ "VB:RACK FFX-4 DX" "RACK FFX-4 DX Plug-In." "Audio Mechanic & Sound Breeder" "c:\program files\vb\ffx4\vb_ffx4.ax"
+ "VB:RACK FFX-4 DX" "RACK FFX-4 DX Plug-In." "Audio Mechanic & Sound Breeder" "c:\program files\vb\ffx4\vb_ffx4.ax"
+ "VSTadapter" "VST to DX Adapter DEMO VERSION" "Amulet Audio Software UK" "c:\program files\vstadapter demo\vstadapter_demo.dll"
+ "VSTadapter" "VST to DX Adapter DEMO VERSION" "Amulet Audio Software UK" "c:\program files\vstadapter demo\vstadapter_demo.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AAudioRipper" "" "" "c:\program files\ableton\live 6.0.1\program\audioripper.ax"
+ "AC3File" "" "" "c:\program files\k-lite codec pack\filters\ac3file.ax"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ATI Audio Delay Filter" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI Audio Pitch Correction Filter" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI CC Multiplexer" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI CC Splitter" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI EZShare Client" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI EZShare Server" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI FM-On-Demand Filter" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI Media Center Audio Encoder" "ATI Media Center Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimcenc.dll"
+ "ATI Media Center Multiplexer" "ATI Media Center Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimcenc.dll"
+ "ATI Media Center Video Encoder" "ATI Media Center Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimcenc.dll"
+ "ATI MPEG Audio Decoder" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI MPEG Audio Encoder" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI MPEG File Writer" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI MPEG Multiplexer" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI MPEG Video Decoder" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI MPEG Video Encoder" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI Noise Reduction Filter" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI Still Capture Filter" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI Time Shift Reader" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI Time Shift Splitter" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI VCR Stream Sink" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI VCR Stream Source" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI VCR Video Converter" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI Video Format Converter" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI Video Rotation Filter" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "ATI Video Scaler Filter" "ATI Digital VCR" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atidvcr.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "DABP Splitter" "version MFC Application" "Realtek" "c:\windows\system32\superframesplitter.dll"
+ "DC-Bass Source" "BASS based DirectShow™ Audio Decoder" "http://www.dsp-worx.de" "c:\program files\k-lite codec pack\filters\dcbass\dcbasssourcemod.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DivX Decoder Filter" "DivX® Decoder Filter" "DivXNetworks, Inc." "c:\windows\system32\divxdec.ax"
+ "DivX Demux" "DivX® Media Filter" "DivXNetworks" "c:\windows\system32\divxmedia.ax"
+ "DivX Subtitle Decoder" "DivX® Media Filter" "DivXNetworks" "c:\windows\system32\divxmedia.ax"
+ "Elecard Audio Decoder" "Elecard Audio Decoder" "Elecard Ltd" "c:\program files\common files\elecard\elaudec.ax"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\filters\ffdshow\ffdshow.ax"
+ "File Source (Monkey Audio)" "" "" "c:\program files\k-lite codec pack\filters\monkeysource.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files\k-lite codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "LAV Audio Decoder" "LAV Audio Decoder - DirectShow Audio Decoder" "1f0.de - Hendrik Leppkes" "c:\program files\k-lite codec pack\filters\lav\lavaudio.ax"
+ "LAV Splitter" "LAV Splitter - DirectShow Media Splitter" "1f0.de - Hendrik Leppkes" "c:\program files\k-lite codec pack\filters\lav\lavsplitter.ax"
+ "LAV Splitter Source" "LAV Splitter - DirectShow Media Splitter" "1f0.de - Hendrik Leppkes" "c:\program files\k-lite codec pack\filters\lav\lavsplitter.ax"
+ "LAV Video Decoder" "LAV Video Decoder - DirectShow Video Decoder" "1f0.de - Hendrik Leppkes" "c:\program files\k-lite codec pack\filters\lav\lavvideo.ax"
+ "madFlac Decoder" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "madFlac Source" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "madVR" "madshi's D3D9 based video renderer" "madshi.net" "c:\program files\k-lite codec pack\filters\madvr\madvr.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "MpegVideo Filter" "MpegVideo Module" "DScaler Team" "c:\program files\k-lite codec pack\filters\mpegvideo.dll"
+ "QTSrc" "" "" "c:\windows\system32\aveqt.dll"
+ "RealAudio Decoder" "" "" "c:\windows\system32\averm.dll"
+ "RealMedia Source" "" "" "c:\windows\system32\averm.dll"
+ "RealMedia Splitter" "" "" "c:\windows\system32\averm.dll"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealVideo Decoder" "" "" "c:\windows\system32\averm.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Roxio Audio Decoder (DVD)" "ROXIO Audio Decoder" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxiodvdaudio.dll"
+ "ROXIO LPCMSyncFilter" "LPCMSync Filter" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\lpcmsyncfilter.dll"
+ "Roxio MPEG Analyzer Filter" "MPEG File Analyzer Dynamic Link Library" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxiompegprop.dll"
+ "Roxio MPEG Stream Analyzer" "Roxio MPEG Stream Splitter" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpegstreamanalyzer.dll"
+ "Roxio MPEG1 Audio Encoder" "ROXIO MPEG Audio Encoder" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxioaudioenc.dll"
+ "Roxio MPEG1 Encoder" "ROXIO MPEG1 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg1vidcodec.dll"
+ "Roxio MPEG1 Muxer" "ROXIO MPEG MUXER" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg1muxer.dll"
+ "Roxio MPEG2 Demuxer" "ROXIO MPEG Demuxer" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxiompegdemuxer.dll"
+ "ROXIO Raw Writer" "ROXIO Raw Writer" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mgirawwriter.dll"
+ "Roxio Repack Filter" "Repack Filter" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\repackfilter.dll"
+ "Roxio Transport Stream Source" "ListFrameSource" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\tsmpegsource.dll"
+ "RTKDABSourceFilter" "version MFC Application" "Realtek" "c:\windows\system32\rtkdabsource.dll"
+ "RTKFMSourceFilter" "version MFC Application" "Realtek" "c:\windows\system32\rtkfmsource.dll"
+ "ShotBoundaryDet" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Sonic MP4 Demultiplexer" "Sonic MP4 Demultiplexer" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicmp4demux.ax"
+ "Sony Wave Hammer Surround" "Sony Wave Hammer 5.1" "Sony Creative Software Inc" "c:\program files\sony\shared plug-ins\audio\mchammer.dll"
+ "Steinberg Hypersonic" "Hypersonic 2" "Steinberg Media Technologies GmbH" "c:\program files\emagic\logic 5\vstplugins\hypersonic\hypersonic.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "SubPicture Encoder" "ROXIO SubPicture Encoder" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\subpictenc.dll"
+ "T" "VP7 Decompression Filter" "On2.com Inc." "c:\program files\k-lite codec pack\filters\vp7dec.ax"
+ "VSTadapter" "VST to DX Adapter DEMO VERSION" "Amulet Audio Software UK" "c:\program files\vstadapter demo\vstadapter_demo.dll"
+ "WAV Dest" "" "" "c:\windows\system32\wavdest.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "Windows Media Pad VU Data Grabber" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "{1AD512C6-24AF-4395-82B4-2D3CF21F44A2}" "Roxio MP3 Encoder Dynamic Link Library" "Roxio" "c:\program files\common files\roxio shared\sharedcom\rxdsaudiostreamwriter.ax"
+ "{472C92F0-5438-423D-9B30-FD2932EA44EE}" "Roxio Audio Source Filter" "Microsoft Corporation" "c:\program files\common files\roxio shared\sharedcom\rxdsaudiosource.ax"
+ "{58FF69ED-8388-483B-B9AC-3EB04BBEB913}" "Roxio Audio Stream Reader Filter" "Microsoft Corporation" "c:\program files\common files\roxio shared\sharedcom\rxdsaudiostreamreader.ax"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "lsdelete" "" "" "c:\windows\system32\lsdelete.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "AtiExtEvent" "ATI External Event Utility DLL Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.dll"
+ "LBTWlgn" "Logitech Bluetooth Service" "Logitech, Inc." "c:\program files\common files\logitech\bluetooth\lbtwlgn.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "PrimoMon" "" "" "c:\windows\system32\primomonnt.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" ""
+ "watcst.dll" "" "" "File not found: watcst.dll"
 

 


Edited by Gorguruga, 23 March 2013 - 06:21 AM.


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:44 PM

Posted 23 March 2013 - 10:32 AM

Current issues?

 

Uninstall Error end from add or remove programs.



#10 Gorguruga

Gorguruga
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 23 March 2013 - 11:14 AM

I was about to reply saying the problem still existed. Was monitoring with the USB Mobile Broadband manager and it was still constantly uploading data.

 

I tried clicking on TCPEye to capture a screenshot for you and my computer decided to just restart when I double-clicked it --- oddly, it's restarted randomly a few times over the past few days as we were going through the fixes.

 

When the computer restarted, logged on and was presented with a blank cmd.exe window against an empty desktop, no start bar - the cmd didn't seem like it was doing anything, i decided to wait before closing it. Sure enough, it closed on it's own and I've now checked the Mobile Broadband manager, it seems as if the SVChost issue is no longer present - it's now not constantly uploading data in the same way. A big thank you!   :clapping:

 

However, I'm currently scanning again with Ad-aware - it's found one object - it'll be finished scanning in 20 mins. I'm guessing this object will be  sgavykb.dll again. I had tried researching this on the net before my first post and found literally zero information about it. 



#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:44 PM

Posted 23 March 2013 - 11:19 AM

Post the location of the file.



#12 Gorguruga

Gorguruga
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 23 March 2013 - 11:30 AM

It turned out to be the same file. Here's the location:

 

c:\windows\system32\sgavykb.dll

 

Btw I still can't access microsoft.com without performing net stop dns cache 



#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:44 PM

Posted 23 March 2013 - 11:38 AM

Press Windows+R key and type

 

cmd and click ok and run these commands

 

cd\

Press enter

 

dir /s sgavykb.dll >0.txt & notepad 0.txt

Press enter

 

A notepad should pop up.Post the contents of the log here


Edited by narenxp, 23 March 2013 - 11:38 AM.


#14 Gorguruga

Gorguruga
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 23 March 2013 - 11:50 AM

Results: 
 
Volume in drive C has no label.
Volume Serial Number is 3036-386E
 
---
 
Edit: I did just finish scanning with Ad-Aware again, here's that section of the log 
 
Quarantined items:
Description: c:\windows\system32\sgavykb.dll Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Reboot required Item ID: 1 Family ID: 0 MD5: 607A71F446DE466FCB3BE1E5C189C71
 
Scan and cleaning complete: Finished correctly after 1640 seconds

Edited by Gorguruga, 23 March 2013 - 11:54 AM.


#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:44 PM

Posted 23 March 2013 - 11:55 AM

We need to manually remove it.Please follow my previous instructions.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users