MalwareBytes Logs
Malwarebytes' Anti-Malware 1.33
Database version: 1704
Windows 6.0.6001 Service Pack 1
1/28/2009 11:49:57 PM
mbam-log-2009-01-28 (23-49-57).txt
Scan type: Quick Scan
Objects scanned: 48238
Time elapsed: 2 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 8
Registry Data Items Infected: 8
Folders Infected: 1
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\e405.e405mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{99ba268b-4021-4739-9945-3c774217fe75} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b5cfd66-1f55-4fc2-b5af-36b66e7cfe6a} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (
http://internetsearchservice.com/search?q=%s) Good: (
http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (
http://internetsearchservice.com) Good: (
http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (
http://internetsearchservice.com) Good: (
http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (
http://internetsearchservice.com) Good: (
http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (
http://internetsearchservice.com) Good: (
http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (
http://internetsearchservice.com/ie6.html) Good: (
http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (
http://internetsearchservice.com/search?q={searchTerms}) Good: (
http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (
http://internetsearchservice.com) Good: (
http://www.google.com/) -> Quarantined and deleted successfully.
Folders Infected:
C:\Windows\System32\247880 (Trojan.BHO) -> Quarantined and deleted successfully.
Files Infected:
C:\Users\Jamie\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Jamie\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Jamie\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Jamie\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.33
Database version: 1704
Windows 6.0.6001 Service Pack 1
1/29/2009 8:16:12 AM
mbam-log-2009-01-29 (08-16-12).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 176136
Time elapsed: 2 hour(s), 50 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.33
Database version: 1704
Windows 6.0.6001 Service Pack 1
1/29/2009 10:36:30 PM
mbam-log-2009-01-29 (22-36-30).txt
Scan type: Quick Scan
Objects scanned: 48219
Time elapsed: 3 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.33
Database version: 1704
Windows 6.0.6001 Service Pack 1
1/30/2009 6:51:49 PM
mbam-log-2009-01-30 (18-51-49).txt
Scan type: Quick Scan
Objects scanned: 48135
Time elapsed: 3 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS Logs
DDS (Ver_09-01-07.01) - NTFSx86
Run by Jamie at 8:35:19.41 on Sun 02/01/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2047.922 [GMT -5:00]
AV: Symantec AntiVirus *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI\Catalyst Media Center\CMCService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jamie\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
uRun: [Aim6]
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [CMCService] "c:\program files\ati\catalyst media center\CMCService.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\npjpi160_01.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\progra~1\netdog\netd.dll
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\jamie\appdata\roaming\mozilla\firefox\profiles\c44zs0fg.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/firefox?client=fi ... S:officialFF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
============= SERVICES / DRIVERS ===============
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-4 99376]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-7 24652]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [2007-10-7 173824]
S3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [2007-10-7 29184]
S3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [2007-10-7 9088]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]
=============== Created Last 30 ================
2009-01-31 15:39 <DIR> --d----- C:\Hijackthis
2009-01-28 23:45 <DIR> --d----- c:\users\jamie\appdata\roaming\Malwarebytes
2009-01-28 23:45 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-28 23:45 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-28 23:45 <DIR> --d----- c:\programdata\Malwarebytes
2009-01-28 23:45 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-28 23:45 <DIR> --d----- c:\progra~2\Malwarebytes
2009-01-24 10:04 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-01-24 10:04 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-24 10:03 <DIR> --d----- c:\program files\iPod
2009-01-24 10:03 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-24 10:03 <DIR> --d----- c:\program files\iTunes
2009-01-24 10:03 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-24 10:03 <DIR> --d----- c:\program files\Bonjour
2009-01-24 10:02 <DIR> --d----- c:\programdata\Apple Computer
2009-01-24 09:59 <DIR> --d----- c:\programdata\Apple
2009-01-24 01:27 168,448 a------- c:\windows\system32\unrar.dll
2009-01-24 01:27 839,680 a------- c:\windows\system32\lameACM.acm
2009-01-24 01:27 118,784 a------- c:\windows\system32\ac3acm.acm
2009-01-24 01:27 414 a------- c:\windows\system32\lame_acm.xml
2009-01-24 01:27 795,648 a------- c:\windows\system32\xvidcore.dll
2009-01-24 01:27 217,088 a------- c:\windows\system32\yv12vfw.dll
2009-01-24 01:27 130,048 a------- c:\windows\system32\xvidvfw.dll
2009-01-24 01:26 684,032 a------- c:\windows\system32\divx.dll
2009-01-24 01:26 57,344 a------- c:\windows\system32\ff_vfw.dll
2009-01-24 01:26 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-01-24 01:26 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-01-13 19:33 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-01-05 16:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-01-05 16:18 57,344 a------- c:\windows\system32\QuickTime.qts
==================== Find3M ====================
2009-01-24 10:00 86,016 a------- c:\windows\inf\infstor.dat
2009-01-24 10:00 51,200 a------- c:\windows\inf\infpub.dat
2009-01-24 10:00 86,016 a------- c:\windows\inf\infstrng.dat
2008-12-10 19:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-11-06 11:37 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-11-02 08:35 3,902,784 a------- c:\users\jamie\gosetup.exe
2008-10-12 03:29 174 a--sh--- c:\program files\desktop.ini
2008-10-12 03:09 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-08-27 05:32 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-08-27 05:32 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-08-27 05:32 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-03-20 19:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008032020080321\index.dat
2008-03-23 06:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008032320080324\index.dat
2008-03-23 06:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\internet explorer\userdata\index.dat
============= FINISH: 8:35:51.62 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-01-07.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/31/2007 3:50:27 AM
System Uptime: 1/24/2009 1:08:01 AM (199 hours ago)
Motherboard: ELITEGROUP | | 945GCT-M3
Processor: Genuine Intel(R) CPU 2140 @ 1.60GHz | Socket 775 | 1600/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 288 GiB total, 126.413 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.037 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP636: 1/22/2009 12:00:04 AM - Scheduled Checkpoint
RP637: 1/22/2009 10:35:43 PM - Windows Update
RP638: 1/24/2009 4:20:26 AM - Scheduled Checkpoint
RP639: 1/24/2009 10:00:15 AM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP640: 1/24/2009 10:03:16 AM - Installed iTunes
RP641: 1/25/2009 12:00:04 AM - Scheduled Checkpoint
RP642: 1/26/2009 12:00:03 AM - Scheduled Checkpoint
RP643: 1/26/2009 10:47:18 AM - Windows Update
RP644: 1/27/2009 12:00:04 AM - Scheduled Checkpoint
RP645: 1/28/2009 12:59:05 AM - Scheduled Checkpoint
RP646: 1/29/2009 3:12:02 AM - Scheduled Checkpoint
RP647: 1/29/2009 3:24:17 PM - Windows Update
RP648: 1/31/2009 1:59:45 AM - Scheduled Checkpoint
RP649: 2/1/2009 12:24:34 AM - Scheduled Checkpoint
==== Installed Programs ======================
Sansa Media Converter
2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player
Agere Systems PCI-SV92PP Soft Modem
AIM 6
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Install Manager
AutoUpdate
BigFix
BitTorrent
Bonjour
Browser Address Error Redirector
Catalyst Media Center
Catalyst Media Center DVD Authoring Module
Digital Media Reader
DivX Player
DivX Web Player
Dune 2000
Electronic Arts Game Updater
Gateway Connect
Gateway Game Console
Gateway Recovery Center Installer
Google Desktop
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 4.5.3 (Full)
LimeWire 4.18.8
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft WSE 2.0 SP3 Runtime
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Need For Speed - Porsche Unleashed
NetDog
NVIDIA Drivers
Power2Go 5.0
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealWorld Icon Editor
Rhapsody Player Engine
Sansa Media Converter
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Spare Backup
Symantec AntiVirus
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959141)
USB Video Driver
Viewpoint Media Player
Westwood Shared Internet Components
Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (04/27/2007 5.7.0427.0)
Windows Media Player Firefox Plugin
WinRAR archiver
==== Event Viewer Messages From Past Week ========
1/31/2009 12:02:04 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
==== End Of File ===========================
FINAL RSIT LOG
Logfile of random's system information tool 1.05 (written by random/random)
Run by Jamie at 2009-02-01 08:23:23
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 129 GB (44%) free of 295 GB
Total RAM: 2047 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:29 AM, on 2/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI\Catalyst Media Center\CMCService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\notepad.exe
C:\Users\Jamie\Desktop\RSIT.exe
C:\Hijackthis\Jamie.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CMCService] "C:\Program Files\ATI\Catalyst Media Center\CMCService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 5551 bytes
======Scheduled tasks folder======
C:\Windows\tasks\User_Feed_Synchronization-{8E1FEF2E-16C9-4AD6-82FA-067F5A579824}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-23 4435968]
"CMCService"=C:\Program Files\ATI\Catalyst Media Center\CMCService.exe [2007-08-02 172032]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-10-18 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-10-18 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-10-18 133656]
"MSConfig"=C:\Windows\system32\msconfig.exe [2008-01-19 227840]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-22 107112]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-11-28 134808]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2006-11-28 90191]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-11-28 7757824]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-11-28 81920]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-14 399504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
c:\program files\Bigfix\bigfix.exe [2006-11-16 2348584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Users\Jamie\Program Files\BitTorrent_DNA\dna.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-08-31 240640]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2006-11-28 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spare Backup]
C:\Program Files\Spare Backup\SpareBackup.exe [2007-07-13 5252936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-11-15 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
C:\PROGRA~1\Sandisk\Common\Bin\WINCIN~1.EXE [2006-09-26 303104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-10-18 200704]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2009-02-01 08:23:23 ----D---- C:\rsit
2009-01-31 15:39:20 ----D---- C:\Hijackthis
2009-01-28 23:45:44 ----D---- C:\Users\Jamie\AppData\Roaming\Malwarebytes
2009-01-28 23:45:36 ----D---- C:\ProgramData\Malwarebytes
2009-01-28 23:45:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-24 10:04:40 ----D---- C:\Users\Jamie\AppData\Roaming\Apple Computer
2009-01-24 10:04:09 ----A---- C:\Windows\system32\GEARAspi.dll
2009-01-24 10:04:08 ----DC---- C:\Windows\system32\DRVSTORE
2009-01-24 10:03:51 ----D---- C:\Program Files\iPod
2009-01-24 10:03:49 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-24 10:03:49 ----D---- C:\Program Files\iTunes
2009-01-24 10:03:04 ----D---- C:\Program Files\Bonjour
2009-01-24 10:02:20 ----D---- C:\Program Files\QuickTime
2009-01-24 10:02:18 ----D---- C:\ProgramData\Apple Computer
2009-01-24 10:00:56 ----D---- C:\Program Files\Apple Software Update
2009-01-24 10:00:40 ----D---- C:\Windows\LastGood
2009-01-24 09:59:54 ----D---- C:\ProgramData\Apple
2009-01-24 09:59:54 ----D---- C:\Program Files\Common Files\Apple
2009-01-24 01:27:03 ----A---- C:\Windows\system32\unrar.dll
2009-01-24 01:27:00 ----A---- C:\Windows\system32\yv12vfw.dll
2009-01-24 01:27:00 ----A---- C:\Windows\system32\xvidvfw.dll
2009-01-24 01:27:00 ----A---- C:\Windows\system32\xvidcore.dll
2009-01-24 01:26:58 ----A---- C:\Windows\system32\divx.dll
2009-01-24 01:26:57 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2009-01-24 01:26:57 ----A---- C:\Windows\system32\ff_vfw.dll
2009-01-24 01:26:56 ----D---- C:\Program Files\K-Lite Codec Pack
======List of files/folders modified in the last 1 months======
2009-02-01 08:23:29 ----D---- C:\Windows\Temp
2009-02-01 08:23:29 ----D---- C:\Windows\Prefetch
2009-02-01 00:24:47 ----SHD---- C:\System Volume Information
2009-01-31 22:48:13 ----D---- C:\Windows\System32
2009-01-31 11:56:42 ----HD---- C:\Windows\inf
2009-01-31 11:56:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-31 02:00:03 ----D---- C:\Windows\system32\catroot2
2009-01-28 23:45:40 ----D---- C:\Windows\system32\drivers
2009-01-28 23:45:36 ----RD---- C:\Program Files
2009-01-28 23:45:36 ----HD---- C:\ProgramData
2009-01-24 10:04:45 ----SHD---- C:\Windows\Installer
2009-01-24 10:04:45 ----SHD---- C:\Config.Msi
2009-01-24 10:04:09 ----D---- C:\Windows\system32\catroot
2009-01-24 10:01:54 ----D---- C:\Windows
2009-01-24 10:01:00 ----D---- C:\Windows\system32\Tasks
2009-01-24 09:59:54 ----D---- C:\Program Files\Common Files
2009-01-24 01:27:23 ----D---- C:\Program Files\Mozilla Firefox
2009-01-24 01:24:06 ----D---- C:\Program Files\Combined Community Codec Pack
2009-01-24 01:23:44 ----D---- C:\Program Files\DivX
2009-01-22 05:53:53 ----D---- C:\Users\Jamie\AppData\Roaming\BitTorrent
2009-01-18 14:08:58 ----D---- C:\Windows\Minidump
2009-01-17 11:38:17 ----D---- C:\Program Files\BitTorrent
2009-01-14 18:38:07 ----D---- C:\ProgramData\Microsoft Help
2009-01-14 03:10:18 ----D---- C:\Windows\winsxs
2009-01-14 03:02:32 ----D---- C:\Program Files\Windows Mail
2009-01-09 20:35:28 ----A---- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-09-04 371248]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-10-06 406672]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2006-11-22 25448]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2006-10-26 185744]
R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2007-10-11 8413]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-10-05 1161152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-04 99376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-23 1769952]
R3 Iviaspi;IVI ASPI Shell; C:\Windows\system32\drivers\iviaspi.sys [2005-09-20 10368]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090131.003\NAVENG.SYS [2008-11-12 89104]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090131.003\NAVEX15.SYS [2008-11-12 876112]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-11-28 4455616]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-11-13 51200]
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2006-11-22 247144]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-06-08 109744]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2006-10-26 26384]
R3 USB28xxBGA;ATI TV Wonder 600 USB 2.0; C:\Windows\system32\DRIVERS\emBDA.sys [2007-05-16 459520]
R3 USB28xxOEM;USB 28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM.sys [2007-05-16 39808]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture; C:\Windows\system32\drivers\aticxcap.sys [2005-03-30 173824]
S3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3); C:\Windows\system32\drivers\aticxtun.sys [2005-03-30 29184]
S3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar; C:\Windows\system32\drivers\aticxxbr.sys [2005-03-30 9088]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-10-18 2009088]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-10-18 2009088]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2006-11-22 274328]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe [2007-08-02 262239]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe [2007-08-02 1073152]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-11-28 30872]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-11-28 1962136]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe [2007-08-02 110685]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-10-31 2541248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
S4 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [2007-08-31 81408]
-----------------EOF-----------------
Thanks for all your help let me know if you need anything else,