Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

UkASH INFECTION [Solved]

Started by MARKTEN , Dec 15 2012 05:31 AM

  • This topic is locked This topic is locked

#31
MARKTEN
Posted 30 December 2012 - 06:32 PM

MARKTEN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi

Here are the 3 files

Thanks for all your efforts so far

Best Regards

Mark

Attached Files


  • 0

Advertisements

#32
Buddierdl
Posted 31 December 2012 - 03:33 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Mark,

We're almost done. We need to check some services.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the all of the options are checked:

    Posted Image
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

How is the computer running now?
  • 0

#33
MARKTEN
Posted 31 December 2012 - 11:45 PM

MARKTEN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi,

The FSS.txt file is attached

Happy New year

Mark

Farbar Service Scanner Version: 23-12-2012
Ran by tennantm (administrator) on 01-01-2013 at 16:39:32
Running from "C:\Documents and Settings\tennantm\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
DNE(10) Gpc(6) IPSec(4) IPSECDRV(1) NetBT(5) PSched(7) SYMTDI(8) Tcpip(3) VBoxNetFlt(11) WPS(9)
0x0C000000040000000100000002000000030000000800000009000000090000000500000006000000070000000A0000000B000000
IpSec Tag value is correct.

**** End of log ****

Attached Files

  • Attached File  FSS.txt   2.28KB   80 downloads

  • 0

#34
Buddierdl
Posted 01 January 2013 - 10:00 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Mark,

Happy New Year to you as well. I think we are just about done.

Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
sc start wscsvc /c

:Commands
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply.

Are there any remaining problems with your computer?
  • 0

#35
MARKTEN
Posted 01 January 2013 - 04:16 PM

MARKTEN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi,

Please find the latest log file.

All good when I remembered to change the SATA mode again

There soes not appear to be any further issues

Thanks again

Best Regards

Mark

OTL logfile created on: 1/2/2013 8:33:38 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 208.38 Gb Free Space | 69.90% Space Free | Partition Type: NTFS
Drive D: | 125.47 Mb Total Space | 114.19 Mb Free Space | 91.01% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (Smcinst)
SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2012/12/14 00:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 00:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/13 15:46:29 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/12 22:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/29 22:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/10/19 04:18:12 | 000,077,944 | ---- | M] (Autodesk) [On_Demand] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011/08/24 00:34:48 | 001,302,272 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\Spyware Doctor\swdsvc.exe -- (sdCoreService)
SRV - [2011/08/24 00:34:44 | 000,708,176 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\Spyware Doctor\svcntaux.exe -- (sdAuxService)
SRV - [2010/08/30 01:31:34 | 000,218,480 | ---- | M] (Sierra Wireless, Inc.) [Auto] -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe -- (SwiCardDetectSvc)
SRV - [2009/12/09 11:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto] -- C:\Program Files\AES Chemunex\eviSENSE\PostGreSQL\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009/11/18 06:27:44 | 000,108,280 | ---- | M] (AuthenTec, Inc) [Auto] -- C:\Program Files\TrueSuite\TrueSuite.Service.exe -- (FPLService)
SRV - [2009/11/16 04:10:52 | 002,034,936 | R--- | M] (AuthenTec, Inc.) [Auto] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
SRV - [2009/11/12 12:59:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009/11/05 11:15:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/10/21 12:39:14 | 000,148,848 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/10/02 15:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/09/30 22:02:38 | 002,320,920 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 22:02:36 | 000,268,824 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/09/21 17:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/09/21 17:44:48 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/09/21 17:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/08/24 21:25:56 | 000,575,552 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2009/07/28 17:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/07 11:37:32 | 000,062,832 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/09 22:21:23 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/09 22:21:23 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/10/09 22:21:18 | 001,787,200 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/10/09 22:21:18 | 000,312,720 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/10/09 22:21:16 | 002,436,536 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/08/20 23:03:02 | 000,073,782 | ---- | M] (SafeNet) [Auto] -- C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe -- (IPSECMON)
SRV - [2008/08/20 23:03:00 | 000,413,746 | ---- | M] (SafeNet) [Auto] -- C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe -- (IreIKE)
SRV - [2008/06/30 01:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/02/21 02:26:40 | 000,151,552 | ---- | M] () [On_Demand] -- C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe -- (bepldr)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/12/14 14:00:32 | 000,126,976 | ---- | M] (TOSHIBA) [Auto] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2005/01/17 18:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (VBoxNetFlt)
DRV - File not found [Kernel | On_Demand] -- -- (USBAAPL)
DRV - File not found [Kernel | On_Demand] -- -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/12/14 00:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/06 00:43:20 | 000,174,056 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2012/09/17 03:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121214.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/09/17 03:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121214.003\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/15 03:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/09 03:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/31 23:17:22 | 000,010,584 | R--- | M] (Red Lion Controls Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\g3usb.sys -- (HMI)
DRV - [2010/10/07 23:57:54 | 000,100,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/07/28 01:33:34 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/06/21 00:07:20 | 000,078,720 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swiwdmbus.sys -- (swiwdmbus)
DRV - [2010/06/20 23:47:14 | 000,156,544 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swumxa3.sys -- (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3)
DRV - [2010/06/20 23:46:50 | 000,201,088 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swnc8ua3.sys -- (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3)
DRV - [2010/04/05 20:49:59 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/28 00:34:44 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/11/15 07:42:12 | 000,671,488 | R--- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/11/13 03:59:06 | 000,215,040 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2009/11/12 12:46:02 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009/11/02 20:43:32 | 005,939,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/10/26 14:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/24 19:54:26 | 000,169,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009/09/23 19:14:10 | 000,160,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2009/09/17 14:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/09/15 14:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/09/14 16:29:36 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009/08/10 18:54:22 | 000,059,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009/08/10 03:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/07/28 22:01:26 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009/07/28 20:24:20 | 000,049,152 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/07/24 13:31:58 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/07/14 00:13:10 | 000,015,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009/07/04 20:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 10:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/06/29 12:25:30 | 000,029,760 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2009/06/22 19:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/17 13:59:46 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2009/06/11 16:05:00 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009/05/20 12:23:36 | 000,074,368 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009/05/11 21:11:44 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2008/10/09 22:21:30 | 000,041,792 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/10/09 22:21:25 | 000,317,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/10/09 22:21:25 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/10/09 22:21:23 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/10/09 22:21:20 | 000,091,968 | ---- | M] (Symantec Corporation) [Kernel | Disabled] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/10/09 22:21:20 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/10/09 22:21:04 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/10/09 22:21:03 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/10/09 22:21:01 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/08/20 22:45:08 | 000,138,296 | ---- | M] (SafeNet) [Kernel | System] -- C:\WINDOWS\system32\drivers\IpSecDrv.sys -- (IPSECDRV)
DRV - [2008/08/05 22:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/30 02:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/06/19 02:27:56 | 000,125,584 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/04/14 07:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 08:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/03/20 23:42:52 | 000,004,211 | R--- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alertdrv.sys -- (AlertDrv)
DRV - [2008/01/16 21:35:44 | 000,536,634 | ---- | M] (SafeNet) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Crypto.sys -- (Crypto)
DRV - [2008/01/02 02:48:32 | 000,029,184 | ---- | M] (Deterministic Networks Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vap.sys -- (DniVap) SafeNet WAN Miniport (VA)
DRV - [2007/12/18 13:46:34 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/08/23 00:58:06 | 000,467,968 | R--- | M] (DiBcom) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2007/06/28 19:01:48 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/04/19 00:18:20 | 000,083,536 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2007/04/19 00:18:16 | 000,059,984 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IkSysFlt)
DRV - [2007/04/19 00:18:12 | 000,052,304 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2007/04/19 00:18:08 | 000,039,248 | ---- | M] (PCTools Research Pty Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\ikfileflt.sys -- (IKFileFlt)
DRV - [2007/03/26 14:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/02/22 17:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/19 14:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2007/02/15 18:44:06 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/01/04 17:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/07/27 17:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/06/16 13:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2003/07/15 23:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.30.71;www.dksh.com.au;www.edwardkeller.com.au;www.diethelmkeller.com.au;195.61.37.4;<local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=dvscfw37.telstra.proxy:80;https=dvscfw37.telstra.proxy:80;ftp=dvscfw37.telstra.proxy:80

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\hutcheor.DKSH_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://192.168.30.35
IE - HKU\hutcheor.DKSH_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.30.35
IE - HKU\hutcheor.DKSH_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\hutcheor.DKSH_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.30.71;www.dksh.com.au;www.edwardkeller.com.au;www.diethelmkeller.com.au;195.61.37.4;<local>
IE - HKU\hutcheor.DKSH_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=dvscfw37.telstra.proxy:80;https=dvscfw37.telstra.proxy:80;ftp=dvscfw37.telstra.proxy:80



IE - HKU\postgres_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\tennantm_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://192.168.30.35
IE - HKU\tennantm_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.30.35
IE - HKU\tennantm_ON_C\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\tennantm_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\tennantm_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.30.71;www.dksh.com.au;www.edwardkeller.com.au;www.diethelmkeller.com.au;195.61.37.4;<local>
IE - HKU\tennantm_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=dvscfw37.telstra.proxy:80;https=dvscfw37.telstra.proxy:80;ftp=dvscfw37.telstra.proxy:80

IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo!7 Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\tennantm_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe (PC Tools)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SystemTray] C:\Program Files\TrueSuite\TrueSuite.SysTray.exe (AuthenTec, Inc)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE (TOSHIBA)
O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA)
O4 - HKLM..\Run: [TNRotate] C:\Program Files\TOSHIBA\TNROTATE\TNROTATE.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [WatcherHelper] C:\Program files\Telstra\Telstra Connection Manager\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKU\tennantm_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\tennantm_ON_C..\Run: [Startw3i] File not found
O4 - HKU\Administrator_ON_C..\RunOnce: [SysOff] File not found
O4 - HKU\hutcheor.DKSH_ON_C..\RunOnce: [FlashPlayerUpdate] File not found
O4 - HKU\postgres_ON_C..\RunOnce: [SysOff] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NetScreen-Remote.lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe (SafeNet)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SimHID.lnk = C:\Program Files\Remote\SimHID.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\hutcheor.DKSH\Start Menu\Programs\Startup\SimHID.exe.lnk = C:\Program Files\Remote\SimHID.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\hutcheor.DKSH_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\hutcheor.DKSH_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\postgres_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\tennantm_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\tennantm_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://melm01.dksh.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.133.193 61.9.195.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dksh.local
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\tennantm_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/01 06:18:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/01/02 08:15:06 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2013/01/01 00:38:53 | 000,697,911 | ---- | C] (Farbar) -- C:\Documents and Settings\tennantm\Desktop\FSS.exe
[2012/12/30 17:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/12/30 17:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/30 17:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/12/30 17:15:27 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/30 17:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/12/30 17:13:18 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\tennantm\Desktop\mbam-setup-1.70.0.1100.exe
[2012/12/29 15:04:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/24 18:40:01 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[4 C:\Documents and Settings\tennantm\My Documents\*.tmp files -> C:\Documents and Settings\tennantm\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\tennantm\*.tmp files -> C:\Documents and Settings\tennantm\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/01 15:45:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/01 15:45:37 | 002,609,432 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/01/01 15:38:48 | 000,502,088 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/01 15:38:48 | 000,090,670 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/01 15:37:47 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SimHID.lnk
[2013/01/01 15:37:47 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2013/01/01 15:36:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/01 15:34:12 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2013/01/01 00:46:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/01 00:26:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/01 00:25:33 | 000,354,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/01 00:23:36 | 000,697,911 | ---- | M] (Farbar) -- C:\Documents and Settings\tennantm\Desktop\FSS.exe
[2012/12/30 19:10:01 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/30 19:01:05 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/12/30 17:15:29 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/30 17:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/30 17:00:28 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\tennantm\Desktop\mbam-setup-1.70.0.1100.exe
[2012/12/26 00:53:41 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\tennantm\Application Data\skype.ini
[2012/12/20 21:08:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012/12/15 01:35:33 | 000,000,044 | ---- | M] () -- C:\WINDOWS\DSELite.INI
[2012/12/15 01:18:14 | 000,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2012/12/14 00:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/12/13 15:46:28 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/13 15:46:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/12/12 14:32:24 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/08 00:55:18 | 001,249,167 | ---- | M] () -- C:\Documents and Settings\tennantm\Desktop\ABB-Vikt manual E1T_845-0077B.pdf
[4 C:\Documents and Settings\tennantm\My Documents\*.tmp files -> C:\Documents and Settings\tennantm\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\tennantm\*.tmp files -> C:\Documents and Settings\tennantm\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/30 17:15:29 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/15 04:29:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/15 04:19:01 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\tennantm\Application Data\skype.ini
[2012/12/08 00:55:18 | 001,249,167 | ---- | C] () -- C:\Documents and Settings\tennantm\Desktop\ABB-Vikt manual E1T_845-0077B.pdf
[2012/05/27 07:45:50 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2012/05/27 07:20:34 | 000,124,687 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2012/05/27 07:19:39 | 000,181,563 | R--- | C] () -- C:\WINDOWS\System32\hpoff314.dat
[2012/05/27 07:19:39 | 000,181,151 | R--- | C] () -- C:\WINDOWS\System32\hpoF300.dat
[2012/05/14 03:56:24 | 002,609,432 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/01 17:30:04 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2012/04/01 17:29:28 | 000,007,803 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2012/04/01 17:28:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2012/04/01 17:28:52 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\lmmonres.dll
[2012/02/15 04:02:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/08 17:48:23 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\tennantm\distributoraccess.parker.com.HOD_CCR2.ccr1
[2011/08/04 22:30:30 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\tennantm\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/04 21:01:48 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/06/10 09:04:55 | 000,000,044 | ---- | C] () -- C:\WINDOWS\DSE890.INI
[2011/05/17 02:32:09 | 000,000,078 | ---- | C] () -- C:\WINDOWS\_RENAMER.INI
[2011/05/17 02:17:17 | 000,000,044 | ---- | C] () -- C:\WINDOWS\DSELite.INI
[2011/05/15 23:37:56 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\tennantm\distributoraccess.parker.com.HOD.LOC
[2011/05/15 23:36:53 | 000,000,456 | RHS- | C] () -- C:\Documents and Settings\tennantm\ntuser.pol
[2011/05/15 23:22:18 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2011/02/22 01:36:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/11/17 17:00:27 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/11/17 17:00:27 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/09/16 20:39:40 | 000,000,065 | ---- | C] () -- C:\WINDOWS\logger.INI
[2010/07/28 01:33:34 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2010/07/18 17:22:49 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\hutcheor.DKSH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/15 17:40:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2010/06/29 17:05:00 | 000,000,456 | RHS- | C] () -- C:\Documents and Settings\hutcheor.DKSH\ntuser.pol
[2010/04/06 19:14:43 | 000,000,736 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2010/04/06 00:02:15 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2010/03/24 19:22:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/03/24 19:08:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/03/24 18:55:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2010/03/24 18:52:15 | 000,000,916 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.dat
[2010/03/24 18:48:09 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2010/03/24 18:44:21 | 000,007,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2010/03/24 18:44:21 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2010/03/24 18:40:01 | 000,874,032 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2010/03/24 18:40:01 | 000,127,896 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2009/12/01 22:02:01 | 000,002,368 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/12/01 22:01:25 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/12/01 22:00:17 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/12/01 21:59:47 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/12/01 21:58:23 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/12/01 21:58:15 | 000,502,088 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/01 21:58:15 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/12/01 21:58:15 | 000,090,670 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/01 21:58:15 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/12/01 21:58:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/12/01 21:58:13 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/12/01 21:58:10 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/12/01 21:57:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/12/01 21:57:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/12/01 21:57:38 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/12/01 21:57:33 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/12/01 06:20:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/01 06:16:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/01 06:16:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/11/30 22:14:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/30 22:14:01 | 000,354,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/28 19:01:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/05/05 05:10:17 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2006/04/12 05:40:14 | 000,147,584 | ---- | C] () -- C:\WINDOWS\System32\hpz9xd14.drv
[2005/10/19 05:57:22 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\TWXAPI32.DLL
[2003/02/27 00:27:52 | 000,237,632 | ---- | C] () -- C:\WINDOWS\System32\INT2F.DLL
[2001/07/06 12:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/01/31 21:57:07 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Sierra Wireless
[2010/03/24 19:02:07 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\toshiba
[2009/12/01 06:24:04 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\WinBatch
[2010/03/24 19:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2009/12/01 06:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinBatch
[2011/01/31 22:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hutcheor.DKSH\Application Data\Sierra Wireless
[2010/11/05 01:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hutcheor.DKSH\Application Data\toshiba
[2010/11/05 01:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hutcheor.DKSH\Application Data\WinBatch
[2010/03/24 19:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\postgres\Application Data\toshiba
[2009/12/01 06:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\postgres\Application Data\WinBatch
[2011/02/27 21:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tennantm\Application Data\Autodesk
[2011/01/25 00:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tennantm\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/31 02:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tennantm\Application Data\go
[2012/05/03 05:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tennantm\Application Data\Image Zone Express
[2011/07/12 18:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tennantm\Application Data\officeatwork
[2011/07/19 21:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tennantm\Application Data\PC Speed Maximizer
[2011/07/19 21:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tennantm\Application Data\RegistryKeys
[2012/08/14 18:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tennantm\Application Data\SAP
[2011/10/03 01:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tennantm\Application Data\SIEMENS AG
[2011/05/17 01:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tennantm\Application Data\Sierra Wireless
[2010/12/15 13:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tennantm\Application Data\toshiba
[2009/12/01 06:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tennantm\Application Data\WinBatch
[2011/05/12 23:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sierra Wireless
[2010/03/24 19:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\toshiba
[2009/12/01 06:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WinBatch
[2011/10/19 04:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/03/24 19:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012/11/26 17:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Wireless
[2012/12/30 19:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/14 23:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TOSHIBA
[2010/03/24 19:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueSuite
[2010/09/20 22:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/04/17 16:33:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F0B1F1D2-24C3-4CE4-92A5-B8871B1BA610}
[2011/09/13 23:39:06 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\ErrorEND.job
[2010/03/24 19:12:41 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2010/03/24 19:12:41 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
[2012/12/30 19:01:05 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Attached Files

  • Attached File  OTL.txt   95.8KB   82 downloads

Edited by Essexboy, 01 January 2013 - 04:17 PM.

  • 0

#36
Buddierdl
Posted 02 January 2013 - 08:42 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Mark,

I wasn't clear enough on my last instructions. We need to download a new version of OTL to run in normal boot mode. You also need to run a fix and not a scan.

Download OTL to your Desktop and run the program.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
sc start wscsvc /c

:Commands
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply. The log should be saved in C:\_OTL\MovedFiles and should be named with numbers describing the date and time it was run.

  • 0

#37
MARKTEN
Posted 02 January 2013 - 04:38 PM

MARKTEN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi,

I found it this time amongst other logs

Thanks


Mark

Attached Files


  • 0

#38
Buddierdl
Posted 03 January 2013 - 08:35 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Mark,

The only thing I see left on your computer is that the Windows Security Center is disabled. This could be due to you anti-virus, Symantec Endpoint Protection, which can be set to disable this (see here). Do you know if this is the case?

Also, are there any more problems or issues that you would like to address before I give my cleanup speech?
  • 0

#39
MARKTEN
Posted 03 January 2013 - 05:26 PM

MARKTEN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi,

I could not find the menu for policies using the link you gave for Symantec endpoint protection. However if I go into the control panel the security centre says they are enabled.

I'll keep looking in the symantec menus for this

Otherwise all looks good, many Thanks for your help.

Best Regards

Mark
  • 0

#40
Buddierdl
Posted 05 January 2013 - 08:24 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
If you would like more help with the Security Center let me know...
Congratulations, Mark. :) Your computer now appears to be clean. Please complete the followings steps to finalize the cleaning process.

Please update these programs, as old versions pose a security risk.

  • Java
    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, then click Remove JRE.
    • Run the built-in uninstallers for all copies of java listed
    • Click the Next button
    • Click the Next button again
    • Click the Java Manual Download link
    • A browser window will open with the Java download page
    • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
    • Run the installer
    • Close JavaRa
  • Adobe Reader -> You can get the latest version here.

I can't tell from your logs whether you have the latest versions of these programs. It would be a good idea to go to the websites and check.

  • Adobe Flash -> You can get the latest version here.
  • Firefox -> You can get the latest version here.

Clean up OTL:
  • Open OTL and select the "CleanUp" button.
  • Allow the computer to reboot.

Delete possibly infected restore points. Your computer may have saved a restore point while it was infected, so we need to delete the old restore points and create a new, clean one.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Reset SP3 Firewall: Make sure you don't have any open ports in your firewall.
Click on Start >> Run... and cut/paste in the following and click on OK
firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK
Now click on the General tab >> select On(recommended) >> OK.

Ensure that Windows is always updated. Keeping Windows updated is very important to prevent security vulnerabilities. I recommend turning on automatic updates following the instructions below:
  • First, click on Start and click on Control Panel.
  • Double-click on Automatic Updates to bring up the configuration dialog. If you're in Category view, you'll have to click on Security Center.
  • Select the Automatic (recommended) option and click on OK at the bottom of the window.

Defragment your hard drive. Your hard drive is showing 13% fragmentation. This refers to how your files are spread out on the physical "disk" in your hard drive. You could possibly gain a little better performance from your PC if you defragment your hard drive.
  • Open My Computer.
  • Right-click on you C: drive, and then click Properties.
  • On the Tools tab, click Defragment Now.
  • Click Defragment.

Empty temp files. I would recommend doing this every so often to free up some space on your computer.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Always ensure that your firewall and anti-virus program are updated and running. These are your first line of defense against infection.

Make sure that you keep all of your programs updated. Out-of-date programs can make your computer more vulnerable to infection. Software manufacturers release updates to fix security problems as they are discovered. Secunia Personal Software Inspector, free to download here, is a good program that will scan your computer looking for programs that need to be updated.

This article has good information about how computers get infected. You can read it for good tips on staying clean and safe.
  • 0

Advertisements

#41
Essexboy
Posted 08 January 2013 - 08:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP