Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

FixMBR error message - Non-Standard or Invalid Master Boot Record

Started by vhende2000 , Apr 07 2014 07:03 PM

MBR

Please log in to reply

#16
vhende2000

Posted 16 April 2014 - 09:57 PM

Member

Topic Starter
Member
67 posts

Hi, Ron,

The hiberfil.sys file is playing hide and seek with me.

Note: I misspoke on my previous reply:

If I have hibernation ON, I can see the hiberfil.sys file on the C:/ drive but cannot delete it. I get the error message about another program using it.

If I have hibernation OFF, I can not see the hiberfil.sys file so I can not delete it.

Rebooting the PC does nothing to alleviate this problem.

-----------------------------------------------------------------------------------------------------------------------------------------------------------

What about the IPSEC Services problem? How can I get it to start? It is set to Automatic.

------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL.txt

OTL logfile created on: 4/16/2014 11:33:47 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 59.64% Memory free
2.83 Gb Paging File | 2.35 Gb Available in Paging File | 82.97% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.21 Gb Total Space | 72.89 Gb Free Space | 67.36% Space Free | Partition Type: NTFS
Drive D: | 3.56 Gb Total Space | 1.45 Gb Free Space | 40.61% Space Free | Partition Type: FAT32

Computer Name: DALE-CB294F83A9 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/14 00:08:11 | 003,854,640 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/04/14 00:08:09 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/04/07 17:05:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/02 12:40:34 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\providerComcast\bin\tgsrvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 19:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2007/11/04 03:54:11 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/09/21 15:32:56 | 002,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE

========== Modules (No Company Name) ==========

MOD - [2014/04/16 12:50:14 | 002,215,424 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14041601\algo.dll
MOD - [2014/04/14 00:08:25 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/01/02 01:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/04/09 00:40:34 | 003,470,848 | ---- | M] () -- C:\Program Files\ffdshow\ffdshow.ax
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/18 19:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\jsd.dll
MOD - [2008/03/18 19:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\js32.dll
MOD - [2008/01/08 17:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\sqlite3.dll

========== Services (SafeList) ==========

SRV - [2014/04/14 00:08:09 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/03/12 22:53:08 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/12/05 14:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/21 16:50:04 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToAssist\896\g2aservice.exe -- (GoToAssist)
SRV - [2013/05/23 15:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/06/15 08:31:31 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/02 12:40:34 | 000,398,704 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2008/05/02 12:40:34 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\providerComcast\bin\tgsrvc.exe -- (tgsrvc_providercomcast)
SRV - [2008/04/13 19:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/11/04 03:54:11 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/05/05 01:53:00 | 000,036,864 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)

========== Driver Services (SafeList) ==========

DRV - [2014/04/14 00:08:29 | 000,776,976 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/04/14 00:08:29 | 000,180,760 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/04/14 00:08:29 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/04/14 00:08:28 | 000,411,552 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/04/14 00:08:28 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/04/14 00:08:28 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/04/14 00:08:28 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/01/02 16:13:25 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/06/04 17:26:05 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/04/30 01:18:22 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV - [2012/01/18 16:01:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/01/18 16:01:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/06/01 22:37:28 | 000,463,872 | ---- | M] (Belkin Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BLKWGD.sys -- (BLKWGD)
DRV - [2004/08/12 20:45:52 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudio.sys -- (HdAudAddService)
DRV - [2004/06/17 17:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 17:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/04/21 18:51:34 | 000,016,384 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\wlanndi5.sys -- (wlanndi5)
DRV - [2003/12/30 07:38:52 | 000,028,080 | ---- | M] (Ahead Software AG) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {963BE09C-BA62-4C1C-BD8C-AAEBC11D1534}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{963BE09C-BA62-4C1C-BD8C-AAEBC11D1534}: "URL" = http://www.google.co...1I7GGHP_enUS509
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://us.yhs4.searc...313,20031,0,8,0"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2014/04/15 09:11:56 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/14 00:08:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/07/25 21:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/12/07 12:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2014/04/13 18:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions
[2014/02/14 04:13:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\extensions
[2014/01/27 00:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\searchplugins
[2014/02/14 04:13:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\extensions
[2014/02/14 04:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\luz4sz2f.default\extensions
[2014/02/14 04:13:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcnrif9.default\extensions
[2012/07/31 06:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/04/17 08:50:46 | 000,201,930 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/12/23 19:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/13 19:08:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/25 20:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2014/02/25 20:27:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/09/24 13:47:23 | 000,000,741 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108847
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108847
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([answers] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1350107789500 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1349327248093 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341169362656 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.13.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00EAC6EB-FFA1-4580-A258-B439D75AB047}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AB0CAF0-CE5C-4C63-B8DA-E7940C0C142F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\896\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 13:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | --S- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/14 00:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVAST Software
[2014/04/14 00:09:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/04/14 00:08:47 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/04/14 00:08:46 | 000,776,976 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/04/14 00:08:45 | 000,411,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/04/14 00:08:44 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/04/14 00:08:44 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/04/14 00:08:34 | 000,271,264 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/04/14 00:08:26 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/04/13 21:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/04/11 23:06:59 | 002,925,760 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner\Desktop\procexp.exe
[2014/04/11 13:48:03 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2014/04/11 13:10:39 | 000,000,000 | ---D | C] -- C:\FRST
[2014/04/11 13:05:37 | 001,145,856 | ---- | C] (Farbar) -- C:\Documents and Settings\Owner\Desktop\FRST.exe
[2014/04/07 21:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Geeks to Go Forums
[2014/04/07 17:05:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/04/06 23:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Comodo Rescue Disk Info
[2014/04/06 21:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2014/04/06 21:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014/04/06 21:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2014/04/06 19:06:13 | 000,000,000 | ---D | C] -- C:\cce_linux
[2014/04/04 18:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Kaspersky Rescue Disk 10 Info
[2014/04/03 23:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Boot_CD.exe DiskInternals Research
[2014/04/03 22:51:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\nLite
[2014/04/03 22:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\nLite
[2014/04/03 22:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IsoBuster
[2014/04/03 22:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Smart File Advisor
[2014/04/03 22:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Smart Projects
[2014/04/03 21:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\XPCD
[2014/04/02 23:33:36 | 000,000,000 | ---D | C] -- C:\temp
[2014/04/02 21:46:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2014/04/01 23:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RK_Quarantine
[2014/04/01 22:40:34 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/03/31 23:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\BitDefender Info
[2014/03/31 23:01:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\InfraRecorder
[2014/03/31 21:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Recovery Console Info
[2014/03/31 21:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\InstallShield Help
[2014/03/23 17:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Nancy's Stuff
[2014/03/22 22:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ImgBurn
[2014/03/21 23:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2014/03/21 22:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2014/03/19 23:33:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2014/03/19 02:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\DiskInternals
[2014/03/19 02:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\DiskInternals
[2005/10/31 19:31:16 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/04/16 23:40:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{42A951E1-2420-488F-90DF-B97E760D7A04}.job
[2014/04/16 23:14:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/16 22:33:45 | 1600,962,560 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/16 22:30:09 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/16 22:29:40 | 000,000,362 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/04/16 22:29:39 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cf489155d2e0d8.job
[2014/04/16 22:29:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/16 17:12:10 | 000,000,374 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\10 Ways to Lose Friends and Irritate People - Yahoo Small Business Advisor.url
[2014/04/15 22:49:13 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\What is hiberfil.sys and How Do I Delete It.url
[2014/04/14 22:00:31 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Copic Doodle Sets - BLICK art materials.url
[2014/04/14 00:08:29 | 000,776,976 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/04/14 00:08:29 | 000,180,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/04/14 00:08:29 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/04/14 00:08:28 | 000,411,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2014/04/14 00:08:28 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/04/14 00:08:28 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/04/14 00:08:28 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/04/14 00:08:26 | 000,271,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/04/14 00:08:26 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/04/13 23:23:25 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/04/13 02:19:10 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/04/11 23:07:08 | 002,925,760 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Owner\Desktop\procexp.exe
[2014/04/11 21:47:31 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\VEW.exe
[2014/04/11 13:48:05 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2014/04/11 13:05:40 | 001,145,856 | ---- | M] (Farbar) -- C:\Documents and Settings\Owner\Desktop\FRST.exe
[2014/04/09 19:16:10 | 000,000,861 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\iHeartRadio Radio Stations.url
[2014/04/09 10:55:54 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/04/09 08:43:29 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows XP support has ended - Microsoft Windows.url
[2014/04/09 00:27:38 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2014/04/08 23:18:00 | 000,000,332 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\VernonD - Microsoft Community.url
[2014/04/08 15:00:00 | 000,000,216 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/08 13:43:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/04/07 17:05:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2014/04/06 23:17:17 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\How To Check For And Fix MBR Virus Infection.url
[2014/04/06 18:22:02 | 000,001,654 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Restore Your PC by Booting from a Recovery CD.url
[2014/04/04 18:41:01 | 000,000,181 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\How-To Geek.url
[2014/04/04 16:02:32 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Firewall (2).lnk
[2014/04/03 23:41:52 | 000,000,280 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Where can I find Windows drivers for my SATA drive.url
[2014/04/03 23:17:59 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Download undelete software. NTFS Recovery (2).url
[2014/04/03 20:28:32 | 000,000,555 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\how to boot into miniXP - Google Search.url
[2014/04/01 22:40:34 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/01 22:38:59 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/01 22:00:43 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2014/03/22 20:53:40 | 000,000,298 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\TeraByte Unlimited Support How-To Guides.url
[2014/03/21 23:40:04 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2014/03/19 23:50:01 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/19 03:19:00 | 1040,355,328 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\vista_6000.16386.061101-2205-LRMAIK_EN.img
[2014/03/19 02:24:21 | 000,000,482 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Can I use Windows AIK for my XP computer - Microsoft Community.url
[2014/03/19 02:21:39 | 000,001,656 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Download Windows Automated Installation Kit (AIK) from Official Microsoft Download Center.url
[2014/03/19 02:12:50 | 000,000,509 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\windows aik xp - Google Search.url
[2014/03/19 01:43:48 | 000,001,617 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Download undelete software. NTFS Recovery.url
[2014/03/18 23:38:42 | 000,594,234 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/03/18 23:38:41 | 000,118,918 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/18 00:13:02 | 000,325,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/16 22:33:45 | 1600,962,560 | -HS- | C] () -- C:\hiberfil.sys
[2014/04/16 17:12:10 | 000,000,374 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\10 Ways to Lose Friends and Irritate People - Yahoo Small Business Advisor.url
[2014/04/15 22:49:13 | 000,002,275 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\What is hiberfil.sys and How Do I Delete It.url
[2014/04/14 22:00:31 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Copic Doodle Sets - BLICK art materials.url
[2014/04/14 00:09:23 | 000,000,362 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/04/14 00:08:47 | 000,180,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/04/14 00:08:45 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/04/11 21:47:30 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\VEW.exe
[2014/04/09 08:43:29 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows XP support has ended - Microsoft Windows.url
[2014/04/09 00:27:31 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2014/04/07 23:07:00 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2014/04/06 23:17:17 | 000,002,279 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\How To Check For And Fix MBR Virus Infection.url
[2014/04/04 18:40:52 | 000,000,181 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\How-To Geek.url
[2014/04/04 16:02:32 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows Firewall (2).lnk
[2014/04/03 23:41:52 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Where can I find Windows drivers for my SATA drive.url
[2014/04/03 23:17:59 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Download undelete software. NTFS Recovery (2).url
[2014/04/03 23:17:43 | 000,001,654 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Restore Your PC by Booting from a Recovery CD.url
[2014/04/01 22:00:43 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2014/03/25 20:18:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cf489155d2e0d8.job
[2014/03/21 23:40:04 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2014/03/19 23:50:01 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2014/03/19 03:08:56 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\TeraByte Unlimited Support How-To Guides.url
[2014/03/19 03:06:52 | 1040,355,328 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\vista_6000.16386.061101-2205-LRMAIK_EN.img
[2014/03/19 02:24:21 | 000,000,482 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Can I use Windows AIK for my XP computer - Microsoft Community.url
[2014/03/19 02:21:39 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Download Windows Automated Installation Kit (AIK) from Official Microsoft Download Center.url
[2014/03/19 02:12:50 | 000,000,509 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\windows aik xp - Google Search.url
[2014/03/19 01:43:48 | 000,001,617 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Download undelete software. NTFS Recovery.url
[2013/07/30 14:55:51 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/06/27 20:50:10 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2013/06/21 16:49:42 | 000,103,832 | ---- | C] () -- C:\Documents and Settings\Owner\GoToAssistDownloadHelper.exe
[2013/05/24 15:25:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\KUDOVW32.INI
[2013/05/24 15:12:09 | 000,086,304 | ---- | C] () -- C:\WINDOWS\System32\rhvideo.dll
[2013/05/22 01:10:31 | 000,001,179 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/10/29 22:22:43 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
[2012/10/17 01:05:19 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/10/13 18:48:24 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/10/08 10:09:22 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/06/15 08:34:16 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/05/03 19:29:30 | 000,308,560 | ---- | C] () -- C:\WINDOWS\System32\vipre.dll
[2012/05/03 19:29:29 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/03/28 00:46:24 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/06 00:13:11 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2007/01/20 01:17:06 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== ZeroAccess Check ==========

[2005/05/04 01:26:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Extras.txt

OTL Extras logfile created on: 4/16/2014 11:33:47 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 59.64% Memory free
2.83 Gb Paging File | 2.35 Gb Available in Paging File | 82.97% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.21 Gb Total Space | 72.89 Gb Free Space | 67.36% Space Free | Partition Type: NTFS
Drive D: | 3.56 Gb Total Space | 1.45 Gb Free Space | 40.61% Space Free | Partition Type: FAT32

Computer Name: DALE-CB294F83A9 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- NOTEPAD.EXE %1 (Microsoft Corporation)
Unknown [openas] -- "C:\Program Files\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Internet Chess Club\BlitzIn 2.5\BlitzIn25.exe" = C:\Program Files\Internet Chess Club\BlitzIn 2.5\BlitzIn25.exe:*:Disabled:BlitzIn 2.5 -- (Internet Chess Club)
"C:\Program Files\ChessLive4\ChessLive.exe" = C:\Program Files\ChessLive4\ChessLive.exe:*:Disabled:Chess Live 4.2 -- ( )
"C:\Program Files\Internet Chess Club\Dasher_1.0.1\Dasher.exe" = C:\Program Files\Internet Chess Club\Dasher_1.0.1\Dasher.exe:*:Disabled:ICC Dasher -- (Internet Chess Club, Inc.)
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal Email Scanner
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{06810DC6-3501-40FE-BCB3-1A7BE6398A36}" = uPlayer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15F53CD8-552B-40D3-BEB1-13E710CA6C3F}" = Family Tree Maker 2008
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5314FAC0-F8A5-4432-8980-251D055B2C5B}" = Belkin Wireless Utility
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E4BEB77-BEA9-4544-AB74-06EDE6CE3D39}" = Comcast User Setup
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8C3083C-A1C1-4248-B0E2-14A7D9F2E9EF}" = BCL easyConverter SDK 1.0.0 Module
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01653EF-9F9F-41D6-B879-654A6BF5892C}" = Digital Locker Assistant
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip 9.20" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.2
"CCleaner" = CCleaner
"Comcast" = Easy Solve
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Defraggler" = Defraggler
"DivX Setup" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"FileHippo.com" = FileHippo.com Update Checker
"GoToAssist" = GoToAssist Corporate
"Graboid Video" = Graboid Video 4.8
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro37" = HitmanPro 3.7
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{15F53CD8-552B-40D3-BEB1-13E710CA6C3F}" = Family Tree Maker 2008
"InstallShield_{5314FAC0-F8A5-4432-8980-251D055B2C5B}" = Belkin Wireless Utility
"IsoBuster_is1" = IsoBuster 3.3
"Kudo® Catalog Reader" = Kudo® Catalog Reader 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mplayer" = Mplayer 0.6.9
"MRW!UninstallKey" = InCD EasyWrite Reader
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"nLite_is1" = nLite 1.4.9.3
"PROSet" = Intel® PRO Network Adapters and Drivers
"Revo Uninstaller" = Revo Uninstaller 1.95
"Security Task Manager" = Security Task Manager 1.8g
"Smart File Advisor_is1" = Smart File Advisor 1.2.0
"SMPlayer" = SMPlayer 0.6.9
"Speccy" = Speccy
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 1.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo! Widget Engine" = Yahoo! Widgets

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/15/2014 10:09:42 AM | Computer Name = DALE-CB294F83A9 | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
try to use the backed up profile the next time this user logs on.

Error - 4/15/2014 10:09:42 AM | Computer Name = DALE-CB294F83A9 | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 4/15/2014 10:09:44 AM | Computer Name = DALE-CB294F83A9 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights.       DETAIL - The process cannot access the
file because it is being used by another process. for C:\Documents and Settings\Owner\ntuser.dat

Error - 4/15/2014 10:09:51 AM | Computer Name = DALE-CB294F83A9 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights.       DETAIL - The process cannot access the
file because it is being used by another process. for C:\Documents and Settings\LocalService\ntuser.dat

Error - 4/15/2014 10:09:51 AM | Computer Name = DALE-CB294F83A9 | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator.       DETAIL - The process
cannot access the file because it is being used by another process.

Error - 4/15/2014 10:09:51 AM | Computer Name = DALE-CB294F83A9 | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
try to use the backed up profile the next time this user logs on.

Error - 4/15/2014 10:09:51 AM | Computer Name = DALE-CB294F83A9 | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 4/15/2014 10:10:07 AM | Computer Name = DALE-CB294F83A9 | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator.       DETAIL - The process
cannot access the file because it is being used by another process.

Error - 4/15/2014 10:10:12 AM | Computer Name = DALE-CB294F83A9 | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
try to use the backed up profile the next time this user logs on.

Error - 4/15/2014 10:10:43 AM | Computer Name = DALE-CB294F83A9 | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

[ System Events ]
Error - 4/16/2014 12:01:43 AM | Computer Name = DALE-CB294F83A9 | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
   %%1058

Error - 4/16/2014 12:32:07 AM | Computer Name = DALE-CB294F83A9 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error:   %%1747

Error - 4/16/2014 1:31:07 AM | Computer Name = DALE-CB294F83A9 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error:   %%1747

Error - 4/16/2014 1:31:07 AM | Computer Name = DALE-CB294F83A9 | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
   %%1058

Error - 4/16/2014 6:21:43 AM | Computer Name = DALE-CB294F83A9 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error:   %%1747

Error - 4/16/2014 6:21:43 AM | Computer Name = DALE-CB294F83A9 | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
   %%1058

Error - 4/16/2014 1:46:51 PM | Computer Name = DALE-CB294F83A9 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error:   %%1747

Error - 4/16/2014 1:46:51 PM | Computer Name = DALE-CB294F83A9 | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
   %%1058

Error - 4/16/2014 11:29:42 PM | Computer Name = DALE-CB294F83A9 | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error:   %%1747

Error - 4/16/2014 11:29:42 PM | Computer Name = DALE-CB294F83A9 | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
   %%1058

< End of report >
------------------------------------------------------------------------------------------------------------------------------------------------------

Hope this helps,

Vernon

Edited by vhende2000, 16 April 2014 - 11:10 PM.

#17
vhende2000

Posted 16 April 2014 - 10:59 PM

Member

Topic Starter
Member
67 posts

Hi, Ron,

[Edited below]

I'm still trying to catch up on a few things.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\IPsec\Policy\Local.

I do not have this registry subkey.

Click Start, click Run, type regsvr32 polstore.dll, and then click OK.

I did this and rebooted.

Then I went to Run/services.msc, and I find that IPSEC Services is set to Automatic and is stopped.

If I try to Start this service, I get an error message stating:

"Could not start the IPSEC Services service on Local Computer.

Error 1747: The authentication service is unknown."

Do you still want me to run VEW for System again?

You said "The file D:\PRELOAD\data9_01.inp is corrupt. You should delete it manually."

I deleted it. What was it for anyway? The D:/ drive is the 'Recovery' drive and is in the second, smaller, partition.

I found the C:\hiberfil.sys file with Hibernate ~~off~~ (ON), but can not delete it. The error message says another program is using it.

Vernon

Edited by vhende2000, 16 April 2014 - 11:01 PM.

#18
RKinner

Posted 17 April 2014 - 12:48 AM

Malware Expert

Expert
24,625 posts

The file is supposed to be deleted when you turn it off. Appears that that is the case. When you turn it back on then it gets recreated. It should be clean now.

Going back to the ipsec problem let's try

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

Clear the alarms and reboot then run VEW and see if it made any difference.

#19
vhende2000

Posted 17 April 2014 - 08:07 PM

Member

Topic Starter
Member
67 posts

Hi, Ron,

Your link to download the ServicesRepair.exe program did not download properly. It would not run probably because of the missing .exe portion of the file name. I went to an alternate site and downloaded it completely and ran it, results below.

I am not sure what you mean by "Clear the alarms (?) and reboot".

I will rerun VEW and post log files below.

---------------------------------------------------------------------------------------------------------------------------------------------------

SvcRepair.log

Log Opened: 2014-04-17 @ 19:36:41
19:36:41 - -----------------
19:36:41 - | Begin Logging |
19:36:41 - -----------------
19:36:41 - Fix started on a WIN_XP X86 computer
19:36:41 - Prep in progress. Please Wait.
19:36:48 - Prep complete
19:36:48 - Repairing Services Now. Please wait...

SetACL finished successfully.

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Setup>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.

SetACL finished successfully.
19:36:56 - Services Repair Complete.
19:37:07 - Reboot Initiated

---------------------------------------------------------------------------------------------------------------------------------------------

VEC - System

Vino's Event Viewer v01c run on Windows XP in English
Report run at 17/04/2014 9:47:14 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/04/2014 9:21:48 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 17/04/2014 9:21:48 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The IPSEC Services service terminated with the following error: The authentication service is unknown.

Log: 'System' Date/Time: 17/04/2014 7:40:15 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 17/04/2014 7:40:15 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The IPSEC Services service terminated with the following error: The authentication service is unknown.

Log: 'System' Date/Time: 17/04/2014 10:32:57 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 17/04/2014 10:32:57 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The IPSEC Services service terminated with the following error: The authentication service is unknown.

Log: 'System' Date/Time: 17/04/2014 6:10:05 AM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 17/04/2014 6:09:54 AM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

Log: 'System' Date/Time: 17/04/2014 6:09:02 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 17/04/2014 6:09:02 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The IPSEC Services service terminated with the following error: The authentication service is unknown.

Log: 'System' Date/Time: 16/04/2014 10:29:42 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 16/04/2014 10:29:42 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The IPSEC Services service terminated with the following error: The authentication service is unknown.

Log: 'System' Date/Time: 16/04/2014 12:46:51 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 16/04/2014 12:46:51 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The IPSEC Services service terminated with the following error: The authentication service is unknown.

Log: 'System' Date/Time: 16/04/2014 5:21:43 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 16/04/2014 5:21:43 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The IPSEC Services service terminated with the following error: The authentication service is unknown.

Log: 'System' Date/Time: 16/04/2014 12:31:07 AM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 16/04/2014 12:31:07 AM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The IPSEC Services service terminated with the following error: The authentication service is unknown.

Log: 'System' Date/Time: 15/04/2014 11:32:07 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The IPSEC Services service terminated with the following error: The authentication service is unknown.

Log: 'System' Date/Time: 15/04/2014 11:01:43 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/04/2014 9:21:48 PM
Type: warning Category: 0
Event: 1101 Source: SNMP
The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion because it is missing or misconfigured.

Log: 'System' Date/Time: 17/04/2014 7:40:15 PM
Type: warning Category: 0
Event: 1101 Source: SNMP
The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion because it is missing or misconfigured.

Log: 'System' Date/Time: 17/04/2014 7:40:11 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0011506F8ED1. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 17/04/2014 10:32:50 AM
Type: warning Category: 0
Event: 1101 Source: SNMP
The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion because it is missing or misconfigured.

Log: 'System' Date/Time: 17/04/2014 6:09:02 AM
Type: warning Category: 0
Event: 1101 Source: SNMP
The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion because it is missing or misconfigured.

Log: 'System' Date/Time: 17/04/2014 1:22:54 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 16/04/2014 10:29:43 PM
Type: warning Category: 0
Event: 1101 Source: SNMP
The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion because it is missing or misconfigured.

Log: 'System' Date/Time: 16/04/2014 12:46:51 PM
Type: warning Category: 0
Event: 1101 Source: SNMP
The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion because it is missing or misconfigured.

Log: 'System' Date/Time: 16/04/2014 5:21:48 AM
Type: warning Category: 0
Event: 1101 Source: SNMP
The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion because it is missing or misconfigured.

Log: 'System' Date/Time: 16/04/2014 12:31:07 AM
Type: warning Category: 0
Event: 1101 Source: SNMP
The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion because it is missing or misconfigured.

Log: 'System' Date/Time: 16/04/2014 12:31:03 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0011506F8ED1. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 15/04/2014 11:01:44 PM
Type: warning Category: 0
Event: 1101 Source: SNMP
The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion because it is missing or misconfigured.

Log: 'System' Date/Time: 15/04/2014 10:14:36 PM
Type: warning Category: 0
Event: 1101 Source: SNMP
The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion because it is missing or misconfigured.

Log: 'System' Date/Time: 15/04/2014 7:55:28 PM
Type: warning Category: 0
Event: 1101 Source: SNMP
The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion because it is missing or misconfigured.

Log: 'System' Date/Time: 15/04/2014 9:09:57 AM
Type: warning Category: 0
Event: 1101 Source: SNMP
The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion because it is missing or misconfigured.

Log: 'System' Date/Time: 14/04/2014 7:58:51 PM
Type: warning Category: 0
Event: 1101 Source: SNMP
The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion because it is missing or misconfigured.

Log: 'System' Date/Time: 14/04/2014 8:29:17 AM
Type: warning Category: 0
Event: 1101 Source: SNMP
The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion because it is missing or misconfigured.

Log: 'System' Date/Time: 14/04/2014 8:23:56 AM
Type: warning Category: 0
Event: 1073 Source: USER32
The attempt to power off DALE-CB294F83A9 failed

Log: 'System' Date/Time: 14/04/2014 8:17:05 AM
Type: warning Category: 0
Event: 1101 Source: SNMP
The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion because it is missing or misconfigured.

Log: 'System' Date/Time: 14/04/2014 6:35:05 AM
Type: warning Category: 0
Event: 1101 Source: SNMP
The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion because it is missing or misconfigured.

----------------------------------------------------------------------------------------------------------------------------------------------

VEC - Application

Vino's Event Viewer v01c run on Windows XP in English
Report run at 17/04/2014 9:48:12 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 15/04/2014 9:10:43 AM
Type: error Category: 0
Event: 1511 Source: Userenv
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Log: 'Application' Date/Time: 15/04/2014 9:10:12 AM
Type: error Category: 0
Event: 1515 Source: Userenv
Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.

Log: 'Application' Date/Time: 15/04/2014 9:10:07 AM
Type: error Category: 0
Event: 1502 Source: Userenv
Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator. DETAIL - The process cannot access the file because it is being used by another process.

Log: 'Application' Date/Time: 15/04/2014 9:09:51 AM
Type: error Category: 0
Event: 1511 Source: Userenv
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Log: 'Application' Date/Time: 15/04/2014 9:09:51 AM
Type: error Category: 0
Event: 1515 Source: Userenv
Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.

Log: 'Application' Date/Time: 15/04/2014 9:09:51 AM
Type: error Category: 0
Event: 1502 Source: Userenv
Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator. DETAIL - The process cannot access the file because it is being used by another process.

Log: 'Application' Date/Time: 15/04/2014 9:09:51 AM
Type: error Category: 0
Event: 1508 Source: Userenv
Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights. DETAIL - The process cannot access the file because it is being used by another process. for C:\Documents and Settings\LocalService\ntuser.dat

Log: 'Application' Date/Time: 15/04/2014 9:09:44 AM
Type: error Category: 0
Event: 1508 Source: Userenv
Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights. DETAIL - The process cannot access the file because it is being used by another process. for C:\Documents and Settings\Owner\ntuser.dat

Log: 'Application' Date/Time: 15/04/2014 9:09:42 AM
Type: error Category: 0
Event: 1511 Source: Userenv
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Log: 'Application' Date/Time: 15/04/2014 9:09:42 AM
Type: error Category: 0
Event: 1515 Source: Userenv
Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.

Log: 'Application' Date/Time: 15/04/2014 9:09:42 AM
Type: error Category: 0
Event: 1502 Source: Userenv
Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator. DETAIL - The process cannot access the file because it is being used by another process.

Log: 'Application' Date/Time: 15/04/2014 9:09:42 AM
Type: error Category: 0
Event: 1508 Source: Userenv
Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights. DETAIL - The process cannot access the file because it is being used by another process. for C:\Documents and Settings\NetworkService\ntuser.dat

Log: 'Application' Date/Time: 14/04/2014 8:35:55 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 13/04/2014 5:31:03 PM
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket 1180947459.

Log: 'Application' Date/Time: 13/04/2014 5:30:52 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/04/2014 9:21:47 PM
Type: warning Category: 0
Event: 1015 Source: EvntAgnt
TraceLevel parameter not located in registry; Default trace level used is 32.

Log: 'Application' Date/Time: 17/04/2014 9:21:47 PM
Type: warning Category: 0
Event: 1003 Source: EvntAgnt
TraceFileName parameter not located in registry; Default trace file used is .

Log: 'Application' Date/Time: 17/04/2014 7:40:15 PM
Type: warning Category: 0
Event: 1015 Source: EvntAgnt
TraceLevel parameter not located in registry; Default trace level used is 32.

Log: 'Application' Date/Time: 17/04/2014 7:40:15 PM
Type: warning Category: 0
Event: 1003 Source: EvntAgnt
TraceFileName parameter not located in registry; Default trace file used is .

Log: 'Application' Date/Time: 17/04/2014 10:32:48 AM
Type: warning Category: 0
Event: 1015 Source: EvntAgnt
TraceLevel parameter not located in registry; Default trace level used is 32.

Log: 'Application' Date/Time: 17/04/2014 10:32:48 AM
Type: warning Category: 0
Event: 1003 Source: EvntAgnt
TraceFileName parameter not located in registry; Default trace file used is .

Log: 'Application' Date/Time: 17/04/2014 6:09:02 AM
Type: warning Category: 0
Event: 1015 Source: EvntAgnt
TraceLevel parameter not located in registry; Default trace level used is 32.

Log: 'Application' Date/Time: 17/04/2014 6:09:02 AM
Type: warning Category: 0
Event: 1003 Source: EvntAgnt
TraceFileName parameter not located in registry; Default trace file used is .

Log: 'Application' Date/Time: 16/04/2014 10:29:43 PM
Type: warning Category: 0
Event: 1015 Source: EvntAgnt
TraceLevel parameter not located in registry; Default trace level used is 32.

Log: 'Application' Date/Time: 16/04/2014 10:29:43 PM
Type: warning Category: 0
Event: 1003 Source: EvntAgnt
TraceFileName parameter not located in registry; Default trace file used is .

Log: 'Application' Date/Time: 16/04/2014 10:27:01 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user DALE-CB294F83A9\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 16/04/2014 12:46:51 PM
Type: warning Category: 0
Event: 1015 Source: EvntAgnt
TraceLevel parameter not located in registry; Default trace level used is 32.

Log: 'Application' Date/Time: 16/04/2014 12:46:51 PM
Type: warning Category: 0
Event: 1003 Source: EvntAgnt
TraceFileName parameter not located in registry; Default trace file used is .

Log: 'Application' Date/Time: 16/04/2014 5:21:45 AM
Type: warning Category: 0
Event: 1015 Source: EvntAgnt
TraceLevel parameter not located in registry; Default trace level used is 32.

Log: 'Application' Date/Time: 16/04/2014 5:21:45 AM
Type: warning Category: 0
Event: 1003 Source: EvntAgnt
TraceFileName parameter not located in registry; Default trace file used is .

Log: 'Application' Date/Time: 16/04/2014 12:31:07 AM
Type: warning Category: 0
Event: 1015 Source: EvntAgnt
TraceLevel parameter not located in registry; Default trace level used is 32.

Log: 'Application' Date/Time: 16/04/2014 12:31:07 AM
Type: warning Category: 0
Event: 1003 Source: EvntAgnt
TraceFileName parameter not located in registry; Default trace file used is .

Log: 'Application' Date/Time: 15/04/2014 11:01:44 PM
Type: warning Category: 0
Event: 1015 Source: EvntAgnt
TraceLevel parameter not located in registry; Default trace level used is 32.

Log: 'Application' Date/Time: 15/04/2014 11:01:44 PM
Type: warning Category: 0
Event: 1003 Source: EvntAgnt
TraceFileName parameter not located in registry; Default trace file used is .

Log: 'Application' Date/Time: 15/04/2014 10:14:36 PM
Type: warning Category: 0
Event: 1015 Source: EvntAgnt
TraceLevel parameter not located in registry; Default trace level used is 32.

------------------------------------------------------------------------------------------------------------------------------------------------------

There you go.

I've looked at some of these files and I have to admit that I don't fully understand or appreciate just what I'm looking at.

It appears that we are making some progress, exactly what that is, I'm not completely sure.

Although, a second look at some of these reports suggests that there are quite a few more errors or problems to fix.

I originally started this thread because I was getting what I (and others) thought was a major problem with the MBR. All these "other problems" were unknown to me until now.

Do we know one way, or the other, whether what I was seeing while running C:\fixMBR from the recovery console was an actual problem or is it just possible that Gateway computers have a non-standard MBR and the error message is normal?

Anyway, how are we doing? We seem to be doing quite a few fixes.

How is it even possible that I could even be able to use the computer all along with all these errors present?

Note that I have been running all kinds of antispyware, antivirus, antimalware, and antirootkit programs to the point that nothing "bad" is found, making it at least look like everything has been taken care of.

What else could I have been doing all along to prevent the system from getting into the state it's obviously in?

Mind you, I have been working with folks from Microsoft, Adobe, MalwareBytes, ComCast, Hulu.com., and many others and not one of them has had me run any of these types of programs you are using.

Thanks very much for your time,

Vernon

Edited by vhende2000, 17 April 2014 - 09:30 PM.

#20
RKinner

Posted 17 April 2014 - 08:35 PM

Malware Expert

Expert
24,625 posts

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt

notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

#21
vhende2000

Posted 17 April 2014 - 10:49 PM

Member

Topic Starter
Member
67 posts

Hi,Ron,

You're up late, it's 11:40pm Chicagoland time.

My Computer Management (Local) is slightly different than your instructions. I have WinXP Home Edition.
Did that and rebooted.

Since the next step will take a while to complete, I'll post it in a bit.

Question: Your instructions:

"Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow
This will check your critical system files."

Is'nt this the same as Start/Run/SFC / scannow/OK?

I'll do it your way but was just wondering about that. Is it different somehow?

Since I am the Owner and set up as Administrator under my name Dale, is that the same as running under Administrator? Are there any priviledges for one that the other does not have?

Vernon

Edited by vhende2000, 17 April 2014 - 11:22 PM.

#22
RKinner

Posted 17 April 2014 - 11:32 PM

Malware Expert

Expert
24,625 posts

For XP disregard the sfc /scannow. It doesn't work all that well. I gave you the wrong instructions.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Double-click VEW.exe

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

#23
vhende2000

Posted 18 April 2014 - 02:48 PM

Member

Topic Starter
Member
67 posts

Hi, Ron,

Boy, I must have really been tired last night. I had compiled a complete reply including the log results and I thought I had posted it correctly, but it doesn't show up here at all. Oh,well, I repeated it below.

VEW - System

Vino's Event Viewer v01c run on Windows XP in English
Report run at 18/04/2014 3:39:53 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/04/2014 3:19:21 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 18/04/2014 3:19:21 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The IPSEC Services service terminated with the following error: The authentication service is unknown.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/04/2014 3:19:22 PM
Type: warning Category: 0
Event: 1101 Source: SNMP
The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion because it is missing or misconfigured.

VEW -Application

Vino's Event Viewer v01c run on Windows XP in English
Report run at 18/04/2014 3:47:31 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/04/2014 3:19:22 PM
Type: warning Category: 0
Event: 1015 Source: EvntAgnt
TraceLevel parameter not located in registry; Default trace level used is 32.

Log: 'Application' Date/Time: 18/04/2014 3:19:22 PM
Type: warning Category: 0
Event: 1003 Source: EvntAgnt
TraceFileName parameter not located in registry; Default trace file used is .

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Does Gateway actually have a non-standard MBR, or does the error message I get after running fixMBR from the Recovery Console really represent a real problem there?

Have we done anything to correct that particular problem, or are we just working up to it?

I guess I could run fixMBR on reboot to find out if it has changed.

Would I EVER go ahead and actually have it "fix" the MBR as the response suggests?

Thanks,

Vernon

Edited by vhende2000, 18 April 2014 - 04:13 PM.

#24
RKinner

Posted 18 April 2014 - 04:44 PM

Malware Expert

Expert
24,625 posts

Gateway uses their own MBR so they can do recovery from a hidden partition.

MBRCheck said it was actually a version of Win 98 MBR. The SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E googles with 1200 hits so it's not a sign of infection.

Is there some reason that you have SNMP turned on?

If you don't need it then turn it off.

Method 1: Disable the SNMP service If you do not use the SNMP service, disable the service. To do this, follow these steps:

Click Start, click Run, type services.msc and then click OK.
In the Services list, right-click SNMP and then click Properties.
In the Startup type list box, click Disabled.
Click OK to close the SNMP Properties dialog box.

Let's look at the registry entries associated with ipsec:

Copy the next 2 lines:

reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /s > \junk.txt

notepad \junk.txt

Open a command Prompt. (Start, Run, cmd, OK or Start, All Programs, Accessories, Command Prompt)

Right click and Paste or Edit then Paste and the copied text should appear.

IF notepad does not open hit Enter.

Copy the text from notepad into a reply.

#25
vhende2000

Posted 18 April 2014 - 05:48 PM

Member

Topic Starter
Member
67 posts

Hi, Ron,

I don't do any network management, so I turned SNMP off, stopped & Disabled.

An error message showed up after running the command line above:

"Acess is denied in the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials".

Junk.txt

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    AutoRestartShell REG_DWORD 0x1
    LegalNoticeCaption REG_SZ
    LegalNoticeText REG_SZ
    PowerdownAfterShutdown REG_SZ 0
    ReportBootOk REG_SZ 1
    Shell REG_SZ Explorer.exe
    ShutdownWithoutLogon REG_SZ 0
    System REG_SZ
    Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
    VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
    SfcQuota REG_DWORD 0xffffffff
    allocatecdroms REG_SZ 0
    allocatedasd REG_SZ 0
    allocatefloppies REG_SZ 0
    cachedlogonscount REG_SZ 10
    forceunlocklogon REG_DWORD 0x0
    passwordexpirywarning REG_DWORD 0xe
    scremoveoption REG_SZ 0
    AllowMultipleTSSessions REG_DWORD 0x1
    UIHost REG_EXPAND_SZ logonui.exe
    LogonType REG_DWORD 0x1
    Background REG_SZ 0 0 0
    DebugServerCommand REG_SZ no
    SFCDisable REG_DWORD 0x0
    WinStationsDisabled REG_SZ 0
    HibernationPreviouslyEnabled REG_DWORD 0x1
    ShowLogonOptions REG_DWORD 0x0
    AltDefaultUserName REG_SZ Owner
    AltDefaultDomainName REG_SZ DALE-CB294F83A9
    GpNetworkStartTimeoutPolicyValue REG_DWORD 0x0
    ChangePasswordUseKerberos REG_DWORD 0x1
    LegalNotice Text REG_SZ
    AutoAdminLogon REG_SZ 0
    DefaultUserName REG_SZ Owner
    DefaultDomainName REG_SZ DALE-CB294F83A9

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}
    <NO NAME> REG_SZ Microsoft Disk Quota
    NoMachinePolicy REG_DWORD 0x0
    NoUserPolicy REG_DWORD 0x1
    NoSlowLink REG_DWORD 0x1
    NoBackgroundPolicy REG_DWORD 0x1
    NoGPOListChanges REG_DWORD 0x1
    PerUserLocalSettings REG_DWORD 0x0
    RequiresSuccessfulRegistry REG_DWORD 0x1
    EnableAsynchronousProcessing REG_DWORD 0x0
    DllName REG_EXPAND_SZ dskquota.dll
    ProcessGroupPolicy REG_SZ ProcessGroupPolicy

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
    <NO NAME> REG_SZ Internet Explorer Zonemapping
    DllName REG_SZ C:\WINDOWS\system32\iedkcs32.dll
    ProcessGroupPolicy REG_SZ ProcessGroupPolicyForZoneMap
    NoGPOListChanges REG_DWORD 0x1
    RequiresSucessfulRegistry REG_DWORD 0x1
    DisplayName REG_SZ @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
    RequiresSuccessfulRegistry REG_DWORD 0x1

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}
    <NO NAME> REG_SZ Windows Search Group Policy Extension
    DllName REG_EXPAND_SZ %SystemRoot%\System32\srchadmin.dll
    EnableAsynchronousProcessing REG_DWORD 0x1
    NoBackgroundPolicy REG_DWORD 0x0
    NoGPOListChanges REG_DWORD 0x1
    NoMachinePolicy REG_DWORD 0x0
    NoSlowLink REG_DWORD 0x0
    NoUserPolicy REG_DWORD 0x0
    PerUserLocalSettings REG_DWORD 0x0
    ProcessGroupPolicy REG_SZ ProcessGroupPolicy
    RequiresSuccessfulRegistry REG_DWORD 0x1

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}
    <NO NAME> REG_SZ Internet Explorer User Accelerators
    DisplayName REG_SZ @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
    DllName REG_SZ C:\WINDOWS\system32\iedkcs32.dll
    NoGPOListChanges REG_DWORD 0x1
    ProcessGroupPolicy REG_SZ ProcessGroupPolicyForActivities
    ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyForActivitiesEx
    RequiresSuccessfulRegistry REG_DWORD 0x1

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}
    ProcessGroupPolicy REG_SZ SceProcessSecurityPolicyGPO
    GenerateGroupPolicy REG_SZ SceGenerateGroupPolicy
    ExtensionRsopPlanningDebugLevel REG_DWORD 0x1
    ProcessGroupPolicyEx REG_SZ SceProcessSecurityPolicyGPOEx
    ExtensionDebugLevel REG_DWORD 0x1
    DllName REG_EXPAND_SZ scecli.dll
    <NO NAME> REG_SZ Security
    NoUserPolicy REG_DWORD 0x1
    NoGPOListChanges REG_DWORD 0x1
    EnableAsynchronousProcessing REG_DWORD 0x1
    MaxNoGPOListChangesInterval REG_DWORD 0x3c0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
    ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyEx
    GenerateGroupPolicy REG_SZ GenerateGroupPolicy
    ProcessGroupPolicy REG_SZ ProcessGroupPolicy
    DllName REG_SZ C:\WINDOWS\system32\iedkcs32.dll
    <NO NAME> REG_SZ Internet Explorer Branding
    NoSlowLink REG_DWORD 0x1
    NoBackgroundPolicy REG_DWORD 0x0
    NoGPOListChanges REG_DWORD 0x1
    NoMachinePolicy REG_DWORD 0x1
    DisplayName REG_SZ @C:\WINDOWS\system32\iedkcs32.dll.mui,-3014

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}
    ProcessGroupPolicy REG_SZ SceProcessEFSRecoveryGPO
    DllName REG_EXPAND_SZ scecli.dll
    <NO NAME> REG_SZ EFS recovery
    NoUserPolicy REG_DWORD 0x1
    NoGPOListChanges REG_DWORD 0x1
    RequiresSuccessfulRegistry REG_DWORD 0x1

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}
    <NO NAME> REG_SZ 802.3 Group Policy
    DisplayName REG_EXPAND_SZ @dot3gpclnt.dll,-100
    ProcessGroupPolicyEx REG_SZ ProcessLANPolicyEx
    GenerateGroupPolicy REG_SZ GenerateLANPolicy
    DllName REG_EXPAND_SZ dot3gpclnt.dll
    NoUserPolicy REG_DWORD 0x1
    NoGPOListChanges REG_DWORD 0x1

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}
    <NO NAME> REG_SZ Microsoft Offline Files
    DllName REG_EXPAND_SZ %SystemRoot%\System32\cscui.dll
    EnableAsynchronousProcessing REG_DWORD 0x0
    NoBackgroundPolicy REG_DWORD 0x0
    NoGPOListChanges REG_DWORD 0x0
    NoMachinePolicy REG_DWORD 0x0
    NoSlowLink REG_DWORD 0x0
    NoUserPolicy REG_DWORD 0x1
    PerUserLocalSettings REG_DWORD 0x0
    ProcessGroupPolicy REG_SZ ProcessGroupPolicy
    RequiresSuccessfulRegistry REG_DWORD 0x1

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}
    <NO NAME> REG_SZ Software Installation
    DllName REG_EXPAND_SZ appmgmts.dll
    ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyObjectsEx
    GenerateGroupPolicy REG_SZ GenerateGroupPolicy
    NoBackgroundPolicy REG_DWORD 0x0
    RequiresSucessfulRegistry REG_DWORD 0x0
    NoSlowLink REG_DWORD 0x1
    PerUserLocalSettings REG_DWORD 0x1
    EventSources REG_MULTI_SZ (Application Management,Application)\0(MsiInstaller,Application)\0\0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    <NO NAME> REG_SZ Internet Explorer Machine Accelerators
    DisplayName REG_SZ @C:\WINDOWS\system32\iedkcs32.dll.mui,-3051
    DllName REG_SZ C:\WINDOWS\system32\iedkcs32.dll
    NoGPOListChanges REG_DWORD 0x1
    ProcessGroupPolicy REG_SZ ProcessGroupPolicyForActivities
    ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyForActivitiesEx
    RequiresSuccessfulRegistry REG_DWORD 0x1

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    Asynchronous REG_DWORD 0x0
    Impersonate REG_DWORD 0x0
    DllName REG_EXPAND_SZ crypt32.dll
    Logoff REG_SZ ChainWlxLogoffEvent

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    Asynchronous REG_DWORD 0x0
    Impersonate REG_DWORD 0x0
    DllName REG_EXPAND_SZ cryptnet.dll
    Logoff REG_SZ CryptnetWlxLogoffEvent

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    DLLName REG_SZ cscdll.dll
    Logon REG_SZ WinlogonLogonEvent
    Logoff REG_SZ WinlogonLogoffEvent
    ScreenSaver REG_SZ WinlogonScreenSaverEvent
    Startup REG_SZ WinlogonStartupEvent
    Shutdown REG_SZ WinlogonShutdownEvent
    StartShell REG_SZ WinlogonStartShellEvent
    Impersonate REG_DWORD 0x0
    Asynchronous REG_DWORD 0x1

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy
    Asynchronous REG_DWORD 0x1
    DllName REG_EXPAND_SZ %SystemRoot%\System32\dimsntfy.dll
    Startup REG_SZ WlDimsStartup
    Shutdown REG_SZ WlDimsShutdown
    Logon REG_SZ WlDimsLogon
    Logoff REG_SZ WlDimsLogoff
    StartShell REG_SZ WlDimsStartShell
    Lock REG_SZ WlDimsLock
    Unlock REG_SZ WlDimsUnlock

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist
    DLLName REG_SZ C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll
    Logoff REG_SZ G2ALogoff
    Asynchronous REG_DWORD 0x0
    Logon REG_SZ G2ALogon
    Startup REG_SZ G2AStartup
    Impersonate REG_DWORD 0x0
    Shutdown REG_SZ G2AShutdown

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
    <NO NAME> REG_SZ
    DLLName REG_SZ igfxdev.dll
    Asynchronous REG_DWORD 0x1
    Impersonate REG_DWORD 0x1
    Unlock REG_SZ WinlogonUnlockEvent

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    DLLName REG_SZ wlnotify.dll
    Logon REG_SZ SCardStartCertProp
    Logoff REG_SZ SCardStopCertProp
    Lock REG_SZ SCardSuspendCertProp
    Unlock REG_SZ SCardResumeCertProp
    Enabled REG_DWORD 0x1
    Impersonate REG_DWORD 0x1
    Asynchronous REG_DWORD 0x1

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    Asynchronous REG_DWORD 0x0
    DllName REG_EXPAND_SZ wlnotify.dll
    Impersonate REG_DWORD 0x0
    StartShell REG_SZ SchedStartShell
    Logoff REG_SZ SchedEventLogOff

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    Logoff REG_SZ WLEventLogoff
    Impersonate REG_DWORD 0x0
    Asynchronous REG_DWORD 0x1
    DllName REG_EXPAND_SZ sclgntfy.dll

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    DLLName REG_SZ WlNotify.dll
    Lock REG_SZ SensLockEvent
    Logon REG_SZ SensLogonEvent
    Logoff REG_SZ SensLogoffEvent
    Safe REG_DWORD 0x1
    MaxWait REG_DWORD 0x258
    StartScreenSaver REG_SZ SensStartScreenSaverEvent
    StopScreenSaver REG_SZ SensStopScreenSaverEvent
    Startup REG_SZ SensStartupEvent
    Shutdown REG_SZ SensShutdownEvent
    StartShell REG_SZ SensStartShellEvent
    PostShell REG_SZ SensPostShellEvent
    Disconnect REG_SZ SensDisconnectEvent
    Reconnect REG_SZ SensReconnectEvent
    Unlock REG_SZ SensUnlockEvent
    Impersonate REG_DWORD 0x1
    Asynchronous REG_DWORD 0x1

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    Asynchronous REG_DWORD 0x0
    DllName REG_EXPAND_SZ wlnotify.dll
    Impersonate REG_DWORD 0x0
    Logoff REG_SZ TSEventLogoff
    Logon REG_SZ TSEventLogon
    PostShell REG_SZ TSEventPostShell
    Shutdown REG_SZ TSEventShutdown
    StartShell REG_SZ TSEventStartShell
    Startup REG_SZ TSEventStartup
    MaxWait REG_DWORD 0x258
    Reconnect REG_SZ TSEventReconnect
    Disconnect REG_SZ TSEventDisconnect

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
    Logon REG_SZ WLEventLogon
    Logoff REG_SZ WLEventLogoff
    Startup REG_SZ WLEventStartup
    Shutdown REG_SZ WLEventShutdown
    StartScreenSaver REG_SZ WLEventStartScreenSaver
    StopScreenSaver REG_SZ WLEventStopScreenSaver
    Lock REG_SZ WLEventLock
    Unlock REG_SZ WLEventUnlock
    StartShell REG_SZ WLEventStartShell
    PostShell REG_SZ WLEventPostShell
    Disconnect REG_SZ WLEventDisconnect
    Reconnect REG_SZ WLEventReconnect
    Impersonate REG_DWORD 0x1
    Asynchronous REG_DWORD 0x0
    SafeMode REG_DWORD 0x1
    MaxWait REG_DWORD 0xffffffff
    DllName REG_EXPAND_SZ WgaLogon.dll
    Event REG_DWORD 0x0
    InstallEvent REG_SZ 1.9.0040.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings
<NO NAME> REG_SZ
Data REG_BINARY 01000000D08C9DDF0115D1118C7A00C04FC297EB01000000657A83C9EB899648B1A44B765A8EF3A204000000040000005300000003660000A800000010000000F973B083A44E22EE926A79BD710867EC0000000004800000A000000010000000B27A7631152DD378B7D3178A6BA37E90B80100009622E18238CDBF21A01A9A14DFACE892717392D4F8DD41CFE9D95009603CA7E95D9D25EC8E3FF5CC27343FC8E237EA238AEEC4C3919F67D914B30D2F829BA17BADD25749C8678039DC15EFC6EA47F2DAC48F8DF6D07B51BFC3F909D2BC4DE021D40338E3180B528578FF7D709F3F20F28A5575F4F45AB08FB5BC3534691999A76F8B51F64632219DEB1D201CF0FFE92FF8E17E0CA8B1508BBE8BA5875BD1FCB5B5B75B8D356EABF291F894978B492D61226FFF438B0673F57EDA83FB5B8B39DC82DFA4F513E4C076ED75F8AA54B38CD97CEC4F6C4E330D4405A045FA1CEB3FC434363BCF3BE276EDD84485E9A1B1BF7C931028A74D1577D8926E824579F8DB020EA3931D6541FAEF9368B6DAC06A11C161E6F1E8884ACF4D750A47DE1C0348DF3C174FC14AA16863BBE3446655375B9446C2E9264EAA9E49998C3FEDAB9526935DEAB97E1F23C1B3900F50A4C3FAC8AA79DB8C1DC1B084D3E671FC2FC8B604D216B8857679BC1A7256D25E0387F42BE1462B500C005A9E3FCD87D805484C0C1DCB5EDA6B073348159A4980A069E7F4732209DD665FC7466905E268409FEFF3EA14B7A06175AF288E362ECC60A455EFB4C7A69F8D1B76A30614000000622513E4B571FE3FD14B3AF32A04A73392AB4A9E

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    DLLName REG_SZ wlnotify.dll
    Logon REG_SZ RegisterTicketExpiredNotificationEvent
    Logoff REG_SZ UnregisterTicketExpiredNotificationEvent
    Impersonate REG_DWORD 0x1
    Asynchronous REG_DWORD 0x1

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
    HelpAssistant REG_DWORD 0x0
    TsInternetUser REG_DWORD 0x0
    SQLAgentCmdExec REG_DWORD 0x0
    NetShowServices REG_DWORD 0x0
    IWAM_ REG_DWORD 0x10000
    IUSR_ REG_DWORD 0x10000
    VUSR_ REG_DWORD 0x10000
    ASPNET REG_DWORD 0x0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

So all my worries about fixMBR were for naught? I can breath a bit better now. I have enough other problems, obviously, so I can just concentrate on those.

Quick Question: Why would WinXP be using a modified Win98 MBR in the first place??

Thanks,

Vernon

Edited by vhende2000, 18 April 2014 - 07:44 PM.

#26
RKinner

Posted 18 April 2014 - 06:44 PM

Malware Expert

Expert
24,625 posts

Possibly the PC was originally upgraded from Win 98 or it may be that Gateway reused a Win 98 MBR and didn't bother updating to WinXP. In any event I doubt that that is the problem. I'm more worried about ipsec not working.

Copy the next 5 lines and paste them into a Command Prompt as before.

reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSEC" /s > \junk.txt

reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPSEC" /s >> \junk.txt

reg query HKEY_LOCAL_MACHINE\Software\Microsoft\IPSEC >> \junk.txt

net start ipsec >> \junk.txt

notepad \junk.txt

Do you use the CitrixGotoMeeting?

#27
vhende2000

Posted 18 April 2014 - 07:07 PM

Member

Topic Starter
Member
67 posts

Hi, Ron,

The PC was ordered from Gateway through the Navy Exchange retail store near Great Lakes Naval Base. It came directly from Gateway by delivery. No XP disks either, unfortunately. I could really use the original disk since Microsoft isn't supporting it anymore and Gateway support is essentually nonexistant.

Junk.txt

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSEC
    Type REG_DWORD 0x1
    Start REG_DWORD 0x1
    ErrorControl REG_DWORD 0x1
    Tag REG_DWORD 0x4
    ImagePath REG_EXPAND_SZ system32\DRIVERS\ipsec.sys
    DisplayName REG_SZ IPSEC driver
    Group REG_SZ PNP_TDI
    Description REG_SZ IPSEC driver

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSEC\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSEC\Enum
    0 REG_SZ Root\LEGACY_IPSEC\0000
    Count REG_DWORD 0x1
    NextInstance REG_DWORD 0x1

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPSEC
NextInstance REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPSEC\0000
    Service REG_SZ IPSec
    Legacy REG_DWORD 0x1
    ConfigFlags REG_DWORD 0x20
    Class REG_SZ LegacyDriver
    ClassGUID REG_SZ {8ECC055D-047F-11D1-A537-0000F8753ED1}
    DeviceDesc REG_SZ IPSEC driver
    Capabilities REG_DWORD 0x0
    Driver REG_SZ {8ECC055D-047F-11D1-A537-0000F8753ED1}\0039

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPSEC\0000\LogConf

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPSEC\0000\Control
ActiveService REG_SZ IPSec

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\IPSEC

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Since I don't even recognize CitrixGotoMeeting I'd say no, I don't use it.

[EDITED] New question:

I have noticed recently whenever I click on a Internet Explorer site, that iexplore.exe pegs to 98% CPU useage and runs like that for a minute or more and I cannot do anything. I can not click on anything at all and just have to wait until it stops.

Is it possible I have an iexplore.exe virus and if that is possible, how do I get rid of it?

Thanks

Vernon

Edited by vhende2000, 18 April 2014 - 09:31 PM.

#28
RKinner

Posted 18 April 2014 - 08:51 PM

Malware Expert

Expert
24,625 posts

ipsec.zip

#29
vhende2000

Posted 18 April 2014 - 09:58 PM

Member

Topic Starter
Member
67 posts

Hi, Ron,

Interestingly, I was monitoring this site for any updates from you, but did not see anything going on. I logged off the site and logged back in repeatedly and finally spotted the last post from you, 40 minutes after you apparently posted it. I even editted my previous post, probably after you posted.

Anyway, I saved the .zip folder to my desktop and expanded it and ran the ipsec.reg file and rebooted.

I then went to services.msc and checked on the IPSEC services entry and found that it still was stuck at automatic and stopped.

I cound not change it to start and I still get the error message about authentication unknown.

Did you get my two added questions on my previous edited post?

What now?

Vernon

Edited by vhende2000, 18 April 2014 - 11:15 PM.

#30
RKinner

Posted 18 April 2014 - 11:41 PM

Malware Expert

Expert
24,625 posts

Best not to edit. Just make a new post and start it with Also so I will know there is an older one that I might not have seen.

For your IE problem:

Copy the next line:

"C:\Program Files\Internet Explorer\iexplore" -extoff https://www.google.com/

Does it still use up all of the CPU?

You should be able to make changes to ipsec services. I just changed mine from Auto to Manual and back. So from a command prompt type:

regedit

go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSEC

Right click on IPSEC and select Permissions. It should have Full Control checked when Administrators is selected. Does it?

You may need to take ownership of the key in order to give Administrators Full Control

See: http://www.mihirbabu...nership-of.html

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: MBR

	Security → Virus, Spyware, Malware Removal → How to remove MBR rootkits from WD My Passport External Hard Drive 2tb Started by questionall4000 , 23 Apr 2015 MBR, rootkit, external hard drive and 1 more...		2 replies 4,037 views	questionall4000 30 Apr 2015
	Retired Forums → Windows Vista and Windows 7 → 0x7B after (apparently) removing the disk containing the boot manager. Started by mellocello , 10 Apr 2014 boot manager, mbr, 0x7b		5 replies 2,354 views	mellocello 10 Apr 2014