Smart Fortress 2012 post-removal problems, need help

TenYearsGone · April 26, 2012

Hello folks,

Yesterday (Tue. 4/24/12) I was infected with the Smart Fortress 2012 virus. This is one of the standard fake anti-virus programs. It stopped me from running most programs, blocked my internet and even basic network access. Little did I know, but it also stopped my System Restore from working properly.

I did some searching and found instructions on how to remove the virus by registering with its fixed registration code, which let me run programs again, then ran Malwarebytes which was supposed to remove Smart Fortress 2012. Well, it seemed to work, BUT, I still have no network connections, and of course can't access the internet. I cannot "Repair" my network connections, as when I try I get the message "Windows could not finish repairing the problem because the following action cannot be completed: Failed to query TCP/IP settings of the connection. Cannot Proceed." This happens with my Local Area Connection and Wireless connections. After a day of searching around, I've tried a few things and have exhausted my options, so I come to you for help.

What I've tried:

netsh int ip reset reset.log

netsh int ipv6 reset reset.log

netsh winsock reset catalog

ipconfig /flushdns

Also, when I run "ipconfig /all", I only get this message: "An internal error occurred: The request is not supported."

So then after more research, I tried running a system restore going back to a restore point of a day before the infection (Mon. 4/23/12) and even last week. No success. It lets me choose a date to restore to/from, then goes through its process, reboots, etc. then tells me that no changes were made. It does NOT re-install the Smart Fortress 2012 virus, however, thankfully. It just seems like the virus has somehow disabled system restore from working properly.

As it stands, I seem to have two issues. I think Smart Fortress 2012 is removed, but some of the changes it made seem to be left-over.

Issue #1: No network connectivity

Issue #2: System restore not working properly (but not disabled)

I've followed the instructions to download and run dss.com. I am including the DSS.txt and Attach.txt logs below, generated by running dss.com. I will truly appreciate any assistance you can offer. THANK YOU!

Here's DDS.TXT:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Run by greerste at 23:19:11 on 2012-04-25

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2972.1951 [GMT -5:00]

.

AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

FW: McAfee Host Intrusion Prevention Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe

C:\Program Files\ActivIdentity\ActivClient\acautoup.exe

C:\Program Files\ActivIdentity\ActivClient\accoca.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe

C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe

C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\oracle\ora92\bin\omtsreco.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe

C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radalert.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe

C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe

C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\RA2HP\HPRAService.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\Microsoft Office Communicator\communicator.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Hewlett-Packard\GetITIcon\GetITShell.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\zabkat\xplorer2_lite\xplorer2_lite.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Microsoft\BingBar\7.1.382.0\SeaPort.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://pwb.tenncare.nash.tenn/tennessee/

uWindow Title = Internet Explorer, optimized for Bing and MSN

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\office14\GROOVEEX.DLL

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.382.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.382.0\BingExt.dll"

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [COEMsgDisplay] c:\program files\hewlett-packard\pc coe\COEMsgDisplay.exe

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"

mRun: [<NO NAME>]

mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"

mRun: [iDA] c:\program files\hewlett-packard\pc coe\IDA.EXE

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [GetIT] "c:\program files\hewlett-packard\getit\GetIT.exe"

mRun: [safeBootTrayManager] "c:\program files\safeboot tray manager\SbTrayManager.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [PasswordRegistration] c:\windows\system32\MsPwdRegistration.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [HPRAService] c:\program files\ra2hp\HPRAService.exe

mRun: [eepc_SmartClient] c:\program files\smartclient\Smart.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [GetITIcon] c:\program files\hewlett-packard\getiticon\GetITShell.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [XPOff2003Excempt] c:\program files\hewlett-packard\ast\XPOff2003Excempt.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{d25122bc-a60e-4663-b602-b01718f12044}\Icon3E5562ED7.ico

uPolicies-explorer: NoWindowsUpdate = 0 (0x0)

mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)

mPolicies-system: HideFastUserSwitching = 1 (0x1)

mPolicies-system: DisableNT4Policy = 1 (0x1)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {E270AB82-96D5-45DB-ABE3-0BC038B92334} - c:\program files\hewlett-packard\ietoolbar\HP IE Fix.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: compaq.com

Trusted Zone: compaq.com.ar

Trusted Zone: compaq.com.br

Trusted Zone: compaq.com.co

Trusted Zone: compaq.com.mx

Trusted Zone: compaq.com.sg

Trusted Zone: compaq.com.ve

Trusted Zone: cpqcorp.net

Trusted Zone: dcu.org

Trusted Zone: eds.com

Trusted Zone: hp.com

Trusted Zone: hpqcorp.net

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab

DPF: {3605B612-C3CF-4AB4-A426-2D853391DB2E} - hxxp://10.172.117.45/qcbin/capicom.dll

DPF: {857ABA85-8AB2-4C9E-8FAA-D2A963739859} - hxxps://digitalbadge.external.hp.com/hp/HPPKI.cab

DPF: {87A7D186-27E6-11D3-A4CB-00C04F72C232} - hxxp://pve.corp.hp.com/APP/VIEWER/appl/sagraphicview.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://digitalbadge.external.hp.com/hp/capicom.cab

DPF: {AB01FF2E-A848-410C-B47B-CB467C476AD9} - hxxps://digitalbadge.external.hp.com/hp/HPPKI.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D5B680E5-9C5F-45E0-A97C-521D4F281173} - hxxp://msps.tenncare.nash.tenn/PWA/_layouts/pwa/objects/1033/pjcintl.cab

DPF: {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} - hxxp://msps.tenncare.nash.tenn/PWA/_layouts/pwa/objects/pjclient.cab

DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://10.172.117.45/qcbin/Spider10.cab

TCP: DhcpNameServer = 10.170.0.2 10.170.1.2

TCP: Interfaces\{6717FA1B-0E1C-4890-AF23-69A72DE7112C} : DhcpNameServer = 10.170.0.2 10.170.1.2

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll

Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL

Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL

Notify: ackpbsc - c:\windows\system32\ackpbsc.dll

Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\office14\GROOVEEX.DLL

LSA: Notification Packages = SbNp scecli

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

mASetup: {922E8525-AC7E-4294-ACAA-43712D4423C0} - "c:\program files\common files\hewlett-packard\actset\HpActSet.exe"

mASetup: {9AC2D554-AC12-4F1F-AAB9-E6363ADE5381} - "c:\program files\common files\hewlett-packard\actset\HpActSet.exe"

mASetup: {AC194855-F7AC-4D04-B4C9-07BA46FCB697} - "c:\program files\common files\hewlett-packard\actset\HpActSet.exe"

mASetup: {E5BA0430-919F-46DD-B656-0796F8A5ADFF} - msiexec /fu {E5BA0430-919F-46DD-B656-0796F8A5ADFF} /qn

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\greerste\application data\mozilla\firefox\profiles\5os093az.default\

FF - prefs.js: browser.search.defaulturl - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=MOZO

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?form=MOZPLB&pc=MOZO&q=

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\progra~1\office14\NPAUTHZ.DLL

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-14 344304]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-3-11 56208]

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2009-3-25 103760]

R0 SBAlg;SBAlg;c:\windows\system32\drivers\SbAlg.sys [2008-8-13 44976]

R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2009-3-25 6496]

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-5-1 24064]

R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-3-11 71440]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-3-11 164112]

R1 RsvLock;RsvLock;c:\windows\system32\drivers\RsvLock.sys [2009-3-25 33328]

R1 SbFlop;SbFlop;c:\windows\system32\drivers\SbFlop.sys [2009-3-25 34480]

R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\SbPrcCtl.sys [2009-3-25 15248]

R2 acautoup;ActivClient Auto-Update Service;c:\program files\actividentity\activclient\acautoup.exe [2009-9-14 46120]

R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2009-9-14 198184]

R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2010-6-15 1498224]

R2 FIMPasswordReset;Forefront Identity Manager Password Reset Client Service;c:\program files\microsoft forefront identity manager\2010\password reset client service\PwdMgmtProxy.exe [2012-1-28 75608]

R2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2011-4-25 35696]

R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2009-12-16 222528]

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-1-6 22816]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2011-5-19 120128]

R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-1-6 147472]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-1-6 66896]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-9-14 69192]

R2 radsched;HPCA Scheduler Daemon;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radsched.exe [2010-4-21 190184]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-3-11 931640]

R2 SafeBootClientManager;SafeBoot Client Manager;c:\program files\mcafee\endpoint encryption for pc\SbClientManager.exe [2009-3-25 380988]

R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]

R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [2007-4-6 13619]

R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [2009-9-14 9493]

R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [2007-4-6 13647]

R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [2009-9-14 10161]

R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.382.0\SeaPort.EXE [2012-4-16 240208]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2010-5-24 193840]

R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2009-9-14 44680]

R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2009-9-14 107960]

R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2009-9-14 38680]

R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2009-9-14 35552]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-17 41216]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-4-25 32072]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-25 40776]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-14 91832]

R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-8 21520]

S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.382.0\BBSvc.EXE [2012-4-16 193616]

S2 radexecd;HPCA Notify Daemon;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radexecd.exe [2010-4-21 300776]

S2 Radstgms;HPCA MSI Redirector;c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\Radstgms.exe [2010-4-21 333544]

S3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [2007-12-11 27008]

S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2009-9-14 44680]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-14 43288]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-9-14 66600]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 RadiaMsi;RadiaMsi;c:\windows\system32\drivers\radiamsi.sys [2009-9-10 29072]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2009-9-14 14336]

S3 WISOVD;WISOVD;\??\c:\program files\winiso computing\winiso\bin\driver\wisovd_xp.sys --> c:\program files\winiso computing\winiso\bin\driver\WISOVD_xp.sys [?]

.

=============== Created Last 30 ================

.

2012-04-26 04:04:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-04-26 04:04:49 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-04-26 03:11:24 -------- d-----w- c:\program files\VS Revo Group

2012-04-26 02:00:34 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2012-04-26 00:26:14 40328 ----a-w- c:\windows\system32\HIPIS0e011b5.dll

2012-04-25 19:01:44 -------- d-----w- C:\REGISTRY BACKUP

2012-04-24 21:12:34 -------- d-----w- c:\documents and settings\greerste\application data\Malwarebytes

2012-04-24 21:11:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-04-24 21:11:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-24 21:11:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-24 20:56:39 389120 ----a-w- c:\windows\system32\explorer.exe

2012-04-24 18:47:58 -------- d-----w- c:\documents and settings\greerste\local settings\application data\{F7C06562-8E3D-11E1-826D-B8AC6F996F26}

2012-04-24 18:47:33 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-04-24 18:46:54 -------- d-----w- c:\documents and settings\all users\application data\F4D55F3B002F77DD0003FDA7D151FC4E

2012-04-23 14:42:33 8071760 ----a-w- c:\documents and settings\all users\application data\microsoft\bingbar\bbsvc\7.1.382.0oemBingBarSetup-Partner.EXE

2012-04-20 14:33:44 -------- d-----w- c:\documents and settings\greerste\application data\HpUpdate

2012-04-20 14:33:35 -------- d-----w- c:\windows\Hewlett-Packard

2012-04-13 08:24:22 -------- d-----w- c:\program files\FastStone Image Viewer

2012-04-13 07:17:11 -------- d-----w- c:\documents and settings\greerste\local settings\application data\photoOptimizeHistoryDataBase

2012-04-13 07:17:10 -------- d-----w- c:\documents and settings\greerste\local settings\application data\Ashampoo Photo Optimizer 3

2012-04-13 07:14:06 -------- d-----w- c:\documents and settings\all users\Documents

2012-04-13 07:13:55 -------- d-----w- c:\program files\Ashampoo

2012-04-13 07:08:01 -------- d-----w- c:\documents and settings\greerste\application data\XnView

2012-04-13 07:04:44 -------- d-----w- c:\program files\XnView

2012-04-13 07:03:19 -------- d-----w- c:\program files\IrfanView

2012-04-01 05:20:56 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-04-01 05:20:56 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2012-04-01 05:19:46 -------- d-----w- c:\program files\iPod

2012-04-01 05:19:42 -------- d-----w- c:\program files\iTunes

2012-04-01 05:19:42 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-04-01 05:18:37 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2012-04-13 03:47:32 143008 ----a-w- c:\windows\system32\KevlarSigs.dll

2012-03-11 18:48:50 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2012-03-09 17:09:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec

2012-02-14 17:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-29 02:01:10 29528 ----a-w- c:\windows\system32\MsPwdGina.dll

2012-01-29 02:01:10 26984 ----a-w- c:\windows\system32\MsPwdRegistration.exe

2012-01-29 02:01:09 1242464 ----a-w- c:\windows\system32\GateFramework.dll

.

============= FINISH: 23:22:04.42 ===============

Here's Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/24/2010 9:37:18 PM

System Uptime: 4/25/2012 7:23:01 PM (4 hours ago)

.

Motherboard: Hewlett-Packard | | 30DD

Processor: Intel® Core2 Duo CPU T9600 @ 2.80GHz | Intel® Genuine processor | 2793/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 30.908 GiB free.

D: is Removable

H: is FIXED (NTFS) - 932 GiB total, 792.708 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}

Description: Communications Port

Device ID: ACPI\PNP0501\5&2239DA31&0

Manufacturer: (Standard port types)

Name: Communications Port (COM1)

PNP Device ID: ACPI\PNP0501\5&2239DA31&0

Service: Serial

.

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}

Description: CD-ROM Drive

Device ID: IDE\CDROMHP_DVDRAM_GT30L_________________________MP04____\4&6FF1A8C&0&0.1.0

Manufacturer: (Standard CD-ROM drives)

Name: hp DVDRAM GT30L

PNP Device ID: IDE\CDROMHP_DVDRAM_GT30L_________________________MP04____\4&6FF1A8C&0&0.1.0

Service: cdrom

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

==== System Restore Points ===================

.

RP450: 3/7/2012 12:27:20 PM - System Checkpoint

RP451: 3/8/2012 2:31:14 PM - System Checkpoint

RP452: 3/8/2012 4:14:50 PM - Installed Windows Internet Explorer 8.

RP453: 3/8/2012 4:16:11 PM - Software Distribution Service 3.0

RP454: 3/9/2012 4:56:04 PM - System Checkpoint

RP455: 3/10/2012 7:52:49 PM - System Checkpoint

RP456: 3/11/2012 11:12:32 PM - Software Distribution Service 3.0

RP457: 3/12/2012 11:41:49 PM - System Checkpoint

RP458: 3/13/2012 9:07:26 AM - Installed Rapport

RP459: 3/14/2012 11:05:57 AM - System Checkpoint

RP460: 3/14/2012 5:44:52 PM - Software Distribution Service 3.0

RP461: 3/16/2012 1:21:50 PM - System Checkpoint

RP462: 3/19/2012 11:52:50 AM - System Checkpoint

RP463: 3/19/2012 4:52:13 PM - Installed Windows XP KB2621440.

RP464: 3/20/2012 5:12:38 PM - System Checkpoint

RP465: 3/21/2012 7:34:30 PM - System Checkpoint

RP466: 3/22/2012 10:55:10 AM - Installed SAP BusinessObjects Enterprise XI 3.1 Client Tools SP3

RP467: 3/23/2012 12:17:19 PM - System Checkpoint

RP468: 3/26/2012 1:01:26 PM - System Checkpoint

RP469: 3/27/2012 1:17:13 PM - System Checkpoint

RP470: 3/28/2012 2:45:31 PM - System Checkpoint

RP471: 3/29/2012 8:07:26 PM - System Checkpoint

RP472: 3/31/2012 2:28:52 PM - System Checkpoint

RP473: 4/1/2012 12:19:31 AM - Installed iTunes

RP474: 4/5/2012 2:10:20 AM - System Checkpoint

RP475: 4/11/2012 8:30:39 PM - System Checkpoint

RP476: 4/12/2012 8:36:08 PM - System Checkpoint

RP477: 4/15/2012 10:05:46 PM - System Checkpoint

RP478: 4/17/2012 1:09:40 PM - System Checkpoint

RP479: 4/17/2012 10:12:25 PM - Software Distribution Service 3.0

RP480: 4/18/2012 11:12:25 PM - System Checkpoint

RP481: 4/20/2012 3:31:40 PM - System Checkpoint

RP482: 4/23/2012 11:17:11 AM - System Checkpoint

RP483: 4/24/2012 3:47:06 PM - Installed Rapport

RP484: 4/25/2012 10:32:03 AM - Post 'Smart-Fortress 2012' malware removal

RP485: 4/25/2012 2:31:40 PM - Restore Operation

RP486: 4/25/2012 3:51:38 PM - Restore Operation

RP487: 4/25/2012 5:22:29 PM - Restore Operation

RP488: 4/25/2012 5:36:38 PM - Restore Operation

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

7-Zip 9.15 beta

AC3Filter 1.63b

Acrobat Professional

Acrobat.com

ActivClient

ActivIdentity Device Installer

Adobe Acrobat 9.2.0 - CPSID_50026

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Agere Systems HDA Modem

ALTools Update

Anti-Twin (Installation 10/5/2010)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ashampoo Photo Optimizer 3 v.3.13

Audacity 1.3.13 (Unicode)

AudioShell 1.3.5

Auslogics Disk Defrag

Avaya CMS Supervisor R15

Belarc Advisor 8.2

Bing Bar

Bonjour

BufferChm

C4400

C4400_Help

Cards_Calendar_OrderGift_DoMorePlugout

CCleaner

Cisco Systems VPN Client 4.8.01.0300

Copy

CustomerResearchQFolder

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DocProc

DocProcQFolder

DVD Shrink 3.2

ECL Viewer

eSupportQFolder

Everything 1.2.1.371

Exact Audio Copy 1.0beta3

Fast Duplicate File Finder 3.0.0.1

FastStone Image Viewer 4.6

FastStone Photo Resizer 3.1

ffdshow v1.1.3562 [2010-09-07]

FFmpeg v0.6.2 for Audacity

File Shredder 2.0

FileNet IDM Viewer 3.3

FLAC 1.2.1b (remove only)

foobar2000 v1.1.10

Forefront Identity Manager Add-ins and Extensions

FreeCommander 2009.02a

Get IT Icon

GetDiz

GPBaseService

GroupWise

GroupWise Desktop Migrator

GUIPDFTK

Hawking Technologies HWUG1 Wireless-G USB Adapter

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB944043-v3)

Hotfix for Windows XP (KB949764)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB953955)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB955567)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB961853-v2)

Hotfix for Windows XP (KB969262)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB971421)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP 3D DriveGuard

HP Client Automation Application Manager Agent

HP Client Management Interface 1.00 D8

HP Customer Participation Program 10.0

HP Fonts

HP Imaging Device Functions 10.0

HP Integrated Module with Bluetooth wireless technology

HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3

HP Photosmart Essential 2.5

HP Quick Launch Buttons 6.40 D3

HP Smart Web Printing

HP Solution Center 10.0

HP Update

HP Virtual Rooms 8.0

HP Wireless Assistant

HPPhotoSmartPhotobookWebPack1

HPProductAssistant

HPSSupply

ID3-TagIT 3

ImgBurn

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

Internet Explorer Self Help Tool

InterVideo DVD Check

InterVideo Register Manager

InterVideo WinDVD

IrfanView (remove only)

ISO Workshop 2.0

iTunes

Japanese Fonts Support For Adobe Reader 9

JDownloader 0.9

Kat CD Ripper

Korean Fonts Support For Adobe Reader 9

LADSPA_plugins-win-0.4.15

Lexmark Printer Software Uninstall

LightScribe System Software 1.12.37.1

Malwarebytes Anti-Malware version 1.61.0.1400

MarketResearch

McAfee Agent

McAfee AntiSpyware Enterprise Module

McAfee Host Intrusion Prevention

McAfee SiteAdvisor Enterprise Plus

McAfee VirusScan Enterprise

MediaMonkey 4.0

Medieval CUE Splitter

Messaging API and Collaboration Data Objects 1.2.1

Microsoft .NET Framework (English)

Microsoft .NET Framework (English) v1.0.3705

Microsoft .NET Framework 1.0 Hotfix (KB928367)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote 2003

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Edition 2003

Microsoft Office Professional Plus 2007

Microsoft Office Professional Plus 2010

Microsoft Office Project 2007 Service Pack 3 (SP3)

Microsoft Office Project MUI (English) 2007

Microsoft Office Project Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Visio 2007 Service Pack 3 (SP3)

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2003

Microsoft Office Visio Professional 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (English) 2010

Microsoft redistributable runtime DLLs VS2008 SP1(x86)

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft Software Update for Web Folders (English) 14

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC90 CRT + OMP

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Runtime

Microsoft WSE 3.0 Runtime

Monkey's Audio

Mozilla Firefox 11.0 (x86 en-US)

Mp3tag v2.49

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6.0 Parser

MSXML4.0 redistributable

MWSnap 3

NirSoft SysExporter

Notepad++

OCR Software by I.R.I.S. 10.0

Office Communicator 2007 R2

PanoStandAlone

Password Safe

PC COE

PC COE Required Settings

PC Hard Drive Maintenance

PDFCreator

PIXresizer 2.0.4

PS_AIO_03_C4400_ProductContext

PS_AIO_03_C4400_Software

PS_AIO_03_C4400_Software_Min

PSSWCORE

PuTTY version 0.60

QuickTime

Rapport

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Remote Access to HP Network 6.2

Revo Uninstaller 1.93

Revo Uninstaller Pro 2.5.8

Roxio Activation Module

Roxio Creator Audio

Roxio Creator Business

Roxio Creator Business v10

Roxio Creator Copy

Roxio Creator Data

Roxio Creator Tools

Roxio Express Labeler 3

SAP Business Explorer

SAP BusinessObjects Enterprise XI 3.1 Client Tools SP3

SAP GUI for Windows 7.20

SAP JNet

SAP Netweaver Business Client

SapInstSelectorv2

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB2647516)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Shop for HP Supplies

SmartWebPrintingOC

Snagit 10

SolutionCenter

StartNow Toolbar

Status

Sun JRE 1.6.0

Synaptics Pointing Device Driver

Toolbox

Trader's Little Helper 2.6.0

TrayApp

UnloadSupport

Unlocker 1.9.0

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2641690)

Update for Windows XP (KB898461)

Update for Windows XP (KB943729)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB978207)

Update for Windows XP (KB980182)

vcredist_x86

VideoToolkit01

VirtualDJ Home FREE

VLC media player 1.1.11

WebFldrs XP

WebReg

Winamp

Winamp Detector Plug-in

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Enterprise Deployment

Windows Search 4.0

WMP Tag Plus 1.2

Xcelsius 2008

Xiph.Org Open Codecs 0.84.17359

XnView 1.98.8

XnView Shell Extension 3.2.0

XP Netlogon Service Restarter

xplorer² lite 32 bit

.

==== Event Viewer Messages From Past Week ========

.

4/25/2012 5:06:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/25/2012 5:06:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BANTExt Cdrom Fips Imapi intelppm IPSec mfehidk RapportKELL redbook RsvLock SbPrcCtl Tcpip

4/25/2012 5:00:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt Cdrom Fips FireTDI Imapi intelppm IPSec mfehidk mfetdik MRxSmb NetBIOS NetBT RapportKELL RasAcd Rdbss redbook RsvLock SbPrcCtl Tcpip

4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

4/25/2012 5:00:58 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

4/24/2012 4:51:45 PM, error: Service Control Manager [7001] - The TCP/IP Protocol Driver service depends on the IPSEC driver service which failed to start because of the following error: The specified driver is invalid.

4/24/2012 4:51:45 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service or group failed to start.

4/24/2012 4:51:45 PM, error: Service Control Manager [7000] - The IPSEC driver service failed to start due to the following error: The specified driver is invalid.

4/24/2012 4:51:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi IPSec redbook Tcpip

4/24/2012 4:50:37 PM, error: System Error [1003] - Error code 1000000a, parameter1 000000b0, parameter2 00000002, parameter3 00000000, parameter4 804ef42a.

4/24/2012 4:48:42 PM, error: Service Control Manager [7024] - The HPCA MSI Redirector service terminated with service-specific error 0 (0x0).

4/24/2012 4:48:42 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.

4/24/2012 4:48:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Intel® Matrix Storage Event Monitor service to connect.

4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/24/2012 4:48:42 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/24/2012 4:48:42 PM, error: Service Control Manager [7000] - The Intel® Matrix Storage Event Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/24/2012 4:48:41 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/24/2012 4:44:30 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.

4/24/2012 4:07:34 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/24/2012 4:07:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

4/24/2012 3:46:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi redbook

4/24/2012 1:52:59 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:51:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

4/24/2012 1:51:30 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/24/2012 1:51:00 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Enterprise Service service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:56 PM, error: Service Control Manager [7000] - The Forefront Identity Manager Password Reset Client Service service failed to start due to the following error: Access is denied.

4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The HPCA Scheduler Daemon service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The HPCA MSI Redirector service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The Com4QLBEx service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The BingBar Service service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:31 PM, error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:31 PM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The SafeBoot Client Manager service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The OracleMTSRecoveryService service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The McAfee Task Manager service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The McAfee Engine Service service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Indexing Service service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The HPCA Notify Daemon service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The ActivClient Middleware Service service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:30 PM, error: Service Control Manager [7034] - The ActivClient Auto-Update Service service terminated unexpectedly. It has done this 1 time(s).

4/24/2012 1:50:30 PM, error: Service Control Manager [7031] - The Forefront Identity Manager Password Reset Client Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

4/24/2012 1:50:30 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/24/2012 1:48:26 PM, error: Service Control Manager [7023] - The SISNICXP service terminated with the following error: The specified module could not be found.

4/23/2012 9:14:49 AM, error: Dhcp [1002] - The IP address lease 10.1.10.33 for the Network Card with network address D8D3852B4014 has been denied by the DHCP server 10.170.0.2 (The DHCP Server sent a DHCPNACK message).

4/21/2012 11:25:19 AM, error: Dhcp [1002] - The IP address lease 10.171.124.72 for the Network Card with network address D8D3852B4014 has been denied by the DHCP server 10.1.10.1 (The DHCP Server sent a DHCPNACK message).

4/21/2012 10:52:02 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.

4/20/2012 10:23:09 AM, error: NETLOGON [5783] - The session setup to the Windows NT or Windows 2000 Domain Controller \\g4w0040.americas.hpqcorp.net for the domain AMERICAS is not responsive. The current RPC call from Netlogon on \\SGREER1 to \\g4w0040.americas.hpqcorp.net has been cancelled.

4/19/2012 9:35:00 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'BootCode.ini' on the volume 'Disk0'. It has stopped monitoring the volume.

4/19/2012 9:29:25 AM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/19/2012 9:11:54 AM, error: Dhcp [1002] - The IP address lease 192.168.1.6 for the Network Card with network address D8D3852B4014 has been denied by the DHCP server 10.170.0.2 (The DHCP Server sent a DHCPNACK message).

4/18/2012 10:10:31 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.

4/18/2012 10:10:31 AM, error: NETLOGON [5719] - No Domain Controller is available for domain AMERICAS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

4/18/2012 10:09:12 AM, error: Service Control Manager [7001] - The Windows Search service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

==== End Of File ===========================

Elise · April 26, 2012

Hello and :welcome:

Please do not put your logs in code tags, that makes it extremely hard for me to read them. Just copy paste them as normal text, thank you!

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
[*]Press "Scan".
[*]It will create a log (FSS.txt) in the same directory the tool is run.
[*]Please copy and paste the log to your reply.

TenYearsGone · April 26, 2012

Thank you very much.

Sorry, I didn't realize there were code tags in my logs. I assume I can use the "toggle edit mode" to not use tags? Or just copy and paste without making any changes. I did change the font of the text files, maybe that's what did it.

I ran Fabar Service Scanner as instructed.

Here are the results from the FSS.txt file:

Farbar Service Scanner Version: 24-04-2012

Ran by greerste (administrator) on 26-04-2012 at 11:00:09

Running from "D:\#MALWAREBYTES forum\Fabar Service Scanner"

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is OK.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:

The start type of Tcpip service is OK.

The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:

The start type of IpSec service is OK.

The ImagePath of IpSec service is OK.

Connection Status:

==============

Localhost is blocked.

There is no connection to network.

Attempt to access Google IP returned error: Other errors

Attempt to access Yahoo IP returned error: Other errors

Windows Firewall:

=============

sharedaccess Service is not running. Checking service configuration:

The start type of sharedaccess service is OK.

The ImagePath of sharedaccess service is OK.

The ServiceDll of sharedaccess service is OK.

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall"=DWORD:0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.

Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys

[2009-09-14 14:11] - [2008-04-14 07:00] - 0075264 ____A () 57D6250C34C1255FAFCBC89F9612F3E7

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll

[2009-09-14 14:11] - [2009-02-09 05:56] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINDOWS\system32\services.exe

[2009-09-14 14:11] - [2009-02-06 06:06] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6

Extra List:

=======

AegisP(12) DNE(10) FireTDI(8) Gpc(6) IPSec(4) mfetdik(8) NetBT(5) PSched(7) Tcpip(3)

0x0C0000000400000001000000020000000300000008000000050000000600000007000000090000000A0000000B0000000C000000

IpSec Tag value is correct.

**** End of log ****

Elise · April 26, 2012

Lets attempt to restore internet access and repair associated services.

BACKUP THE REGISTRY

---------------------------

Backup Your Registry with ERUNT

Please download Erunt
Run the setup program to install ERUNT on your computer

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Please click Start > Run, type regedit and press enter.

In the left panel expand HKEY_LOCAL_MACHINE > System > CurrentControlSet > Enum > Root

Right click Root and select Permissions...

Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.

Click Apply and OK.

On your working computer, download the following files and save them to your USB drive.

http://download.bleepingcomputer.com/win-services/xp/LEGACY_WSCSVC.reg

http://download.bleepingcomputer.com/win-services/xp/wscsvc.reg

Plug your USB drive into your infected computer, and double click on LEGACY_wscsvc.reg and wscsvc.reg Click Yes when prompted.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Are you able to get on the Internet now?

TenYearsGone · April 26, 2012

Thank you.

Before I continue I want to mention three other items I forgot to mention before which may help, or not:

When booting up, after the initial Smart Fortress 2012 infection/removal (before posting on this forum), I got and still get two alerts during the boot-up process:

1. radexecd "radexecd has encountered a problem and needs to close. We are sorry for the inconvenience."

2. radstgms "radstgms has encountered a problem and needs to close. We are sorry for the inconvenience."

(these two alerts just have a "Close" button)

3. I can't change the desktop wallpaper.

Onward...

I've followed your instructions up to "Double click on Combofix.exe and follow the prompts."

I see two potential issues that may interfere with the proper running of ComboFix.

1. ComboFix tried to install Microsoft Windows Recovery Console and this requires an internet connection, which I don't have yet. ComboFix continued running after it couldn't access the internet to install Microsoft Windows Recovery Console.

Please note: When booting up, I do see the option for MicroSoft Recovery Console Mode, and I'm able to open Restore, see restore points, and attempt to restore, although the restore does not complete, I just get a "no changes made" type of message.

2. McAffee VirusShield Enterprise is on this computer and I don't know if I have ability to turn it off. It was pre-installed. I seem to be having trouble turning it off. I thought I had figured out how to shut it off, but while ComboFix was running, one McAffee alert popped up thinking it had a virus and deleted something that ComboFix was doing. I didn't note the file or name, but I'm thinking it may have been "NIRKMD" because later in the ComboFix AutoScan process, the message "Windows cannot find 'NIRKMD' " appeared repeatedly.

ComboFix did continue to run.

(From this point, I'm kind of logging this as it happens, to a degree...)

ComboFix then told me it detected a rootkit and just now rebooted. I'll see what the log says and see if I'm "fixed".

Rebooted and ComboFix is still running.

And now this one popped up when ComboFix was running, before it rebooted, and now during bootup:

NIRKMD "Windows cannot find 'NIRKMD'. Make sure you typed the name correctly and then try again. To search for a file, click the Start button, and then click search." (only includes an "Ok" button)

After reboot, the ComboFix command window says:

"Please wait.

ComboFix is preparing to run."

When I clicked "Ok" on the NIRKMD alert box, the ComboFix command/AutoScan window then says:

"The system cannot find the file NIRKMD."

...and the NIRKMD alert box pops up again..

This time after clicking "Ok", ComboFix moved on to "Scanning for infected files . . ."

NOW another McAfee "On-Access Scan Messages" alert pops up after ComboFix's status says "Completed Stage_2".

The McAffe On-Access Scan info:

Message: Virusscan Alert! Your PC has been infected by malware or an unwanted program.

Name: Av-test.txt

Detected As: eicar TEST FILE

State: No Action Taken (Clean failed because the detection isn't cleanable)

I "close window" and continue.

I again get the "Windows cannot find 'NIRKMD' message"

Clicked Ok

ComboFix AutoScan continues...

I again get the "Windows cannot find 'NIRKMD' message"

Clicked Ok

ComboFix AutoScan continues and says "Completed Stage_3"

ComboFix AutoScan continues...

I again get the "Windows cannot find 'NIRKMD' message"

Clicked Ok

ComboFix AutoScan continues and says "Completed Stage_4"

ComboFix AutoScan continues...

I again get the "Windows cannot find 'NIRKMD' message"

Clicked Ok

ComboFix AutoScan continues and says "Completed Stage_5"

ComboFix AutoScan continues...

.

And on and on through “Completed Stage 50”.

Then “Deleting Files”

Then “Deleting Folders”

Rebooted again

ComboFix “command” window opens after logging in to computer, message = “Please wait.”

Preparing Log Report.

DONE.

I fear that the missing NIRKMD file is the one that McAfee deleted and may have caused ComboFix to not be able to work properly.

Even though I’m pretty much locked out of disabling McAfee, I’ll see if I can figure out how to stop it.

Sorry, but I still have no network/internet connectivity.

I am now able to change the desktop wallpaper, at least!

My ComboFix.txt log is listed below:

ComboFix 12-04-26.01 - greerste 04/26/2012 16:58:55.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2972.2237 [GMT -5:00]

Running from: d:\#malwarebytes forum\COMBOFIX\ComboFix.exe

AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

FW: McAfee Host Intrusion Prevention Firewall *Enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf

c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\searchplugins\bing-zugo.xml

c:\documents and settings\greerste\Local Settings\Application Data\assembly\tmp

c:\documents and settings\greerste\WINDOWS

c:\documents and settings\hpadmin\WINDOWS

c:\program files\StartNow Toolbar

c:\program files\StartNow Toolbar\ReactivateFF.exe

c:\program files\StartNow Toolbar\ReactivateIE.exe

c:\program files\StartNow Toolbar\Resources\images\engine_images.png

c:\program files\StartNow Toolbar\Resources\images\engine_maps.png

c:\program files\StartNow Toolbar\Resources\images\engine_news.png

c:\program files\StartNow Toolbar\Resources\images\engine_videos.png

c:\program files\StartNow Toolbar\Resources\images\engine_web.png

c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png

c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png

c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png

c:\program files\StartNow Toolbar\Resources\images\icon_games.png

c:\program files\StartNow Toolbar\Resources\images\icon_msn.png

c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png

c:\program files\StartNow Toolbar\Resources\images\icon_travel.png

c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png

c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png

c:\program files\StartNow Toolbar\Resources\installer.xml

c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png

c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png

c:\program files\StartNow Toolbar\Resources\skin\separator.png

c:\program files\StartNow Toolbar\Resources\skin\splitter.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png

c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png

c:\program files\StartNow Toolbar\Resources\toolbar.xml

c:\program files\StartNow Toolbar\Resources\update.xml

c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe

c:\program files\StartNow Toolbar\Toolbar32.dll

c:\program files\StartNow Toolbar\ToolbarBroker.exe

c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe

c:\program files\StartNow Toolbar\uninstall.dat

c:\windows\$NtUninstallKB52443$

c:\windows\$NtUninstallKB52443$\2895838983

c:\windows\$NtUninstallKB52443$\4053220684\@

c:\windows\$NtUninstallKB52443$\4053220684\cfg.ini

c:\windows\$NtUninstallKB52443$\4053220684\Desktop.ini

c:\windows\$NtUninstallKB52443$\4053220684\L\fzxzawnf

c:\windows\neoqaz2.dll

c:\windows\SafeBoot.scr

c:\windows\system32\dds_trash_log.cmd

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\explorer.exe

c:\windows\system32\urttemp

c:\windows\system32\urttemp\fusion.dll

c:\windows\system32\urttemp\mscoree.dll

c:\windows\system32\urttemp\mscoree.dll.local

c:\windows\system32\urttemp\mscorsn.dll

c:\windows\system32\urttemp\mscorwks.dll

c:\windows\system32\urttemp\msvcr71.dll

c:\windows\system32\urttemp\regtlib.exe

H:\autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_Updater_Service_for_StartNow_Toolbar

-------\Service_Updater Service for StartNow Toolbar

.

((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))

.

2012-04-26 21:46 . 2010-06-15 16:57 40328 ----a-w- c:\windows\system32\HIPIS0e011b5.dll

2012-04-26 21:15 . 2012-04-26 21:15 -------- d-----w- c:\program files\ERUNT

2012-04-26 04:04 . 2012-04-26 04:04 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-04-26 03:11 . 2012-04-26 03:44 -------- d-----w- c:\program files\VS Revo Group

2012-04-26 02:00 . 2012-04-26 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-04-25 19:01 . 2012-04-25 19:01 -------- d-----w- C:\REGISTRY BACKUP

2012-04-24 21:12 . 2012-04-24 21:12 -------- d-----w- c:\documents and settings\greerste\Application Data\Malwarebytes

2012-04-24 21:11 . 2012-04-24 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-04-24 21:11 . 2012-04-26 05:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-24 21:11 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-24 18:47 . 2012-04-24 18:48 -------- d-----w- c:\documents and settings\greerste\Local Settings\Application Data\{F7C06562-8E3D-11E1-826D-B8AC6F996F26}

2012-04-24 18:46 . 2012-04-26 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55F3B002F77DD0003FDA7D151FC4E

2012-04-23 14:42 . 2012-04-23 14:42 8071760 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\BingBar\BBSvc\7.1.382.0oemBingBarSetup-Partner.EXE

2012-04-20 14:33 . 2012-04-20 14:35 -------- d-----w- c:\documents and settings\greerste\Application Data\HpUpdate

2012-04-20 14:33 . 2012-04-20 14:33 -------- d-----w- c:\windows\Hewlett-Packard

2012-04-13 08:24 . 2012-04-13 08:24 -------- d-----w- c:\program files\FastStone Image Viewer

2012-04-13 07:17 . 2012-04-13 07:23 -------- d-----w- c:\documents and settings\greerste\Local Settings\Application Data\photoOptimizeHistoryDataBase

2012-04-13 07:17 . 2012-04-13 08:39 -------- d-----w- c:\documents and settings\greerste\Local Settings\Application Data\Ashampoo Photo Optimizer 3

2012-04-13 07:14 . 2012-04-26 04:19 -------- d-----w- c:\documents and settings\All Users\Documents

2012-04-13 07:13 . 2012-04-13 07:13 -------- d-----w- c:\program files\Ashampoo

2012-04-13 07:08 . 2012-04-13 07:09 -------- d-----w- c:\documents and settings\greerste\Application Data\XnView

2012-04-13 07:04 . 2012-04-13 07:05 -------- d-----w- c:\program files\XnView

2012-04-13 07:03 . 2012-04-13 07:03 -------- d-----w- c:\program files\IrfanView

2012-04-09 18:31 . 2012-04-09 18:31 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2012-04-01 05:20 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-04-01 05:20 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2012-04-01 05:19 . 2012-04-01 05:19 -------- d-----w- c:\program files\iPod

2012-04-01 05:19 . 2012-04-01 05:20 -------- d-----w- c:\program files\iTunes

2012-04-01 05:19 . 2012-04-01 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-04-01 05:19 . 2012-04-01 05:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2012-04-01 05:18 . 2012-04-01 05:18 -------- d-----w- c:\program files\Bonjour

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-13 03:47 . 2009-09-14 10:07 143008 ----a-w- c:\windows\system32\KevlarSigs.dll

2012-03-11 18:48 . 2012-03-11 18:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2012-03-09 17:09 . 2011-09-23 14:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-01 11:01 . 2009-09-14 19:11 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2009-09-14 19:11 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2009-09-14 19:11 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2009-09-14 19:11 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2009-09-14 19:11 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2009-09-14 19:11 385024 ------w- c:\windows\system32\html.iec

2012-02-16 16:21 . 2012-02-16 16:21 40960 ----a-r- c:\documents and settings\greerste\Application Data\Microsoft\Installer\{12B47979-BB54-42C2-A3A4-FEA07BCF71F9}\NewShortcut4_12B47979BB5442C2A3A4FEA07BCF71F9.exe

2012-02-16 16:21 . 2012-02-16 16:21 40960 ----a-r- c:\documents and settings\greerste\Application Data\Microsoft\Installer\{12B47979-BB54-42C2-A3A4-FEA07BCF71F9}\NewShortcut2_12B47979BB5442C2A3A4FEA07BCF71F9.exe

2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-02-03 09:22 . 2009-09-14 19:11 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-29 02:01 . 2012-01-29 02:01 29528 ----a-w- c:\windows\system32\MsPwdGina.dll

2012-01-29 02:01 . 2012-01-29 02:01 26984 ----a-w- c:\windows\system32\MsPwdRegistration.exe

2012-01-29 02:01 . 2012-01-29 02:01 1242464 ----a-w- c:\windows\system32\GateFramework.dll

2012-03-26 15:01 . 2011-10-13 20:40 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys

[-] 2008-04-14 12:00 . 57D6250C34C1255FAFCBC89F9612F3E7 . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys

.

[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys

[-] 2008-04-14 12:00 . 57D6250C34C1255FAFCBC89F9612F3E7 . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"COEMsgDisplay"="c:\program files\Hewlett-Packard\PC COE\COEMsgDisplay.exe" [2007-04-11 26624]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-01-07 124240]

"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2010-06-15 979104]

"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-09-14 297000]

"IDA"="c:\program files\Hewlett-Packard\PC COE\IDA.EXE" [2011-04-02 176128]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-31 177456]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]

"SafeBootTrayManager"="c:\program files\SafeBoot Tray Manager\SbTrayManager.exe" [2008-11-04 69632]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]

"PasswordRegistration"="c:\windows\system32\MsPwdRegistration.exe" [2012-01-29 26984]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]

"HPRAService"="c:\program files\RA2HP\HPRAService.exe" [2010-04-01 135168]

"eepc_SmartClient"="c:\program files\SmartClient\Smart.exe" [2011-12-07 183296]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-19 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-19 170008]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-19 145432]

"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-05-19 161088]

"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2012-01-11 5153056]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

"GetITIcon"="c:\program files\Hewlett-Packard\GetITIcon\GetITShell.exe" [2011-08-30 861696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"XPOff2003Excempt"="c:\program files\Hewlett-Packard\AST\XPOff2003Excempt.exe" [2012-04-10 143360]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

create_shortcut.lnk - c:\documents and settings\greerste\create_shortcut.vbs [N/A]

.

c:\documents and settings\greerste\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-9-14 128552]

DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2010-5-24 197904]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

VPN Client.lnk - c:\windows\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2010-6-7 6144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"HideFastUserSwitching"= 1 (0x1)

"DisableNT4Policy"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoMSAppLogo5ChannelNotify"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]

2009-09-14 11:04 109568 ----a-w- c:\windows\system32\ackpbsc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]

2009-09-14 11:04 286720 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ SbNp scecli

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hawking Wireless Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Hawking Wireless Utility.lnk

backup=c:\windows\pss\Hawking Wireless Utility.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^greerste^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]

path=c:\documents and settings\greerste\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk

backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^greerste^Start Menu^Programs^Startup^Password Safe.lnk]

path=c:\documents and settings\greerste\Start Menu\Programs\Startup\Password Safe.lnk

backup=c:\windows\pss\Password Safe.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Communicator]

2012-01-11 22:11 5153056 ----a-w- c:\program files\Microsoft Office Communicator\communicator.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2008-03-17 22:59 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-03-23 07:35 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]

2008-04-21 16:21 197904 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Novell\\GroupWise\\grpwise.exe"=

"c:\\Novell\\GroupWise\\notify.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [3/11/2012 1:48 PM 56208]

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [3/25/2009 1:24 PM 103760]

R0 SBAlg;SBAlg;c:\windows\system32\drivers\SbAlg.sys [8/13/2008 8:51 AM 44976]

R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [3/25/2009 1:25 PM 6496]

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [5/1/2008 5:23 AM 24064]

R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [12/15/2011 11:53 AM 228208]

R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [3/11/2012 1:48 PM 71440]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [3/11/2012 1:48 PM 164112]

R1 RsvLock;RsvLock;c:\windows\system32\drivers\RsvLock.sys [3/25/2009 1:25 PM 33328]

R1 SbFlop;SbFlop;c:\windows\system32\drivers\SbFlop.sys [3/25/2009 1:24 PM 34480]

R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\SbPrcCtl.sys [3/25/2009 1:25 PM 15248]

R2 acautoup;ActivClient Auto-Update Service;c:\program files\ActivIdentity\ActivClient\acautoup.exe [9/14/2009 6:05 AM 46120]

R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [9/14/2009 6:04 AM 198184]

R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.382.0\BBSvc.EXE [4/16/2012 5:49 PM 193616]

R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [6/15/2010 11:57 AM 1498224]

R2 FIMPasswordReset;Forefront Identity Manager Password Reset Client Service;c:\program files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [1/28/2012 9:01 PM 75608]

R2 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [4/25/2011 2:13 PM 35696]

R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [12/16/2009 9:31 PM 222528]

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [1/6/2010 8:07 PM 22816]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [9/14/2009 5:04 AM 69192]

R2 radsched;HPCA Scheduler Daemon;c:\progra~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe [4/21/2010 4:16 AM 190184]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [3/11/2012 1:48 PM 931640]

R2 SafeBootClientManager;SafeBoot Client Manager;c:\program files\McAfee\Endpoint Encryption for PC\SbClientManager.exe [3/25/2009 1:26 PM 380988]

R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [4/6/2007 4:46 AM 13619]

R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [9/14/2009 6:03 AM 9493]

R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [4/6/2007 4:46 AM 13647]

R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [9/14/2009 6:03 AM 10161]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [5/24/2010 9:41 PM 193840]

R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [9/14/2009 5:06 AM 44680]

R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [9/14/2009 5:06 AM 107960]

R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [9/14/2009 5:06 AM 38680]

R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [9/14/2009 5:06 AM 35552]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/17/2007 4:33 AM 41216]

R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [8/8/2011 1:35 PM 21520]

S2 radexecd;HPCA Notify Daemon;c:\progra~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe [4/21/2010 4:13 AM 300776]

S2 Radstgms;HPCA MSI Redirector;c:\progra~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe [4/21/2010 4:17 AM 333544]

S3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [12/11/2007 12:09 PM 27008]

S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.382.0\SeaPort.EXE [4/16/2012 5:49 PM 240208]

S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [9/14/2009 5:06 AM 44680]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 1:25 AM 25112]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/25/2012 11:04 PM 32072]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [9/14/2009 5:04 AM 66600]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Office14\GROOVE.EXE [6/12/2011 12:15 PM 31125880]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]

S3 RadiaMsi;RadiaMsi;c:\windows\system32\drivers\radiamsi.sys [9/10/2009 11:20 PM 29072]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [9/14/2009 2:11 PM 14336]

S3 WISOVD;WISOVD;\??\c:\program files\WinISO Computing\WinISO\bin\driver\WISOVD_xp.sys --> c:\program files\WinISO Computing\WinISO\bin\driver\WISOVD_xp.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - RAPPORTIASO

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

WINRM REG_MULTI_SZ WINRM

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

vpnva

mssqlserver

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-03-17 22:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{922E8525-AC7E-4294-ACAA-43712D4423C0}]

2007-04-06 18:36 188416 ----a-w- c:\program files\Common Files\Hewlett-Packard\ActSet\HpActSet.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9AC2D554-AC12-4F1F-AAB9-E6363ADE5381}]

2007-04-06 18:36 188416 ----a-w- c:\program files\Common Files\Hewlett-Packard\ActSet\HpActSet.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AC194855-F7AC-4D04-B4C9-07BA46FCB697}]

2007-04-06 18:36 188416 ----a-w- c:\program files\Common Files\Hewlett-Packard\ActSet\HpActSet.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-16 c:\windows\Tasks\Defrag-Scheduled-Weekly.job

- c:\program files\Hewlett-Packard\PC Hard Drive Maintenance\PCHardDriveMaintenance.exe [2010-05-14 16:08]

.

2012-04-26 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job

- c:\progra~1\HEWLET~1\PCCOE~1\Aimsi.dll [2006-07-20 19:23]

.

2012-04-26 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job

- c:\progra~1\HEWLET~1\PCCOE~1\Aimsi.dll [2006-07-20 19:23]

.

2012-04-26 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job

- c:\progra~1\HEWLET~1\PCCOE~1\clinvsi.dll [2008-09-07 19:08]

.

2012-04-26 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job

- c:\program files\Hewlett-Packard\PC COE\coetl32.exe [2007-06-24 10:27]

.

2012-04-26 c:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job

- c:\progra~1\HEWLET~1\PCCOE~1\critupsi.dll [1998-10-21 17:29]

.

2012-04-26 c:\windows\Tasks\Maint.job

- c:\program files\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28 19:35]

.

2012-04-26 c:\windows\Tasks\NetLogonRestarter-Scheduled.job

- c:\program files\Hewlett-Packard\NetLogon Restarter\NetLogonRestarter.exe [2010-09-16 22:16]

.

2012-04-26 c:\windows\Tasks\pcpm-collector.job

- c:\program files\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28 19:35]

.

2012-04-26 c:\windows\Tasks\pcpm-consolidator.job

- c:\program files\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28 19:35]

.

2012-04-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-1383384898-515967899-1700543.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]

.

2012-04-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-1383384898-515967899-1700543.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 19:25]

.

2012-04-26 c:\windows\Tasks\sc-healthcheck.job

- c:\program files\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28 19:35]

.

2012-04-26 c:\windows\Tasks\Smart Client.job

- c:\program files\SmartClient\Smart.exe [2011-08-19 22:17]

.

2012-04-26 c:\windows\Tasks\User_Feed_Synchronization-{8E0A53B3-F4FD-4138-9073-33E84B7A9544}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 10:31]

.

2012-04-24 c:\windows\Tasks\XPOff2003Excempt.job

- c:\program files\Hewlett-Packard\AST\XPOff2003Excempt.exe [2012-04-10 19:46]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://pwb.tenncare.nash.tenn/tennessee/

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}

IE: {{E270AB82-96D5-45DB-ABE3-0BC038B92334} - c:\program files\Hewlett-Packard\IEToolBar\HP IE Fix.exe

Trusted Zone: compaq.com

Trusted Zone: compaq.com.ar

Trusted Zone: compaq.com.br

Trusted Zone: compaq.com.co

Trusted Zone: compaq.com.mx

Trusted Zone: compaq.com.sg

Trusted Zone: compaq.com.ve

Trusted Zone: cpqcorp.net

Trusted Zone: dcu.org

Trusted Zone: eds.com

Trusted Zone: hp.com

Trusted Zone: hpqcorp.net

TCP: DhcpNameServer = 10.170.0.2 10.170.1.2

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {D5B680E5-9C5F-45E0-A97C-521D4F281173} - hxxp://msps.tenncare.nash.tenn/PWA/_layouts/pwa/objects/1033/pjcintl.cab

DPF: {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} - hxxp://msps.tenncare.nash.tenn/PWA/_layouts/pwa/objects/pjclient.cab

DPF: {FCADE536-93F5-4577-80A3-E7C32FAC4C7D} - hxxp://10.172.117.45/qcbin/Spider10.cab

FF - ProfilePath - c:\documents and settings\greerste\Application Data\Mozilla\Firefox\Profiles\5os093az.default\

FF - prefs.js: browser.search.defaulturl - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=MOZO

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?form=MOZPLB&pc=MOZO&q=

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

HKLM-Run-GetIT - c:\program files\Hewlett-Packard\GetIT\GetIT.exe

HKLM_ActiveSetup-{E5BA0430-919F-46DD-B656-0796F8A5ADFF} - msiexec

AddRemove-Adobe AIR - c:\program files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe

AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-26 17:50

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1612)

c:\program files\McAfee\Endpoint Encryption for PC\SBGINA.DLL

c:\program files\McAfee\Endpoint Encryption for PC\SbGinaLib.dll

c:\program files\McAfee\Endpoint Encryption for PC\SbUserObj.dll

c:\program files\McAfee\Endpoint Encryption for PC\sbdbmgr.dll

c:\program files\McAfee\Endpoint Encryption for PC\SbComms.dll

c:\windows\system32\mspwdgina.dll

c:\program files\McAfee\Endpoint Encryption for PC\SBUILIB.DLL

c:\windows\system32\ackpbsc.dll

c:\windows\system32\aclog.dll

c:\windows\system32\accrypto.dll

c:\windows\system32\ACLIBEAY.dll

c:\windows\system32\acevtsub.dll

c:\windows\system32\asphat32.dll

c:\windows\system32\acerrmes.dll

c:\windows\system32\aspcom.dll

c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll

c:\windows\system32\msi.dll

c:\program files\McAfee\Endpoint Encryption for PC\SbAlgs\SBALG.DLL

c:\program files\ActivIdentity\ActivClient\acunlock.dll

c:\windows\system32\aipingui.dll

c:\windows\system32\aicext.dll

c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll

c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll

.

- - - - - - - > 'lsass.exe'(1668)

c:\windows\system32\SbNp.dll

.

- - - - - - - > 'explorer.exe'(4592)

c:\windows\system32\WININET.dll

c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\program files\Windows Media Player\wmpband.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll

c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll

c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\ActivIdentity\ActivClient\acevents.exe

c:\windows\System32\SCardSvr.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\oracle\ora92\bin\omtsreco.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\progra~1\HEWLET~1\PCCOE3~1\OVCMS~1\radalert.exe

c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe

c:\program files\McAfee\VirusScan Enterprise\mfeann.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\McAfee\Common Framework\McTray.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\ActivIdentity\ActivClient\acevents.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files\zabkat\xplorer2_lite\xplorer2_lite.exe

.

**************************************************************************

.

Completion time: 2012-04-26 17:57:31 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-26 22:57

.

Pre-Run: 32,864,514,048 bytes free

Post-Run: 35,791,446,016 bytes free

.

- - End Of File - - DCA03B267BAAFA7790053CE99192A429

Elise · April 27, 2012

Hi again, please let me know how things are running after the following fix.

CF-SCRIPT

-------------

We need to execute a CF-script.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


FCopy::
c:\windows\system32\dllcache\ipsec.sys | c:\windows\system32\drivers\ipsec.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

TenYearsGone · April 27, 2012

I will try it. What are the effects on trying to use ComboFix if I can't shut off my McAfee VirusScan Enterprise? I'm thinking ComboFix won't work as expected if McAfee is active, like yesterday.

Elise · April 27, 2012

Its better to shut it off, in order to render McAfee more or less ineffective you can boot in Safe Mode and run the scan from there.

TenYearsGone · April 27, 2012

If I can get McAfee disabled, should I go back to message #4 and start again from there, with the registry edits and the initial ComboFix.exe run? Or should I just continue with step #7. It seems I cannot log in to safe mode either.

Elise · April 27, 2012

In that case just continue with post #6 and lets see if that runs successfully

TenYearsGone · April 27, 2012

Great, thank you. Good news, I was at least able to disable McAfee enough to let ComboFix run without having the 'NIRKMD' file automatically deleted by VirusScan. I followed the instructions from #6 and ComboFix ran with no errors (other than trying to install Recovery Console and not being able to do so).

Drum roll please...... It worked! Everything seems to be back to normal, maybe better than before. I have network and internet connectivity, no error messages while booting up, from what I can tell everything looks to be fixed.

I have a feeling it would have been fixed after the first run of ComboFix if I could have shut down McAfee to a better degree.

THANK YOU SO VERY, VERY MUCH.

The ComboFix log is listed below. Please let me know if there is anything else you need me to do.

Here's the log:

ComboFix 12-04-26.01 - greerste 04/27/2012 14:57:37.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2972.2181 [GMT -5:00]

Running from: c:\documents and settings\greerste\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\greerste\Desktop\CFScript.txt

AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

FW: McAfee Host Intrusion Prevention Firewall *Enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

--------------- FCopy ---------------

.

c:\windows\system32\dllcache\ipsec.sys --> c:\windows\system32\drivers\ipsec.sys

.

((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))

.

2012-04-27 18:22 . 2012-04-27 18:22 -------- d-----w- c:\documents and settings\steve.greer\Tracing