Jump to content

TenYearsGone

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here's the ESET Scan Log: C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ReactivateIE.exe.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\Toolbar32.dll.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarBroker.exe.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined C:\System Volume Information\_restore{981BF238-7819-4096-AE24-71B7EAE82726}\RP489\A1038398.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined C:\System Volume Information\_restore{981BF238-7819-4096-AE24-71B7EAE82726}\RP489\A1038400.dll Win32/Toolbar.Zugo application cleaned by deleting - quarantined C:\System Volume Information\_restore{981BF238-7819-4096-AE24-71B7EAE82726}\RP489\A1038401.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined C:\System Volume Information\_restore{981BF238-7819-4096-AE24-71B7EAE82726}\RP489\A1038402.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
  2. Here's the MBAM Log: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.24.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 greerste :: SGREER1 [administrator] 4/30/2012 1:32:38 AM mbam-log-2012-04-30 (01-32-38).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 466030 Time elapsed: 2 hour(s), 42 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  3. Great, thank you. Good news, I was at least able to disable McAfee enough to let ComboFix run without having the 'NIRKMD' file automatically deleted by VirusScan. I followed the instructions from #6 and ComboFix ran with no errors (other than trying to install Recovery Console and not being able to do so). Drum roll please...... It worked! Everything seems to be back to normal, maybe better than before. I have network and internet connectivity, no error messages while booting up, from what I can tell everything looks to be fixed. I have a feeling it would have been fixed after the first run of ComboFix if I could have shut down McAfee to a better degree. THANK YOU SO VERY, VERY MUCH. The ComboFix log is listed below. Please let me know if there is anything else you need me to do. Here's the log: ComboFix 12-04-26.01 - greerste 04/27/2012 14:57:37.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2972.2181 [GMT -5:00] Running from: c:\documents and settings\greerste\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\greerste\Desktop\CFScript.txt AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} FW: McAfee Host Intrusion Prevention Firewall *Enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\system32\dllcache\ipsec.sys --> c:\windows\system32\drivers\ipsec.sys . ((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 ))))))))))))))))))))))))))))))) . . 2012-04-27 18:22 . 2012-04-27 18:22 -------- d-----w- c:\documents and settings\steve.greer\Tracing 2012-04-26 21:15 . 2012-04-26 21:15 -------- d-----w- c:\program files\ERUNT 2012-04-26 04:04 . 2012-04-26 04:04 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-04-26 03:11 . 2012-04-26 03:44 -------- d-----w- c:\program files\VS Revo Group 2012-04-26 02:00 . 2012-04-26 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2012-04-25 19:01 . 2012-04-25 19:01 -------- d-----w- C:\REGISTRY BACKUP 2012-04-24 21:12 . 2012-04-24 21:12 -------- d-----w- c:\documents and settings\greerste\Application Data\Malwarebytes 2012-04-24 21:11 . 2012-04-24 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-04-24 21:11 . 2012-04-26 05:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-24 21:11 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-24 18:47 . 2012-04-24 18:48 -------- d-----w- c:\documents and settings\greerste\Local Settings\Application Data\{F7C06562-8E3D-11E1-826D-B8AC6F996F26} 2012-04-24 18:46 . 2012-04-26 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F3B002F77DD0003FDA7D151FC4E 2012-04-23 14:42 . 2012-04-23 14:42 8071760 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.382.0oemBingBarSetup-Partner.EXE 2012-04-20 14:33 . 2012-04-20 14:35 -------- d-----w- c:\documents and settings\greerste\Application Data\HpUpdate 2012-04-20 14:33 . 2012-04-20 14:33 -------- d-----w- c:\windows\Hewlett-Packard 2012-04-13 08:24 . 2012-04-13 08:24 -------- d-----w- c:\program files\FastStone Image Viewer 2012-04-13 07:17 . 2012-04-13 07:23 -------- d-----w- c:\documents and settings\greerste\Local Settings\Application Data\photoOptimizeHistoryDataBase 2012-04-13 07:17 . 2012-04-13 08:39 -------- d-----w- c:\documents and settings\greerste\Local Settings\Application Data\Ashampoo Photo Optimizer 3 2012-04-13 07:14 . 2012-04-26 04:19 -------- d-----w- c:\documents and settings\All Users\Documents 2012-04-13 07:13 . 2012-04-13 07:13 -------- d-----w- c:\program files\Ashampoo 2012-04-13 07:08 . 2012-04-13 07:09 -------- d-----w- c:\documents and settings\greerste\Application Data\XnView 2012-04-13 07:04 . 2012-04-13 07:05 -------- d-----w- c:\program files\XnView 2012-04-13 07:03 . 2012-04-13 07:03 -------- d-----w- c:\program files\IrfanView 2012-04-09 18:31 . 2012-04-09 18:31 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer 2012-04-01 05:20 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-04-01 05:20 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2012-04-01 05:19 . 2012-04-01 05:19 -------- d-----w- c:\program files\iPod 2012-04-01 05:19 . 2012-04-01 05:20 -------- d-----w- c:\program files\iTunes 2012-04-01 05:19 . 2012-04-01 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2012-04-01 05:19 . 2012-04-01 05:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2012-04-01 05:18 . 2012-04-01 05:18 -------- d-----w- c:\program files\Bonjour . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-13 03:47 . 2009-09-14 10:07 143008 ----a-w- c:\windows\system32\KevlarSigs.dll 2012-03-11 18:48 . 2012-03-11 18:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2012-03-09 17:09 . 2011-09-23 14:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-01 11:01 . 2009-09-14 19:11 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01 . 2009-09-14 19:11 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01 . 2009-09-14 19:11 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2009-09-14 19:11 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2009-09-14 19:11 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2009-09-14 19:11 385024 ------w- c:\windows\system32\html.iec 2012-02-16 16:21 . 2012-02-16 16:21 40960 ----a-r- c:\documents and settings\greerste\Application Data\Microsoft\Installer\{12B47979-BB54-42C2-A3A4-FEA07BCF71F9}\NewShortcut4_12B47979BB5442C2A3A4FEA07BCF71F9.exe 2012-02-16 16:21 . 2012-02-16 16:21 40960 ----a-r- c:\documents and settings\greerste\Application Data\Microsoft\Installer\{12B47979-BB54-42C2-A3A4-FEA07BCF71F9}\NewShortcut2_12B47979BB5442C2A3A4FEA07BCF71F9.exe 2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-02-03 09:22 . 2009-09-14 19:11 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-29 02:01 . 2012-01-29 02:01 29528 ----a-w- c:\windows\system32\MsPwdGina.dll 2012-01-29 02:01 . 2012-01-29 02:01 26984 ----a-w- c:\windows\system32\MsPwdRegistration.exe 2012-01-29 02:01 . 2012-01-29 02:01 1242464 ----a-w- c:\windows\system32\GateFramework.dll 2012-03-26 15:01 . 2011-10-13 20:40 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-04-26_22.50.06 ))))))))))))))))))))))))))))))))))))))))) . + 2012-04-27 18:35 . 2012-04-27 18:35 16384 c:\windows\Temp\Perflib_Perfdata_6b4.dat + 2012-04-27 14:45 . 2012-04-27 14:45 360448 c:\windows\ERDNT\AutoBackup\4-27-2012\Users\00000002\UsrClass.dat + 2012-04-27 14:45 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\4-27-2012\ERDNT.EXE + 2012-04-27 14:45 . 2012-04-27 14:45 14364672 c:\windows\ERDNT\AutoBackup\4-27-2012\Users\00000001\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "COEMsgDisplay"="c:\program files\Hewlett-Packard\PC COE\COEMsgDisplay.exe" [2007-04-11 26624] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-01-07 124240] "McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2010-06-15 979104] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-09-14 297000] "IDA"="c:\program files\Hewlett-Packard\PC COE\IDA.EXE" [2011-04-02 176128] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-31 177456] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384] "SafeBootTrayManager"="c:\program files\SafeBoot Tray Manager\SbTrayManager.exe" [2008-11-04 69632] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376] "PasswordRegistration"="c:\windows\system32\MsPwdRegistration.exe" [2012-01-29 26984] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480] "HPRAService"="c:\program files\RA2HP\HPRAService.exe" [2010-04-01 135168] "eepc_SmartClient"="c:\program files\SmartClient\Smart.exe" [2011-12-07 183296] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-19 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-19 170008] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-19 145432] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-05-19 161088] "Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2012-01-11 5153056] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "GetITIcon"="c:\program files\Hewlett-Packard\GetITIcon\GetITShell.exe" [2011-08-30 861696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "XPOff2003Excempt"="c:\program files\Hewlett-Packard\AST\XPOff2003Excempt.exe" [2012-04-10 143360] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ create_shortcut.lnk - c:\documents and settings\greerste\create_shortcut.vbs [N/A] . c:\documents and settings\greerste\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-9-14 128552] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2010-5-24 197904] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] VPN Client.lnk - c:\windows\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2010-6-7 6144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideFastUserSwitching"= 1 (0x1) "DisableNT4Policy"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoMSAppLogo5ChannelNotify"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc] 2009-09-14 11:04 109568 ----a-w- c:\windows\system32\ackpbsc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock] 2009-09-14 11:04 286720 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ SbNp scecli . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hawking Wireless Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Hawking Wireless Utility.lnk backup=c:\windows\pss\Hawking Wireless Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^greerste^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] path=c:\documents and settings\greerste\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^greerste^Start Menu^Programs^Startup^Password Safe.lnk] path=c:\documents and settings\greerste\Start Menu\Programs\Startup\Password Safe.lnk backup=c:\windows\pss\Password Safe.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator] 2012-01-11 22:11 5153056 ----a-w- c:\program files\Microsoft Office Communicator\communicator.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2008-03-17 22:59 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-03-23 07:35 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] 2008-04-21 16:21 197904 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SafeBootClientManager"=2 (0x2) "mfevtp"=2 (0x2) "McTaskManager"=2 (0x2) "McAfee SiteAdvisor Enterprise Service"=2 (0x2) "McShield"=2 (0x2) "enterceptAgent"=2 (0x2) "hips"=2 (0x2) "McAfeeFramework"=2 (0x2) "McAfeeEngineService"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Novell\\GroupWise\\grpwise.exe"= "c:\\Novell\\GroupWise\\notify.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [3/11/2012 1:48 PM 56208] R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [3/25/2009 1:24 PM 103760] R0 SBAlg;SBAlg;c:\windows\system32\drivers\SbAlg.sys [8/13/2008 8:51 AM 44976] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [3/25/2009 1:25 PM 6496] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [5/1/2008 5:23 AM 24064] R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [12/15/2011 11:53 AM 228208] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [3/11/2012 1:48 PM 71440] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [3/11/2012 1:48 PM 164112] R1 RsvLock;RsvLock;c:\windows\system32\drivers\RsvLock.sys [3/25/2009 1:25 PM 33328] R1 SbFlop;SbFlop;c:\windows\system32\drivers\SbFlop.sys [3/25/2009 1:24 PM 34480] R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\SbPrcCtl.sys [3/25/2009 1:25 PM 15248] R2 acautoup;ActivClient Auto-Update Service;c:\program files\ActivIdentity\ActivClient\acautoup.exe [9/14/2009 6:05 AM 46120] R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [9/14/2009 6:04 AM 198184] R2 FIMPasswordReset;Forefront Identity Manager Password Reset Client Service;c:\program files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [1/28/2012 9:01 PM 75608] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [9/14/2009 5:04 AM 69192] R2 radsched;HPCA Scheduler Daemon;c:\progra~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe [4/21/2010 4:16 AM 190184] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [3/11/2012 1:48 PM 931640] R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [4/6/2007 4:46 AM 13619] R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [9/14/2009 6:03 AM 9493] R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [4/6/2007 4:46 AM 13647] R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [9/14/2009 6:03 AM 10161] R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.382.0\SeaPort.EXE [4/16/2012 5:49 PM 240208] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [5/24/2010 9:41 PM 193840] R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [9/14/2009 5:06 AM 44680] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/17/2007 4:33 AM 41216] R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [8/8/2011 1:35 PM 21520] S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.382.0\BBSvc.EXE [4/16/2012 5:49 PM 193616] S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [1/6/2010 8:07 PM 22816] S2 radexecd;HPCA Notify Daemon;c:\progra~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe [4/21/2010 4:13 AM 300776] S2 Radstgms;HPCA MSI Redirector;c:\progra~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe [4/21/2010 4:17 AM 333544] S3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [12/11/2007 12:09 PM 27008] S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [9/14/2009 5:06 AM 44680] S3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [9/14/2009 5:06 AM 107960] S3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [9/14/2009 5:06 AM 38680] S3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [9/14/2009 5:06 AM 35552] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 1:25 AM 25112] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/25/2012 11:04 PM 32072] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [9/14/2009 5:04 AM 66600] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Office14\GROOVE.EXE [6/12/2011 12:15 PM 31125880] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000] S3 RadiaMsi;RadiaMsi;c:\windows\system32\drivers\radiamsi.sys [9/10/2009 11:20 PM 29072] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [9/14/2009 2:11 PM 14336] S3 WISOVD;WISOVD;\??\c:\program files\WinISO Computing\WinISO\bin\driver\WISOVD_xp.sys --> c:\program files\WinISO Computing\WinISO\bin\driver\WISOVD_xp.sys [?] S4 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [6/15/2010 11:57 AM 1498224] S4 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [4/25/2011 2:13 PM 35696] S4 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [12/16/2009 9:31 PM 222528] S4 SafeBootClientManager;SafeBoot Client Manager;c:\program files\McAfee\Endpoint Encryption for PC\SbClientManager.exe [3/25/2009 1:26 PM 380988] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - RAPPORTIASO . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 WINRM REG_MULTI_SZ WINRM hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs vpnva mssqlserver . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-03-17 22:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{922E8525-AC7E-4294-ACAA-43712D4423C0}] 2007-04-06 18:36 188416 ----a-w- c:\program files\Common Files\Hewlett-Packard\ActSet\HpActSet.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9AC2D554-AC12-4F1F-AAB9-E6363ADE5381}] 2007-04-06 18:36 188416 ----a-w- c:\program files\Common Files\Hewlett-Packard\ActSet\HpActSet.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AC194855-F7AC-4D04-B4C9-07BA46FCB697}] 2007-04-06 18:36 188416 ----a-w- c:\program files\Common Files\Hewlett-Packard\ActSet\HpActSet.exe . Contents of the 'Scheduled Tasks' folder . 2012-04-16 c:\windows\Tasks\Defrag-Scheduled-Weekly.job - c:\program files\Hewlett-Packard\PC Hard Drive Maintenance\PCHardDriveMaintenance.exe [2010-05-14 16:08] . 2012-04-27 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job - c:\progra~1\HEWLET~1\PCCOE~1\Aimsi.dll [2006-07-20 19:23] . 2012-04-27 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job - c:\progra~1\HEWLET~1\PCCOE~1\Aimsi.dll [2006-07-20 19:23] . 2012-04-27 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job - c:\progra~1\HEWLET~1\PCCOE~1\clinvsi.dll [2008-09-07 19:08] . 2012-04-27 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job - c:\program files\Hewlett-Packard\PC COE\coetl32.exe [2007-06-24 10:27] . 2012-04-27 c:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job - c:\progra~1\HEWLET~1\PCCOE~1\critupsi.dll [1998-10-21 17:29] . 2012-04-27 c:\windows\Tasks\Maint.job - c:\program files\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28 19:35] . 2012-04-27 c:\windows\Tasks\NetLogonRestarter-Scheduled.job - c:\program files\Hewlett-Packard\NetLogon Restarter\NetLogonRestarter.exe [2010-09-16 22:16] . 2012-04-27 c:\windows\Tasks\pcpm-collector.job - c:\program files\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28 19:35] . 2012-04-27 c:\windows\Tasks\pcpm-consolidator.job - c:\program files\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28 19:35] . 2012-04-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-1383384898-515967899-1700543.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25] . 2012-04-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-1383384898-515967899-1700543.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25] . 2012-04-27 c:\windows\Tasks\sc-healthcheck.job - c:\program files\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28 19:35] . 2012-04-27 c:\windows\Tasks\Smart Client.job - c:\program files\SmartClient\Smart.exe [2011-08-19 22:17] . 2012-04-27 c:\windows\Tasks\User_Feed_Synchronization-{8E0A53B3-F4FD-4138-9073-33E84B7A9544}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 10:31] . 2012-04-24 c:\windows\Tasks\XPOff2003Excempt.job - c:\program files\Hewlett-Packard\AST\XPOff2003Excempt.exe [2012-04-10 19:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://pwb.tenncare.nash.tenn/tennessee/ IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {{E270AB82-96D5-45DB-ABE3-0BC038B92334} - c:\program files\Hewlett-Packard\IEToolBar\HP IE Fix.exe Trusted Zone: compaq.com Trusted Zone: compaq.com.ar Trusted Zone: compaq.com.br Trusted Zone: compaq.com.co Trusted Zone: compaq.com.mx Trusted Zone: compaq.com.sg Trusted Zone: compaq.com.ve Trusted Zone: cpqcorp.net Trusted Zone: dcu.org Trusted Zone: eds.com Trusted Zone: hp.com Trusted Zone: hpqcorp.net TCP: DhcpNameServer = 10.170.0.2 10.170.1.2 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {D5B680E5-9C5F-45E0-A97C-521D4F281173} - hxxp://msps.tenncare.nash.tenn/PWA/_layouts/pwa/objects/1033/pjcintl.cab DPF: {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} - hxxp://msps.tenncare.nash.tenn/PWA/_layouts/pwa/objects/pjclient.cab DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://10.172.117.45/qcbin/Spider10.cab FF - ProfilePath - c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\ FF - prefs.js: browser.search.defaulturl - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=MOZO FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?form=MOZPLB&pc=MOZO&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-27 15:00 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1612) c:\program files\McAfee\Endpoint Encryption for PC\SBGINA.DLL c:\program files\McAfee\Endpoint Encryption for PC\SbGinaLib.dll c:\program files\McAfee\Endpoint Encryption for PC\SbUserObj.dll c:\program files\McAfee\Endpoint Encryption for PC\sbdbmgr.dll c:\program files\McAfee\Endpoint Encryption for PC\SbComms.dll c:\windows\system32\mspwdgina.dll c:\program files\McAfee\Endpoint Encryption for PC\SBUILIB.DLL c:\windows\system32\ackpbsc.dll c:\windows\system32\aclog.dll c:\windows\system32\accrypto.dll c:\windows\system32\ACLIBEAY.dll c:\windows\system32\acevtsub.dll c:\windows\system32\asphat32.dll c:\windows\system32\acerrmes.dll c:\windows\system32\aspcom.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll c:\windows\system32\msi.dll c:\program files\McAfee\Endpoint Encryption for PC\SbAlgs\SBALG.DLL c:\program files\ActivIdentity\ActivClient\acunlock.dll c:\windows\system32\aipingui.dll c:\windows\system32\aicext.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll c:\windows\system32\igfxdev.dll . - - - - - - - > 'lsass.exe'(1668) c:\windows\system32\SbNp.dll . - - - - - - - > 'explorer.exe'(1040) c:\windows\system32\WININET.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-04-27 15:02:13 ComboFix-quarantined-files.txt 2012-04-27 20:02 ComboFix2.txt 2012-04-27 19:51 ComboFix3.txt 2012-04-26 22:57 . Pre-Run: 97,639,305,216 bytes free Post-Run: 97,601,613,824 bytes free . - - End Of File - - A387881B854F8C20A4EA50F310E7FA65
  4. If I can get McAfee disabled, should I go back to message #4 and start again from there, with the registry edits and the initial ComboFix.exe run? Or should I just continue with step #7. It seems I cannot log in to safe mode either.
  5. I will try it. What are the effects on trying to use ComboFix if I can't shut off my McAfee VirusScan Enterprise? I'm thinking ComboFix won't work as expected if McAfee is active, like yesterday.
  6. Thank you. Before I continue I want to mention three other items I forgot to mention before which may help, or not: When booting up, after the initial Smart Fortress 2012 infection/removal (before posting on this forum), I got and still get two alerts during the boot-up process: 1. radexecd "radexecd has encountered a problem and needs to close. We are sorry for the inconvenience." 2. radstgms "radstgms has encountered a problem and needs to close. We are sorry for the inconvenience." (these two alerts just have a "Close" button) 3. I can't change the desktop wallpaper.Onward... I've followed your instructions up to "Double click on Combofix.exe and follow the prompts." I see two potential issues that may interfere with the proper running of ComboFix. 1. ComboFix tried to install Microsoft Windows Recovery Console and this requires an internet connection, which I don't have yet. ComboFix continued running after it couldn't access the internet to install Microsoft Windows Recovery Console. Please note: When booting up, I do see the option for MicroSoft Recovery Console Mode, and I'm able to open Restore, see restore points, and attempt to restore, although the restore does not complete, I just get a "no changes made" type of message. 2. McAffee VirusShield Enterprise is on this computer and I don't know if I have ability to turn it off. It was pre-installed. I seem to be having trouble turning it off. I thought I had figured out how to shut it off, but while ComboFix was running, one McAffee alert popped up thinking it had a virus and deleted something that ComboFix was doing. I didn't note the file or name, but I'm thinking it may have been "NIRKMD" because later in the ComboFix AutoScan process, the message "Windows cannot find 'NIRKMD' " appeared repeatedly. ComboFix did continue to run. (From this point, I'm kind of logging this as it happens, to a degree...) ComboFix then told me it detected a rootkit and just now rebooted. I'll see what the log says and see if I'm "fixed". Rebooted and ComboFix is still running. And now this one popped up when ComboFix was running, before it rebooted, and now during bootup: NIRKMD "Windows cannot find 'NIRKMD'. Make sure you typed the name correctly and then try again. To search for a file, click the Start button, and then click search." (only includes an "Ok" button) After reboot, the ComboFix command window says: "Please wait. ComboFix is preparing to run." When I clicked "Ok" on the NIRKMD alert box, the ComboFix command/AutoScan window then says: "The system cannot find the file NIRKMD." ...and the NIRKMD alert box pops up again.. This time after clicking "Ok", ComboFix moved on to "Scanning for infected files . . ." NOW another McAfee "On-Access Scan Messages" alert pops up after ComboFix's status says "Completed Stage_2". The McAffe On-Access Scan info: Message: Virusscan Alert! Your PC has been infected by malware or an unwanted program. Name: Av-test.txt Detected As: eicar TEST FILE State: No Action Taken (Clean failed because the detection isn't cleanable) I "close window" and continue. I again get the "Windows cannot find 'NIRKMD' message" Clicked Ok ComboFix AutoScan continues... I again get the "Windows cannot find 'NIRKMD' message" Clicked Ok ComboFix AutoScan continues and says "Completed Stage_3" ComboFix AutoScan continues... I again get the "Windows cannot find 'NIRKMD' message" Clicked Ok ComboFix AutoScan continues and says "Completed Stage_4" ComboFix AutoScan continues... I again get the "Windows cannot find 'NIRKMD' message" Clicked Ok ComboFix AutoScan continues and says "Completed Stage_5" ComboFix AutoScan continues... . . . And on and on through “Completed Stage 50”. Then “Deleting Files” Then “Deleting Folders” Rebooted again ComboFix “command” window opens after logging in to computer, message = “Please wait.” Preparing Log Report. DONE. I fear that the missing NIRKMD file is the one that McAfee deleted and may have caused ComboFix to not be able to work properly. Even though I’m pretty much locked out of disabling McAfee, I’ll see if I can figure out how to stop it. Sorry, but I still have no network/internet connectivity. I am now able to change the desktop wallpaper, at least! My ComboFix.txt log is listed below: ComboFix 12-04-26.01 - greerste 04/26/2012 16:58:55.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2972.2237 [GMT -5:00] Running from: d:\#malwarebytes forum\COMBOFIX\ComboFix.exe AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} FW: McAfee Host Intrusion Prevention Firewall *Enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5} * Resident AV is active . . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\searchplugins\bing-zugo.xml c:\documents and settings\greerste\Local Settings\Application Data\assembly\tmp c:\documents and settings\greerste\WINDOWS c:\documents and settings\hpadmin\WINDOWS c:\program files\StartNow Toolbar c:\program files\StartNow Toolbar\ReactivateFF.exe c:\program files\StartNow Toolbar\ReactivateIE.exe c:\program files\StartNow Toolbar\Resources\images\engine_images.png c:\program files\StartNow Toolbar\Resources\images\engine_maps.png c:\program files\StartNow Toolbar\Resources\images\engine_news.png c:\program files\StartNow Toolbar\Resources\images\engine_videos.png c:\program files\StartNow Toolbar\Resources\images\engine_web.png c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png c:\program files\StartNow Toolbar\Resources\images\icon_games.png c:\program files\StartNow Toolbar\Resources\images\icon_msn.png c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png c:\program files\StartNow Toolbar\Resources\images\icon_travel.png c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png c:\program files\StartNow Toolbar\Resources\installer.xml c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png c:\program files\StartNow Toolbar\Resources\skin\separator.png c:\program files\StartNow Toolbar\Resources\skin\splitter.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png c:\program files\StartNow Toolbar\Resources\toolbar.xml c:\program files\StartNow Toolbar\Resources\update.xml c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe c:\program files\StartNow Toolbar\Toolbar32.dll c:\program files\StartNow Toolbar\ToolbarBroker.exe c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe c:\program files\StartNow Toolbar\uninstall.dat c:\windows\$NtUninstallKB52443$ c:\windows\$NtUninstallKB52443$\2895838983 c:\windows\$NtUninstallKB52443$\4053220684\@ c:\windows\$NtUninstallKB52443$\4053220684\cfg.ini c:\windows\$NtUninstallKB52443$\4053220684\Desktop.ini c:\windows\$NtUninstallKB52443$\4053220684\L\fzxzawnf c:\windows\neoqaz2.dll c:\windows\SafeBoot.scr c:\windows\system32\dds_trash_log.cmd c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\explorer.exe c:\windows\system32\urttemp c:\windows\system32\urttemp\fusion.dll c:\windows\system32\urttemp\mscoree.dll c:\windows\system32\urttemp\mscoree.dll.local c:\windows\system32\urttemp\mscorsn.dll c:\windows\system32\urttemp\mscorwks.dll c:\windows\system32\urttemp\msvcr71.dll c:\windows\system32\urttemp\regtlib.exe H:\autorun.inf . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_Updater_Service_for_StartNow_Toolbar -------\Legacy_Updater_Service_for_StartNow_Toolbar -------\Service_Updater Service for StartNow Toolbar -------\Service_Updater Service for StartNow Toolbar . . ((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 ))))))))))))))))))))))))))))))) . . 2012-04-26 21:46 . 2010-06-15 16:57 40328 ----a-w- c:\windows\system32\HIPIS0e011b5.dll 2012-04-26 21:15 . 2012-04-26 21:15 -------- d-----w- c:\program files\ERUNT 2012-04-26 04:04 . 2012-04-26 04:04 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-04-26 03:11 . 2012-04-26 03:44 -------- d-----w- c:\program files\VS Revo Group 2012-04-26 02:00 . 2012-04-26 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2012-04-25 19:01 . 2012-04-25 19:01 -------- d-----w- C:\REGISTRY BACKUP 2012-04-24 21:12 . 2012-04-24 21:12 -------- d-----w- c:\documents and settings\greerste\Application Data\Malwarebytes 2012-04-24 21:11 . 2012-04-24 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-04-24 21:11 . 2012-04-26 05:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-24 21:11 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-24 18:47 . 2012-04-24 18:48 -------- d-----w- c:\documents and settings\greerste\Local Settings\Application Data\{F7C06562-8E3D-11E1-826D-B8AC6F996F26} 2012-04-24 18:46 . 2012-04-26 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F3B002F77DD0003FDA7D151FC4E 2012-04-23 14:42 . 2012-04-23 14:42 8071760 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.382.0oemBingBarSetup-Partner.EXE 2012-04-20 14:33 . 2012-04-20 14:35 -------- d-----w- c:\documents and settings\greerste\Application Data\HpUpdate 2012-04-20 14:33 . 2012-04-20 14:33 -------- d-----w- c:\windows\Hewlett-Packard 2012-04-13 08:24 . 2012-04-13 08:24 -------- d-----w- c:\program files\FastStone Image Viewer 2012-04-13 07:17 . 2012-04-13 07:23 -------- d-----w- c:\documents and settings\greerste\Local Settings\Application Data\photoOptimizeHistoryDataBase 2012-04-13 07:17 . 2012-04-13 08:39 -------- d-----w- c:\documents and settings\greerste\Local Settings\Application Data\Ashampoo Photo Optimizer 3 2012-04-13 07:14 . 2012-04-26 04:19 -------- d-----w- c:\documents and settings\All Users\Documents 2012-04-13 07:13 . 2012-04-13 07:13 -------- d-----w- c:\program files\Ashampoo 2012-04-13 07:08 . 2012-04-13 07:09 -------- d-----w- c:\documents and settings\greerste\Application Data\XnView 2012-04-13 07:04 . 2012-04-13 07:05 -------- d-----w- c:\program files\XnView 2012-04-13 07:03 . 2012-04-13 07:03 -------- d-----w- c:\program files\IrfanView 2012-04-09 18:31 . 2012-04-09 18:31 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer 2012-04-01 05:20 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-04-01 05:20 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2012-04-01 05:19 . 2012-04-01 05:19 -------- d-----w- c:\program files\iPod 2012-04-01 05:19 . 2012-04-01 05:20 -------- d-----w- c:\program files\iTunes 2012-04-01 05:19 . 2012-04-01 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2012-04-01 05:19 . 2012-04-01 05:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2012-04-01 05:18 . 2012-04-01 05:18 -------- d-----w- c:\program files\Bonjour . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-13 03:47 . 2009-09-14 10:07 143008 ----a-w- c:\windows\system32\KevlarSigs.dll 2012-03-11 18:48 . 2012-03-11 18:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2012-03-09 17:09 . 2011-09-23 14:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-01 11:01 . 2009-09-14 19:11 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01 . 2009-09-14 19:11 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01 . 2009-09-14 19:11 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2009-09-14 19:11 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2009-09-14 19:11 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2009-09-14 19:11 385024 ------w- c:\windows\system32\html.iec 2012-02-16 16:21 . 2012-02-16 16:21 40960 ----a-r- c:\documents and settings\greerste\Application Data\Microsoft\Installer\{12B47979-BB54-42C2-A3A4-FEA07BCF71F9}\NewShortcut4_12B47979BB5442C2A3A4FEA07BCF71F9.exe 2012-02-16 16:21 . 2012-02-16 16:21 40960 ----a-r- c:\documents and settings\greerste\Application Data\Microsoft\Installer\{12B47979-BB54-42C2-A3A4-FEA07BCF71F9}\NewShortcut2_12B47979BB5442C2A3A4FEA07BCF71F9.exe 2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-02-03 09:22 . 2009-09-14 19:11 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-29 02:01 . 2012-01-29 02:01 29528 ----a-w- c:\windows\system32\MsPwdGina.dll 2012-01-29 02:01 . 2012-01-29 02:01 26984 ----a-w- c:\windows\system32\MsPwdRegistration.exe 2012-01-29 02:01 . 2012-01-29 02:01 1242464 ----a-w- c:\windows\system32\GateFramework.dll 2012-03-26 15:01 . 2011-10-13 20:40 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys [-] 2008-04-14 12:00 . 57D6250C34C1255FAFCBC89F9612F3E7 . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys . [7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys [-] 2008-04-14 12:00 . 57D6250C34C1255FAFCBC89F9612F3E7 . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "COEMsgDisplay"="c:\program files\Hewlett-Packard\PC COE\COEMsgDisplay.exe" [2007-04-11 26624] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-01-07 124240] "McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2010-06-15 979104] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-09-14 297000] "IDA"="c:\program files\Hewlett-Packard\PC COE\IDA.EXE" [2011-04-02 176128] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-31 177456] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384] "SafeBootTrayManager"="c:\program files\SafeBoot Tray Manager\SbTrayManager.exe" [2008-11-04 69632] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376] "PasswordRegistration"="c:\windows\system32\MsPwdRegistration.exe" [2012-01-29 26984] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480] "HPRAService"="c:\program files\RA2HP\HPRAService.exe" [2010-04-01 135168] "eepc_SmartClient"="c:\program files\SmartClient\Smart.exe" [2011-12-07 183296] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-19 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-19 170008] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-19 145432] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-05-19 161088] "Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2012-01-11 5153056] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "GetITIcon"="c:\program files\Hewlett-Packard\GetITIcon\GetITShell.exe" [2011-08-30 861696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "XPOff2003Excempt"="c:\program files\Hewlett-Packard\AST\XPOff2003Excempt.exe" [2012-04-10 143360] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ create_shortcut.lnk - c:\documents and settings\greerste\create_shortcut.vbs [N/A] . c:\documents and settings\greerste\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-9-14 128552] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2010-5-24 197904] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] VPN Client.lnk - c:\windows\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2010-6-7 6144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideFastUserSwitching"= 1 (0x1) "DisableNT4Policy"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoMSAppLogo5ChannelNotify"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc] 2009-09-14 11:04 109568 ----a-w- c:\windows\system32\ackpbsc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock] 2009-09-14 11:04 286720 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ SbNp scecli . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hawking Wireless Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Hawking Wireless Utility.lnk backup=c:\windows\pss\Hawking Wireless Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^greerste^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] path=c:\documents and settings\greerste\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^greerste^Start Menu^Programs^Startup^Password Safe.lnk] path=c:\documents and settings\greerste\Start Menu\Programs\Startup\Password Safe.lnk backup=c:\windows\pss\Password Safe.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator] 2012-01-11 22:11 5153056 ----a-w- c:\program files\Microsoft Office Communicator\communicator.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2008-03-17 22:59 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-03-23 07:35 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] 2008-04-21 16:21 197904 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Novell\\GroupWise\\grpwise.exe"= "c:\\Novell\\GroupWise\\notify.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [3/11/2012 1:48 PM 56208] R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [3/25/2009 1:24 PM 103760] R0 SBAlg;SBAlg;c:\windows\system32\drivers\SbAlg.sys [8/13/2008 8:51 AM 44976] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [3/25/2009 1:25 PM 6496] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [5/1/2008 5:23 AM 24064] R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [12/15/2011 11:53 AM 228208] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [3/11/2012 1:48 PM 71440] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [3/11/2012 1:48 PM 164112] R1 RsvLock;RsvLock;c:\windows\system32\drivers\RsvLock.sys [3/25/2009 1:25 PM 33328] R1 SbFlop;SbFlop;c:\windows\system32\drivers\SbFlop.sys [3/25/2009 1:24 PM 34480] R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\SbPrcCtl.sys [3/25/2009 1:25 PM 15248] R2 acautoup;ActivClient Auto-Update Service;c:\program files\ActivIdentity\ActivClient\acautoup.exe [9/14/2009 6:05 AM 46120] R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [9/14/2009 6:04 AM 198184] R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.382.0\BBSvc.EXE [4/16/2012 5:49 PM 193616] R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [6/15/2010 11:57 AM 1498224] R2 FIMPasswordReset;Forefront Identity Manager Password Reset Client Service;c:\program files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [1/28/2012 9:01 PM 75608] R2 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [4/25/2011 2:13 PM 35696] R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [12/16/2009 9:31 PM 222528] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [1/6/2010 8:07 PM 22816] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [9/14/2009 5:04 AM 69192] R2 radsched;HPCA Scheduler Daemon;c:\progra~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe [4/21/2010 4:16 AM 190184] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [3/11/2012 1:48 PM 931640] R2 SafeBootClientManager;SafeBoot Client Manager;c:\program files\McAfee\Endpoint Encryption for PC\SbClientManager.exe [3/25/2009 1:26 PM 380988] R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [4/6/2007 4:46 AM 13619] R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [9/14/2009 6:03 AM 9493] R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [4/6/2007 4:46 AM 13647] R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [9/14/2009 6:03 AM 10161] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [5/24/2010 9:41 PM 193840] R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [9/14/2009 5:06 AM 44680] R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [9/14/2009 5:06 AM 107960] R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [9/14/2009 5:06 AM 38680] R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [9/14/2009 5:06 AM 35552] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/17/2007 4:33 AM 41216] R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [8/8/2011 1:35 PM 21520] S2 radexecd;HPCA Notify Daemon;c:\progra~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe [4/21/2010 4:13 AM 300776] S2 Radstgms;HPCA MSI Redirector;c:\progra~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe [4/21/2010 4:17 AM 333544] S3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [12/11/2007 12:09 PM 27008] S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.382.0\SeaPort.EXE [4/16/2012 5:49 PM 240208] S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [9/14/2009 5:06 AM 44680] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 1:25 AM 25112] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/25/2012 11:04 PM 32072] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [9/14/2009 5:04 AM 66600] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Office14\GROOVE.EXE [6/12/2011 12:15 PM 31125880] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000] S3 RadiaMsi;RadiaMsi;c:\windows\system32\drivers\radiamsi.sys [9/10/2009 11:20 PM 29072] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [9/14/2009 2:11 PM 14336] S3 WISOVD;WISOVD;\??\c:\program files\WinISO Computing\WinISO\bin\driver\WISOVD_xp.sys --> c:\program files\WinISO Computing\WinISO\bin\driver\WISOVD_xp.sys [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - RAPPORTIASO . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 WINRM REG_MULTI_SZ WINRM hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs vpnva mssqlserver . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-03-17 22:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{922E8525-AC7E-4294-ACAA-43712D4423C0}] 2007-04-06 18:36 188416 ----a-w- c:\program files\Common Files\Hewlett-Packard\ActSet\HpActSet.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9AC2D554-AC12-4F1F-AAB9-E6363ADE5381}] 2007-04-06 18:36 188416 ----a-w- c:\program files\Common Files\Hewlett-Packard\ActSet\HpActSet.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AC194855-F7AC-4D04-B4C9-07BA46FCB697}] 2007-04-06 18:36 188416 ----a-w- c:\program files\Common Files\Hewlett-Packard\ActSet\HpActSet.exe . Contents of the 'Scheduled Tasks' folder . 2012-04-16 c:\windows\Tasks\Defrag-Scheduled-Weekly.job - c:\program files\Hewlett-Packard\PC Hard Drive Maintenance\PCHardDriveMaintenance.exe [2010-05-14 16:08] . 2012-04-26 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job - c:\progra~1\HEWLET~1\PCCOE~1\Aimsi.dll [2006-07-20 19:23] . 2012-04-26 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job - c:\progra~1\HEWLET~1\PCCOE~1\Aimsi.dll [2006-07-20 19:23] . 2012-04-26 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job - c:\progra~1\HEWLET~1\PCCOE~1\clinvsi.dll [2008-09-07 19:08] . 2012-04-26 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job - c:\program files\Hewlett-Packard\PC COE\coetl32.exe [2007-06-24 10:27] . 2012-04-26 c:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job - c:\progra~1\HEWLET~1\PCCOE~1\critupsi.dll [1998-10-21 17:29] . 2012-04-26 c:\windows\Tasks\Maint.job - c:\program files\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28 19:35] . 2012-04-26 c:\windows\Tasks\NetLogonRestarter-Scheduled.job - c:\program files\Hewlett-Packard\NetLogon Restarter\NetLogonRestarter.exe [2010-09-16 22:16] . 2012-04-26 c:\windows\Tasks\pcpm-collector.job - c:\program files\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28 19:35] . 2012-04-26 c:\windows\Tasks\pcpm-consolidator.job - c:\program files\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28 19:35] . 2012-04-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-1383384898-515967899-1700543.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25] . 2012-04-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-1383384898-515967899-1700543.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25] . 2012-04-26 c:\windows\Tasks\sc-healthcheck.job - c:\program files\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28 19:35] . 2012-04-26 c:\windows\Tasks\Smart Client.job - c:\program files\SmartClient\Smart.exe [2011-08-19 22:17] . 2012-04-26 c:\windows\Tasks\User_Feed_Synchronization-{8E0A53B3-F4FD-4138-9073-33E84B7A9544}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 10:31] . 2012-04-24 c:\windows\Tasks\XPOff2003Excempt.job - c:\program files\Hewlett-Packard\AST\XPOff2003Excempt.exe [2012-04-10 19:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://pwb.tenncare.nash.tenn/tennessee/ IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {{E270AB82-96D5-45DB-ABE3-0BC038B92334} - c:\program files\Hewlett-Packard\IEToolBar\HP IE Fix.exe Trusted Zone: compaq.com Trusted Zone: compaq.com.ar Trusted Zone: compaq.com.br Trusted Zone: compaq.com.co Trusted Zone: compaq.com.mx Trusted Zone: compaq.com.sg Trusted Zone: compaq.com.ve Trusted Zone: cpqcorp.net Trusted Zone: dcu.org Trusted Zone: eds.com Trusted Zone: hp.com Trusted Zone: hpqcorp.net TCP: DhcpNameServer = 10.170.0.2 10.170.1.2 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {D5B680E5-9C5F-45E0-A97C-521D4F281173} - hxxp://msps.tenncare.nash.tenn/PWA/_layouts/pwa/objects/1033/pjcintl.cab DPF: {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} - hxxp://msps.tenncare.nash.tenn/PWA/_layouts/pwa/objects/pjclient.cab DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://10.172.117.45/qcbin/Spider10.cab FF - ProfilePath - c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\ FF - prefs.js: browser.search.defaulturl - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=MOZO FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?form=MOZPLB&pc=MOZO&q= . - - - - ORPHANS REMOVED - - - - . WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKLM-Run-GetIT - c:\program files\Hewlett-Packard\GetIT\GetIT.exe HKLM_ActiveSetup-{E5BA0430-919F-46DD-B656-0796F8A5ADFF} - msiexec AddRemove-Adobe AIR - c:\program files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-26 17:50 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1612) c:\program files\McAfee\Endpoint Encryption for PC\SBGINA.DLL c:\program files\McAfee\Endpoint Encryption for PC\SbGinaLib.dll c:\program files\McAfee\Endpoint Encryption for PC\SbUserObj.dll c:\program files\McAfee\Endpoint Encryption for PC\sbdbmgr.dll c:\program files\McAfee\Endpoint Encryption for PC\SbComms.dll c:\windows\system32\mspwdgina.dll c:\program files\McAfee\Endpoint Encryption for PC\SBUILIB.DLL c:\windows\system32\ackpbsc.dll c:\windows\system32\aclog.dll c:\windows\system32\accrypto.dll c:\windows\system32\ACLIBEAY.dll c:\windows\system32\acevtsub.dll c:\windows\system32\asphat32.dll c:\windows\system32\acerrmes.dll c:\windows\system32\aspcom.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll c:\windows\system32\msi.dll c:\program files\McAfee\Endpoint Encryption for PC\SbAlgs\SBALG.DLL c:\program files\ActivIdentity\ActivClient\acunlock.dll c:\windows\system32\aipingui.dll c:\windows\system32\aicext.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll . - - - - - - - > 'lsass.exe'(1668) c:\windows\system32\SbNp.dll . - - - - - - - > 'explorer.exe'(4592) c:\windows\system32\WININET.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\ActivIdentity\ActivClient\acevents.exe c:\windows\System32\SCardSvr.exe c:\windows\system32\agrsmsvc.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\oracle\ora92\bin\omtsreco.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\progra~1\HEWLET~1\PCCOE3~1\OVCMS~1\radalert.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\McAfee\VirusScan Enterprise\mfeann.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\McAfee\Common Framework\McTray.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\ActivIdentity\ActivClient\acevents.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe c:\program files\zabkat\xplorer2_lite\xplorer2_lite.exe . ************************************************************************** . Completion time: 2012-04-26 17:57:31 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-26 22:57 . Pre-Run: 32,864,514,048 bytes free Post-Run: 35,791,446,016 bytes free . - - End Of File - - DCA03B267BAAFA7790053CE99192A429
  7. Thank you very much. Sorry, I didn't realize there were code tags in my logs. I assume I can use the "toggle edit mode" to not use tags? Or just copy and paste without making any changes. I did change the font of the text files, maybe that's what did it. I ran Fabar Service Scanner as instructed. Here are the results from the FSS.txt file: Farbar Service Scanner Version: 24-04-2012 Ran by greerste (administrator) on 26-04-2012 at 11:00:09 Running from "D:\#MALWAREBYTES forum\Fabar Service Scanner" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: The start type of Dnscache service is OK. The ImagePath of Dnscache service is OK. The ServiceDll of Dnscache service is OK. Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. Tcpip Service is not running. Checking service configuration: The start type of Tcpip service is OK. The ImagePath of Tcpip service is OK. IpSec Service is not running. Checking service configuration: The start type of IpSec service is OK. The ImagePath of IpSec service is OK. Connection Status: ============== Localhost is blocked. There is no connection to network. Attempt to access Google IP returned error: Other errors Attempt to access Yahoo IP returned error: Other errors Windows Firewall: ============= sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is OK. The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=DWORD:0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist. Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist. Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist. Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys [2009-09-14 14:11] - [2008-04-14 07:00] - 0075264 ____A () 57D6250C34C1255FAFCBC89F9612F3E7 C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll [2009-09-14 14:11] - [2009-02-09 05:56] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2 C:\WINDOWS\system32\services.exe [2009-09-14 14:11] - [2009-02-06 06:06] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6 Extra List: ======= AegisP(12) DNE(10) FireTDI(8) Gpc(6) IPSec(4) mfetdik(8) NetBT(5) PSched(7) Tcpip(3) 0x0C0000000400000001000000020000000300000008000000050000000600000007000000090000000A0000000B0000000C000000 IpSec Tag value is correct. **** End of log ****
  8. Hello folks, Yesterday (Tue. 4/24/12) I was infected with the Smart Fortress 2012 virus. This is one of the standard fake anti-virus programs. It stopped me from running most programs, blocked my internet and even basic network access. Little did I know, but it also stopped my System Restore from working properly. I did some searching and found instructions on how to remove the virus by registering with its fixed registration code, which let me run programs again, then ran Malwarebytes which was supposed to remove Smart Fortress 2012. Well, it seemed to work, BUT, I still have no network connections, and of course can't access the internet. I cannot "Repair" my network connections, as when I try I get the message "Windows could not finish repairing the problem because the following action cannot be completed: Failed to query TCP/IP settings of the connection. Cannot Proceed." This happens with my Local Area Connection and Wireless connections. After a day of searching around, I've tried a few things and have exhausted my options, so I come to you for help. What I've tried: netsh int ip reset reset.log netsh int ipv6 reset reset.log netsh winsock reset catalog ipconfig /flushdns Also, when I run "ipconfig /all", I only get this message: "An internal error occurred: The request is not supported." So then after more research, I tried running a system restore going back to a restore point of a day before the infection (Mon. 4/23/12) and even last week. No success. It lets me choose a date to restore to/from, then goes through its process, reboots, etc. then tells me that no changes were made. It does NOT re-install the Smart Fortress 2012 virus, however, thankfully. It just seems like the virus has somehow disabled system restore from working properly. As it stands, I seem to have two issues. I think Smart Fortress 2012 is removed, but some of the changes it made seem to be left-over. Issue #1: No network connectivity Issue #2: System restore not working properly (but not disabled) I've followed the instructions to download and run dss.com. I am including the DSS.txt and Attach.txt logs below, generated by running dss.com. I will truly appreciate any assistance you can offer. THANK YOU! Here's DDS.TXT: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24 Run by greerste at 23:19:11 on 2012-04-25 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2972.1951 [GMT -5:00] . AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} FW: McAfee Host Intrusion Prevention Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\WINDOWS\System32\svchost.exe -k netsvcs c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe C:\Program Files\ActivIdentity\ActivClient\acautoup.exe C:\Program Files\ActivIdentity\ActivClient\accoca.exe C:\WINDOWS\system32\agrsmsvc.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\oracle\ora92\bin\omtsreco.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radalert.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\RA2HP\HPRAService.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\Microsoft Office Communicator\communicator.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\GetITIcon\GetITShell.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ActivIdentity\ActivClient\acsagent.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\zabkat\xplorer2_lite\xplorer2_lite.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Microsoft\BingBar\7.1.382.0\SeaPort.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://pwb.tenncare.nash.tenn/tennessee/ uWindow Title = Internet Explorer, optimized for Bing and MSN BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\office14\GROOVEEX.DLL BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.382.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.382.0\BingExt.dll" TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [COEMsgDisplay] c:\program files\hewlett-packard\pc coe\COEMsgDisplay.exe mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe" mRun: [<NO NAME>] mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe" mRun: [iDA] c:\program files\hewlett-packard\pc coe\IDA.EXE mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [GetIT] "c:\program files\hewlett-packard\getit\GetIT.exe" mRun: [safeBootTrayManager] "c:\program files\safeboot tray manager\SbTrayManager.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [PasswordRegistration] c:\windows\system32\MsPwdRegistration.exe mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [HPRAService] c:\program files\ra2hp\HPRAService.exe mRun: [eepc_SmartClient] c:\program files\smartclient\Smart.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [GetITIcon] c:\program files\hewlett-packard\getiticon\GetITShell.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [XPOff2003Excempt] c:\program files\hewlett-packard\ast\XPOff2003Excempt.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{d25122bc-a60e-4663-b602-b01718f12044}\Icon3E5562ED7.ico uPolicies-explorer: NoWindowsUpdate = 0 (0x0) mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1) mPolicies-system: HideFastUserSwitching = 1 (0x1) mPolicies-system: DisableNT4Policy = 1 (0x1) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {E270AB82-96D5-45DB-ABE3-0BC038B92334} - c:\program files\hewlett-packard\ietoolbar\HP IE Fix.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: compaq.com Trusted Zone: compaq.com.ar Trusted Zone: compaq.com.br Trusted Zone: compaq.com.co Trusted Zone: compaq.com.mx Trusted Zone: compaq.com.sg Trusted Zone: compaq.com.ve Trusted Zone: cpqcorp.net Trusted Zone: dcu.org Trusted Zone: eds.com Trusted Zone: hp.com Trusted Zone: hpqcorp.net DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} - hxxp://10.172.117.45/qcbin/capicom.dll DPF: {857ABA85-8AB2-4C9E-8FAA-D2A963739859} - hxxps://digitalbadge.external.hp.com/hp/HPPKI.cab DPF: {87A7D186-27E6-11D3-A4CB-00C04F72C232} - hxxp://pve.corp.hp.com/APP/VIEWER/appl/sagraphicview.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://digitalbadge.external.hp.com/hp/capicom.cab DPF: {AB01FF2E-A848-410C-B47B-CB467C476AD9} - hxxps://digitalbadge.external.hp.com/hp/HPPKI.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D5B680E5-9C5F-45E0-A97C-521D4F281173} - hxxp://msps.tenncare.nash.tenn/PWA/_layouts/pwa/objects/1033/pjcintl.cab DPF: {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} - hxxp://msps.tenncare.nash.tenn/PWA/_layouts/pwa/objects/pjclient.cab DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://10.172.117.45/qcbin/Spider10.cab TCP: DhcpNameServer = 10.170.0.2 10.170.1.2 TCP: Interfaces\{6717FA1B-0E1C-4890-AF23-69A72DE7112C} : DhcpNameServer = 10.170.0.2 10.170.1.2 Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL Notify: ackpbsc - c:\windows\system32\ackpbsc.dll Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\office14\GROOVEEX.DLL LSA: Notification Packages = SbNp scecli mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" mASetup: {922E8525-AC7E-4294-ACAA-43712D4423C0} - "c:\program files\common files\hewlett-packard\actset\HpActSet.exe" mASetup: {9AC2D554-AC12-4F1F-AAB9-E6363ADE5381} - "c:\program files\common files\hewlett-packard\actset\HpActSet.exe" mASetup: {AC194855-F7AC-4D04-B4C9-07BA46FCB697} - "c:\program files\common files\hewlett-packard\actset\HpActSet.exe" mASetup: {E5BA0430-919F-46DD-B656-0796F8A5ADFF} - msiexec /fu {E5BA0430-919F-46DD-B656-0796F8A5ADFF} /qn . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\greerste\application data\mozilla\firefox\profiles\5os093az.default\ FF - prefs.js: browser.search.defaulturl - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=MOZO FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?form=MOZPLB&pc=MOZO&q= FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\progra~1\office14\NPAUTHZ.DLL FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-14 344304] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-3-11 56208] R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2009-3-25 103760] R0 SBAlg;SBAlg;c:\windows\system32\drivers\SbAlg.sys [2008-8-13 44976] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2009-3-25 6496] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-5-1 24064] R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208] R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-3-11 71440] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-3-11 164112] R1 RsvLock;RsvLock;c:\windows\system32\drivers\RsvLock.sys [2009-3-25 33328] R1 SbFlop;SbFlop;c:\windows\system32\drivers\SbFlop.sys [2009-3-25 34480] R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\SbPrcCtl.sys [2009-3-25 15248] R2 acautoup;ActivClient Auto-Update Service;c:\program files\actividentity\activclient\acautoup.exe [2009-9-14 46120] R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2009-9-14 198184] R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2010-6-15 1498224] R2 FIMPasswordReset;Forefront Identity Manager Password Reset Client Service;c:\program files\microsoft forefront identity manager\2010\password reset client service\PwdMgmtProxy.exe [2012-1-28 75608] R2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2011-4-25 35696] R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2009-12-16 222528] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-1-6 22816] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-5-19 120128] R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-1-6 147472] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-1-6 66896] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-9-14 69192] R2 radsched;HPCA Scheduler Daemon;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radsched.exe [2010-4-21 190184] R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-3-11 931640] R2 SafeBootClientManager;SafeBoot Client Manager;c:\program files\mcafee\endpoint encryption for pc\SbClientManager.exe [2009-3-25 380988] R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960] R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [2007-4-6 13619] R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [2009-9-14 9493] R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [2007-4-6 13647] R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [2009-9-14 10161] R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.382.0\SeaPort.EXE [2012-4-16 240208] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-5-24 193840] R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2009-9-14 44680] R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2009-9-14 107960] R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2009-9-14 38680] R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2009-9-14 35552] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-17 41216] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-4-25 32072] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-25 40776] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-14 91832] R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-8 21520] S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.382.0\BBSvc.EXE [2012-4-16 193616] S2 radexecd;HPCA Notify Daemon;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radexecd.exe [2010-4-21 300776] S2 Radstgms;HPCA MSI Redirector;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\Radstgms.exe [2010-4-21 333544] S3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [2007-12-11 27008] S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2009-9-14 44680] S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-14 43288] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-9-14 66600] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\office14\GROOVE.EXE [2011-6-12 31125880] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 RadiaMsi;RadiaMsi;c:\windows\system32\drivers\radiamsi.sys [2009-9-10 29072] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2009-9-14 14336] S3 WISOVD;WISOVD;\??\c:\program files\winiso computing\winiso\bin\driver\wisovd_xp.sys --> c:\program files\winiso computing\winiso\bin\driver\WISOVD_xp.sys [?] . =============== Created Last 30 ================ . 2012-04-26 04:04:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-04-26 04:04:49 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-04-26 03:11:24 -------- d-----w- c:\program files\VS Revo Group 2012-04-26 02:00:34 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2012-04-26 00:26:14 40328 ----a-w- c:\windows\system32\HIPIS0e011b5.dll 2012-04-25 19:01:44 -------- d-----w- C:\REGISTRY BACKUP 2012-04-24 21:12:34 -------- d-----w- c:\documents and settings\greerste\application data\Malwarebytes 2012-04-24 21:11:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-04-24 21:11:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-24 21:11:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-24 20:56:39 389120 ----a-w- c:\windows\system32\explorer.exe 2012-04-24 18:47:58 -------- d-----w- c:\documents and settings\greerste\local settings\application data\{F7C06562-8E3D-11E1-826D-B8AC6F996F26} 2012-04-24 18:47:33 0 --sha-w- c:\windows\system32\dds_trash_log.cmd 2012-04-24 18:46:54 -------- d-----w- c:\documents and settings\all users\application data\F4D55F3B002F77DD0003FDA7D151FC4E 2012-04-23 14:42:33 8071760 ----a-w- c:\documents and settings\all users\application data\microsoft\bingbar\bbsvc\7.1.382.0oemBingBarSetup-Partner.EXE 2012-04-20 14:33:44 -------- d-----w- c:\documents and settings\greerste\application data\HpUpdate 2012-04-20 14:33:35 -------- d-----w- c:\windows\Hewlett-Packard 2012-04-13 08:24:22 -------- d-----w- c:\program files\FastStone Image Viewer 2012-04-13 07:17:11 -------- d-----w- c:\documents and settings\greerste\local settings\application data\photoOptimizeHistoryDataBase 2012-04-13 07:17:10 -------- d-----w- c:\documents and settings\greerste\local settings\application data\Ashampoo Photo Optimizer 3 2012-04-13 07:14:06 -------- d-----w- c:\documents and settings\all users\Documents 2012-04-13 07:13:55 -------- d-----w- c:\program files\Ashampoo 2012-04-13 07:08:01 -------- d-----w- c:\documents and settings\greerste\application data\XnView 2012-04-13 07:04:44 -------- d-----w- c:\program files\XnView 2012-04-13 07:03:19 -------- d-----w- c:\program files\IrfanView 2012-04-01 05:20:56 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-04-01 05:20:56 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2012-04-01 05:19:46 -------- d-----w- c:\program files\iPod 2012-04-01 05:19:42 -------- d-----w- c:\program files\iTunes 2012-04-01 05:19:42 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2012-04-01 05:18:37 -------- d-----w- c:\program files\Bonjour . ==================== Find3M ==================== . 2012-04-13 03:47:32 143008 ----a-w- c:\windows\system32\KevlarSigs.dll 2012-03-11 18:48:50 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2012-03-09 17:09:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec 2012-02-14 17:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-29 02:01:10 29528 ----a-w- c:\windows\system32\MsPwdGina.dll 2012-01-29 02:01:10 26984 ----a-w- c:\windows\system32\MsPwdRegistration.exe 2012-01-29 02:01:09 1242464 ----a-w- c:\windows\system32\GateFramework.dll . ============= FINISH: 23:22:04.42 =============== Here's Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 5/24/2010 9:37:18 PM System Uptime: 4/25/2012 7:23:01 PM (4 hours ago) . Motherboard: Hewlett-Packard | | 30DD Processor: Intel® Core2 Duo CPU T9600 @ 2.80GHz | Intel® Genuine processor | 2793/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 30.908 GiB free. D: is Removable H: is FIXED (NTFS) - 932 GiB total, 792.708 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318} Description: Communications Port Device ID: ACPI\PNP0501\5&2239DA31&0 Manufacturer: (Standard port types) Name: Communications Port (COM1) PNP Device ID: ACPI\PNP0501\5&2239DA31&0 Service: Serial . Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318} Description: CD-ROM Drive Device ID: IDE\CDROMHP_DVDRAM_GT30L_________________________MP04____\4&6FF1A8C&0&0.1.0 Manufacturer: (Standard CD-ROM drives) Name: hp DVDRAM GT30L PNP Device ID: IDE\CDROMHP_DVDRAM_GT30L_________________________MP04____\4&6FF1A8C&0&0.1.0 Service: cdrom . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA . ==== System Restore Points =================== . RP450: 3/7/2012 12:27:20 PM - System Checkpoint RP451: 3/8/2012 2:31:14 PM - System Checkpoint RP452: 3/8/2012 4:14:50 PM - Installed Windows Internet Explorer 8. RP453: 3/8/2012 4:16:11 PM - Software Distribution Service 3.0 RP454: 3/9/2012 4:56:04 PM - System Checkpoint RP455: 3/10/2012 7:52:49 PM - System Checkpoint RP456: 3/11/2012 11:12:32 PM - Software Distribution Service 3.0 RP457: 3/12/2012 11:41:49 PM - System Checkpoint RP458: 3/13/2012 9:07:26 AM - Installed Rapport RP459: 3/14/2012 11:05:57 AM - System Checkpoint RP460: 3/14/2012 5:44:52 PM - Software Distribution Service 3.0 RP461: 3/16/2012 1:21:50 PM - System Checkpoint RP462: 3/19/2012 11:52:50 AM - System Checkpoint RP463: 3/19/2012 4:52:13 PM - Installed Windows XP KB2621440. RP464: 3/20/2012 5:12:38 PM - System Checkpoint RP465: 3/21/2012 7:34:30 PM - System Checkpoint RP466: 3/22/2012 10:55:10 AM - Installed SAP BusinessObjects Enterprise XI 3.1 Client Tools SP3 RP467: 3/23/2012 12:17:19 PM - System Checkpoint RP468: 3/26/2012 1:01:26 PM - System Checkpoint RP469: 3/27/2012 1:17:13 PM - System Checkpoint RP470: 3/28/2012 2:45:31 PM - System Checkpoint RP471: 3/29/2012 8:07:26 PM - System Checkpoint RP472: 3/31/2012 2:28:52 PM - System Checkpoint RP473: 4/1/2012 12:19:31 AM - Installed iTunes RP474: 4/5/2012 2:10:20 AM - System Checkpoint RP475: 4/11/2012 8:30:39 PM - System Checkpoint RP476: 4/12/2012 8:36:08 PM - System Checkpoint RP477: 4/15/2012 10:05:46 PM - System Checkpoint RP478: 4/17/2012 1:09:40 PM - System Checkpoint RP479: 4/17/2012 10:12:25 PM - Software Distribution Service 3.0 RP480: 4/18/2012 11:12:25 PM - System Checkpoint RP481: 4/20/2012 3:31:40 PM - System Checkpoint RP482: 4/23/2012 11:17:11 AM - System Checkpoint RP483: 4/24/2012 3:47:06 PM - Installed Rapport RP484: 4/25/2012 10:32:03 AM - Post 'Smart-Fortress 2012' malware removal RP485: 4/25/2012 2:31:40 PM - Restore Operation RP486: 4/25/2012 3:51:38 PM - Restore Operation RP487: 4/25/2012 5:22:29 PM - Restore Operation RP488: 4/25/2012 5:36:38 PM - Restore Operation . ==== Installed Programs ====================== . . 32 Bit HP CIO Components Installer 7-Zip 9.15 beta AC3Filter 1.63b Acrobat Professional Acrobat.com ActivClient ActivIdentity Device Installer Adobe Acrobat 9.2.0 - CPSID_50026 Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Agere Systems HDA Modem ALTools Update Anti-Twin (Installation 10/5/2010) Apple Application Support Apple Mobile Device Support Apple Software Update Ashampoo Photo Optimizer 3 v.3.13 Audacity 1.3.13 (Unicode) AudioShell 1.3.5 Auslogics Disk Defrag Avaya CMS Supervisor R15 Belarc Advisor 8.2 Bing Bar Bonjour BufferChm C4400 C4400_Help Cards_Calendar_OrderGift_DoMorePlugout CCleaner Cisco Systems VPN Client 4.8.01.0300 Copy CustomerResearchQFolder Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destination Component DeviceDiscovery DeviceManagementQFolder DocProc DocProcQFolder DVD Shrink 3.2 ECL Viewer eSupportQFolder Everything 1.2.1.371 Exact Audio Copy 1.0beta3 Fast Duplicate File Finder 3.0.0.1 FastStone Image Viewer 4.6 FastStone Photo Resizer 3.1 ffdshow v1.1.3562 [2010-09-07] FFmpeg v0.6.2 for Audacity File Shredder 2.0 FileNet IDM Viewer 3.3 FLAC 1.2.1b (remove only) foobar2000 v1.1.10 Forefront Identity Manager Add-ins and Extensions FreeCommander 2009.02a Get IT Icon GetDiz GPBaseService GroupWise GroupWise Desktop Migrator GUIPDFTK Hawking Technologies HWUG1 Wireless-G USB Adapter Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB944043-v3) Hotfix for Windows XP (KB949764) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB953955) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB955567) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB961853-v2) Hotfix for Windows XP (KB969262) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB971421) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP 3D DriveGuard HP Client Automation Application Manager Agent HP Client Management Interface 1.00 D8 HP Customer Participation Program 10.0 HP Fonts HP Imaging Device Functions 10.0 HP Integrated Module with Bluetooth wireless technology HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3 HP Photosmart Essential 2.5 HP Quick Launch Buttons 6.40 D3 HP Smart Web Printing HP Solution Center 10.0 HP Update HP Virtual Rooms 8.0 HP Wireless Assistant HPPhotoSmartPhotobookWebPack1 HPProductAssistant HPSSupply ID3-TagIT 3 ImgBurn Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager Internet Explorer Self Help Tool InterVideo DVD Check InterVideo Register Manager InterVideo WinDVD IrfanView (remove only) ISO Workshop 2.0 iTunes Japanese Fonts Support For Adobe Reader 9 JDownloader 0.9 Kat CD Ripper Korean Fonts Support For Adobe Reader 9 LADSPA_plugins-win-0.4.15 Lexmark Printer Software Uninstall LightScribe System Software 1.12.37.1 Malwarebytes Anti-Malware version 1.61.0.1400 MarketResearch McAfee Agent McAfee AntiSpyware Enterprise Module McAfee Host Intrusion Prevention McAfee SiteAdvisor Enterprise Plus McAfee VirusScan Enterprise MediaMonkey 4.0 Medieval CUE Splitter Messaging API and Collaboration Data Objects 1.2.1 Microsoft .NET Framework (English) Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.0 Hotfix (KB928367) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2007 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote 2003 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Edition 2003 Microsoft Office Professional Plus 2007 Microsoft Office Professional Plus 2010 Microsoft Office Project 2007 Service Pack 3 (SP3) Microsoft Office Project MUI (English) 2007 Microsoft Office Project Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Visio 2007 Service Pack 3 (SP3) Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2003 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office Word MUI (English) 2010 Microsoft redistributable runtime DLLs VS2008 SP1(x86) Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft Software Update for Web Folders (English) 14 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft VC90 CRT + OMP Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Runtime Microsoft WSE 3.0 Runtime Monkey's Audio Mozilla Firefox 11.0 (x86 en-US) Mp3tag v2.49 MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6.0 Parser MSXML4.0 redistributable MWSnap 3 NirSoft SysExporter Notepad++ OCR Software by I.R.I.S. 10.0 Office Communicator 2007 R2 PanoStandAlone Password Safe PC COE PC COE Required Settings PC Hard Drive Maintenance PDFCreator PIXresizer 2.0.4 PS_AIO_03_C4400_ProductContext PS_AIO_03_C4400_Software PS_AIO_03_C4400_Software_Min PSSWCORE PuTTY version 0.60 QuickTime Rapport RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Remote Access to HP Network 6.2 Revo Uninstaller 1.93 Revo Uninstaller Pro 2.5.8 Roxio Activation Module Roxio Creator Audio Roxio Creator Business Roxio Creator Business v10 Roxio Creator Copy Roxio Creator Data Roxio Creator Tools Roxio Express Labeler 3 SAP Business Explorer SAP BusinessObjects Enterprise XI 3.1 Client Tools SP3 SAP GUI for Windows 7.20 SAP JNet SAP Netweaver Business Client SapInstSelectorv2 Scan Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB2482017) Security Update for Windows Internet Explorer 7 (KB2497640) Security Update for Windows Internet Explorer 7 (KB2530548) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2559049) Security Update for Windows Internet Explorer 7 (KB2647516) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Shop for HP Supplies SmartWebPrintingOC Snagit 10 SolutionCenter StartNow Toolbar Status Sun JRE 1.6.0 Synaptics Pointing Device Driver Toolbox Trader's Little Helper 2.6.0 TrayApp UnloadSupport Unlocker 1.9.0 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2641690) Update for Windows XP (KB898461) Update for Windows XP (KB943729) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB978207) Update for Windows XP (KB980182) vcredist_x86 VideoToolkit01 VirtualDJ Home FREE VLC media player 1.1.11 WebFldrs XP WebReg Winamp Winamp Detector Plug-in Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Enterprise Deployment Windows Search 4.0 WMP Tag Plus 1.2 Xcelsius 2008 Xiph.Org Open Codecs 0.84.17359 XnView 1.98.8 XnView Shell Extension 3.2.0 XP Netlogon Service Restarter xplorer² lite 32 bit . ==== Event Viewer Messages From Past Week ======== . 4/25/2012 5:06:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/25/2012 5:06:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BANTExt Cdrom Fips Imapi intelppm IPSec mfehidk RapportKELL redbook RsvLock SbPrcCtl Tcpip 4/25/2012 5:00:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt Cdrom Fips FireTDI Imapi intelppm IPSec mfehidk mfetdik MRxSmb NetBIOS NetBT RapportKELL RasAcd Rdbss redbook RsvLock SbPrcCtl Tcpip 4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning. 4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:51:45 PM, error: Service Control Manager [7001] - The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error: The specified driver is invalid. 4/24/2012 4:51:45 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service or group failed to start. 4/24/2012 4:51:45 PM, error: Service Control Manager [7000] - The IPSEC driver service failed to start due to the following error: The specified driver is invalid. 4/24/2012 4:51:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi IPSec redbook Tcpip 4/24/2012 4:50:37 PM, error: System Error [1003] - Error code 1000000a, parameter1 000000b0, parameter2 00000002, parameter3 00000000, parameter4 804ef42a. 4/24/2012 4:48:42 PM, error: Service Control Manager [7024] - The HPCA MSI Redirector service terminated with service-specific error 0 (0x0). 4/24/2012 4:48:42 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified. 4/24/2012 4:48:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Intel® Matrix Storage Event Monitor service to connect. 4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:48:42 PM, error: Service Control Manager [7000] - The Intel® Matrix Storage Event Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/24/2012 4:48:41 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/24/2012 4:44:30 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created. 4/24/2012 4:07:34 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/24/2012 4:07:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect. 4/24/2012 3:46:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi redbook 4/24/2012 1:52:59 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:51:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect. 4/24/2012 1:51:30 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/24/2012 1:51:00 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Enterprise Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:56 PM, error: Service Control Manager [7000] - The Forefront Identity Manager Password Reset Client Service service failed to start due to the following error: Access is denied. 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The HPCA Scheduler Daemon service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The HPCA MSI Redirector service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The Com4QLBEx service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The BingBar Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:31 PM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The SafeBoot Client Manager service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The OracleMTSRecoveryService service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The McAfee Task Manager service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The McAfee Engine Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Indexing Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The HPCA Notify Daemon service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The ActivClient Middleware Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The ActivClient Auto-Update Service service terminated unexpectedly. It has done this 1 time(s). 4/24/2012 1:50:30 PM, error: Service Control Manager [7031] - The Forefront Identity Manager Password Reset Client Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service. 4/24/2012 1:50:30 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 4/24/2012 1:48:26 PM, error: Service Control Manager [7023] - The SISNICXP service terminated with the following error: The specified module could not be found. 4/23/2012 9:14:49 AM, error: Dhcp [1002] - The IP address lease 10.1.10.33 for the Network Card with network address D8D3852B4014 has been denied by the DHCP server 10.170.0.2 (The DHCP Server sent a DHCPNACK message). 4/21/2012 11:25:19 AM, error: Dhcp [1002] - The IP address lease 10.171.124.72 for the Network Card with network address D8D3852B4014 has been denied by the DHCP server 10.1.10.1 (The DHCP Server sent a DHCPNACK message). 4/21/2012 10:52:02 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code. 4/20/2012 10:23:09 AM, error: NETLOGON [5783] - The session setup to the Windows NT or Windows 2000 Domain Controller \\g4w0040.americas.hpqcorp.net for the domain AMERICAS is not responsive. The current RPC call from Netlogon on \\SGREER1 to \\g4w0040.americas.hpqcorp.net has been cancelled. 4/19/2012 9:35:00 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'BootCode.ini' on the volume 'Disk0'. It has stopped monitoring the volume. 4/19/2012 9:29:25 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/19/2012 9:11:54 AM, error: Dhcp [1002] - The IP address lease 192.168.1.6 for the Network Card with network address D8D3852B4014 has been denied by the DHCP server 10.170.0.2 (The DHCP Server sent a DHCPNACK message). 4/18/2012 10:10:31 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting. 4/18/2012 10:10:31 AM, error: NETLOGON [5719] - No Domain Controller is available for domain AMERICAS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. 4/18/2012 10:09:12 AM, error: Service Control Manager [7001] - The Windows Search service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.