Jump to content

JD_Hupp

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

Reputation

0 Neutral
  1. JD_Hupp
    I'm getting recurring infections after removals by MBAM and SAS. Also search redirects. Could someone please have a look? Here are my OTL.txt and Extras.txt results (Quick Scan, All Users): OTL logfile created on: 4/11/2011 8:34:57 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free Paging file location(s): [binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 29.29 Gb Total Space | 16.43 Gb Free Space | 56.09% Space Free | Partition Type: NTFS Drive D: | 119.75 Gb Total Space | 10.49 Gb Free Space | 8.76% Space Free | Partition Type: NTFS Computer Name: RICK | User Name: Rick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/04/11 20:33:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2011/01/17 17:15:32 | 000,822,560 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcupdate.exe PRC - [2011/01/17 16:15:32 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe PRC - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe PRC - [2010/10/13 23:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe PRC - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe PRC - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2008/05/14 12:56:46 | 000,602,112 | ---- | M] (Remote Backup Systems, Inc.) -- C:\Program Files\Remote Backup\rbackup.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005/01/07 17:30:56 | 000,864,256 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe PRC - [2003/02/11 18:48:40 | 001,741,280 | ---- | M] () -- C:\Service2000DBS\DLC\bin\_mprshut.exe PRC - [2003/02/11 18:48:26 | 001,371,312 | ---- | M] () -- C:\Service2000DBS\DLC\bin\_mprosrv.exe PRC - [2002/05/06 21:05:32 | 000,020,480 | ---- | M] () -- C:\Service2000DBS\DLC\bin\admsrvc.exe PRC - [2000/06/02 14:11:36 | 000,020,542 | ---- | M] () -- C:\Service2000DBS\DLC\jre\bin\java.exe ========== Modules (SafeList) ========== MOD - [2011/04/11 20:33:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe MOD - [2011/03/09 16:54:14 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011/04/05 18:15:07 | 000,215,552 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\itlpfw32.dll -- (itlperf) SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint) SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2010/10/13 23:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire) SRV - [2010/10/13 23:28:54 | 000,171,168 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2010/10/13 23:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2008/06/15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008/05/14 12:56:46 | 000,602,112 | ---- | M] (Remote Backup Systems, Inc.) [Auto | Running] -- C:\Program Files\Remote Backup\rbackup.exe -- (Remote Backup 2007) SRV - [2002/05/06 21:05:32 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Service2000DBS\DLC\bin\admsrvc.exe -- (AdminService9.1D) ========== Driver Services (SafeList) ========== DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2010/10/13 23:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010/10/13 23:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek) DRV - [2010/10/13 23:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010/10/13 23:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010/10/13 23:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp) DRV - [2010/10/13 23:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk) DRV - [2010/10/13 23:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2010/10/13 23:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k) DRV - [2010/10/13 23:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids) DRV - [2010/10/13 23:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2009/08/14 09:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2009/08/14 09:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2009/03/14 09:38:31 | 000,016,512 | ---- | M] (Windows
  2. JD_Hupp
    Thanks, MrC. Nicely done!
  3. JD_Hupp
    Results of screen317's Security Check version 0.99.9 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner IBM 32-bit Runtime Environment for Java 2, v1.4.1 Java 6 Update 24 IBM 32-bit Runtime Environment for Java 2, v1.4.1 Adobe Flash Player 10.2.152.26 Adobe Reader 9.4.2 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Windows Defender MSASCui.exe Windows Defender MsMpEng.exe Windows Defender MSASCui.exe ``````````End of Log```````````` I plan to install MS Security Essentials, and I already installed Java 6 Update 24, but I didn't realize IBM Java 2 was installed -- looks like that can go. And I should also update Adobe Reader. Anything else?
  4. JD_Hupp
    (I should add that, per instructions, I ran TDSSKiller AFTER the OTL fix.)
  5. JD_Hupp
    Thanks for replying today, MrC. TDSSKiller found nothing. The OTL log after running the pasted-in fix: All processes killed ========== OTL ========== HKU\S-1-5-21-3051222273-2805237116-454046572-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! File move failed. C:\Documents and Settings\pmooney\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk scheduled to be moved on reboot. C:\Documents and Settings\Trinity School\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}\ not found. Folder C:\Documents and Settings\All Users\Application Data\pEpCbKi08200\ not found. C:\WINDOWS\tasks\At2.job moved successfully. C:\WINDOWS\tasks\At1.job moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 32162 bytes ->Temporary Internet Files folder emptied: 1923715 bytes User: pmooney ->Temp folder emptied: 397517787 bytes ->Temporary Internet Files folder emptied: 9822566 bytes ->Java cache emptied: 2021 bytes ->FireFox cache emptied: 79958751 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 41396 bytes User: Trinity School ->Temp folder emptied: 2592946 bytes ->Temporary Internet Files folder emptied: 131109 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 39097 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4795469 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91231566 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 561.00 mb OTL by OldTimer - Version 3.2.22.2 log created on 02282011_202013 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\pmooney\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk not found! Registry entries deleted on Reboot...
  6. JD_Hupp
    I did some research in this forum on removing the System Tool rogue, and the cases I looked at involving a preliminary run with OTL for diagnosis, then another run with a script pasted in to do some critical cleanup, then installing and running MBAM. Our infection wouldn't even let me run OTL. So I got MBAM installed in Safe Mode, ran a Quick Scan there to remove 7 items, then did a Full Scan in regular mode, which found one item in a System Restore point. I ran OTL after this (Scan All Users, Quick Scan). Would someone kindly look at my results below and tell me if you see any remaining signs of infection? (I'm concerned because one of the cases I was looking at earlier involved other recurring infections by System Tool or a perhaps-related Trojan, and multiple tools were used after MBAM to kill everything.) --John Hupp OTL.txt ------- OTL logfile created on: 2/28/2011 3:24:05 PM - Run 1 OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\pmooney\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free Paging file location(s): C:\pagefile.sys 372 744 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 32.75 Gb Total Space | 4.12 Gb Free Space | 12.58% Space Free | Partition Type: NTFS Drive E: | 982.03 Mb Total Space | 982.01 Mb Free Space | 100.00% Space Free | Partition Type: FAT32 Computer Name: IBM-BC682AA1D69 | User Name: pmooney | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/02/28 11:23:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pmooney\Desktop\OTL.exe PRC - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2009/11/19 10:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe PRC - [2009/07/23 10:58:12 | 000,341,280 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SAService.exe PRC - [2009/07/06 09:41:02 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2009/04/29 19:07:00 | 000,144,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe PRC - [2009/04/29 19:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe PRC - [2009/04/29 19:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe PRC - [2009/04/29 19:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe PRC - [2009/04/29 19:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe PRC - [2009/04/29 19:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe PRC - [2008/04/13 19:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/10/18 20:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2007/09/10 21:48:26 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.bin PRC - [2007/09/10 21:47:20 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.exe PRC - [2007/08/28 15:07:32 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.exe PRC - [2006/09/28 04:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006/05/23 22:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkASv2K.exe PRC - [2005/10/18 09:19:07 | 000,071,168 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe PRC - [2004/10/02 04:04:40 | 000,286,787 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe PRC - [2004/10/02 04:03:52 | 000,122,950 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe PRC - [2004/08/18 05:30:00 | 000,708,608 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE PRC - [2004/08/18 05:30:00 | 000,081,920 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE PRC - [2004/08/18 05:30:00 | 000,073,728 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE PRC - [2004/08/06 21:26:28 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe PRC - [2004/08/05 19:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe PRC - [2004/07/22 04:01:00 | 000,442,368 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe PRC - [2004/07/15 23:51:14 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe PRC - [2004/04/01 09:52:06 | 001,368,064 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe PRC - [2004/03/19 15:21:10 | 000,339,968 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe PRC - [2004/03/19 14:12:10 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe PRC - [2003/08/06 15:08:00 | 000,086,016 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe PRC - [2003/07/11 20:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe PRC - [2002/01/10 17:01:34 | 000,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe ========== Modules (SafeList) ========== MOD - [2011/02/28 11:23:20 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pmooney\Desktop\OTL.exe MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2009/07/06 09:42:21 | 000,008,704 | ---- | M] () -- C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (PsaSrv) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2009/11/19 10:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service) SRV - [2009/07/23 10:58:12 | 000,341,280 | ---- | M] () [Auto | Running] -- C:\Program Files\SiteAdvisor\6173\SAService.exe -- (SiteAdvisor Service) SRV - [2009/04/29 19:07:00 | 000,144,888 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield) SRV - [2009/04/29 19:07:00 | 000,070,216 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2009/04/29 19:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2009/04/29 19:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService) SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006/09/28 04:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006/05/23 22:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv) SRV - [2005/10/18 09:19:07 | 000,071,168 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s) SRV - [2004/10/02 04:04:40 | 000,286,787 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor) SRV - [2004/10/02 04:03:52 | 000,122,950 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc) SRV - [2004/08/18 05:30:00 | 000,073,728 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC) SRV - [2004/08/05 19:23:10 | 000,308,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC) SRV - [2004/03/19 15:21:10 | 000,339,968 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service) SRV - [2003/07/11 20:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC) SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)) ========== Driver Services (SafeList) ========== DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2009/04/29 19:07:00 | 000,342,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/04/29 19:07:00 | 000,091,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/04/29 19:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2009/04/29 19:07:00 | 000,065,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2009/04/29 19:07:00 | 000,063,696 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2009/04/29 19:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2006/11/15 16:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini) DRV - [2006/06/27 17:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan) DRV - [2006/01/26 13:21:04 | 000,034,686 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C) DRV - [2005/10/18 09:19:07 | 000,069,824 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d) DRV - [2005/09/23 09:50:46 | 000,013,312 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2005/01/25 14:27:14 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005/01/25 14:26:36 | 000,207,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH) DRV - [2005/01/25 14:26:28 | 000,703,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004/09/23 19:39:58 | 000,064,256 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter) DRV - [2004/09/15 13:05:00 | 000,064,512 | ---- | M] (Digital Blue ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STVqx5.sys -- (STVqx5) Digital Blue QX5 DRV - [2004/09/15 13:05:00 | 000,006,144 | ---- | M] (Digital Blue ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STVqx5m.sys -- (STVqx5m) Digital Blue QX5 DRV - [2004/08/29 19:26:58 | 003,151,232 | ---- | M] (Intel
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.