Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Zeroaccess!cfg [Closed]

Started by guest2078 , Sep 27 2012 04:46 PM

  • This topic is locked This topic is locked

#1
guest2078
Posted 27 September 2012 - 04:46 PM

guest2078

    New Member

  • Member
  • Pip
  • 6 posts
My computer is infected with Zeroaccess!cfg. It is blocking my firewall, Windows updates etc. How can I remove it manually?
  • 0

Advertisements

#2
SweetTech
Posted 27 September 2012 - 04:57 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
safebootminimal
activex
drivers32
netsvcs
CreateRestorePoint
"%WinDir%\$NtUninstallKB*$." /30
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
%systemdrive%\$Recycle.Bin|@;true;true;true /fp 
/md5start
volsnap.sys
atapi.sys
explorer.exe
winlogon.exe
wininit.exe
svchost.exe
tdx.sys
afd.sys
netbt.sys
services.exe
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.
  • 0

#3
guest2078
Posted 27 September 2012 - 05:08 PM

guest2078

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTL logfile created on: 9/27/2012 3:53:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jon\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

979.05 Mb Total Physical Memory | 616.34 Mb Available Physical Memory | 62.95% Memory free
2.30 Gb Paging File | 1.94 Gb Available in Paging File | 84.26% Paging File free
Paging file location(s): C:\pagefile.sys 1464 2928 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.42 Gb Total Space | 50.04 Gb Free Space | 67.24% Space Free | Partition Type: NTFS

Computer Name: DEA359119 | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/27 15:52:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jon\My Documents\Downloads\OTL.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/04/23 11:06:48 | 000,266,240 | ---- | M] (GuardianEdge Technologies, Inc.) -- C:\Program Files\GuardianEdge\GuardianEdge Clients\EAFRCliManager.exe
PRC - [2010/04/23 11:05:56 | 000,045,056 | ---- | M] (GuardianEdge Technologies, Inc.) -- C:\Program Files\GuardianEdge\GuardianEdge Clients\EACommunicatorSrv.exe
PRC - [2010/03/25 20:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010/03/25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/03/25 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/08/25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/04/22 12:15:56 | 000,656,696 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2009/04/22 08:05:34 | 001,703,936 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/03/16 18:57:38 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/16 18:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R213367\stacsv.exe
PRC - [2009/02/11 21:09:34 | 000,782,848 | ---- | M] (SysShield Consulting, Inc.) -- C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
PRC - [2009/02/11 15:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/10/02 09:26:42 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/02 09:06:56 | 000,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/10/02 08:56:44 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/06/27 11:47:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 08:54:02 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 08:52:51 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 08:52:40 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 08:51:39 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 08:51:21 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2010/03/25 20:07:00 | 000,148,800 | ---- | M] () -- C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.DLL
MOD - [2010/02/05 11:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/08/25 16:00:00 | 000,057,344 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
MOD - [2008/12/22 12:13:54 | 000,249,856 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2008/10/02 08:59:30 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
MOD - [2008/04/14 05:00:00 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/07/31 00:26:02 | 000,207,344 | ---- | M] () -- C:\Program Files\Common Files\Sonic Shared\SonicHDDemuxer.dll
MOD - [2005/08/22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll
MOD - [2003/02/24 22:49:56 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Services (SafeList) ==========

SRV - [2012/09/26 16:27:38 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/05 18:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/04/23 11:06:48 | 000,266,240 | ---- | M] (GuardianEdge Technologies, Inc.) [Auto | Running] -- C:\Program Files\GuardianEdge\GuardianEdge Clients\EAFRCliManager.exe -- (EAFRCliManager)
SRV - [2010/03/25 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2010/03/25 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/03/25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/03/25 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/12/02 12:21:50 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/04/22 08:05:34 | 001,703,936 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/04/10 10:08:00 | 000,077,824 | ---- | M] (Smith Micro Software, Inc.) [Auto | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2009/04/09 12:02:50 | 000,447,264 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/03/16 18:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R213367\stacsv.exe -- (STacSV)
SRV - [2009/02/11 15:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/12/29 09:07:28 | 000,320,800 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/12/12 07:54:00 | 000,638,976 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/11/12 11:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/10/02 09:26:42 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/02 09:06:56 | 000,905,216 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/10/02 08:56:44 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/06/27 11:47:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2003/10/22 12:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\NvtSp50.sys -- (NvtSp50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/09/27 15:13:19 | 000,016,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Jon\Local Settings\Temp\mfe_rr.sys -- (MFE_RR)
DRV - [2012/05/15 08:53:34 | 000,069,832 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\d7dd499f323e1fe1.sys -- (d7dd499f323e1fe1)
DRV - [2010/04/19 16:00:20 | 000,096,784 | R--- | M] (GuardianEdge Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ephdxlat.sys -- (EPHDXLAT)
DRV - [2010/04/19 16:00:12 | 000,012,688 | R--- | M] (GuardianEdge Technologies, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\System32\drivers\ephdlink.sys -- (ephdlink)
DRV - [2010/04/19 16:00:08 | 000,020,240 | R--- | M] (GuardianEdge Technologies, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\eafsprot.sys -- (EAFSPROT)
DRV - [2010/03/25 20:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/03/25 20:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/03/25 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/03/25 20:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/03/25 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/03/25 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/01/17 09:43:00 | 000,196,064 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2009/12/02 12:12:46 | 000,028,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2009/12/02 12:12:40 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/02 12:12:34 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctnullport.sys -- (Nmea)
DRV - [2009/12/02 12:10:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/09/03 12:06:24 | 000,280,576 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drxvi314.sys -- (bcm)
DRV - [2009/09/03 12:06:24 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2009/04/22 12:15:58 | 000,208,824 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/04/10 10:01:16 | 000,027,072 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/04/02 21:25:50 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/03/24 13:33:38 | 000,232,744 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009/03/16 18:57:30 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/03/16 18:57:12 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/02/26 14:08:52 | 000,109,568 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/02/22 14:51:20 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/09/25 05:22:02 | 003,634,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008/08/04 09:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/06/30 15:08:16 | 000,175,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/06/04 11:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2008/05/29 14:53:26 | 000,112,640 | R--- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cm_net.sys -- (cm_net)
DRV - [2008/05/29 14:53:26 | 000,103,680 | R--- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cm_ser.sys -- (cm_ser)
DRV - [2007/07/23 13:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 13:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 13:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 13:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 13:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 13:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 13:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 13:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 12:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 12:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F3 E0 AA 04 0B E6 27 4A A6 E1 CA 57 C3 6B 04 47 [binary data]
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F3 E0 AA 04 0B E6 27 4A A6 E1 CA 57 C3 6B 04 47 [binary data]
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F3 E0 AA 04 0B E6 27 4A A6 E1 CA 57 C3 6B 04 47 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F3 E0 AA 04 0B E6 27 4A A6 E1 CA 57 C3 6B 04 47 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-217575734-1629750708-1848372199-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-217575734-1629750708-1848372199-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKU\S-1-5-21-217575734-1629750708-1848372199-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKU\S-1-5-21-217575734-1629750708-1848372199-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-217575734-1629750708-1848372199-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F3 E0 AA 04 0B E6 27 4A A6 E1 CA 57 C3 6B 04 47 [binary data]
IE - HKU\S-1-5-21-217575734-1629750708-1848372199-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-217575734-1629750708-1848372199-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-217575734-1629750708-1848372199-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/09/27 14:24:12 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/08/17 14:44:07 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/26 14:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/09/26 14:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jon\Application Data\Mozilla\Extensions
[2012/09/26 14:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 18:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 18:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 18:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/14 12:07:04 | 000,000,886 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 93.113.196.146 www.google.com
O1 - Hosts: 93.113.196.147 www.bing.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (PopKiller Class) - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\PKExt.dll (SysShield Consulting, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AbsoluteShield) - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll (AbsoluteShield Software)
O3 - HKU\S-1-5-21-217575734-1629750708-1848372199-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AESTFltr] ODLG File not found
O4 - HKLM..\Run: [Apoint] T.EXE File not found
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] T File not found
O4 - HKLM..\Run: [ChangeTPMAuth] TRU12 File not found
O4 - HKLM..\Run: [DellConnectionManager] AGER\DELL.UCM.EXE" File not found
O4 - HKLM..\Run: [DellControlPoint] T.EXE" File not found
O4 - HKLM..\Run: [DTSSurround] " /C File not found
O4 - HKLM..\Run: [EAFRCliStart] SOLE\EAFRCLISTART.EXE /P File not found
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found
O4 - HKLM..\Run: [IAAnotif] OTIF.EXE File not found
O4 - HKLM..\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] KEY File not found
O4 - HKLM..\Run: [PDVDDXSrv] K\POWERDVD DX\PDVDDXSRV.EXE" File not found
O4 - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found
O4 - HKLM..\Run: [RDVCHG] T SMARTVIEW\RDVCHG.EXE" File not found
O4 - HKLM..\Run: [RegWork] C:\Program Files\RegWork\RegWork.exe File not found
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [ShStatEXE] E File not found
O4 - HKLM..\Run: [Sprint SmartView] TSV.EXE" -A File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE" File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USCService] DTASKSTATUSSERVICE.EXE File not found
O4 - HKLM..\Run: [WavXMgr] \WAVXDOCMGR.EXE File not found
O4 - HKLM..\Run: [XeroxRegistation] \LOCALS~1\TEMP\XEROX\EREG\OPBREG.EXE" /STARTUP File not found
O4 - HKU\S-1-5-21-217575734-1629750708-1848372199-1005..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Jon\Start Menu\Programs\Startup\AbsoluteShield Internet Eraser.lnk = C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe (SysShield Consulting, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-217575734-1629750708-1848372199-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1343863325000 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1343863315578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://166.154.42.2:...activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{301B8317-CB0B-4CCD-924B-92C3ACC0AF19}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (EAFRCliGina) - C:\WINDOWS\System32\EAFRCliGina.dll (GuardianEdge Technologies, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Jon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 14:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/27 14:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/27 14:35:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/27 14:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/27 14:24:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2012/09/27 14:23:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2012/09/27 09:07:33 | 000,015,840 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\PFMODNT.SYS
[2012/09/27 09:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2012/09/27 09:02:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/09/26 16:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\My Documents\Downloads
[2012/09/26 15:04:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/09/26 14:57:15 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2012/09/26 14:57:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2012/09/26 14:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Local Settings\Application Data\Mozilla
[2012/09/26 14:35:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\Application Data\Mozilla
[2012/09/26 14:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/26 14:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/09/26 14:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/26 12:09:26 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012/09/26 12:09:26 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012/09/26 12:09:26 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012/09/26 12:09:25 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012/09/26 12:09:25 | 000,096,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2012/09/18 08:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jon\My Documents\My Downloads
[2012/09/18 08:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
[2012/09/18 08:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/27 15:50:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/27 15:19:52 | 000,002,353 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/09/27 15:19:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/27 15:19:35 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/27 15:18:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/27 15:18:53 | 1026,686,976 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/27 15:14:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/27 14:35:23 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/26 16:27:37 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/09/26 16:27:37 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/09/26 15:05:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/26 14:35:20 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/26 14:35:20 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/26 11:04:52 | 000,003,587 | ---- | M] () -- C:\WINDOWS\mariner.his
[2012/09/26 11:04:52 | 000,001,823 | ---- | M] () -- C:\WINDOWS\mariner.ini
[2012/09/26 11:04:48 | 000,605,508 | ---- | M] () -- C:\WINDOWS\hpbj1200.his
[2012/09/26 11:04:48 | 000,010,685 | ---- | M] () -- C:\WINDOWS\hpbj1200.ini
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/04 16:54:23 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/27 14:35:23 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/27 14:21:44 | 1026,686,976 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/26 14:35:20 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/26 14:35:20 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/26 14:35:20 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/26 11:04:25 | 001,207,664 | ---- | C] () -- C:\WINDOWS\hpbj1200.hi1
[2012/09/26 11:04:25 | 000,019,003 | ---- | C] () -- C:\WINDOWS\hpbj1200.bu1
[2012/09/18 08:53:21 | 000,002,353 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/09/04 16:54:23 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2012/07/27 15:22:13 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\mbam.context.scan
[2012/05/15 08:54:39 | 000,069,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\77efbbded25091ed.sys
[2012/05/15 08:53:34 | 000,069,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\d7dd499f323e1fe1.sys
[2012/03/20 13:21:19 | 000,019,504 | ---- | C] () -- C:\WINDOWS\hplj24x0.ini
[2012/03/14 09:15:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\scrub2k.exe
[2012/03/14 09:15:46 | 000,000,423 | ---- | C] () -- C:\WINDOWS\hpw1200k.ini
[2012/03/14 09:14:26 | 000,010,685 | ---- | C] () -- C:\WINDOWS\hpbj1200.ini
[2012/03/14 09:14:15 | 000,001,823 | ---- | C] () -- C:\WINDOWS\mariner.ini
[2012/03/13 17:28:46 | 000,025,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbprint.sys
[2012/01/06 16:29:19 | 000,001,372 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\sr1027ik5afs40s47o254pj2r2k2wxccc718nscb6e26ny
[2012/01/06 16:29:18 | 000,001,372 | -HS- | C] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\sr1027ik5afs40s47o254pj2r2k2wxccc718nscb6e26ny
[2011/10/07 09:14:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\669a9c3d
[2011/10/06 14:35:49 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\713f1438
[2011/10/06 14:35:08 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\91e2ebc7
[2011/09/22 09:28:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/09 13:47:11 | 000,059,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2011/03/31 08:59:23 | 000,000,021 | ---- | C] () -- C:\WINDOWS\EPProj76c.ini
[2011/01/28 17:39:41 | 000,241,248 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/07 15:19:42 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/20 12:56:48 | 000,075,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/10/20 12:56:48 | 000,066,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/10/20 12:56:48 | 000,043,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/10/04 09:15:17 | 000,196,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\windrvr6.sys
[2010/03/16 11:16:30 | 000,001,058 | ---- | C] () -- C:\Documents and Settings\Jon\XrxWm.ini
[2009/08/28 13:36:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\WavXMapDrive.bat

========== ZeroAccess Check ==========

[2010/12/09 08:15:09 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{036eda62-0295-52e3-cd92-8a2acb7aa561}\L
[2012/05/31 08:59:20 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{036eda62-0295-52e3-cd92-8a2acb7aa561}\U
[2010/12/09 08:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Jon\Local Settings\Application Data\{036eda62-0295-52e3-cd92-8a2acb7aa561}\L
[2010/12/09 08:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Jon\Local Settings\Application Data\{036eda62-0295-52e3-cd92-8a2acb7aa561}\U
[2008/04/25 14:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"ThreadingModel" = Apartment
"" = %SystemRoot%\system32\Shdocvw.dll -- [2009/07/18 09:05:06 | 001,509,888 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/07/18 09:05:06 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >




OTL Extras logfile created on: 9/27/2012 3:53:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jon\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

979.05 Mb Total Physical Memory | 616.34 Mb Available Physical Memory | 62.95% Memory free
2.30 Gb Paging File | 1.94 Gb Available in Paging File | 84.26% Paging File free
Paging file location(s): C:\pagefile.sys 1464 2928 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.42 Gb Total Space | 50.04 Gb Free Space | 67.24% Space Free | Partition Type: NTFS

Computer Name: DEA359119 | User Name: Jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{02C0BC1F-E273-4FA7-BF75-46ACF9650765}" = HP LaserJet 2410/2420/2430
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{0639F993-7F7E-4BA5-BEC7-53CAC2E5B973}" = Dell ControlPoint System Manager
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2484631E-A7B3-4847-ACBB-4D881E6E9D5A}" = Dell ControlPoint Connection Manager
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 29
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EDD1CCA-F75D-4DB2-A958-B2E83C840EAF}" = GuardianEdge Framework Client
"{7F5AF4AA-7F77-47FC-9E22-519822FC6365}" = Sprint SmartView
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{86A8FD76-3268-4102-9674-7118881EC2C0}" = Wave Infrastructure Installer
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B1F8092-9D84-459B-88EA-0BE882AC915E}" = UPEK TouchChip Fingerprint Reader
"{8CB7F4E6-73AE-4D8F-86A2-EAE39CE72FD1}" = Intel® PROSet/Wireless WiFi API
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{4C94D92A-41D9-49C7-8978-D53C9AFC426D}" =
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{99E39418-A6C1-4D2B-AF9F-9152C93F03A9}" = Dell Control Point
"{9AE41AF3-FAD1-4A34-8976-747FDC19FE08}" = Intel® PROSet/Wireless WiFi Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C875FEA-B49E-49F7-AE62-0F9B91F90982}" = SRS Premium Sound
"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DAC07FB2-2C63-44B2-8344-AB7542C936D2}" = DCP32MMWrapper
"{DB58A549-42CA-4081-986A-633479DE413F}" = SO32MMWrapper
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EC901028-585B-4277-9FCD-2B3272C290EA}" = GuardianEdge Drive Encryption Client
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EFE4B2A0-B30F-4222-8701-E1D61D3715FA}" = ADS Usbird4
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}" = AuthenTec Fingerprint System
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"66E7D038E1F9BEA2EBDF90804718442328FF88DA" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (06/12/2008 8.1.0.51)
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"AbsoluteShield Internet Eraser Pro_is1" = AbsoluteShield Internet Eraser Pro
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProInst" = Intel PROSet Wireless
"Silent Package Run-Time Sample" = PowerLite 76c User's Guide
"STANDARD" = Microsoft Office Standard 2007
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xerox_Support_Centre" = Xerox Support Centre
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/27/2012 5:22:46 PM | Computer Name = DEA359119 | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 9/27/2012 5:28:08 PM | Computer Name = DEA359119 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070424 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/27/2012 5:28:08 PM | Computer Name = DEA359119 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 9/27/2012 5:28:15 PM | Computer Name = DEA359119 | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 9/27/2012 5:29:00 PM | Computer Name = DEA359119 | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 9/27/2012 6:16:00 PM | Computer Name = DEA359119 | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

Error - 9/27/2012 6:19:03 PM | Computer Name = DEA359119 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070424 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/27/2012 6:19:03 PM | Computer Name = DEA359119 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 9/27/2012 6:19:10 PM | Computer Name = DEA359119 | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 9/27/2012 6:19:53 PM | Computer Name = DEA359119 | Source = Wave TCG Client Services | ID = 123
Description = The NTRU TSS is not running, Wave Software is unable to communicate
to TPM

[ System Events ]
Error - 9/27/2012 5:10:22 PM | Computer Name = DEA359119 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EAFRCliManager
with arguments "" in order to run the server: {A1C294A9-AA96-4363-8851-DEA366E2FB47}

Error - 9/27/2012 5:10:22 PM | Computer Name = DEA359119 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EAFRCliManager
with arguments "" in order to run the server: {378B7F3E-639C-48E5-B9FB-AC31B66487A6}

Error - 9/27/2012 5:10:23 PM | Computer Name = DEA359119 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EAFRCliManager
with arguments "" in order to run the server: {378B7F3E-639C-48E5-B9FB-AC31B66487A6}

Error - 9/27/2012 5:10:23 PM | Computer Name = DEA359119 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EAFRCliManager
with arguments "" in order to run the server: {378B7F3E-639C-48E5-B9FB-AC31B66487A6}

Error - 9/27/2012 5:10:53 PM | Computer Name = DEA359119 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/27/2012 5:11:56 PM | Computer Name = DEA359119 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/27/2012 5:12:11 PM | Computer Name = DEA359119 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/27/2012 5:12:11 PM | Computer Name = DEA359119 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/27/2012 5:12:12 PM | Computer Name = DEA359119 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/27/2012 5:13:43 PM | Computer Name = DEA359119 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >
  • 0

#4
guest2078
Posted 27 September 2012 - 05:21 PM

guest2078

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
16:22:40.0890 3196 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:22:42.0328 3196 ============================================================
16:22:42.0328 3196 Current date / time: 2012/09/27 16:22:42.0328
16:22:42.0328 3196 SystemInfo:
16:22:42.0328 3196
16:22:42.0328 3196 OS Version: 5.1.2600 ServicePack: 3.0
16:22:42.0328 3196 Product type: Workstation
16:22:42.0328 3196 ComputerName: DEA359119
16:22:42.0328 3196 UserName: Jon
16:22:42.0328 3196 Windows directory: C:\WINDOWS
16:22:42.0328 3196 System windows directory: C:\WINDOWS
16:22:42.0328 3196 Processor architecture: Intel x86
16:22:42.0328 3196 Number of processors: 2
16:22:42.0328 3196 Page size: 0x1000
16:22:42.0328 3196 Boot type: Normal boot
16:22:42.0328 3196 ============================================================
16:22:42.0640 3196 BG loaded
16:22:43.0609 3196 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:22:43.0609 3196 ============================================================
16:22:43.0609 3196 \Device\Harddisk0\DR0:
16:22:43.0609 3196 MBR partitions:
16:22:43.0609 3196 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x36E8E, BlocksNum 0x94D7633
16:22:43.0609 3196 ============================================================
16:22:43.0656 3196 C: <-> \Device\Harddisk0\DR0\Partition1
16:22:43.0656 3196 ============================================================
16:22:43.0656 3196 Initialize success
16:22:43.0656 3196 ============================================================
16:23:03.0515 3712 ============================================================
16:23:03.0515 3712 Scan started
16:23:03.0515 3712 Mode: Manual;
16:23:03.0515 3712 ============================================================
16:23:03.0812 3712 ================ Scan system memory ========================
16:23:03.0828 3712 System memory - ok
16:23:03.0828 3712 ================ Scan services =============================
16:23:04.0468 3712 Abiosdsk - ok
16:23:04.0515 3712 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:23:04.0656 3712 abp480n5 - ok
16:23:04.0703 3712 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:23:04.0703 3712 ACPI - ok
16:23:04.0718 3712 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:23:04.0718 3712 ACPIEC - ok
16:23:04.0781 3712 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:23:04.0968 3712 AdobeFlashPlayerUpdateSvc - ok
16:23:05.0000 3712 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:23:05.0156 3712 adpu160m - ok
16:23:05.0203 3712 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:23:05.0218 3712 aec - ok
16:23:05.0281 3712 [ F21D5E93A94514BE9F5B6EBF74A696B2 ] AESTAud C:\WINDOWS\system32\drivers\AESTAud.sys
16:23:05.0421 3712 AESTAud - ok
16:23:05.0500 3712 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:23:05.0703 3712 AFD - ok
16:23:05.0750 3712 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
16:23:05.0750 3712 agp440 - ok
16:23:05.0765 3712 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:23:05.0781 3712 agpCPQ - ok
16:23:05.0781 3712 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:23:05.0984 3712 Aha154x - ok
16:23:05.0984 3712 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:23:06.0156 3712 aic78u2 - ok
16:23:06.0156 3712 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:23:06.0343 3712 aic78xx - ok
16:23:06.0375 3712 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:23:06.0390 3712 Alerter - ok
16:23:06.0406 3712 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:23:06.0421 3712 ALG - ok
16:23:06.0453 3712 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
16:23:06.0609 3712 AliIde - ok
16:23:06.0609 3712 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:23:06.0625 3712 alim1541 - ok
16:23:06.0640 3712 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:23:06.0656 3712 amdagp - ok
16:23:06.0671 3712 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
16:23:06.0828 3712 amsint - ok
16:23:06.0890 3712 [ B83F9DA84F7079451C1C6A4A2F140920 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
16:23:07.0109 3712 ApfiltrService - ok
16:23:07.0140 3712 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:23:07.0156 3712 AppMgmt - ok
16:23:07.0171 3712 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:23:07.0171 3712 Arp1394 - ok
16:23:07.0187 3712 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
16:23:07.0343 3712 asc - ok
16:23:07.0359 3712 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:23:07.0437 3712 asc3350p - ok
16:23:07.0437 3712 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:23:07.0500 3712 asc3550 - ok
16:23:07.0609 3712 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:23:07.0703 3712 aspnet_state - ok
16:23:07.0703 3712 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:23:07.0703 3712 AsyncMac - ok
16:23:07.0750 3712 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:23:07.0750 3712 atapi - ok
16:23:07.0750 3712 Atdisk - ok
16:23:07.0765 3712 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:23:07.0765 3712 Atmarpc - ok
16:23:07.0906 3712 [ D3FCB01559309C8611E1E1F955E896C9 ] ATService C:\Program Files\Fingerprint Sensor\AtService.exe
16:23:08.0015 3712 ATService - ok
16:23:08.0062 3712 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:23:08.0062 3712 AudioSrv - ok
16:23:08.0125 3712 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:23:08.0125 3712 audstub - ok
16:23:08.0187 3712 [ 559DDDA2C88459478056174247706DEB ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:23:08.0296 3712 b57w2k - ok
16:23:08.0406 3712 [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
16:23:08.0531 3712 BBSvc - ok
16:23:08.0593 3712 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
16:23:08.0750 3712 BBUpdate - ok
16:23:08.0781 3712 [ ABADC13EC1ECEE9301B5190BFD84D8F1 ] bcm C:\WINDOWS\system32\DRIVERS\drxvi314.sys
16:23:08.0906 3712 bcm - ok
16:23:08.0906 3712 [ 1388D943DA2692F8F76B9A8B48BE3932 ] bcmbusctr C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys
16:23:09.0062 3712 bcmbusctr - ok
16:23:09.0109 3712 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:23:09.0109 3712 Beep - ok
16:23:09.0171 3712 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
16:23:09.0171 3712 Browser - ok
16:23:09.0203 3712 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
16:23:09.0203 3712 BthEnum - ok
16:23:09.0203 3712 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
16:23:09.0218 3712 BthPan - ok
16:23:09.0250 3712 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
16:23:09.0265 3712 BTHPORT - ok
16:23:09.0296 3712 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
16:23:09.0296 3712 BthServ - ok
16:23:09.0328 3712 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
16:23:09.0343 3712 BTHUSB - ok
16:23:09.0421 3712 [ 81A395AAB3C606D5F1667CC5FC02B3D2 ] buttonsvc32 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
16:23:09.0562 3712 buttonsvc32 - ok
16:23:09.0562 3712 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:23:09.0578 3712 cbidf - ok
16:23:09.0578 3712 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:23:09.0578 3712 cbidf2k - ok
16:23:09.0609 3712 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:23:09.0718 3712 cd20xrnt - ok
16:23:09.0750 3712 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:23:09.0750 3712 Cdaudio - ok
16:23:09.0781 3712 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:23:09.0781 3712 Cdfs - ok
16:23:09.0828 3712 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:23:09.0843 3712 Cdrom - ok
16:23:09.0843 3712 Changer - ok
16:23:09.0875 3712 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:23:09.0890 3712 CiSvc - ok
16:23:09.0890 3712 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:23:09.0890 3712 ClipSrv - ok
16:23:09.0937 3712 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:23:10.0125 3712 clr_optimization_v2.0.50727_32 - ok
16:23:10.0171 3712 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:23:10.0171 3712 CmBatt - ok
16:23:10.0203 3712 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:23:10.0218 3712 CmdIde - ok
16:23:10.0234 3712 [ 8BE938FE04E3A9D091F379C1D5F4B873 ] cm_net C:\WINDOWS\system32\DRIVERS\cm_net.sys
16:23:10.0359 3712 cm_net - ok
16:23:10.0375 3712 [ 33F77F7CB2C2EFE34B3BC9CC716F73F3 ] cm_ser C:\WINDOWS\system32\DRIVERS\cm_ser.sys
16:23:10.0515 3712 cm_ser - ok
16:23:10.0562 3712 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:23:10.0578 3712 Compbatt - ok
16:23:10.0578 3712 COMSysApp - ok
16:23:10.0609 3712 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:23:10.0609 3712 Cpqarray - ok
16:23:10.0656 3712 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:23:10.0656 3712 CryptSvc - ok
16:23:10.0687 3712 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:23:10.0687 3712 dac2w2k - ok
16:23:10.0703 3712 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:23:10.0812 3712 dac960nt - ok
16:23:10.0843 3712 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:23:10.0859 3712 DcomLaunch - ok
16:23:10.0968 3712 [ EB8C5E4996F91808FB7CA297B903208B ] dcpsysmgrsvc C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
16:23:11.0078 3712 dcpsysmgrsvc - ok
16:23:11.0140 3712 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:23:11.0140 3712 Dhcp - ok
16:23:11.0203 3712 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:23:11.0203 3712 Disk - ok
16:23:11.0234 3712 [ A0500678A33802D8954153839301D539 ] DLABMFSM C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
16:23:11.0296 3712 DLABMFSM - ok
16:23:11.0328 3712 [ B8D2F68CAC54D46281399F9092644794 ] DLABOIOM C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
16:23:11.0406 3712 DLABOIOM - ok
16:23:11.0406 3712 [ 0EE93AB799D1CB4EC90B36F3612FE907 ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
16:23:11.0468 3712 DLACDBHM - ok
16:23:11.0484 3712 [ 87413B94AE1FABC117C4E8AE6725134E ] DLADResM C:\WINDOWS\system32\Drivers\DLADResM.SYS
16:23:11.0484 3712 DLADResM - ok
16:23:11.0515 3712 [ 766A148235BE1C0039C974446E4C0EDC ] DLAIFS_M C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
16:23:11.0578 3712 DLAIFS_M - ok
16:23:11.0578 3712 [ 38267CCA177354F1C64450A43A4F7627 ] DLAOPIOM C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
16:23:11.0640 3712 DLAOPIOM - ok
16:23:11.0640 3712 [ FD363369FD313B46B5AEAB1A688B52E9 ] DLAPoolM C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
16:23:11.0718 3712 DLAPoolM - ok
16:23:11.0718 3712 [ 336AE18F0912EF4FBE5518849E004D74 ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
16:23:11.0812 3712 DLARTL_M - ok
16:23:11.0828 3712 [ FD85F682C1CC2A7CA878C7A448E6D87E ] DLAUDFAM C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
16:23:11.0921 3712 DLAUDFAM - ok
16:23:11.0921 3712 [ AF389CE587B6BF5BBDCD6F6ABE5EABC0 ] DLAUDF_M C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
16:23:12.0000 3712 DLAUDF_M - ok
16:23:12.0000 3712 dmadmin - ok
16:23:12.0046 3712 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:23:12.0078 3712 dmboot - ok
16:23:12.0140 3712 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:23:12.0140 3712 dmio - ok
16:23:12.0156 3712 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:23:12.0156 3712 dmload - ok
16:23:12.0203 3712 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:23:12.0203 3712 dmserver - ok
16:23:12.0250 3712 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:23:12.0250 3712 DMusic - ok
16:23:12.0281 3712 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:23:12.0281 3712 Dot3svc - ok
16:23:12.0312 3712 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
16:23:12.0312 3712 dot4 - ok
16:23:12.0328 3712 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
16:23:12.0406 3712 Dot4Print - ok
16:23:12.0421 3712 [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb C:\WINDOWS\system32\DRIVERS\dot4usb.sys
16:23:12.0500 3712 dot4usb - ok
16:23:12.0500 3712 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:23:12.0500 3712 dpti2o - ok
16:23:12.0531 3712 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:23:12.0546 3712 drmkaud - ok
16:23:12.0546 3712 [ 5D3B71BB2BB0009D65D290E2EF374BD3 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
16:23:12.0734 3712 DRVMCDB - ok
16:23:12.0843 3712 [ C591BA9F96F40A1FD6494DAFDCD17185 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
16:23:13.0000 3712 DRVNDDM - ok
16:23:13.0078 3712 [ 01927A1BA4FF58C7B8BB4372EF8F2E4E ] EAFRCliManager C:\Program Files\GuardianEdge\GuardianEdge Clients\EAFRCliManager.exe
16:23:13.0234 3712 EAFRCliManager - ok
16:23:13.0296 3712 [ 1DC830767270411939240FACD01E0F2B ] EAFSPROT C:\WINDOWS\system32\drivers\eafsprot.sys
16:23:13.0375 3712 EAFSPROT - ok
16:23:13.0421 3712 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:23:13.0421 3712 EapHost - ok
16:23:13.0437 3712 [ 4D4FE91686228AC62D6FA1F9FCF2E8E5 ] ephdlink C:\WINDOWS\system32\drivers\ephdlink.sys
16:23:13.0562 3712 ephdlink - ok
16:23:13.0562 3712 [ CC73350C3AD95105742D6DD85855B306 ] EPHDXLAT C:\WINDOWS\system32\drivers\EPHDXLAT.sys
16:23:13.0671 3712 EPHDXLAT - ok
16:23:13.0703 3712 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:23:13.0703 3712 ERSvc - ok
16:23:13.0765 3712 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:23:13.0765 3712 Eventlog - ok
16:23:13.0921 3712 [ 87A32636C84555525700E623662E34D9 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:23:14.0031 3712 EvtEng - ok
16:23:14.0093 3712 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:23:14.0109 3712 Fastfat - ok
16:23:14.0156 3712 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:23:14.0250 3712 FastUserSwitchingCompatibility - ok
16:23:14.0312 3712 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
16:23:14.0312 3712 Fax - ok
16:23:14.0343 3712 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
16:23:14.0343 3712 Fdc - ok
16:23:14.0343 3712 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:23:14.0359 3712 Fips - ok
16:23:14.0359 3712 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:23:14.0375 3712 Flpydisk - ok
16:23:14.0375 3712 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:23:14.0390 3712 FltMgr - ok
16:23:14.0484 3712 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:23:14.0500 3712 FontCache3.0.0.0 - ok
16:23:14.0531 3712 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:23:14.0531 3712 Fs_Rec - ok
16:23:14.0609 3712 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:23:14.0625 3712 Ftdisk - ok
16:23:14.0640 3712 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:23:14.0640 3712 Gpc - ok
16:23:14.0718 3712 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:23:14.0937 3712 gupdate - ok
16:23:14.0953 3712 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:23:14.0953 3712 gupdatem - ok
16:23:14.0984 3712 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:23:14.0984 3712 HDAudBus - ok
16:23:15.0046 3712 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:23:15.0046 3712 HidServ - ok
16:23:15.0062 3712 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:23:15.0078 3712 hidusb - ok
16:23:15.0078 3712 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:23:15.0093 3712 hkmsvc - ok
16:23:15.0093 3712 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
16:23:15.0171 3712 hpn - ok
16:23:15.0218 3712 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:23:15.0234 3712 HTTP - ok
16:23:15.0265 3712 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:23:15.0281 3712 HTTPFilter - ok
16:23:15.0296 3712 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
16:23:15.0312 3712 i2omgmt - ok
16:23:15.0343 3712 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:23:15.0343 3712 i2omp - ok
16:23:15.0359 3712 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:23:15.0359 3712 i8042prt - ok
16:23:15.0453 3712 [ 52E8A3CC8269ADB27D25182284C5E650 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:23:15.0640 3712 IAANTMON - ok
16:23:15.0828 3712 [ 3B743262B6456167888D15F1121B3BF7 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:23:16.0062 3712 ialm - ok
16:23:16.0078 3712 [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
16:23:16.0093 3712 iaStor - ok
16:23:16.0171 3712 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:23:16.0390 3712 idsvc - ok
16:23:16.0453 3712 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:23:16.0468 3712 Imapi - ok
16:23:16.0515 3712 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:23:16.0531 3712 ImapiService - ok
16:23:16.0562 3712 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:23:16.0687 3712 ini910u - ok
16:23:16.0734 3712 [ F32A62C765885BD8E4352A1565F702A6 ] IntcHdmiAddService C:\WINDOWS\system32\drivers\IntcHdmi.sys
16:23:16.0921 3712 IntcHdmiAddService - ok
16:23:16.0953 3712 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:23:16.0953 3712 IntelIde - ok
16:23:16.0968 3712 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:23:16.0968 3712 intelppm - ok
16:23:16.0968 3712 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:23:16.0984 3712 Ip6Fw - ok
16:23:16.0984 3712 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:23:16.0984 3712 IpFilterDriver - ok
16:23:17.0000 3712 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:23:17.0000 3712 IpInIp - ok
16:23:17.0015 3712 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:23:17.0046 3712 IpNat - ok
16:23:17.0078 3712 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:23:17.0078 3712 IPSec - ok
16:23:17.0093 3712 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:23:17.0093 3712 IRENUM - ok
16:23:17.0156 3712 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:23:17.0156 3712 isapnp - ok
16:23:17.0250 3712 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
16:23:17.0359 3712 JavaQuickStarterService - ok
16:23:17.0359 3712 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:23:17.0375 3712 Kbdclass - ok
16:23:17.0390 3712 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:23:17.0390 3712 kbdhid - ok
16:23:17.0406 3712 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:23:17.0421 3712 kmixer - ok
16:23:17.0437 3712 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:23:17.0453 3712 KSecDD - ok
16:23:17.0500 3712 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
16:23:17.0593 3712 LanmanServer - ok
16:23:17.0640 3712 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:23:17.0656 3712 lanmanworkstation - ok
16:23:17.0656 3712 lbrtfdc - ok
16:23:17.0703 3712 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:23:17.0718 3712 LmHosts - ok
16:23:17.0890 3712 [ EE0A38DED998B259635E9FD84DBF3BBF ] McAfeeEngineService C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
16:23:17.0937 3712 McAfeeEngineService - ok
16:23:18.0046 3712 [ 1B963D79740B187795407CD03E2F7B4D ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
16:23:18.0109 3712 McAfeeFramework - ok
16:23:18.0125 3712 [ E36380699DE374A52F7CF0BB2A09DC05 ] McShield C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
16:23:18.0203 3712 McShield - ok
16:23:18.0218 3712 [ F199668780C3D208930257A7CE655C27 ] McTaskManager C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
16:23:18.0281 3712 McTaskManager - ok
16:23:18.0328 3712 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:23:18.0328 3712 Messenger - ok
16:23:18.0343 3712 [ 5CBF9D2FAB2ABC461B2F67C802F52543 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
16:23:18.0406 3712 mfeapfk - ok
16:23:18.0406 3712 [ 10718B3EEB9E98C5B4AAD7C0A23A9EFA ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
16:23:18.0468 3712 mfeavfk - ok
16:23:18.0468 3712 [ E665CFF48E376B48D2CC84BE1559F131 ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
16:23:18.0546 3712 mfebopk - ok
16:23:18.0562 3712 [ E2F200D38B72E47B88489E2C97DFD6D8 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
16:23:18.0656 3712 mfehidk - ok
16:23:18.0687 3712 [ EF04236D1A4F9F672B5258DE83E2EE35 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys
16:23:18.0765 3712 mferkdet - ok
16:23:18.0796 3712 [ D5A4B1AE4958CCFC66C1D17C1F42BA08 ] mfetdik C:\WINDOWS\system32\drivers\mfetdik.sys
16:23:18.0921 3712 mfetdik - ok
16:23:18.0937 3712 [ FE2546E790E2E38E404B136C8BD25B8B ] mfevtp C:\WINDOWS\system32\mfevtps.exe
16:23:19.0000 3712 mfevtp - ok
16:23:19.0156 3712 [ 8C6C36DD1D2BB8B219DBDDD57FD713A3 ] MFE_RR C:\DOCUME~1\Jon\LOCALS~1\Temp\mfe_rr.sys
16:23:19.0265 3712 MFE_RR - ok
16:23:19.0312 3712 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:23:19.0312 3712 mnmdd - ok
16:23:19.0343 3712 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:23:19.0359 3712 mnmsrvc - ok
16:23:19.0375 3712 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:23:19.0390 3712 Modem - ok
16:23:19.0437 3712 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:23:19.0437 3712 Mouclass - ok
16:23:19.0437 3712 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:23:19.0453 3712 mouhid - ok
16:23:19.0468 3712 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:23:19.0468 3712 MountMgr - ok
16:23:19.0515 3712 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:23:19.0593 3712 MozillaMaintenance - ok
16:23:19.0625 3712 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:23:19.0703 3712 mraid35x - ok
16:23:19.0765 3712 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:23:19.0781 3712 MRxDAV - ok
16:23:19.0796 3712 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:23:19.0984 3712 MRxSmb - ok
16:23:20.0015 3712 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:23:20.0031 3712 MSDTC - ok
16:23:20.0031 3712 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:23:20.0031 3712 Msfs - ok
16:23:20.0046 3712 MSIServer - ok
16:23:20.0078 3712 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:23:20.0078 3712 MSKSSRV - ok
16:23:20.0093 3712 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:23:20.0093 3712 MSPCLOCK - ok
16:23:20.0093 3712 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:23:20.0109 3712 MSPQM - ok
16:23:20.0125 3712 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:23:20.0125 3712 mssmbios - ok
16:23:20.0156 3712 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:23:20.0218 3712 Mup - ok
16:23:20.0250 3712 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:23:20.0250 3712 NDIS - ok
16:23:20.0296 3712 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:23:20.0375 3712 NdisTapi - ok
16:23:20.0421 3712 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:23:20.0421 3712 Ndisuio - ok
16:23:20.0437 3712 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:23:20.0453 3712 NdisWan - ok
16:23:20.0500 3712 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:23:20.0578 3712 NDProxy - ok
16:23:20.0578 3712 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:23:20.0578 3712 NetBIOS - ok
16:23:20.0609 3712 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:23:20.0625 3712 NetBT - ok
16:23:20.0640 3712 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:23:20.0656 3712 NetDDE - ok
16:23:20.0656 3712 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:23:20.0656 3712 NetDDEdsdm - ok
16:23:20.0703 3712 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:23:20.0703 3712 Netlogon - ok
  • 0

#5
guest2078
Posted 27 September 2012 - 05:25 PM

guest2078

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Farbar Service Scanner Version: 19-09-2012
Ran by Jon (administrator) on 27-09-2012 at 16:27:40
Running from "C:\Documents and Settings\Jon\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.

netman Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open netman registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open netman registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open netman registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open Srservice registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open Srservice registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open Srservice registry key. The service key does not exist.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

EventSystem Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open EventSystem registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open EventSystem registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open EventSystem registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) mfetdik(8) NetBT(5) PSched(7) RFCOMM(9) Tcpip(3)
0x0A00000004000000010000000200000003000000080000000A00000005000000060000000700000009000000
IpSec Tag value is correct.
  • 0

#6
SweetTech
Posted 27 September 2012 - 05:38 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Please perform the following tasks below:

ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.
ERUNT utility program
Download:
  • Please download ERUNT...by Lars Hederer. Save it to your desktop.
  • Double-click erunt-setup-exe to start the install process. Follow the install prompts.
  • Use the default install settings...
    say "NO" to the section that asks you to add ERUNT to the Start-Up folder. Enable this option later if desired.
  • Start ERUNT by opting to start the program at the end of setup -or- double click the desktop icon.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK ... Then click on "YES" to create the folder.
Run:
  • Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


NEXT:




OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
:Processes
KILLALLPROCESSES
:OTL
DRV - [2012/05/15 08:53:34 | 000,069,832 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\d7dd499f323e1fe1.sys -- (d7dd499f323e1fe1)
O1 - Hosts: 93.113.196.146	www.google.com
O1 - Hosts: 93.113.196.147	www.bing.com
O3 - HKU\S-1-5-21-217575734-1629750708-1848372199-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AESTFltr] ODLG File not found
O4 - HKLM..\Run: [Apoint] T.EXE File not found
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] T File not found
O4 - HKLM..\Run: [ChangeTPMAuth] TRU12 File not found
O4 - HKLM..\Run: [DellConnectionManager] AGER\DELL.UCM.EXE" File not found
O4 - HKLM..\Run: [DellControlPoint] T.EXE" File not found
O4 - HKLM..\Run: [DTSSurround] " /C File not found
O4 - HKLM..\Run: [EAFRCliStart] SOLE\EAFRCLISTART.EXE /P File not found
O4 - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found
O4 - HKLM..\Run: [IAAnotif] OTIF.EXE File not found
O4 - HKLM..\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] KEY File not found
O4 - HKLM..\Run: [PDVDDXSrv] K\POWERDVD DX\PDVDDXSRV.EXE" File not found
O4 - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found
O4 - HKLM..\Run: [RDVCHG] T SMARTVIEW\RDVCHG.EXE" File not found
O4 - HKLM..\Run: [RegWork] C:\Program Files\RegWork\RegWork.exe File not found
O4 - HKLM..\Run: [ShStatEXE] E File not found
O4 - HKLM..\Run: [Sprint SmartView] TSV.EXE" -A File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE" File not found
O4 - HKLM..\Run: [USCService] DTASKSTATUSSERVICE.EXE File not found
O4 - HKLM..\Run: [WavXMgr] \WAVXDOCMGR.EXE File not found
O4 - HKLM..\Run: [XeroxRegistation] \LOCALS~1\TEMP\XEROX\EREG\OPBREG.EXE" /STARTUP File not found
O4 - HKU\S-1-5-21-217575734-1629750708-1848372199-1005..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2012/09/26 11:04:25 | 001,207,664 | ---- | C] () -- C:\WINDOWS\hpbj1200.hi1
[2012/09/26 11:04:25 | 000,019,003 | ---- | C] () -- C:\WINDOWS\hpbj1200.bu1
[2012/05/15 08:54:39 | 000,069,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\77efbbded25091ed.sys
[2012/05/15 08:53:34 | 000,069,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\d7dd499f323e1fe1.sys
[2012/03/20 13:21:19 | 000,019,504 | ---- | C] () -- C:\WINDOWS\hplj24x0.ini
[2012/01/06 16:29:19 | 000,001,372 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\sr1027ik5afs40s47o254pj2r2k2wxccc718nscb6e26ny
[2012/01/06 16:29:18 | 000,001,372 | -HS- | C] () -- C:\Documents and Settings\Jon\Local Settings\Application Data\sr1027ik5afs40s47o254pj2r2k2wxccc718nscb6e26ny
[2011/10/07 09:14:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\669a9c3d
[2011/10/06 14:35:49 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\713f1438
[2011/10/06 14:35:08 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jon\Application Data\91e2ebc7
[2010/03/16 11:16:30 | 000,001,058 | ---- | C] () -- C:\Documents and Settings\Jon\XrxWm.ini
[2010/12/09 08:15:09 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{036eda62-0295-52e3-cd92-8a2acb7aa561}\L
[2012/05/31 08:59:20 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{036eda62-0295-52e3-cd92-8a2acb7aa561}\U
[2010/12/09 08:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Jon\Local Settings\Application Data\{036eda62-0295-52e3-cd92-8a2acb7aa561}\L
[2010/12/09 08:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Jon\Local Settings\Application Data\{036eda62-0295-52e3-cd92-8a2acb7aa561}\U
[2008/04/25 14:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

:Reg

:Files
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
[EMPTYJAVA]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#7
guest2078
Posted 27 September 2012 - 06:11 PM

guest2078

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Error: No service named d7dd499f323e1fe1 was found to stop!
Service\Driver key d7dd499f323e1fe1 not found.
File C:\WINDOWS\system32\drivers\d7dd499f323e1fe1.sys not found.
93.113.196.146 www.google.com removed from HOSTS file successfully
93.113.196.147 www.bing.com removed from HOSTS file successfully
Registry value HKEY_USERS\S-1-5-21-217575734-1629750708-1848372199-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AESTFltr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Apoint deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BluetoothAuthenticationAgent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ChangeTPMAuth deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DellConnectionManager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DellControlPoint deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DTSSurround deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EAFRCliStart deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HotKeysCmds deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IAAnotif deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IgfxTray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\McAfeeUpdaterUI deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PDVDDXSrv deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Persistence deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RDVCHG deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RegWork deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ShStatEXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sprint SmartView deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\USCService deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WavXMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\XeroxRegistation deleted successfully.
Registry value HKEY_USERS\S-1-5-21-217575734-1629750708-1848372199-1005\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\hpbj1200.hi1 moved successfully.
C:\WINDOWS\hpbj1200.bu1 moved successfully.
File C:\WINDOWS\System32\drivers\77efbbded25091ed.sys not found.
File C:\WINDOWS\System32\drivers\d7dd499f323e1fe1.sys not found.
C:\WINDOWS\hplj24x0.ini moved successfully.
C:\Documents and Settings\All Users\Application Data\sr1027ik5afs40s47o254pj2r2k2wxccc718nscb6e26ny moved successfully.
C:\Documents and Settings\Jon\Local Settings\Application Data\sr1027ik5afs40s47o254pj2r2k2wxccc718nscb6e26ny moved successfully.
C:\Documents and Settings\Jon\Application Data\669a9c3d moved successfully.
C:\Documents and Settings\Jon\Application Data\713f1438 moved successfully.
C:\Documents and Settings\Jon\Application Data\91e2ebc7 moved successfully.
C:\Documents and Settings\Jon\XrxWm.ini moved successfully.
C:\WINDOWS\Installer\{036eda62-0295-52e3-cd92-8a2acb7aa561}\L folder moved successfully.
C:\WINDOWS\Installer\{036eda62-0295-52e3-cd92-8a2acb7aa561}\U folder moved successfully.
C:\Documents and Settings\Jon\Local Settings\Application Data\{036eda62-0295-52e3-cd92-8a2acb7aa561}\L folder moved successfully.
C:\Documents and Settings\Jon\Local Settings\Application Data\{036eda62-0295-52e3-cd92-8a2acb7aa561}\U folder moved successfully.
C:\WINDOWS\assembly\Desktop.ini moved successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
C:\Documents and Settings\Jon\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Jon\My Documents\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Jon\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Jon\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
System Restore Service not available.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Jon
->Temp folder emptied: 2940637 bytes
->Temporary Internet Files folder emptied: 33175 bytes
->Java cache emptied: 66091833 bytes
->FireFox cache emptied: 113542303 bytes
->Flash cache emptied: 1217 bytes

User: LocalService
->Temp folder emptied: 57490 bytes
->Temporary Internet Files folder emptied: 281124292 bytes
->Flash cache emptied: 13722 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 230579298 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 9551 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73432666 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 247262771 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 6810877 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 975.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Jon
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Jon
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09272012_170309

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#8
guest2078
Posted 27 September 2012 - 06:34 PM

guest2078

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Seems to be a little better. Can you tell that it is gone by the log?

ComboFix 12-09-27.03 - Jon 09/27/2012 17:20:50.1.2 - x86
Running from: c:\documents and settings\Jon\My Documents\Downloads\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jon\Application Data\OpenCloud Security
c:\documents and settings\Jon\Application Data\OpenCloud Security\OpenCloud Security.ico
c:\documents and settings\Jon\Application Data\OpenCloud Security\wmf.cfg
c:\documents and settings\Jon\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Jon\WINDOWS
c:\windows\system32\test
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-28 )))))))))))))))))))))))))))))))
.
.
2012-09-28 00:03 . 2012-09-28 00:03 -------- d-----w- C:\_OTL
2012-09-27 23:57 . 2012-09-27 23:57 -------- d-----w- c:\program files\ERUNT
2012-09-27 23:14 . 2012-09-27 23:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-27 16:07 . 2012-09-27 16:07 -------- d-----w- c:\program files\Creative
2012-09-27 16:07 . 2003-03-05 19:19 15840 ------w- c:\windows\system32\drivers\PFMODNT.SYS
2012-09-26 22:04 . 2012-09-27 17:00 -------- dc-h--w- c:\windows\ie8
2012-09-26 21:57 . 2011-11-04 19:20 12800 ----a-w- c:\program files\Internet Explorer\xpshims.dll
2012-09-26 21:57 . 2011-11-04 19:20 247808 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-09-26 21:35 . 2012-09-26 21:35 -------- d-----w- c:\documents and settings\Jon\Local Settings\Application Data\Mozilla
2012-09-26 21:35 . 2012-09-26 21:35 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-26 19:09 . 2009-08-07 02:24 327896 ----a-w- c:\windows\system32\wucltui.dll
2012-09-26 19:09 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2012-09-26 19:09 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2012-09-26 19:09 . 2009-08-07 02:24 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-09-26 19:09 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-26 19:09 . 2009-08-07 02:24 96480 ----a-w- c:\windows\system32\cdm.dll
2012-09-26 19:09 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2012-09-26 19:09 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-18 15:53 . 2012-09-18 15:53 -------- d-----w- c:\program files\Microsoft Download Manager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-26 23:27 . 2012-05-10 15:45 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-26 23:27 . 2011-11-16 18:11 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-06 01:27 . 2012-09-26 21:35 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-04-22 15:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2009-04-22 656696]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2009-04-22 95544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
.
c:\documents and settings\Jon\Start Menu\Programs\Startup\
AbsoluteShield Internet Eraser.lnk - c:\program files\SysShield Tools\Internet Eraser\cseraser.exe [2009-9-11 782848]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-4-9 1106720]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 EAFSPROT;EAFSPROT;c:\windows\system32\drivers\eafsprot.sys [4/19/2010 4:00 PM 20240]
R0 EPHDXLAT;PC Guardian Encryption Filter;c:\windows\system32\drivers\ephdxlat.sys [4/19/2010 4:00 PM 96784]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [6/27/2008 11:47 AM 1664248]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [12/29/2008 9:07 AM 320800]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [4/9/2009 12:02 PM 447264]
R2 EAFRCliManager;EAFRCliManager;c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliManager.exe [4/23/2010 11:06 AM 266240]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [3/25/2010 8:07 PM 22816]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/20/2010 12:56 PM 70728]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [8/19/2009 11:32 PM 112512]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [8/19/2009 11:33 PM 109568]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [8/19/2009 9:17 PM 232744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/21/2011 8:42 AM 136176]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [4/10/2009 10:08 AM 77824]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/10/2012 8:45 AM 250288]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [9/3/2009 12:06 PM 280576]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [9/3/2009 12:06 PM 51456]
S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [3/26/2010 7:02 PM 112640]
S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [3/26/2010 7:02 PM 103680]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/21/2011 8:42 AM 136176]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\Jon\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\Jon\LOCALS~1\Temp\mfe_rr.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/20/2010 12:56 PM 66600]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [9/26/2012 2:35 PM 114144]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
*Deregistered* - ephdlink
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 23:27]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-21 15:42]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-21 15:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://166.154.42.2:8000/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\c59qqhgr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-59131127.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-27 17:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\System32\TdmNetworkProvider.dll
c:\program files\GuardianEdge\GuardianEdge Clients\EAFRCliNP.dll
c:\windows\system32\NetProvCredMan.dll
.
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\wvauth.dll
.
- - - - - - - > 'explorer.exe'(3408)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\drivers\audio\r213367\stacsv.exe
c:\program files\GuardianEdge\GuardianEdge Clients\EACommunicatorSrv.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\McAfee\VirusScan Enterprise\ShStat.exe
.
**************************************************************************
.
Completion time: 2012-09-27 17:34:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-28 00:34
.
Pre-Run: 54,692,077,568 bytes free
Post-Run: 54,492,504,064 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - B11F06D742112401642DC382F464BD1C
  • 0

#9
SweetTech
Posted 27 September 2012 - 06:59 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. MalwareBytes' Anti-Malware log file.
3. ESET Online Virus Scan log file.
4. SecurityCheck log file.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
  • 0

#10
SweetTech
Posted 07 October 2012 - 06:40 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP