Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Arestocrat Virus Help!


  • Please log in to reply

#31
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
what happened when you tried the merge the legacy reg files?
  • 0

Advertisements


#32
IVIRIVIAN

IVIRIVIAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
There was a popup for each that said
Cannot import C:\Documents and Settings\Admin\Desktop\Reg Files\LEGACY_WSCVC.reg:Error accessing the registry.
Cannot import C:\Documents and Settings\Admin\Desktop\Reg Files\LEGACY_SHAREDACCESS.reg:Error accessing the registry.
  • 0

#33
IVIRIVIAN

IVIRIVIAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hey Crag Thanks again for the help. I'm leaving work now and will be back on Monday. If you have any further instructions I can read them from home but can't do anything until Monday.
  • 0

#34
IVIRIVIAN

IVIRIVIAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
At work now, here till 4 today.
  • 0

#35
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi Ivirivian. The next step is to try a program to fix the legacy registry keys. Then run FSS again to see if they are fixed. Please do the following:

Step 1

Download this program to repair you services.
Simply download, run, then press the start button and copy the log for me to see.

Step 2

  • run farbar service scanner

    Posted Image
  • Tick All options.
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Things to see in your next post:
Service Repair log
FSS.txt

  • 0

#36
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Also a quick question - I'm curious how you were able to use OTL without being locked out by the ransomware. :confused:
  • 0

#37
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
just a heads up - we're almost done :)
  • 0

#38
IVIRIVIAN

IVIRIVIAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Great, I will work on the legacy fix tomorrow. As for OTL I had maybe a minute or two before the unlock screen would load. In that time I would open OTL and the notepad and copy the info over to OTL and run the scan/fix. As it was running the screen lockout would start and take over. I let it run for about 30-40 minutes and then just shut down holding in the power button. Because OTL would auto save the text docs to the desktop I was able to copy those over to my flash drive in time after reboot. Thanks again for everything, I'm glad we are almost done I have been getting some pressure to finish this. So far I have kept this computer off and I have not used the internet at all. Please let me know when or if its safe to open a web browser.
  • 0

#39
IVIRIVIAN

IVIRIVIAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
So I ran the restore for important files and was still unable to merge the legacy reg files. Here are the logs.

Log:
Restore Important Windows Services
Start (4/23/2013 10:24:56 AM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (4/23/2013 10:25:03 AM)

Total Repair Time: 00:00:07
  • 0

#40
IVIRIVIAN

IVIRIVIAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Farbar Service Scanner Version: 14-04-2013
Ran by Admin (administrator) on 23-04-2013 at 11:52:37
Running from "C:\Documents and Settings\Admin\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) mfetdik(8) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****
  • 0

Advertisements


#41
IVIRIVIAN

IVIRIVIAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
So today my boss logged into the normal users name on this computer to backup some files. I have only been going under the admin user during these fixes. As soon as he logged in on the normal user a couple of trojan's popped up and were deleted by mcaffe, so I ran RogueKiller and deleted the reg files that showed up under the admin scan. I didn't think it mattered if I was cleaning under the normal user if I was in admin. BTW the ADMIN is a created user here that has full access and the normal user DeDe also has admin rights. This is the account that the virus was contracted on in the first place and is the user that is used on a day to day basis. Do I need to run all these scans for both users? My bad for not explaining this before I didn't think it mattered what user I was on. One other thing I would like to point out is this all started due to the web browser redirecting her every time she would click a link or try to go to a website. I'm not sure if anything we have done so far has corrected this issue because I have not opened a browser yet. I am currently running all of the scans to get you the logs under the normal users name in order to get a head start if needed.

Edited by IVIRIVIAN, 23 April 2013 - 10:50 AM.

  • 0

#42
IVIRIVIAN

IVIRIVIAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Here are the logs for the normal user if needed.

OTL logfile created on: 4/23/2013 12:27:08 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\DeDe Angelillis\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 78.26% Memory free
5.09 Gb Paging File | 4.55 Gb Available in Paging File | 89.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.90 Gb Total Space | 120.36 Gb Free Space | 80.83% Space Free | Partition Type: NTFS
Drive D: | 236.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 30.44 Gb Total Space | 29.67 Gb Free Space | 97.49% Space Free | Partition Type: FAT32
Drive S: | 48.67 Gb Total Space | 6.40 Gb Free Space | 13.16% Space Free | Partition Type: NTFS

Computer Name: DEDEA | User Name: DeDe Angelillis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/18 14:48:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DeDe Angelillis\Desktop\OTL.exe
PRC - [2013/04/16 16:37:15 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2009/03/01 18:09:38 | 001,810,432 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
PRC - [2009/03/01 18:09:22 | 000,077,824 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/02/06 20:10:16 | 001,095,456 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2009/01/19 15:54:16 | 000,667,648 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/01/16 16:41:02 | 000,656,696 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2009/01/16 15:46:22 | 000,015,360 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2009/01/14 10:23:50 | 000,991,232 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2008/12/22 12:15:44 | 000,145,408 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2008/12/11 19:53:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/09/29 08:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2008/09/29 08:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/09/29 08:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2008/09/29 08:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2008/09/29 08:07:00 | 000,026,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2008/09/29 08:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/14 04:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/14 04:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2008/03/14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2008/03/14 04:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/13 18:30:57 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/02/13 18:30:29 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll
MOD - [2013/02/13 18:29:36 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2013/01/10 10:08:35 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
MOD - [2013/01/10 10:04:30 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/10 10:03:33 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/10 10:03:26 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/10 10:02:40 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/10 10:02:12 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2009/04/30 03:37:13 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Status Lib\1.6.206.39627__f25c74fcad379103\Status Lib.dll
MOD - [2009/04/30 03:37:13 | 000,013,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SecurityDeviceInfoSetReg\1.6.206.39641__3a60a70419922317\SecurityDeviceInfoSetReg.dll
MOD - [2009/04/30 03:37:13 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\StatusInterfaces\1.6.206.39627__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2008/12/22 12:13:54 | 000,249,856 | ---- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2008/12/11 15:51:36 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\Wavx_ESC_Logging.dll
MOD - [2008/11/12 13:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
MOD - [2008/03/14 04:00:00 | 000,057,344 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
MOD - [2007/07/23 15:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2005/08/22 15:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll


========== Services (SafeList) ==========

SRV - [2013/04/16 16:37:15 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/04/16 09:41:03 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/13 12:36:18 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2009/04/30 03:49:57 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/01 18:09:22 | 000,077,824 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/01/14 10:23:50 | 000,991,232 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2008/12/12 09:54:00 | 000,638,976 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/12/11 19:53:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/11/12 13:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/09/29 08:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2008/09/29 08:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2008/09/29 08:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2008/09/29 08:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2008/03/14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\NvtSp50.sys -- (NvtSp50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2009/08/14 00:27:00 | 004,485,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/01/16 16:41:06 | 000,208,824 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/12/29 21:34:52 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress)
DRV - [2008/09/29 08:07:00 | 000,340,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/09/29 08:07:00 | 000,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008/09/29 08:07:00 | 000,074,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/09/29 08:07:00 | 000,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2008/09/29 08:07:00 | 000,062,704 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/09/29 08:07:00 | 000,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/08/27 18:32:36 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2008/08/27 18:09:10 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2008/05/23 16:54:38 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-2180549482-1438340568-3630162004-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-2180549482-1438340568-3630162004-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKU\S-1-5-21-2180549482-1438340568-3630162004-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKU\S-1-5-21-2180549482-1438340568-3630162004-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://clearwater.th...ex.jsp?sid=t566
IE - HKU\S-1-5-21-2180549482-1438340568-3630162004-1008\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2180549482-1438340568-3630162004-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-2180549482-1438340568-3630162004-1008\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-2180549482-1438340568-3630162004-1008\..\SearchScopes\{E26A90D3-1141-4EB6-9E5C-A1564CED8193}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2180549482-1438340568-3630162004-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: trpzqbxame%40trpzqbxame.org:3.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/16 09:41:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/16 16:37:31 | 000,000,000 | ---D | M]

[2010/06/22 11:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DeDe Angelillis\Application Data\Mozilla\Extensions
[2013/04/12 09:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DeDe Angelillis\Application Data\Mozilla\Firefox\Profiles\ypfog0f8.default\extensions
[2008/04/14 08:00:00 | 000,004,830 | ---- | M] () (No name found) -- C:\Documents and Settings\DeDe Angelillis\Application Data\Mozilla\Firefox\Profiles\ypfog0f8.default\extensions\[email protected]
[2012/06/04 10:05:50 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\DeDe Angelillis\Application Data\Mozilla\Firefox\Profiles\ypfog0f8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/02/19 12:09:12 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\DeDe Angelillis\Application Data\Mozilla\Firefox\Profiles\ypfog0f8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/16 09:40:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/16 09:41:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/31 12:26:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/01 15:13:20 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Docs = C:\Documents and Settings\DeDe Angelillis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Documents and Settings\DeDe Angelillis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: WOT = C:\Documents and Settings\DeDe Angelillis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.11_0\
CHR - Extension: YouTube = C:\Documents and Settings\DeDe Angelillis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\DeDe Angelillis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: New Tab Redirect! = C:\Documents and Settings\DeDe Angelillis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\2.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\DeDe Angelillis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/04/19 18:44:29 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2180549482-1438340568-3630162004-1008\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2180549482-1438340568-3630162004-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2180549482-1438340568-3630162004-1008\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-19..\Run: [Adobe CSx Manager] C:\Documents and Settings\LocalService\Application Data\42e0800a-74cb-4973-afd7-36e4e3e1e60bad\eacbafdeeeebad.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1242417711625 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57B9B2AA-87B0-47E2-8A13-4CFAECB1D6CF}: NameServer = 65.32.1.65,65.32.1.70
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999/02/12 13:00:00 | 000,000,027 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{369a84d0-2fb0-11df-80be-0022193095b6}\Shell - "" = AutoRun
O33 - MountPoints2\{369a84d0-2fb0-11df-80be-0022193095b6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{369a84d0-2fb0-11df-80be-0022193095b6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{8f530309-3f34-11de-bf7f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8f530309-3f34-11de-bf7f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8f530309-3f34-11de-bf7f-806d6172696f}\Shell\AutoRun\command - "" = D:\monitor.exe -- [2005/11/24 07:09:30 | 000,036,864 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/04/23 12:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DeDe Angelillis\Local Settings\Application Data\Sun
[2013/04/23 12:23:56 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\DeDe Angelillis\Desktop\erunt_setup.exe
[2013/04/23 12:23:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DeDe Angelillis\Desktop\OTL.exe
[2013/04/23 12:23:38 | 000,354,299 | ---- | C] (Farbar) -- C:\Documents and Settings\DeDe Angelillis\Desktop\FSS.exe
[2013/04/23 12:23:35 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\DeDe Angelillis\Desktop\aswMBR.exe
[2013/04/23 10:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\42e0800a-74cb-4973-afd7-36e4e3e1e60bad
[2013/04/23 10:21:41 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/04/23 10:21:32 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2013/04/20 18:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2013/04/20 18:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/04/20 18:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/04/19 18:44:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/16 16:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/16 15:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/04/16 15:48:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/04/16 15:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DeDe Angelillis\Application Data\Qeser
[2013/04/16 15:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DeDe Angelillis\Application Data\Ezniu
[2013/04/16 15:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DeDe Angelillis\Application Data\Exebny
[2013/04/16 15:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DeDe Angelillis\Application Data\42e0800a-74cb-4973-afd7-36e4e3e1e60bad
[2013/04/16 09:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/04/23 12:24:44 | 000,000,613 | ---- | M] () -- C:\Documents and Settings\DeDe Angelillis\Desktop\NTREGOPT.lnk
[2013/04/23 12:24:44 | 000,000,594 | ---- | M] () -- C:\Documents and Settings\DeDe Angelillis\Desktop\ERUNT.lnk
[2013/04/23 12:23:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/23 12:21:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\DeDe Angelillis\Local Settings\Application Data\WavXMapDrive.bat
[2013/04/23 12:21:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/23 12:21:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/23 11:54:50 | 000,514,180 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/23 11:54:50 | 000,098,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/23 11:49:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/23 11:49:53 | 3487,133,696 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/23 10:43:12 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/04/23 10:36:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/23 09:36:02 | 001,010,674 | ---- | M] () -- C:\Documents and Settings\DeDe Angelillis\Desktop\Tweaking.com-RestoreImportantWindowsServices.exe
[2013/04/22 12:01:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/20 18:56:44 | 000,002,963 | ---- | M] () -- C:\Documents and Settings\DeDe Angelillis\Desktop\reg files.zip
[2013/04/20 18:18:36 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\DeDe Angelillis\Desktop\erunt_setup.exe
[2013/04/19 19:46:52 | 000,354,299 | ---- | M] (Farbar) -- C:\Documents and Settings\DeDe Angelillis\Desktop\FSS.exe
[2013/04/19 18:44:29 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/04/18 14:49:52 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\DeDe Angelillis\Desktop\aswMBR.exe
[2013/04/18 14:48:28 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\DeDe Angelillis\Desktop\RogueKiller.exe
[2013/04/18 14:48:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DeDe Angelillis\Desktop\OTL.exe
[2013/04/16 16:17:21 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\DeDe Angelillis\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/16 16:00:37 | 002,250,054 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2013/04/16 16:00:23 | 000,350,795 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2013/04/16 15:53:22 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/04/16 15:02:14 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/11 08:50:44 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/10 17:03:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013/04/23 12:24:44 | 000,000,613 | ---- | C] () -- C:\Documents and Settings\DeDe Angelillis\Desktop\NTREGOPT.lnk
[2013/04/23 12:24:44 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\DeDe Angelillis\Desktop\ERUNT.lnk
[2013/04/23 12:24:16 | 001,010,674 | ---- | C] () -- C:\Documents and Settings\DeDe Angelillis\Desktop\Tweaking.com-RestoreImportantWindowsServices.exe
[2013/04/23 12:24:12 | 000,002,963 | ---- | C] () -- C:\Documents and Settings\DeDe Angelillis\Desktop\reg files.zip
[2013/04/23 12:24:02 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\DeDe Angelillis\Desktop\RogueKiller.exe
[2013/04/16 16:00:37 | 002,250,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2013/04/16 16:00:21 | 000,350,795 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2013/04/16 15:53:22 | 000,001,833 | ---- | C] () -- C:\Documents and Settings\DeDe Angelillis\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/16 15:53:21 | 000,001,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/04/16 15:02:14 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/15 16:56:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/06/02 18:17:15 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\DeDe Angelillis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/12 16:45:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\DeDe Angelillis\Local Settings\Application Data\WavXMapDrive.bat

========== ZeroAccess Check ==========

[2008/04/25 17:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/02 19:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/04/30 03:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Broadcom
[2009/04/30 03:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Wave Systems Corp
[2009/04/30 03:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Windows Desktop Search
[2009/05/29 13:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Windows Search
[2009/04/30 03:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Broadcom
[2009/04/30 03:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
[2009/04/30 03:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2009/04/30 03:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/04/30 03:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2009/04/30 03:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2013/04/23 10:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeDe Angelillis\Application Data\42e0800a-74cb-4973-afd7-36e4e3e1e60bad
[2009/04/30 03:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeDe Angelillis\Application Data\Broadcom
[2013/04/16 15:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeDe Angelillis\Application Data\Exebny
[2013/04/23 10:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeDe Angelillis\Application Data\Ezniu
[2013/04/16 15:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeDe Angelillis\Application Data\Qeser
[2013/02/08 10:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeDe Angelillis\Application Data\W Photo Studio Viewer
[2009/04/30 03:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeDe Angelillis\Application Data\Wave Systems Corp
[2009/04/30 03:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeDe Angelillis\Application Data\Windows Desktop Search
[2009/05/12 17:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeDe Angelillis\Application Data\Windows Search
[2009/04/30 03:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Broadcom
[2009/04/30 03:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Wave Systems Corp
[2009/04/30 03:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
[2013/04/23 10:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\42e0800a-74cb-4973-afd7-36e4e3e1e60bad

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: SERVICES >
[2008/04/14 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES._ >
[2008/04/14 08:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\I386\SERVICES._

< MD5 for: SERVICES.EX_ >
[2008/04/14 08:00:00 | 000,049,959 | ---- | M] () MD5=EE4885163C0C0729A3C5F1416A6E5F48 -- C:\I386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2008/04/25 17:29:41 | 000,001,602 | ---- | M] () MD5=7209F25586C62053CF0504B21D7E4DC7 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.LNK

< MD5 for: SERVICES.MS_ >
[2008/04/14 08:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2008/04/14 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >
[2008/04/25 12:16:19 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2008/04/25 17:32:32 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2010/02/05 12:13:35 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2010/02/05 12:13:35 | 000,000,886 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012/04/12 09:05:57 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: DEDEA
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DELL 1909W CDFS DVD-ROM 236 MB
Volume 1 E DVD-ROM 0 B
Volume 2 C OS NTFS Partition 149 GB Healthy System
Volume 3 F Removeable 19 MB

< End of report >
  • 0

#43
IVIRIVIAN

IVIRIVIAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : DeDe Angelillis [Admin rights]
Mode : Scan -- Date : 04/23/2013 12:52:48
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKUS\S-1-5-19[...]\Run : Adobe CSx Manager (C:\Documents and Settings\LocalService\Application Data\42e0800a-74cb-4973-afd7-36e4e3e1e60bad\eacbafdeeeebad.exe) [-] -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{57B9B2AA-87B0-47E2-8A13-4CFAECB1D6CF} : NameServer (65.32.1.65,65.32.1.70) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{57B9B2AA-87B0-47E2-8A13-4CFAECB1D6CF} : NameServer (65.32.1.65,65.32.1.70) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{57B9B2AA-87B0-47E2-8A13-4CFAECB1D6CF} : NameServer (65.32.1.65,65.32.1.70) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160815AS +++++
--- User ---
[MBR] 75386c285c9ff6677223cd277cb0e902
[BSP] 33011a5e6af84273cc2c64e92fc9f6b2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 109 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 224910 | Size: 152476 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: PNY USB 2.0 FD USB Device +++++
--- User ---
[MBR] 1dbfae835883833d641466db3bbadbd3
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 38208 | Size: 31183 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_04232013_02d1252.txt >>
RKreport[1]_S_04232013_02d1252.txt
  • 0

#44
IVIRIVIAN

IVIRIVIAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-23 12:34:35
-----------------------------
12:34:35.593 OS Version: Windows 5.1.2600 Service Pack 3
12:34:35.593 Number of processors: 4 586 0x170A
12:34:35.593 ComputerName: DEDEA UserName:
12:34:36.093 Initialize success
12:36:10.859 AVAST engine defs: 13042300
12:36:16.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
12:36:16.500 Disk 0 Vendor: ST316081 4.AD Size: 152587MB BusType: 8
12:36:16.703 Disk 0 MBR read successfully
12:36:16.703 Disk 0 MBR scan
12:36:16.734 Disk 0 Windows VISTA default MBR code
12:36:16.734 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 109 MB offset 63
12:36:16.750 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152476 MB offset 224910
12:36:16.750 Disk 0 scanning sectors +312496380
12:36:16.812 Disk 0 scanning C:\WINDOWS\system32\drivers
12:36:25.656 Service scanning
12:36:47.390 Modules scanning
12:36:51.406 Disk 0 trace - called modules:
12:36:51.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:36:51.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae17030]
12:36:51.921 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8ae18028]
12:36:52.515 AVAST engine scan C:\WINDOWS
12:37:02.781 AVAST engine scan C:\WINDOWS\system32
12:40:04.125 AVAST engine scan C:\WINDOWS\system32\drivers
12:40:15.859 AVAST engine scan C:\Documents and Settings\DeDe Angelillis
12:44:24.734 AVAST engine scan C:\Documents and Settings\All Users
12:45:37.093 Scan finished successfully
12:51:16.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\DeDe Angelillis\Desktop\MBR.dat"
12:51:16.828 The log file has been saved successfully to "C:\Documents and Settings\DeDe Angelillis\Desktop\aswMBR.txt"
  • 0

#45
IVIRIVIAN

IVIRIVIAN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Farbar Service Scanner Version: 14-04-2013
Ran by DeDe Angelillis (administrator) on 23-04-2013 at 12:53:32
Running from "C:\Documents and Settings\DeDe Angelillis\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) mfetdik(8) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP