Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vista security-service issues [RESOLVED]

Started by wehey , Aug 20 2008 08:07 AM

  • This topic is locked This topic is locked

#1
wehey
Posted 20 August 2008 - 08:07 AM

wehey

    Member

  • Member
  • PipPip
  • 28 posts
Hello, (Please see after HijackThis log for developments)

I first noticed this problem when the Atheros wireless card stopped detecting any networks on my gfs new Asus laptop. I tried upgrading drivers and reinstalling hardware etc and finally assumed the card was faulty.

While running an S&D scan, the security centre overide was detected. I investigated and found the security centre was turned off, when I tried to start the service it gave an error stating 'the security centre service cannot be started'. I found the security services were set to disabled. I have tried setting to Automatic and Automatic (with delay) but still it will not start. This is having an effect on Windows updates also.

I have scanned with Virgin PCGuard, Spybot, Malwarebytes and nothing is returning any items...am I right in assuming this could be malware?

Thanks in advance...

Here is the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:54:23, on 20/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\RPS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-21-2443313196-3815721589-721375326-1000\..\Run: [] (User '?')
O4 - HKUS\S-1-5-21-2443313196-3815721589-721375326-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-2443313196-3815721589-721375326-1000\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User '?')
O4 - HKUS\S-1-5-21-2443313196-3815721589-721375326-1000\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')
O4 - HKUS\S-1-5-21-2443313196-3815721589-721375326-1000\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" (User '?')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....NPUplden-gb.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 8554 bytes


Hello (again),

To avoid double-posting, I have tagged on my progress...

I have located the following services and found them disabled:
Remote Procedure Call
WLAN Autoconfig
Windows Error Reporting
Windows Defender
Security Centre
Windows Update

After setting them to Automatic and starting them, I have managed to use Security Centre and Win Update and additionally the wireless is working again. My question is, what caused these to be disabled?

Edited by wehey, 20 August 2008 - 10:13 AM.

  • 0

Advertisements

#2
Essexboy
Posted 27 August 2008 - 05:06 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay - If I could have a fresh look at your system

As a Vista user I will require that all the programmes I ask you to run, be run by right clicking the icon and selecting Run as Administrator. Otherwise some programmes may fail to do their job properly


Download OTViewIt to your desktop.
  • Close all windows and double click OTViewIt
  • Place a tick in the Scan all Users box
  • Click Run Scan and let the program run uninterrupted
  • On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.

  • 0

#3
wehey
Posted 27 August 2008 - 11:26 AM

wehey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi, thanks for the reply.

The laptop's been behaving itself since I re-enabled the services (touch-wood).

Here's the logs you wanted:

OTViewIt.txt

OTViewIt logfile created on: 27/08/2008 17:50:38 - Run 1
OTViewIt by OldTimer - Version 1.0.0.14 Folder = C:\Users\Toria\Documents\Geekstogo
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

894.50 Mb Total Physical Memory | 186.46 Mb Available Physical Memory | 20.85% Memory free
2.00 Gb Paging File | 1.10 Gb Available in Paging File | 55.14% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 19.18 Gb Free Space | 34.32% Space Free | Partition Type: NTFS
Drive D: | 48.08 Gb Total Space | 47.99 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TORIA-PC
Current User Name: Toria
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

===== Processes - Non-Microsoft Only =====

[02/02/2007 07:59 AM | 00,565,248 | ---- | M] (ATI Technologies Inc.) - C:\Windows\System32\Ati2evxx.exe
[09/05/2007 03:09 PM | 00,293,104 | ---- | M] (Virgin Media) - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
[02/02/2007 07:59 AM | 00,565,248 | ---- | M] (ATI Technologies Inc.) - C:\Windows\System32\Ati2evxx.exe
[02/06/2007 03:13 AM | 00,094,208 | ---- | M] () - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
[07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[07/24/2007 04:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[12/19/2006 02:45 PM | 00,280,080 | ---- | M] (CA, Inc.) - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
[06/28/2007 12:31 PM | 00,079,136 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[03/02/2007 01:24 PM | 00,407,056 | ---- | M] (Raxco Software, Inc.) - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
[08/03/2007 09:24 PM | 00,125,496 | ---- | M] () - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
[08/14/2008 01:39 PM | 00,809,296 | ---- | M] (Safer Networking Ltd.) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
[03/02/2007 01:24 PM | 00,734,736 | ---- | M] (Raxco Software, Inc.) - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
[04/19/2007 08:32 PM | 00,225,280 | ---- | M] (ATK0100) - C:\Program Files\ATK Hotkey\HControl.exe
[01/18/2007 04:26 AM | 07,708,672 | ---- | M] () - C:\Program Files\ATKOSD2\ATKOSD2.exe
[12/21/2006 08:03 AM | 01,036,288 | ---- | M] () - C:\Program Files\Wireless Console 2\wcourier.exe
[09/01/2007 02:38 AM | 00,180,224 | ---- | M] (ATK) - C:\Program Files\P4G\BatteryLife.exe
[07/10/2007 07:59 PM | 00,851,968 | ---- | M] (ATK) - C:\Program Files\ASUS\Splendid\ACMON.exe
[08/07/2007 07:49 PM | 02,061,552 | ---- | M] (Virgin Broadband) - C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
[09/05/2007 03:10 PM | 00,310,000 | ---- | M] (Virgin Media) - C:\Program Files\Virgin Broadband\PCguard\RPS.exe
[12/19/2006 02:26 AM | 02,420,736 | ---- | M] () - C:\Program Files\ATK Hotkey\ATKOSD.exe
[07/07/2005 12:43 AM | 00,155,648 | ---- | M] (ASUSTeK) - C:\Windows\System32\ACEngSvr.exe
[11/23/2006 06:27 AM | 00,815,104 | ---- | M] (Synaptics, Inc.) - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[07/06/2007 04:06 AM | 04,669,440 | ---- | M] (Realtek Semiconductor) - C:\Windows\RtHDVCpl.exe
[08/18/2008 06:41 PM | 01,832,272 | ---- | M] (Safer Networking Limited) - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[02/07/2008 03:46 PM | 00,099,056 | R--- | M] (Radialpoint Inc.) - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterr.exe
[04/04/2007 06:41 PM | 00,177,672 | R--- | M] (Authentium, Inc.) - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
File not found - \?\C:\Windows\system32\wbem\WMIADAP.EXE
[08/27/2008 05:49 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Users\Toria\Documents\Geekstogo\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(ASLDRService) ASLDR Service [Auto | Running]
[02/06/2007 03:13 AM | 00,094,208 | ---- | M] () - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

(Ati External Event Utility) Ati External Event Utility [Auto | Running]
[02/02/2007 07:59 AM | 00,565,248 | ---- | M] (ATI Technologies Inc.) - C:\Windows\System32\Ati2evxx.exe

(Bonjour Service) Bonjour Service [Auto | Running]
[07/24/2007 04:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe

(CertPropSvc) Certificate Propagation [Unknown | Stopped]
File not found - %SystemRoot%\system32\svchost.exe

(DcomLaunch) DCOM Server Process Launcher [Unknown | Running]
File not found - %SystemRoot%\system32\svchost.exe

(dvpapi) dvpapi [Auto | Running]
[04/04/2007 06:41 PM | 00,177,672 | R--- | M] (Authentium, Inc.) - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe

(idsvc) Windows CardSpace [Unknown | Stopped]
File not found - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

(iPod Service) iPod Service [On_Demand | Stopped]
[07/30/2008 10:47 AM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(ITMRTSVC) CA Pest Patrol Realtime Protection Service [Auto | Running]
[12/19/2006 02:45 PM | 00,280,080 | ---- | M] (CA, Inc.) - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

(LightScribeService) LightScribeService Direct Disc Labeling Service [Auto | Running]
[06/28/2007 12:31 PM | 00,079,136 | ---- | M] (Hewlett-Packard Company) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(MSDTC) Distributed Transaction Coordinator [Unknown | Running]
[11/02/2006 02:04 PM | ---D | M] - C:\Windows\System32\Msdtc

(NBService) NBService [On_Demand | Stopped]
[04/13/2007 10:09 PM | 00,792,112 | ---- | M] (Nero AG) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

(NMIndexingService) NMIndexingService [On_Demand | Stopped]
[06/01/2007 11:21 AM | 00,271,920 | ---- | M] (Nero AG) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

(PDAgent) PDAgent [Auto | Running]
[03/02/2007 01:24 PM | 00,407,056 | ---- | M] (Raxco Software, Inc.) - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

(PDEngine) PDEngine [On_Demand | Running]
[03/02/2007 01:24 PM | 00,734,736 | ---- | M] (Raxco Software, Inc.) - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

(RPSUpdaterR) Virgin Broadband PCguard Update Service [On_Demand | Running]
[02/07/2008 03:46 PM | 00,099,056 | R--- | M] (Radialpoint Inc.) - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterr.exe

(RP_FWS) PCguard Firewall [Auto | Running]
[09/05/2007 03:09 PM | 00,293,104 | ---- | M] (Virgin Media) - C:\Program Files\Virgin Broadband\PCguard\Fws.exe

(SBSDWSCService) SBSD Security Center Service [Auto | Running]
[08/14/2008 01:39 PM | 00,809,296 | ---- | M] (Safer Networking Ltd.) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

(Schedule) Task Scheduler [Unknown | Running]
File not found - %systemroot%\system32\svchost.exe

(SCPolicySvc) Smart Card Removal Policy [Unknown | Stopped]
File not found - %SystemRoot%\system32\svchost.exe

(spmgr) spmgr [Auto | Running]
[08/03/2007 09:24 PM | 00,125,496 | ---- | M] () - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

(TrustedInstaller) Windows Modules Installer [Unknown | Running]
File not found - %SystemRoot%\servicing\TrustedInstaller.exe

(WdiServiceHost) Diagnostic Service Host [Unknown | Stopped]
File not found - %SystemRoot%\System32\svchost.exe

(WdiSystemHost) Diagnostic System Host [Unknown | Running]
File not found - %SystemRoot%\System32\svchost.exe

===== Driver Services - Non-Microsoft Only =====

(adp94xx) adp94xx [Disabled | Stopped]
[11/02/2006 10:51 AM | 00,420,968 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\adp94xx.sys

(adpahci) adpahci [Disabled | Stopped]
[11/02/2006 10:51 AM | 00,297,576 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\adpahci.sys

(adpu160m) adpu160m [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,098,408 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\adpu160m.sys

(adpu320) adpu320 [Disabled | Stopped]
[11/02/2006 10:51 AM | 00,147,048 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\adpu320.sys

(aic78xx) aic78xx [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,071,272 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\djsvs.sys

(aliide) aliide [Disabled | Stopped]
[11/02/2006 10:49 AM | 00,014,952 | ---- | M] (Acer Laboratories Inc.) - C:\Windows\System32\drivers\aliide.sys

(AR5416) Atheros AR5008 Wireless Network Adapter Service [On_Demand | Running]
[08/20/2008 11:31 AM | 01,315,776 | ---- | M] (Atheros Communications, Inc.) - C:\Windows\System32\drivers\athw.sys

(arc) arc [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,067,688 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\arc.sys

(arcsas) arcsas [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,067,688 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\arcsas.sys

(Atc002) NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller [On_Demand | Running]
[08/17/2007 07:00 AM | 00,028,672 | ---- | M] (Atheros Communications, Inc.) - C:\Windows\System32\drivers\l260x86.sys

(athr) Atheros Extensible Wireless LAN device driver [On_Demand | Stopped]
[07/31/2007 07:13 AM | 00,743,424 | ---- | M] (Atheros Communications, Inc.) - C:\Windows\System32\drivers\athr.sys

(blbdrive) blbdrive [Disabled | Stopped]
File not found - C:\Windows\system32\drivers\blbdrive.sys

(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [On_Demand | Stopped]
[11/02/2006 09:24 AM | 00,013,568 | ---- | M] (Brother Industries, Ltd.) - C:\Windows\System32\drivers\BrFiltLo.sys

(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [On_Demand | Stopped]
[11/02/2006 09:24 AM | 00,005,248 | ---- | M] (Brother Industries, Ltd.) - C:\Windows\System32\drivers\BrFiltUp.sys

(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Disabled | Stopped]
[11/02/2006 09:25 AM | 00,071,808 | ---- | M] (Brother Industries Ltd.) - C:\Windows\System32\drivers\BrSerId.sys

(BrSerWdm) Brother WDM Serial driver [Disabled | Stopped]
[11/02/2006 09:24 AM | 00,062,336 | ---- | M] (Brother Industries Ltd.) - C:\Windows\System32\drivers\BrSerWdm.sys

(BrUsbMdm) Brother MFC USB Fax Only Modem [Disabled | Stopped]
[11/02/2006 09:24 AM | 00,012,160 | ---- | M] (Brother Industries Ltd.) - C:\Windows\System32\drivers\BrUsbMdm.sys

(BrUsbSer) Brother MFC USB Serial WDM Driver [On_Demand | Stopped]
[11/02/2006 09:24 AM | 00,011,904 | ---- | M] (Brother Industries Ltd.) - C:\Windows\System32\drivers\BrUsbSer.sys

(CLFS) Common Log (CLFS) [Unknown | Running]
File not found -

(cmdide) cmdide [Disabled | Stopped]
[11/02/2006 10:49 AM | 00,016,488 | ---- | M] (CMD Technology, Inc.) - C:\Windows\System32\drivers\cmdide.sys

(CSS DVP) Dynamic Virus Protection [Auto | Running]
[04/04/2007 06:15 PM | 00,839,880 | ---- | M] (Authentium, Inc.) - C:\Windows\System32\drivers\css-dvp.sys

(DCamUSBGene) USB2.0 1.3M PC Cam [On_Demand | Running]
[06/18/2007 10:10 AM | 00,127,360 | ---- | M] (Genesys Logic, Inc.) - C:\Windows\System32\drivers\USBGENE.sys

(DefragFS) DefragFS [Boot | Running]
[03/02/2007 11:26 AM | 00,067,352 | ---- | M] (Raxco Software, Inc.) - C:\Windows\System32\drivers\DefragFs.sys

(E1G60) Intel® PRO/1000 NDIS 6 Adapter Driver [On_Demand | Stopped]
[11/02/2006 08:30 AM | 00,117,760 | ---- | M] (Intel Corporation) - C:\Windows\System32\drivers\E1G60I32.sys

(elxstor) elxstor [Disabled | Stopped]
[11/02/2006 10:51 AM | 00,316,520 | ---- | M] (Emulex) - C:\Windows\System32\drivers\elxstor.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\Windows\System32\drivers\GEARAspiWDM.sys

(ghaio) ghaio [Auto | Running]
[08/03/2007 05:26 AM | 00,020,936 | ---- | M] () - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys

(HpCISSs) HpCISSs [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,037,480 | ---- | M] (Hewlett-Packard Company) - C:\Windows\System32\drivers\HpCISSs.sys

(iaStorV) Intel RAID Controller Vista [Disabled | Stopped]
[11/02/2006 10:51 AM | 00,232,040 | ---- | M] (Intel Corporation) - C:\Windows\System32\drivers\iaStorV.sys

(iirsp) iirsp [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) - C:\Windows\System32\drivers\iirsp.sys

(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [On_Demand | Running]
[07/18/2007 12:32 PM | 01,841,312 | ---- | M] (Realtek Semiconductor Corp.) - C:\Windows\System32\drivers\RTKVHDA.sys

(IpInIp) IP in IP Tunnel Driver [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\ipinip.sys

(iteatapi) ITEATAPI_Service_Install [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) - C:\Windows\System32\drivers\iteatapi.sys

(iteraid) ITERAID_Service_Install [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) - C:\Windows\System32\drivers\iteraid.sys

(LSI_FC) LSI_FC [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,065,640 | ---- | M] (LSI Logic) - C:\Windows\System32\drivers\lsi_fc.sys

(LSI_SAS) LSI_SAS [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,065,640 | ---- | M] (LSI Logic) - C:\Windows\System32\drivers\lsi_sas.sys

(LSI_SCSI) LSI_SCSI [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,065,640 | ---- | M] (LSI Logic) - C:\Windows\System32\drivers\lsi_scsi.sys

(megasas) megasas [Disabled | Stopped]
[11/02/2006 10:49 AM | 00,028,776 | ---- | M] (LSI Logic Corporation) - C:\Windows\System32\drivers\megasas.sys

(Mraid35x) Mraid35x [Disabled | Stopped]
[11/02/2006 10:49 AM | 00,033,384 | ---- | M] (LSI Logic Corporation) - C:\Windows\System32\drivers\Mraid35x.sys

(MTsensor) ATK0100 ACPI UTILITY [On_Demand | Running]
[12/14/2006 04:11 PM | 00,007,680 | ---- | M] (ATK0100) - C:\Windows\System32\drivers\ATKACPI.sys

(NETw3v32) Intel® PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit [On_Demand | Stopped]
[11/02/2006 08:30 AM | 01,781,760 | ---- | M] (Intel® Corporation) - C:\Windows\System32\drivers\NETw3v32.sys

(nfrd960) nfrd960 [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,045,160 | ---- | M] (IBM Corporation) - C:\Windows\System32\drivers\nfrd960.sys

(ntrigdigi) N-trig HID Tablet Driver [Disabled | Stopped]
[11/02/2006 08:36 AM | 00,020,608 | ---- | M] (N-trig Innovative Technologies) - C:\Windows\System32\drivers\ntrigdigi.sys

(nvlddmkm) nvlddmkm [On_Demand | Stopped]
[10/14/2006 04:04 AM | 04,422,560 | ---- | M] (NVIDIA Corporation) - C:\Windows\System32\drivers\nvlddmkm.sys

(nvraid) nvraid [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,088,680 | ---- | M] (NVIDIA Corporation) - C:\Windows\System32\drivers\nvraid.sys

(nvstor) nvstor [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,040,040 | ---- | M] (NVIDIA Corporation) - C:\Windows\System32\drivers\nvstor.sys

(NwlnkFlt) IPX Traffic Filter Driver [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\nwlnkflt.sys

(NwlnkFwd) IPX Traffic Forwarder Driver [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\nwlnkfwd.sys

(ql2300) QLogic Fibre Channel Miniport Driver [Disabled | Stopped]
[11/02/2006 10:51 AM | 00,900,712 | ---- | M] (QLogic Corporation) - C:\Windows\System32\drivers\ql2300.sys

(ql40xx) QLogic iSCSI Miniport Driver [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,106,088 | ---- | M] (QLogic Corporation) - C:\Windows\System32\drivers\ql40xx.sys

(R300) R300 [On_Demand | Running]
[02/02/2007 08:09 AM | 02,385,920 | ---- | M] (ATI Technologies Inc.) - C:\Windows\System32\drivers\atikmdag.sys

(RPPKT) Radialpoint Filter (x86) [On_Demand | Running]
[04/19/2007 12:36 PM | 00,048,384 | ---- | M] (Radialpoint, Inc.) - C:\Windows\System32\drivers\rp_pkt32.sys

(RPSKT) Security Services Driver (x86) [Auto | Running]
[03/20/2008 07:17 PM | 00,053,192 | ---- | M] (Radialpoint Inc.) - C:\Windows\System32\drivers\rp_skt32.sys

(RTL8169) Realtek 8169 NT Driver [On_Demand | Stopped]
[11/02/2006 08:30 AM | 00,044,544 | ---- | M] (Realtek Corporation) - C:\Windows\System32\drivers\Rtlh86.sys

(RTSTOR) USB Mass Storage Device [On_Demand | Running]
[01/11/2007 03:18 AM | 00,035,328 | ---- | M] (Realtek Semiconductor Corp.) - C:\Windows\System32\drivers\RTSTOR.sys

(secdrv) Security Driver [Auto | Running]
[11/02/2006 07:37 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\Windows\System32\drivers\secdrv.sys

(SiSRaid2) SiSRaid2 [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) - C:\Windows\System32\drivers\sisraid2.sys

(SiSRaid4) SiSRaid4 [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,071,784 | ---- | M] (Silicon Integrated Systems) - C:\Windows\System32\drivers\sisraid4.sys

(smserial) smserial [On_Demand | Running]
[11/22/2006 10:34 AM | 00,982,272 | ---- | M] (Motorola Inc.) - C:\Windows\System32\drivers\smserial.sys

(StarOpen) StarOpen [System | Running]
[02/20/2007 03:07 PM | 00,005,632 | R--- | M] () - C:\Windows\System32\drivers\StarOpen.sys

(Symc8xx) Symc8xx [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,035,944 | ---- | M] (LSI Logic) - C:\Windows\System32\drivers\symc8xx.sys

(Sym_hi) Sym_hi [Disabled | Stopped]
[11/02/2006 10:49 AM | 00,031,848 | ---- | M] (LSI Logic) - C:\Windows\System32\drivers\sym_hi.sys

(Sym_u3) Sym_u3 [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,034,920 | ---- | M] (LSI Logic) - C:\Windows\System32\drivers\sym_u3.sys

(SynTP) Synaptics TouchPad Driver [On_Demand | Running]
[11/23/2006 06:48 AM | 00,181,304 | ---- | M] (Synaptics, Inc.) - C:\Windows\System32\drivers\SynTP.sys

(uliahci) uliahci [Disabled | Stopped]
[11/02/2006 10:51 AM | 00,235,112 | ---- | M] (ULi Electronics Inc.) - C:\Windows\System32\drivers\uliahci.sys

(UlSata) UlSata [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,098,408 | ---- | M] (Promise Technology, Inc.) - C:\Windows\System32\drivers\ulsata.sys

(ulsata2) ulsata2 [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,115,816 | ---- | M] (Promise Technology, Inc.) - C:\Windows\System32\drivers\ulsata2.sys

(USBAAPL) Apple Mobile USB Driver [On_Demand | Stopped]
[02/18/2008 12:16 PM | 00,030,464 | ---- | M] (Apple, Inc.) - C:\Windows\System32\drivers\usbaapl.sys

(viaide) viaide [Disabled | Stopped]
[11/02/2006 10:49 AM | 00,017,512 | ---- | M] (VIA Technologies, Inc.) - C:\Windows\System32\drivers\viaide.sys

(vsmraid) vsmraid [Disabled | Stopped]
[11/02/2006 10:50 AM | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) - C:\Windows\System32\drivers\vsmraid.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadbandadvisor.exe" = "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN [08/07/2007 07:49 PM | 02,061,552 | ---- | M] (Virgin Broadband)
"-FreedomNeedsReboot" = "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [09/05/2007 03:10 PM | 00,013,552 | ---- | M] (Virgin Media)
"PCguard" = "C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [09/05/2007 03:10 PM | 00,310,000 | ---- | M] (Virgin Media)
"RtHDVCpl" = RtHDVCpl.exe [07/06/2007 04:06 AM | 04,669,440 | ---- | M] (Realtek Semiconductor)
"Skytel" = Skytel.exe [06/15/2007 09:45 AM | 01,826,816 | ---- | M] (Realtek Semiconductor Corp.)
"SynTPEnh" = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [11/23/2006 06:27 AM | 00,815,104 | ---- | M] (Synaptics, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner" = "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [09/05/2007 03:09 PM | 00,061,168 | ---- | M] (Virgin Media)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"" = File not found
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [08/18/2008 06:41 PM | 01,832,272 | ---- | M] (Safer Networking Limited)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner" = "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [09/05/2007 03:09 PM | 00,061,168 | ---- | M] (Virgin Media)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Key does not exist or could not be opened.
"run" = Reg Error: Key does not exist or could not be opened.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Key does not exist or could not be opened.
"run" = Reg Error: Key does not exist or could not be opened.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-2443313196-3815721589-721375326-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"" = File not found
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [08/18/2008 06:41 PM | 01,832,272 | ---- | M] (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-2443313196-3815721589-721375326-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner" = "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [09/05/2007 03:09 PM | 00,061,168 | ---- | M] (Virgin Media)

[HKEY_USERS\S-1-5-21-2443313196-3815721589-721375326-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [10/23/2006 12:08 AM | 00,062,080 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
HKLM CLSID: (PopKill Class) - [09/05/2007 03:09 PM | 00,055,024 | ---- | M] (Radialpoint Inc.) C:\Program Files\Virgin Broadband\PCguard\pkR.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [08/14/2008 01:39 PM | 01,562,448 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
HKLM CLSID: (SearchSettings Class) - [02/06/2008 06:47 PM | 01,160,544 | ---- | M] (Vendio Services, Inc.) C:\Program Files\Search Settings\kb126\SearchSettings.dll

===== Toolbars =====

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin" = 2
"ConsentPromptBehaviorUser" = 1
"EnableInstallerDetection" = 1
"EnableLUA" = 0
"EnableSecureUIAPaths" = 1
"EnableVirtualization" = 1
"PromptOnSecureDesktop" = 1
"ValidateAdminCodeSignatures" = 0
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"scforceoption" = 0
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"FilterAdministratorToken" = 0
"EnableUIADesktopToggle" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT" = 1
"CF_BITMAP" = 2
"CF_OEMTEXT" = 7
"CF_DIB" = 8
"CF_PALETTE" = 9
"CF_UNICODETEXT" = 13
"CF_DIBV5" = 17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-2443313196-3815721589-721375326-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-2443313196-3815721589-721375326-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


===== Desktop Components =====

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
Unable to open key or key not present!


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
Unable to open key or key not present!


===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"explorer.exe" - [01/19/2008 08:33 AM | 02,927,104 | ---- | M] (Microsoft Corporation) C:\Windows\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\Windows\system32\userinit.exe" - [01/19/2008 08:33 AM | 00,025,088 | ---- | M] (Microsoft Corporation) C:\Windows\System32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/24/2008 05:58 AM | 11,580,416 | ---- | M] (Microsoft Corporation) C:\Windows\System32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [01/19/2008 08:32 AM | 00,242,688 | ---- | M] (Microsoft Corporation) C:\Windows\System32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WebClient]
"WebClient" = 2
"YEAR" = 2008
"MONTH" = 8
"DAY" = 19
"HOUR" = 9
"MINUTE" = 43
"SECOND" = 19

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Wecsvc]
"Wecsvc" = 3
"YEAR" = 2008
"MONTH" = 8
"DAY" = 19
"HOUR" = 9
"MINUTE" = 43
"SECOND" = 18

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\wercplsupport]
"wercplsupport" = 3
"YEAR" = 2008
"MONTH" = 8
"DAY" = 19
"HOUR" = 9
"MINUTE" = 43
"SECOND" = 18

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WerSvc]
"WerSvc" = 2
"YEAR" = 2008
"MONTH" = 8
"DAY" = 19
"HOUR" = 9
"MINUTE" = 43
"SECOND" = 17

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WinDefend]
"WinDefend" = 2
"YEAR" = 2008
"MONTH" = 8
"DAY" = 19
"HOUR" = 9
"MINUTE" = 43
"SECOND" = 16

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WinHttpAutoProxySvc]
"WinHttpAutoProxySvc" = 3
"YEAR" = 2008
"MONTH" = 8
"DAY" = 19
"HOUR" = 9
"MINUTE" = 43
"SECOND" = 15

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Winmgmt]
"Winmgmt" = 2
"YEAR" = 2008
"MONTH" = 8
"DAY" = 19
"HOUR" = 9
"MINUTE" = 43
"SECOND" = 15

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WinRM]
"WinRM" = 3
"YEAR" = 2008
"MONTH" = 8
"DAY" = 19
"HOUR" = 9
"MINUTE" = 43
"SECOND" = 14

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Wlansvc]
"Wlansvc" = 2
"YEAR" = 2008
"MONTH" = 8
"DAY" = 19
"HOUR" = 9
"MINUTE" = 43
"SECOND" = 12

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WLSetupSvc]
"WLSetupSvc" = 3
"YEAR" = 2008
"MONTH" = 8
"DAY" = 19
"HOUR" = 9
"MINUTE" = 43
"SECOND" = 11

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\wmiApSrv]
"wmiApSrv" = 3
"YEAR" = 2008
"MONTH" = 8
"DAY" = 19
"HOUR" = 9
"MINUTE" = 43
"SECOND" = 7

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WMPNetworkSvc]
"WMPNetworkSvc" = 2
"YEAR" = 2008
"MONTH" = 8
"DAY" = 19
"HOUR" = 9
"MINUTE" = 43
"SECOND" = 7

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WPCSvc]
"WPCSvc" = 3
"YEAR" = 2008
"MONTH" = 8
"DAY" = 19
"HOUR" = 9
"MINUTE" = 43
"SECOND" = 6

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WPDBusEnum]
"WPDBusEnum" = 2
"YEAR" = 2008
"MONTH" = 8
"DAY" = 19
"HOUR" = 9
"MINUTE" = 43
"SECOND" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\wscsvc]
"wscsvc" = 2
"YEAR" = 2008
"MONTH" = 8
"DAY" = 19
"HOUR" = 9
"MINUTE" = 43
"SECOND" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\WSearch]
"WSearch" = 2
"YEAR" = 2008
"MONTH" = 8
"DAY" = 19
"HOUR" = 9
"MINUTE" = 43
"SECOND" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\wuauserv]
"wuauserv" = 2
"YEAR" = 2008
"MONTH" = 8
"DAY" = 19
"HOUR" = 9
"MINUTE" = 43
"SECOND" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\wudfsvc]
"wudfsvc" = 2
"YEAR" = 2008
"MONTH" = 8
"DAY" = 19
"HOUR" = 9
"MINUTE" = 43
"SECOND" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AppleSyncNotifier]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = AppleSyncNotifier
"hkey" = HKLM
"command" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.)
"inimapping" = 0
"YEAR" = 2008
"MONTH" = 8
"DAY" = 20
"HOUR" = 17
"MINUTE" = 25
"SECOND" = 58

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Camera ScreenSaver]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = ASUS Camera ScreenSaver
"hkey" = HKLM
"command" = C:\Windows\ASScrProlog.exe [12/11/2007 09:24 PM | 00,037,232 | ---- | M] ()
"inimapping" = 0
"YEAR" = 2008
"MONTH" = 8
"DAY" = 20
"HOUR" = 17
"MINUTE" = 25
"SECOND" = 57

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Screen Saver Protector]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = ASUS Screen Saver Protector
"hkey" = HKLM
"command" = C:\Windows\ASScrPro.exe [12/11/2007 09:24 PM | 00,033,136 | ---- | M] ()
"inimapping" = 0
"YEAR" = 2008
"MONTH" = 8
"DAY" = 20
"HOUR" = 17
"MINUTE" = 25
"SECOND" = 57

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUSTPE]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\Windows\System32\ASUSTPE.exe [12/13/2006 12:06 AM | 00,106,496 | ---- | M] (ASUS)
"hkey" = HKLM
"command" = C:\Windows\System32\ASUSTPE.exe [12/13/2006 12:06 AM | 00,106,496 | ---- | M] (ASUS)
"inimapping" = 0
"YEAR" = 2008
"MONTH" = 8
"DAY" = 20
"HOUR" = 17
"MINUTE" = 25
"SECOND" = 57

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ATKMEDIA]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = ATKMEDIA
"hkey" = HKLM
"command" = C:\Program Files\ASUS\ATK Media\DMedia.exe [11/02/2006 05:27 PM | 00,061,440 | ---- | M] (ASUSTeK Computer INC.)
"inimapping" = 0
"YEAR" = 2008
"MONTH" = 8
"DAY" = 20
"HOUR" = 17
"MINUTE" = 25
"SECOND" = 57

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = iTunesHelper
"hkey" = HKLM
"command" = C:\Program Files\iTunes\iTunesHelper.exe [07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.)
"inimapping" = 0
"YEAR" = 2008
"MONTH" = 8
"DAY" = 20
"HOUR" = 17
"MINUTE" = 25
"SECOND" = 57

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = LightScribe Control Panel
"hkey" = HKCU
"command" = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [06/20/2007 01:49 PM | 00,451,872 | ---- | M] (Hewlett-Packard Company)
"inimapping" = 0
"YEAR" = 2008
"MONTH" = 8
"DAY" = 20
"HOUR" = 17
"MINUTE" = 25
"SECOND" = 57

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = NeroFilterCheck
"hkey" = HKLM
"command" = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [03/01/2007 04:57 PM | 00,153,136 | ---- | M] (Nero AG)
"inimapping" = 0
"YEAR" = 2008
"MONTH" = 8
"DAY" = 20
"HOUR" = 17
"MINUTE" = 25
"SECOND" = 57

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PowerForPhone]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = PowerForPhone
"hkey" = HKLM
"command" = C:\Program Files\PowerForPhone\PowerForPhone.exe [06/26/2007 07:10 PM | 00,778,240 | ---- | M] ()
"inimapping" = 0
"YEAR" = 2008
"MONTH" = 8
"DAY" = 20
"HOUR" = 17
"MINUTE" = 25
"SECOND" = 57

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = QuickTime Task
"hkey" = HKLM
"command" = C:\Program Files\QuickTime\QTTask.exe [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"inimapping" = 0
"YEAR" = 2008
"MONTH" = 8
"DAY" = 20
"HOUR" = 17
"MINUTE" = 25
"SECOND" = 57

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\Windows\RtHDVCpl.exe [07/06/2007 04:06 AM | 04,669,440 | ---- | M] (Realtek Semiconductor)
"hkey" = HKLM
"command" = C:\Windows\RtHDVCpl.exe [07/06/2007 04:06 AM | 04,669,440 | ---- | M] (Realtek Semiconductor)
"inimapping" = 0
"YEAR" = 2008
"MONTH" = 8
"DAY" = 20
"HOUR" = 17
"MINUTE" = 25
"SECOND" = 57

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skytel]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = C:\Windows\SkyTel.exe [06/15/2007 09:45 AM | 01,826,816 | ---- | M] (Realtek Semiconductor Corp.)
"hkey" = HKLM
"command" = C:\Windows\SkyTel.exe [06/15/2007 09:45 AM | 01,826,816 | ---- | M] (Realtek Semiconductor Corp.)
"inimapping" = 0
"YEAR" = 2008
"MONTH" = 8
"DAY" = 20
"HOUR" = 17
"MINUTE" = 25
"SECOND" = 57

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMSERIAL]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = SMSERIAL
"hkey" = HKLM
"command" = C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [09/03/2007 06:33 AM | 00,630,784 | ---- | M] (Motorola Inc.)
"inimapping" = 0
"YEAR" = 2008
"MONTH" = 8
"DAY" = 20
"HOUR" = 17
"MINUTE" = 25
"SECOND" = 57

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = StartCCC
"hkey" = HKCU
"command" = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [11/10/2006 09:35 PM | 00,090,112 | ---- | M] ()
"inimapping" = 0
"YEAR" = 2008
"MONTH" = 8
"DAY" = 20
"HOUR" = 17
"MINUTE" = 25
"SECOND" = 57

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"startup" = 2

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{2C5C0268-648C-4395-BC72-A18A5D972A73}]
Servers: | Description: Atheros L2 Fast Ethernet 10/100Base-T Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{3EC2771B-5A49-47E6-B8FD-DF695F466320}]
Servers: | Description: Atheros AR5006EG Wireless Network Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{B72102C6-A49A-42EC-B5F5-9FF540850039}]
Servers: | Description:

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

autoexec.bat [REM Dummy file for NTVDM | ]
[09/18/2006 10:43 PM | 00,000,024 | ---- | M] () C:\autoexec.bat [ NTFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d8400d0-5a22-11dd-82c5-001e8c62bc25}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d8400d0-5a22-11dd-82c5-001e8c62bc25}\Shell\Autoplay]
"MUIVerb" = C:\Windows\System32\shell32.dll [04/24/2008 05:58 AM | 11,580,416 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d8400d0-5a22-11dd-82c5-001e8c62bc25}\Shell\Autoplay\DropTarget]
"CLSID" = {F26A669A-BCBB-4E37-ABF9-7325DA15F931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d8400d6-5a22-11dd-82c5-001e8c62bc25}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d8400d6-5a22-11dd-82c5-001e8c62bc25}\Shell\Autoplay]
"MUIVerb" = C:\Windows\System32\shell32.dll [04/24/2008 05:58 AM | 11,580,416 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d8400d6-5a22-11dd-82c5-001e8c62bc25}\Shell\Autoplay\DropTarget]
"CLSID" = {F26A669A-BCBB-4E37-ABF9-7325DA15F931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d8400dc-5a22-11dd-82c5-001e8c62bc25}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d8400dc-5a22-11dd-82c5-001e8c62bc25}\Shell\Autoplay]
"MUIVerb" = C:\Windows\System32\shell32.dll [04/24/2008 05:58 AM | 11,580,416 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d8400dc-5a22-11dd-82c5-001e8c62bc25}\Shell\Autoplay\DropTarget]
"CLSID" = {F26A669A-BCBB-4E37-ABF9-7325DA15F931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{136dad31-03c7-11dd-99c2-001e8c62bc25}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{136dad31-03c7-11dd-99c2-001e8c62bc25}\Shell\Autoplay]
"MUIVerb" = C:\Windows\System32\shell32.dll [04/24/2008 05:58 AM | 11,580,416 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{136dad31-03c7-11dd-99c2-001e8c62bc25}\Shell\Autoplay\DropTarget]
"CLSID" = {F26A669A-BCBB-4E37-ABF9-7325DA15F931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{414af63c-f69d-11dc-9ecb-001e8c62bc25}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{414af63c-f69d-11dc-9ecb-001e8c62bc25}\Shell\Autoplay]
"MUIVerb" = C:\Windows\System32\shell32.dll [04/24/2008 05:58 AM | 11,580,416 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{414af63c-f69d-11dc-9ecb-001e8c62bc25}\Shell\Autoplay\DropTarget]
"CLSID" = {F26A669A-BCBB-4E37-ABF9-7325DA15F931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88078de3-fbdd-11dc-95e6-001e8c62bc25}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88078de3-fbdd-11dc-95e6-001e8c62bc25}\Shell\Autoplay]
"MUIVerb" = C:\Windows\System32\shell32.dll [04/24/2008 05:58 AM | 11,580,416 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88078de3-fbdd-11dc-95e6-001e8c62bc25}\Shell\Autoplay\DropTarget]
"CLSID" = {F26A669A-BCBB-4E37-ABF9-7325DA15F931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4f77868-4684-11dd-bd91-001e8c62bc25}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4f77868-4684-11dd-bd91-001e8c62bc25}\Shell\Autoplay]
"MUIVerb" = C:\Windows\System32\shell32.dll [04/24/2008 05:58 AM | 11,580,416 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4f77868-4684-11dd-bd91-001e8c62bc25}\Shell\Autoplay\DropTarget]
"CLSID" = {F26A669A-BCBB-4E37-ABF9-7325DA15F931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4f778b6-4684-11dd-bd91-001e8c62bc25}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4f778b6-4684-11dd-bd91-001e8c62bc25}\Shell\Autoplay]
"MUIVerb" = C:\Windows\System32\shell32.dll [04/24/2008 05:58 AM | 11,580,416 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4f778b6-4684-11dd-bd91-001e8c62bc25}\Shell\Autoplay\DropTarget]
"CLSID" = {F26A669A-BCBB-4E37-ABF9-7325DA15F931}

===== Hosts File =====

HOSTS File = (261443 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net



[Files/Folders - Created Within 30 days]
[08/24/2008 03:43 PM | ---D | C] - C:\PerfLogs
[08/20/2008 01:49 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\Windows\System32\drivers\mbam.sys
[08/20/2008 01:49 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\Windows\System32\drivers\mbamswissarmy.sys
[08/20/2008 11:31 AM | 01,315,776 | ---- | C] (Atheros Communications, Inc.) - C:\Windows\System32\drivers\athw.sys
[08/20/2008 01:49 PM | ---D | C] - C:\ProgramData\Malwarebytes
[08/20/2008 01:49 PM | ---D | C] - C:\Users\Toria\AppData\Roaming\Download Manager
[08/20/2008 01:50 PM | ---D | C] - C:\Users\Toria\AppData\Roaming\Malwarebytes
[08/20/2008 02:52 PM | ---D | C] - C:\Users\Toria\AppData\Local\Apple Computer
[08/22/2008 01:07 PM | ---D | C] - C:\Users\Toria\AppData\Local\Adobe
[08/22/2008 11:12 AM | ---D | C] - C:\Users\Toria\AppData\Local\Apple
[07/30/2008 06:08 PM | ---D | C] - C:\Users\Toria\Documents\Games
[07/30/2008 06:09 PM | ---D | C] - C:\Users\Toria\Documents\Wedding
[08/08/2008 07:36 PM | 00,482,240 | ---- | C] () - C:\Users\Toria\Documents\Start_up_guide_part_2.pdf
[08/08/2008 07:36 PM | 00,589,849 | ---- | C] () - C:\Users\Toria\Documents\Start_up_guide_part_1.pdf
[08/08/2008 07:37 PM | 00,496,605 | ---- | C] () - C:\Users\Toria\Documents\Start_up_guide_Business_plan.pdf
[08/08/2008 07:37 PM | 00,497,228 | ---- | C] () - C:\Users\Toria\Documents\Start_up_guide_Cash_flow_forecast.pdf
[08/08/2008 07:37 PM | 00,552,941 | ---- | C] () - C:\Users\Toria\Documents\Start_up_guide_Profit_and_Loss_forecast.pdf
[08/20/2008 01:48 PM | ---D | C] - C:\Users\Toria\Documents\Geekstogo
[08/22/2008 01:07 PM | 00,402,247 | ---- | C] () - C:\Users\Toria\Documents\PTLS_140306.pdf
[08/01/2008 03:55 PM | ---D | C] - C:\Program Files\Microsoft Silverlight
[08/15/2008 01:26 PM | ---D | C] - C:\Program Files\Apple Software Update
[08/15/2008 01:40 PM | ---D | C] - C:\Program Files\QuickTime
[08/15/2008 01:42 PM | ---D | C] - C:\Program Files\iPod
[08/15/2008 01:42 PM | ---D | C] - C:\Program Files\iTunes
[08/20/2008 01:49 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/20/2008 02:17 PM | ---D | C] - C:\Program Files\Trend Micro

[Files/Folders - Modified Within 30 days]
[08/20/2008 01:49 PM | -H-D | M] - C:\ProgramData
[08/20/2008 02:17 PM | R--D | M] - C:\Program Files
[08/24/2008 03:43 PM | ---D | M] - C:\PerfLogs
[08/24/2008 04:00 PM | -HSD | M] - C:\Boot
[08/24/2008 04:15 PM | ---D | M] - C:\Windows
[08/26/2008 03:04 AM | -HSD | M] - C:\System Volume Information
[08/27/2008 05:45 PM | 93,872,9472 | -HS- | M] () - C:\hiberfil.sys
[08/20/2008 11:11 AM | 00,259,995 | R--- | M] () - C:\Windows\System32\drivers\etc\hosts.20080824-162719.backup
[08/24/2008 04:27 PM | 00,261,443 | R--- | M] () - C:\Windows\System32\drivers\etc\hosts.20080825-151814.backup
[08/25/2008 03:18 PM | 00,261,443 | R--- | M] () - C:\Windows\System32\drivers\etc\hosts
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\Windows\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\Windows\System32\drivers\mbamswissarmy.sys
[08/20/2008 11:31 AM | 01,315,776 | ---- | M] (Atheros Communications, Inc.) - C:\Windows\System32\drivers\athw.sys
[08/24/2008 03:38 PM | ---D | M] - C:\Windows\System32\drivers\UMDF
[08/24/2008 03:47 PM | ---D | M] - C:\Windows\System32\drivers\en-US
[08/25/2008 03:18 PM | ---D | M] - C:\Windows\System32\drivers\etc
[08/15/2008 01:26 PM | ---D | M] - C:\Windows\System32\Tasks
[08/21/2008 07:40 PM | ---D | M] - C:\Windows\System32\WDI
[08/24/2008 03:14 PM | 00,082,432 | ---- | M] (Gemalto, Inc.) - C:\Windows\System32\axaltocm.dll
[08/24/2008 03:14 PM | 00,101,888 | ---- | M] (Infineon Technologies AG) - C:\Windows\System32\ifxcardm.dll
[08/24/2008 03:34 PM | ---D | M] - C:\Windows\System32\RTCOM
[08/24/2008 03:43 PM | ---D | M] - C:\Windows\System32\Boot
[08/24/2008 03:46 PM | ---D | M] - C:\Windows\System32\migwiz
[08/24/2008 03:46 PM | ---D | M] - C:\Windows\System32\pt-BR
[08/24/2008 03:47 PM | ---D | M] - C:\Windows\System32\AdvancedInstallers
[08/24/2008 03:47 PM | ---D | M] - C:\Windows\System32\ar-SA
[08/24/2008 03:47 PM | ---D | M] - C:\Windows\System32\com
[08/24/2008 03:47 PM | ---D | M] - C:\Windows\System32\cs-CZ
[08/24/2008 03:47 PM | ---D | M] - C:\Windows\System32\da-DK
[08/24/2008 03:47 PM | ---D | M] - C:\Windows\System32\de-DE
[08/24/2008 03:47 PM | ---D | M] - C:\Windows\System32\el-GR
  • 0

#4
Essexboy
Posted 27 August 2008 - 11:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I can see no evidence of malware there, as to why those services were stopped I have no idea and can see no reason for it. Are you experiencing any further problems
  • 0

#5
wehey
Posted 27 August 2008 - 11:52 AM

wehey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi,

No, no further problems as yet. It just seemed suspicious that all the security services had been stopped...

I don't know if it is relevant but in IE it always says protected mode is off despite it being selected in the security settings, again a bit suspicious.

Thanks for your help anyway, as long as the system looks clean, I'm happy with that.
  • 0

#6
Essexboy
Posted 27 August 2008 - 12:01 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm thats not right - have you turned off the UAC ?
  • 0

#7
wehey
Posted 27 August 2008 - 12:49 PM

wehey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Yeah, I remember turning it off because she moaned it was so annoying.

Is that likely to cause any major security issues?

Thanks.
  • 0

#8
Essexboy
Posted 27 August 2008 - 01:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes as once you turn off UAC you turn off protected mode in IE and leave yourself open to attack. I would recommend that you turn it back on as two seconds annoyance now is better than two or three days cleaning your system up and possibly losing data
  • 0

#9
wehey
Posted 28 August 2008 - 01:56 AM

wehey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi,

I can see that, fair point. I've re-enabled UAC and rebooted the system. I'll see how it goes from here and post again if necessary...I'm hoping not.

Thanks again for all your help.
  • 0

#10
Essexboy
Posted 28 August 2008 - 04:40 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
And I hope not to see you again :)

Now the best part of the day ----- Your log now appears clean :)

A good workman allways cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done

VISTA
To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
You are now done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#11
Essexboy
Posted 29 August 2008 - 02:16 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP