Jump to content

Infected with Rootkit.0access trojan


HaroldC
 Share

Recommended Posts

Hello,

Let me tell you as breaf as I can my situation. I tried to open a pdf file the other day and discovered that it wouldn't open. I thought the files were somehow corrupted but also discovered that I could no longer open my internet browser as well. Then I discovered that Windows firewall was turned off and when I clicked on it I got a message that it could not be accessed. I ran Malwarebytes and got 3 hits....something called Rootkit.0access or something like that. Malwarebytes removed the files and I rebooted. I still could not open pdf files and still could not turn on Windows Firewall but I could get on the internet. I decided to try restoring my computer to an earlier time but system restore would not work. I went into Safe mode and tried system restore there and it worked. I then rebooted and Windows Firewall is now on and things seem to be back to normal. I updated windows at this point.

I still am not at ease though. I read a little about this virus on the internet and it is nasty. It seams everyone needed help to get rid of it and so I find it hard to believe that what I did really removed it. At the very least it should be present in the restore points and I would have it again if I undid my system restore. I'm afaid to go anywhere and put in my pass words for fear of being spied upon. I ran dds and here are the reports:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by Harold Cogle at 18:10:28 on 2012-10-11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1560 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Cyberlink\Shared files\RichVideo.exe

C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe

C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe

C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\LG DVD Writer\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\LG DVD Writer\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\program files\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.worldofspectrum.org/permits/publishers.html

uInternet Settings,ProxyServer = http=127.0.0.1:1062

BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120629155327.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File

TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe

mRun: [seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"

mRun: [CTHelper] CTHELPER.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"

mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r

mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"

mRun: [EPSON Stylus CX7800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800"

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [updateLBPShortCut] "c:\program files\lg dvd writer\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [CLMLServer] "c:\program files\lg dvd writer\cyberlink\power2go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "c:\program files\lg dvd writer\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [RemoteControl8] "c:\program files\lg dvd writer\cyberlink\powerdvd8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "c:\program files\lg dvd writer\cyberlink\powerdvd8\language\Language.exe"

mRun: [updatePPShortCut] "c:\program files\lg dvd writer\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"

mRun: [uCam_Menu] "c:\program files\lg dvd writer\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"

mRun: [LGODDFU] "c:\program files\lg dvd writer\cyberlink\lg_fwupdate\lgfw.exe" blrun

mRun: [updatePSTShortCut] "c:\program files\lg dvd writer\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AtariBanner] "c:\games\atari anniversary edition\volume 2\Banner.exe" /0

mRun: [AGEIA PhysX SysTray] "c:\program files\ageia technologies\TrayIcon.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

StartupFolder: c:\docume~1\harold~1\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\philip~1.lnk - c:\program files\philips\gogear vibe device manager\GoGear_Vibe_DeviceManager.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: cinemanow.com

Trusted Zone: roxio.com

Trusted Zone: roxionow.com

Trusted Zone: sonic.com

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349934979831

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349934745970

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{29281EFD-9D5F-420B-8E08-6DFA7A7B0CEE} : DhcpNameServer = 209.18.47.61 209.18.47.62

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

LSA: Authentication Packages = msv1_0 relog_ap

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\harold cogle\application data\mozilla\firefox\profiles\5qdv0tms.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\harold cogle\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\harold cogle\application data\mozilla\firefox\profiles\5qdv0tms.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}\plugins\npRNowPlugin.dll

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\browser\nppdf32(2).dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 464304]

R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [2009-8-23 6144]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-4-6 89792]

R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-14 655944]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-4-6 214904]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-4-6 214904]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-4-6 166288]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-4-6 161632]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-4-6 151880]

R2 RoxioNow Service;RoxioNow Service;c:\program files\roxio\roxionow player\RNowSvc.exe [2011-8-2 400368]

R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-14 22344]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-4-6 180848]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-4-6 59456]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-4-6 340920]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-4-6 83856]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 250288]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-4-6 57600]

S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\docume~1\harold~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [2010-6-19 70144]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-8-16 1527900]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-4-6 83856]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-4-6 87656]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 114144]

S3 UPnPService;UPnPService;c:\program files\common files\magix shared\upnpservice\UPnPService.exe [2009-8-16 544768]

.

=============== Created Last 30 ================

.

2012-10-11 10:59:43 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-10-11 05:40:12 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-10-11 05:40:12 -------- d-----w- c:\windows\system32\wbem\Repository

2012-10-10 06:08:18 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

.

==================== Find3M ====================

.

2012-10-05 20:51:30 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-05 20:51:30 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec

2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

============= FINISH: 18:12:18.07 ===============

and here is the second one:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 8/1/2009 11:36:29 AM

System Uptime: 10/11/2012 5:54:33 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0YC523

Processor: Intel® Pentium® D CPU 3.00GHz | Microprocessor | 2992/800mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 932 GiB total, 366.764 GiB free.

D: is CDROM (CDFS)

E: is CDROM ()

F: is FIXED (NTFS) - 932 GiB total, 660.209 GiB free.

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP631: 7/18/2012 10:39:58 PM - System Checkpoint

RP632: 7/19/2012 11:25:26 PM - System Checkpoint

RP633: 7/21/2012 12:01:26 AM - System Checkpoint

RP634: 7/22/2012 12:10:17 AM - System Checkpoint

RP635: 7/23/2012 1:10:16 AM - System Checkpoint

RP636: 7/24/2012 2:10:24 AM - System Checkpoint

RP637: 7/25/2012 6:46:01 AM - System Checkpoint

RP638: 7/26/2012 7:10:21 AM - System Checkpoint

RP639: 7/26/2012 9:57:16 AM - Software Distribution Service 3.0

RP640: 7/27/2012 10:10:22 AM - System Checkpoint

RP641: 7/28/2012 10:26:01 AM - System Checkpoint

RP642: 7/29/2012 11:10:22 AM - System Checkpoint

RP643: 7/30/2012 7:22:52 PM - System Checkpoint

RP644: 7/31/2012 8:03:12 PM - System Checkpoint

RP645: 8/1/2012 8:08:22 PM - System Checkpoint

RP646: 8/2/2012 8:17:01 PM - System Checkpoint

RP647: 8/3/2012 8:24:39 PM - System Checkpoint

RP648: 8/4/2012 9:15:44 PM - System Checkpoint

RP649: 8/5/2012 10:35:32 PM - System Checkpoint

RP650: 8/6/2012 11:09:08 PM - System Checkpoint

RP651: 8/8/2012 9:27:10 AM - System Checkpoint

RP652: 8/9/2012 10:23:15 AM - System Checkpoint

RP653: 8/10/2012 10:53:41 AM - System Checkpoint

RP654: 8/11/2012 11:46:41 AM - System Checkpoint

RP655: 8/12/2012 12:33:18 PM - System Checkpoint

RP656: 8/13/2012 5:46:54 PM - System Checkpoint

RP657: 8/14/2012 6:10:48 PM - System Checkpoint

RP658: 8/15/2012 6:28:46 PM - System Checkpoint

RP659: 8/16/2012 6:36:47 PM - System Checkpoint

RP660: 8/17/2012 6:41:51 PM - System Checkpoint

RP661: 8/18/2012 9:52:15 PM - System Checkpoint

RP662: 8/19/2012 10:48:59 PM - System Checkpoint

RP663: 8/21/2012 12:00:34 AM - System Checkpoint

RP664: 8/22/2012 12:28:24 AM - System Checkpoint

RP665: 8/23/2012 12:48:52 AM - System Checkpoint

RP666: 8/24/2012 1:48:52 AM - System Checkpoint

RP667: 8/25/2012 2:25:54 AM - System Checkpoint

RP668: 8/26/2012 3:25:54 AM - System Checkpoint

RP669: 8/27/2012 4:25:53 AM - System Checkpoint

RP670: 8/28/2012 5:25:56 AM - System Checkpoint

RP671: 8/29/2012 6:25:53 AM - System Checkpoint

RP672: 8/30/2012 7:27:01 AM - System Checkpoint

RP673: 8/31/2012 8:25:57 AM - System Checkpoint

RP674: 9/4/2012 1:50:53 AM - System Checkpoint

RP675: 9/5/2012 2:22:00 AM - System Checkpoint

RP676: 9/6/2012 3:22:00 AM - System Checkpoint

RP677: 9/7/2012 3:36:08 AM - System Checkpoint

RP678: 9/8/2012 4:36:05 AM - System Checkpoint

RP679: 9/9/2012 5:36:06 AM - System Checkpoint

RP680: 9/10/2012 5:57:15 AM - System Checkpoint

RP681: 9/11/2012 6:58:20 AM - System Checkpoint

RP682: 9/12/2012 7:57:15 AM - System Checkpoint

RP683: 9/13/2012 9:13:09 AM - System Checkpoint

RP684: 9/14/2012 12:41:42 PM - System Checkpoint

RP685: 9/15/2012 12:49:59 PM - System Checkpoint

RP686: 9/16/2012 1:24:35 PM - System Checkpoint

RP687: 9/17/2012 2:23:33 PM - System Checkpoint

RP688: 9/18/2012 3:23:29 PM - System Checkpoint

RP689: 9/19/2012 4:23:31 PM - System Checkpoint

RP690: 9/20/2012 5:23:31 PM - System Checkpoint

RP691: 9/21/2012 6:23:31 PM - System Checkpoint

RP692: 9/22/2012 7:23:35 PM - System Checkpoint

RP693: 9/23/2012 9:35:20 PM - System Checkpoint

RP694: 9/24/2012 9:42:07 PM - System Checkpoint

RP695: 9/25/2012 10:02:58 PM - System Checkpoint

RP696: 9/26/2012 10:42:09 PM - System Checkpoint

RP697: 9/27/2012 10:47:36 PM - System Checkpoint

RP698: 9/28/2012 11:17:49 PM - System Checkpoint

RP699: 9/30/2012 9:59:08 AM - System Checkpoint

RP700: 10/1/2012 10:09:22 AM - System Checkpoint

RP701: 10/2/2012 10:57:20 AM - System Checkpoint

RP702: 10/3/2012 11:41:41 AM - System Checkpoint

RP703: 10/4/2012 12:00:02 PM - System Checkpoint

RP704: 10/4/2012 8:42:58 PM - Restore Operation

RP705: 10/5/2012 2:26:00 PM - Restore Operation

RP706: 10/7/2012 7:49:53 PM - System Checkpoint

RP707: 10/10/2012 2:38:45 AM - Software Distribution Service 3.0

RP708: 10/11/2012 1:15:00 AM - Restore Operation

RP709: 10/11/2012 1:26:03 AM - Restore Operation

RP710: 10/11/2012 1:32:58 AM - Restore Operation

RP711: 10/11/2012 7:02:07 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

3D Ultra Pinball Thrillride

3DPM 3D-Sound Package

A&O Sub

AceIt v1.3.1

Acrobat.com

ActivityMaster

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

AGEIA PhysX v2.5.1

Amazon Kindle

ArcSoft PhotoImpression 5

Atari Anniversary Edition

Audacity 1.2.6

Audible Download Manager

AudibleManager

Ballance

Bing Bar

Brunswick Circuit Pro Bowling

Bubble Puzzle '97

BurnOn CD&DVD, Version 3.1.3 ( Build 2009-2-22, Win32, )

Camera Access Library

Camera Support Core Library

Camera Window DS

Camera Window DVC

Camera Window MC

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DC_DV 6 for ZoomBrowser EX

Canon Camera Window DSLR 5 for ZoomBrowser EX

Canon Camera Window MC 6 for ZoomBrowser EX

Canon MovieEdit Task for ZoomBrowser EX

Canon PhotoRecord

Canon RAW Image Task for ZoomBrowser EX

Canon ZoomBrowser EX (E)

Cartoonist 1.3

Cascade Crossing

CDBurnerXP

Class_50_Content_Update

ConBuilder

Conexant D850 56K V.9x DFVc Modem

Corel Applications

Creative MediaSource

Critical Update for Windows Media Player 11 (KB959772)

Dell Driver Download Manager

Dell Resource CD

DESCENT II

DX-Ball 1.07

Empire XP 5

EPSON CX 7800 Guide

EPSON Printer Software

EPSON Scan

Escape The Museum

ESPNMotion

Facebook Plug-In

File Shredder 2.0

Firebird SQL Server - MAGIX Edition

GemMaster Mystic

GIMP 2.6.6

GoGear VIBE Device Manager

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Hugin 0.6

Hugin 0.7.0 (SVN 3465)

ImgBurn

Install Creator

InstallMgr

Intel® PRO Network Connections Drivers

InterActual Player

Java Auto Updater

Java 6 Update 31

Jigs@w Puzzle 2

Kicking Horse Pass 2.0

LEGO Creator

LG CyberLink LabelPrint

LG CyberLink Power2Go

LG CyberLink PowerBackup

LG CyberLink PowerDVD

LG CyberLink PowerProducer

LG CyberLink YouCam

LG ODD Auto Firmware Update

LG Power Tools

LightScribe System Software

LucasArts' Rogue Squadron

LucasArts' X-Wing vs. TIE Fighter

MAGIX Goya burnR 1.3.1.3 (US)

MAGIX Movies on DVD 7 7.0.3.0 (US)

MAGIX Photo Manager 8 6.0.1.466 (US)

MAGIX Screenshare 4.3.6.1987 (US)

Malwarebytes Anti-Malware version 1.61.0.1400

McAfee AntiVirus Plus

MechWarrior 3 Pirate's Moon

MechWarrior 3 Pirate's Moon CD Patch 1.0

Media Converter for Philips

Michigan Iron Ore

Microsoft .NET Framework 1.0 Hotfix (KB2604042)

Microsoft .NET Framework 1.0 Hotfix (KB2656378)

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Default Manager

Microsoft Office File Validation Add-In

Microsoft Office Standard Edition 2003

Microsoft Silverlight

Microsoft Train Simulator

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

MovieEdit Task

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSN

MSN Toolbar

MSTS Patch 1.8.0521 EN

MSTS Switchlist Generator

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Need For Speed III

NVIDIA Drivers

Otto

PDFCreator

PowerTeacher Gradebook

Primo

RAW Image Task

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Rhapsody

Risk II

Route_Riter v7.1.29

RoxioNow Player

Runtime

Sandpatch: Railroading in the Alleghenies (version 1.0)

SD40-2_Content_Update

Seagate DiscWizard

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219-v2)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135-v2)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2731847-v2)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sega Smash Pack II

Shape Viewer

SideWinder Precision 2

Smilebox

Sonic Encoders

Sony Image Data Suite

Sony Picture Utility

Sound Blaster X-Fi

Space Quest Collection

Spelling Dictionaries Support For Adobe Reader 9

Star Trek -- Starfleet Academy

Star Trek Voyager Elite Force

Star Wars JK II Jedi Outcast

Star Wars: The Force Unleashed

Star Wars®: Knights of the Old Republic

STARWARS: The Battle of Endor version 2.1

Switchball

TGATool2A version 4.00.34

The Bard's Tale Original Series

The Bridge Line Route

The Game Of Life

The Hulk

The Neverhood

The Price Is Right 1.1.4

Tradewinds 2 CD 1.0

Train Store V3.2

Ulead VideoStudio 7 SE DVD

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB972636)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB943729)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

Viewpoint Media Player

VLC media player 1.0.3

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows Search 4.0

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

WinRAR archiver

XnView 1.96.2

.

==== Event Viewer Messages From Past Week ========

.

10/8/2012 9:25:02 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'mcagent000.log' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

10/8/2012 5:43:51 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .

10/8/2012 5:43:51 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll. Reference error message: The operation completed successfully. .

10/8/2012 5:43:51 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\WinSxS\Policies\x86_Policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.30729.1.policy" on line 0.

10/8/2012 5:41:35 PM, error: Dhcp [1008] - Your computer was unable to initialize a Network Interface attached to the system. The error code is: Insufficient system resources exist to complete the requested service. .

10/8/2012 1:10:21 AM, error: System Error [1003] - Error code 100000d1, parameter1 0a130040, parameter2 00000002, parameter3 00000000, parameter4 b9f10af2.

10/8/2012 1:09:41 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/8/2012 1:09:41 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

10/8/2012 1:09:40 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

10/6/2012 9:35:07 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.

10/6/2012 3:52:50 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.

10/6/2012 2:54:15 PM, error: Service Control Manager [7022] - The Windows Search service hung on starting.

10/6/2012 2:53:59 PM, error: System Error [1003] - Error code 100000d1, parameter1 01010050, parameter2 0000000a, parameter3 00000001, parameter4 b9f0cd7f.

10/6/2012 2:51:31 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

10/6/2012 10:59:34 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\WININET.dll. Reference error message: The operation completed successfully. .

10/6/2012 10:58:16 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.mui. Reference error message: Insufficient system resources exist to complete the requested service. .

10/6/2012 10:51:47 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll. Reference error message: The operation completed successfully. .

10/6/2012 10:51:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WindowsShell.Manifest. Reference error message: The operation completed successfully. .

10/6/2012 10:51:21 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .

10/6/2012 10:51:21 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\urlmon.dll. Reference error message: The operation completed successfully. .

10/6/2012 10:51:00 PM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: Insufficient system resources exist to complete the requested service.

10/6/2012 10:21:09 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'McUpdate000.log' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

10/6/2012 10:20:20 PM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.

10/5/2012 3:03:42 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

10/5/2012 2:26:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/5/2012 2:26:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

10/5/2012 2:24:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

10/5/2012 2:23:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk mfetdi2k MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

10/5/2012 2:23:14 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

10/5/2012 2:23:14 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

10/5/2012 2:23:14 PM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

10/5/2012 2:23:14 PM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

10/5/2012 2:23:14 PM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

10/5/2012 2:23:14 PM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

10/5/2012 2:23:14 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/5/2012 2:23:14 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/5/2012 2:23:14 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

10/5/2012 2:23:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

10/5/2012 2:18:51 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/5/2012 1:33:26 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

10/5/2012 1:30:27 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.

10/4/2012 9:50:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

10/4/2012 9:50:38 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/4/2012 9:41:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Scanner service to connect.

10/4/2012 9:41:51 PM, error: Service Control Manager [7000] - The McAfee Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/4/2012 9:41:50 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MCODS with arguments "" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}

10/4/2012 9:31:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

10/4/2012 9:31:12 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/4/2012 8:49:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

10/4/2012 8:49:13 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/4/2012 8:49:13 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/4/2012 10:58:59 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

10/10/2012 2:00:38 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000024, parameter2 0000000a, parameter3 00000000, parameter4 b9f1090a.

10/10/2012 1:57:27 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.

.

==== End Of File ===========================

What do you think? Do still have a problem?

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

I should also mention that I tried to run a program called gmer that another site said to run and it would run for many hours scaning the computer but I could never get it to run to the end. It would always either lock up after many hours or go to the blue screen of death. I gave up on it and decided you guys were the best option for help.

Link to post
Share on other sites

Here is the updated MBAM scan results:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.12.08

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Harold Cogle :: KEATONZOE1824 [administrator]

10/12/2012 9:30:05 PM

mbam-log-2012-10-12 (21-30-05).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 261651

Time elapsed: 32 minute(s), 8 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

I'm off to run combofix now.

Link to post
Share on other sites

Ok...here is the combofix log:

ComboFix 12-10-12.01 - Harold Cogle 10/12/2012 22:45:09.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1537 [GMT -4:00]

Running from: c:\documents and settings\Harold Cogle\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe

c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe

c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe

c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe

c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe

c:\documents and settings\All Users\Application Data\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe

c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe

c:\documents and settings\Harold Cogle\Application Data\6727BC

c:\documents and settings\Harold Cogle\WINDOWS

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-09-13 to 2012-10-13 )))))))))))))))))))))))))))))))

.

.

2012-10-12 01:45 . 2012-10-12 01:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2012-10-11 10:59 . 2012-08-28 15:14 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-10-11 05:40 . 2012-10-11 05:40 -------- d-----w- c:\windows\system32\wbem\Repository

2012-10-10 06:08 . 2012-06-02 19:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-12 17:36 . 2012-04-06 16:35 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-12 17:36 . 2011-06-03 01:40 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-28 15:14 . 2004-08-10 11:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14 . 2004-08-10 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2004-08-10 11:00 385024 ----a-w- c:\windows\system32\html.iec

2012-08-24 13:53 . 2004-08-10 11:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-21 13:33 . 2004-08-10 11:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-05 20:55 . 2012-10-05 20:54 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-24 1325848]

"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]

"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-24 136472]

"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-08 7110656]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]

"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]

"EPSON Stylus CX7800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE" [2005-04-07 98304]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"UpdateLBPShortCut"="c:\program files\LG DVD Writer\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"CLMLServer"="c:\program files\LG DVD Writer\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]

"UpdateP2GoShortCut"="c:\program files\LG DVD Writer\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"RemoteControl8"="c:\program files\LG DVD Writer\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]

"PDVD8LanguageShortcut"="c:\program files\LG DVD Writer\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]

"UpdatePPShortCut"="c:\program files\LG DVD Writer\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UCam_Menu"="c:\program files\LG DVD Writer\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]

"LGODDFU"="c:\program files\LG DVD Writer\CyberLink\lg_fwupdate\lgfw.exe" [2012-07-31 27760]

"UpdatePSTShortCut"="c:\program files\LG DVD Writer\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-25 210216]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"AtariBanner"="c:\games\Atari Anniversary Edition\Volume 2\Banner.exe" [2001-05-22 49152]

"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-08-16 339968]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1318816]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-05-21 296056]

.

c:\documents and settings\Harold Cogle\Start Menu\Programs\Startup\

PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-8-8 333088]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Philips GoGear VIBE Device Manager.lnk - c:\program files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2010-2-18 1701224]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]

2006-12-12 14:46 20480 ----a-w- c:\windows\system32\Ctxfihlp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SideWinderTrayV4]

2000-06-02 23:07 24650 ----a-w- c:\progra~1\GAMECO~1\Common\SWTrayV4.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\LG DVD Writer\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Roxio\\RoxioNow Player\\RNowShell.exe"=

"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

"c:\\Games\\Need For Speed III\\nfs3.exe"=

.

R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [8/23/2009 1:04 AM 6144]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/6/2012 1:13 PM 89792]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/14/2012 7:26 AM 655944]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/6/2012 1:12 PM 214904]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [4/6/2012 1:14 PM 161632]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [4/6/2012 1:02 PM 151880]

R2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [8/2/2011 9:37 PM 400368]

R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 7:56 PM 431384]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/14/2012 7:26 AM 22344]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/6/2012 1:13 PM 340920]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/6/2012 1:13 PM 83856]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 7:14 PM 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 12:35 PM 250808]

S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/6/2012 1:13 PM 57600]

S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\HAROLD~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\HAROLD~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [8/16/2009 2:12 AM 1527900]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 7:14 PM 135664]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/6/2012 1:13 PM 83856]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/6/2012 1:13 PM 87656]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/27/2012 6:14 PM 114144]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [8/16/2009 2:14 AM 544768]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - EHRECVR

*NewlyCreated* - EHSCHED

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 17:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 17:36]

.

2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 23:14]

.

2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 23:14]

.

2012-10-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-162531612-725345543-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]

.

2012-10-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-162531612-725345543-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]

.

2012-09-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-162531612-725345543-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]

.

2012-10-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-162531612-725345543-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]

.

2012-10-13 c:\windows\Tasks\User_Feed_Synchronization-{3BC5B024-6002-4EB4-A269-BF5E26F69063}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.worldofspectrum.org/permits/publishers.html

uInternet Settings,ProxyServer = http=127.0.0.1:1062

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: cinemanow.com

Trusted Zone: roxio.com

Trusted Zone: roxionow.com

Trusted Zone: sonic.com

FF - ProfilePath - c:\documents and settings\Harold Cogle\Application Data\Mozilla\Firefox\Profiles\5qdv0tms.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe

AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\21.0.1180.77\Installer\setup.exe

AddRemove-Star Wars: The Force Unleashed_is1 - c:\games\Star Wars The Force Unleashed\unins001.exe

AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_B6E98F0202354167.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-10-12 23:01

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2052111302-162531612-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:98,50,4d,5d,b1,f4,7b,ff,63,05,9e,35,90,38,3e,cf,b3,3a,2c,8b,93,b3,59,

59,bf,b5,ad,58,50,f2,cd,05,3f,43,18,eb,b6,1b,77,be,c1,74,b8,26,9f,16,70,de,\

"??"=hex:22,ef,c9,6c,1e,ab,c5,22,3d,c7,49,51,c1,4d,c3,00

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(1256)

c:\windows\system32\relog_ap.dll

.

Completion time: 2012-10-12 23:06:20

ComboFix-quarantined-files.txt 2012-10-13 03:06

ComboFix2.txt 2010-06-18 05:15

.

Pre-Run: 393,345,200,128 bytes free

Post-Run: 408,654,028,800 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 1A76E5FC07EE06A9E00A97931E9FFE62

Link to post
Share on other sites

And here are the new dds logs:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by Harold Cogle at 23:40:37 on 2012-10-12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1478 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Cyberlink\Shared files\RichVideo.exe

C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe

C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\LG DVD Writer\CyberLink\Power2Go\CLMLSvc.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\LG DVD Writer\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\program files\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\explorer.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.worldofspectrum.org/permits/publishers.html

uInternet Settings,ProxyServer = http=127.0.0.1:1062

BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120629155327.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File

TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe

mRun: [seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"

mRun: [CTHelper] CTHELPER.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"

mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r

mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"

mRun: [EPSON Stylus CX7800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAFA.EXE /P26 "EPSON Stylus CX7800 Series" /O6 "USB001" /M "Stylus CX7800"

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [updateLBPShortCut] "c:\program files\lg dvd writer\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [CLMLServer] "c:\program files\lg dvd writer\cyberlink\power2go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "c:\program files\lg dvd writer\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [RemoteControl8] "c:\program files\lg dvd writer\cyberlink\powerdvd8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "c:\program files\lg dvd writer\cyberlink\powerdvd8\language\Language.exe"

mRun: [updatePPShortCut] "c:\program files\lg dvd writer\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"

mRun: [uCam_Menu] "c:\program files\lg dvd writer\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"

mRun: [LGODDFU] "c:\program files\lg dvd writer\cyberlink\lg_fwupdate\lgfw.exe" blrun

mRun: [updatePSTShortCut] "c:\program files\lg dvd writer\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\lg dvd writer\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AtariBanner] "c:\games\atari anniversary edition\volume 2\Banner.exe" /0

mRun: [AGEIA PhysX SysTray] "c:\program files\ageia technologies\TrayIcon.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

StartupFolder: c:\docume~1\harold~1\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\philip~1.lnk - c:\program files\philips\gogear vibe device manager\GoGear_Vibe_DeviceManager.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: cinemanow.com

Trusted Zone: roxio.com

Trusted Zone: roxionow.com

Trusted Zone: sonic.com

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349934979831

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349934745970

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{29281EFD-9D5F-420B-8E08-6DFA7A7B0CEE} : DhcpNameServer = 209.18.47.61 209.18.47.62

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

LSA: Authentication Packages = msv1_0 relog_ap

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\harold cogle\application data\mozilla\firefox\profiles\5qdv0tms.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\harold cogle\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\harold cogle\application data\mozilla\firefox\profiles\5qdv0tms.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}\plugins\npRNowPlugin.dll

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\browser\nppdf32(2).dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 464304]

R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [2009-8-23 6144]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-4-6 89792]

R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-14 655944]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-4-6 214904]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-4-6 214904]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-4-6 166288]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-4-6 161632]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-4-6 151880]

R2 RoxioNow Service;RoxioNow Service;c:\program files\roxio\roxionow player\RNowSvc.exe [2011-8-2 400368]

R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-14 22344]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-4-6 180848]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-4-6 59456]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-4-6 340920]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-4-6 83856]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 250808]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-4-6 57600]

S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\harold~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\harold~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-8-16 1527900]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-4-6 83856]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-4-6 87656]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 114144]

S3 UPnPService;UPnPService;c:\program files\common files\magix shared\upnpservice\UPnPService.exe [2009-8-16 544768]

.

=============== Created Last 30 ================

.

2012-10-13 02:31:29 -------- d-sha-r- C:\cmdcons

2012-10-13 02:26:19 98816 ----a-w- c:\windows\sed.exe

2012-10-13 02:26:19 518144 ----a-w- c:\windows\SWREG.exe

2012-10-13 02:26:19 256000 ----a-w- c:\windows\PEV.exe

2012-10-13 02:26:19 208896 ----a-w- c:\windows\MBR.exe

2012-10-11 10:59:43 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-10-11 05:40:12 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-10-11 05:40:12 -------- d-----w- c:\windows\system32\wbem\Repository

2012-10-10 06:08:18 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

.

==================== Find3M ====================

.

2012-10-12 17:36:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-12 17:36:26 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec

2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

.

============= FINISH: 23:41:20.62 ===============

and the second one:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 8/1/2009 11:36:29 AM

System Uptime: 10/12/2012 1:21:57 PM (10 hours ago)

.

Motherboard: Dell Inc. | | 0YC523

Processor: Intel® Pentium® D CPU 3.00GHz | Microprocessor | 2992/800mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 932 GiB total, 380.632 GiB free.

D: is CDROM (CDFS)

E: is CDROM ()

F: is FIXED (NTFS) - 932 GiB total, 660.209 GiB free.

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP631: 7/18/2012 10:39:58 PM - System Checkpoint

RP632: 7/19/2012 11:25:26 PM - System Checkpoint

RP633: 7/21/2012 12:01:26 AM - System Checkpoint

RP634: 7/22/2012 12:10:17 AM - System Checkpoint

RP635: 7/23/2012 1:10:16 AM - System Checkpoint

RP636: 7/24/2012 2:10:24 AM - System Checkpoint

RP637: 7/25/2012 6:46:01 AM - System Checkpoint

RP638: 7/26/2012 7:10:21 AM - System Checkpoint

RP639: 7/26/2012 9:57:16 AM - Software Distribution Service 3.0

RP640: 7/27/2012 10:10:22 AM - System Checkpoint

RP641: 7/28/2012 10:26:01 AM - System Checkpoint

RP642: 7/29/2012 11:10:22 AM - System Checkpoint

RP643: 7/30/2012 7:22:52 PM - System Checkpoint

RP644: 7/31/2012 8:03:12 PM - System Checkpoint

RP645: 8/1/2012 8:08:22 PM - System Checkpoint

RP646: 8/2/2012 8:17:01 PM - System Checkpoint

RP647: 8/3/2012 8:24:39 PM - System Checkpoint

RP648: 8/4/2012 9:15:44 PM - System Checkpoint

RP649: 8/5/2012 10:35:32 PM - System Checkpoint

RP650: 8/6/2012 11:09:08 PM - System Checkpoint

RP651: 8/8/2012 9:27:10 AM - System Checkpoint

RP652: 8/9/2012 10:23:15 AM - System Checkpoint

RP653: 8/10/2012 10:53:41 AM - System Checkpoint

RP654: 8/11/2012 11:46:41 AM - System Checkpoint

RP655: 8/12/2012 12:33:18 PM - System Checkpoint

RP656: 8/13/2012 5:46:54 PM - System Checkpoint

RP657: 8/14/2012 6:10:48 PM - System Checkpoint

RP658: 8/15/2012 6:28:46 PM - System Checkpoint

RP659: 8/16/2012 6:36:47 PM - System Checkpoint

RP660: 8/17/2012 6:41:51 PM - System Checkpoint

RP661: 8/18/2012 9:52:15 PM - System Checkpoint

RP662: 8/19/2012 10:48:59 PM - System Checkpoint

RP663: 8/21/2012 12:00:34 AM - System Checkpoint

RP664: 8/22/2012 12:28:24 AM - System Checkpoint

RP665: 8/23/2012 12:48:52 AM - System Checkpoint

RP666: 8/24/2012 1:48:52 AM - System Checkpoint

RP667: 8/25/2012 2:25:54 AM - System Checkpoint

RP668: 8/26/2012 3:25:54 AM - System Checkpoint

RP669: 8/27/2012 4:25:53 AM - System Checkpoint

RP670: 8/28/2012 5:25:56 AM - System Checkpoint

RP671: 8/29/2012 6:25:53 AM - System Checkpoint

RP672: 8/30/2012 7:27:01 AM - System Checkpoint

RP673: 8/31/2012 8:25:57 AM - System Checkpoint

RP674: 9/4/2012 1:50:53 AM - System Checkpoint

RP675: 9/5/2012 2:22:00 AM - System Checkpoint

RP676: 9/6/2012 3:22:00 AM - System Checkpoint

RP677: 9/7/2012 3:36:08 AM - System Checkpoint

RP678: 9/8/2012 4:36:05 AM - System Checkpoint

RP679: 9/9/2012 5:36:06 AM - System Checkpoint

RP680: 9/10/2012 5:57:15 AM - System Checkpoint

RP681: 9/11/2012 6:58:20 AM - System Checkpoint

RP682: 9/12/2012 7:57:15 AM - System Checkpoint

RP683: 9/13/2012 9:13:09 AM - System Checkpoint

RP684: 9/14/2012 12:41:42 PM - System Checkpoint

RP685: 9/15/2012 12:49:59 PM - System Checkpoint

RP686: 9/16/2012 1:24:35 PM - System Checkpoint

RP687: 9/17/2012 2:23:33 PM - System Checkpoint

RP688: 9/18/2012 3:23:29 PM - System Checkpoint

RP689: 9/19/2012 4:23:31 PM - System Checkpoint

RP690: 9/20/2012 5:23:31 PM - System Checkpoint

RP691: 9/21/2012 6:23:31 PM - System Checkpoint

RP692: 9/22/2012 7:23:35 PM - System Checkpoint

RP693: 9/23/2012 9:35:20 PM - System Checkpoint

RP694: 9/24/2012 9:42:07 PM - System Checkpoint

RP695: 9/25/2012 10:02:58 PM - System Checkpoint

RP696: 9/26/2012 10:42:09 PM - System Checkpoint

RP697: 9/27/2012 10:47:36 PM - System Checkpoint

RP698: 9/28/2012 11:17:49 PM - System Checkpoint

RP699: 9/30/2012 9:59:08 AM - System Checkpoint

RP700: 10/1/2012 10:09:22 AM - System Checkpoint

RP701: 10/2/2012 10:57:20 AM - System Checkpoint

RP702: 10/3/2012 11:41:41 AM - System Checkpoint

RP703: 10/4/2012 12:00:02 PM - System Checkpoint

RP704: 10/4/2012 8:42:58 PM - Restore Operation

RP705: 10/5/2012 2:26:00 PM - Restore Operation

RP706: 10/7/2012 7:49:53 PM - System Checkpoint

RP707: 10/10/2012 2:38:45 AM - Software Distribution Service 3.0

RP708: 10/11/2012 1:15:00 AM - Restore Operation

RP709: 10/11/2012 1:26:03 AM - Restore Operation

RP710: 10/11/2012 1:32:58 AM - Restore Operation

RP711: 10/11/2012 7:02:07 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

3D Ultra Pinball Thrillride

3DPM 3D-Sound Package

A&O Sub

AceIt v1.3.1

Acrobat.com

ActivityMaster

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

AGEIA PhysX v2.5.1

Amazon Kindle

ArcSoft PhotoImpression 5

Atari Anniversary Edition

Audacity 1.2.6

Audible Download Manager

AudibleManager

Ballance

Bing Bar

Brunswick Circuit Pro Bowling

Bubble Puzzle '97

BurnOn CD&DVD, Version 3.1.3 ( Build 2009-2-22, Win32, )

Camera Access Library

Camera Support Core Library

Camera Window DS

Camera Window DVC

Camera Window MC

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DC_DV 6 for ZoomBrowser EX

Canon Camera Window DSLR 5 for ZoomBrowser EX

Canon Camera Window MC 6 for ZoomBrowser EX

Canon MovieEdit Task for ZoomBrowser EX

Canon PhotoRecord

Canon RAW Image Task for ZoomBrowser EX

Canon ZoomBrowser EX (E)

Cartoonist 1.3

Cascade Crossing

CDBurnerXP

Class_50_Content_Update

ConBuilder

Conexant D850 56K V.9x DFVc Modem

Corel Applications

Creative MediaSource

Critical Update for Windows Media Player 11 (KB959772)

Dell Driver Download Manager

Dell Resource CD

DESCENT II

DX-Ball 1.07

Empire XP 5

EPSON CX 7800 Guide

EPSON Printer Software

EPSON Scan

Escape The Museum

ESPNMotion

Facebook Plug-In

File Shredder 2.0

Firebird SQL Server - MAGIX Edition

GemMaster Mystic

GIMP 2.6.6

GoGear VIBE Device Manager

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Hugin 0.6

Hugin 0.7.0 (SVN 3465)

ImgBurn

Install Creator

InstallMgr

Intel® PRO Network Connections Drivers

InterActual Player

Java Auto Updater

Java 6 Update 31

Jigs@w Puzzle 2

Kicking Horse Pass 2.0

LEGO Creator

LG CyberLink LabelPrint

LG CyberLink Power2Go

LG CyberLink PowerBackup

LG CyberLink PowerDVD

LG CyberLink PowerProducer

LG CyberLink YouCam

LG ODD Auto Firmware Update

LG Power Tools

LightScribe System Software

LucasArts' Rogue Squadron

LucasArts' X-Wing vs. TIE Fighter

MAGIX Goya burnR 1.3.1.3 (US)

MAGIX Movies on DVD 7 7.0.3.0 (US)

MAGIX Photo Manager 8 6.0.1.466 (US)

MAGIX Screenshare 4.3.6.1987 (US)

Malwarebytes Anti-Malware version 1.61.0.1400

McAfee AntiVirus Plus

MechWarrior 3 Pirate's Moon

MechWarrior 3 Pirate's Moon CD Patch 1.0

Media Converter for Philips

Michigan Iron Ore

Microsoft .NET Framework 1.0 Hotfix (KB2604042)

Microsoft .NET Framework 1.0 Hotfix (KB2656378)

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Default Manager

Microsoft Office File Validation Add-In

Microsoft Office Standard Edition 2003

Microsoft Silverlight

Microsoft Train Simulator

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

MovieEdit Task

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSN

MSN Toolbar

MSTS Patch 1.8.0521 EN

MSTS Switchlist Generator

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Need For Speed III

NVIDIA Drivers

Otto

PDFCreator

PowerTeacher Gradebook

Primo

RAW Image Task

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Rhapsody

Risk II

Route_Riter v7.1.29

RoxioNow Player

Runtime

Sandpatch: Railroading in the Alleghenies (version 1.0)

SD40-2_Content_Update

Seagate DiscWizard

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB972260)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219-v2)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135-v2)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2731847-v2)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sega Smash Pack II

Shape Viewer

SideWinder Precision 2

Smilebox

Sonic Encoders

Sony Image Data Suite

Sony Picture Utility

Sound Blaster X-Fi

Space Quest Collection

Spelling Dictionaries Support For Adobe Reader 9

Star Trek -- Starfleet Academy

Star Trek Voyager Elite Force

Star Wars JK II Jedi Outcast

Star Wars®: Knights of the Old Republic

STARWARS: The Battle of Endor version 2.1

Switchball

TGATool2A version 4.00.34

The Bard's Tale Original Series

The Bridge Line Route

The Game Of Life

The Hulk

The Neverhood

The Price Is Right 1.1.4

Tradewinds 2 CD 1.0

Train Store V3.2

Ulead VideoStudio 7 SE DVD

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB972636)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB943729)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

Viewpoint Media Player

VLC media player 1.0.3

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows Search 4.0

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB2619340

Windows XP Media Center Edition 2005 KB2628259

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

WinRAR archiver

XnView 1.96.2

.

==== Event Viewer Messages From Past Week ========

.

10/8/2012 9:25:02 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'mcagent000.log' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

10/8/2012 5:51:19 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/8/2012 5:51:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

10/8/2012 5:43:51 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: Insufficient system resources exist to complete the requested service. .

10/8/2012 5:43:51 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll. Reference error message: The operation completed successfully. .

10/8/2012 5:43:51 PM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\WINDOWS\WinSxS\Policies\x86_Policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-ww_b7353f75\9.0.30729.1.policy" on line 0.

10/8/2012 5:41:35 PM, error: Dhcp [1008] - Your computer was unable to initialize a Network Interface attached to the system. The error code is: Insufficient system resources exist to complete the requested service. .

10/8/2012 1:10:21 AM, error: System Error [1003] - Error code 100000d1, parameter1 0a130040, parameter2 00000002, parameter3 00000000, parameter4 b9f10af2.

10/8/2012 1:09:41 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/8/2012 1:09:41 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

10/8/2012 1:09:40 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.

10/7/2012 12:51:09 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Insufficient system resources exist to complete the requested service. .

10/7/2012 12:51:09 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\urlmon.dll. Reference error message: The operation completed successfully. .

10/7/2012 12:51:09 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll. Reference error message: The operation completed successfully. .

10/7/2012 12:43:20 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.

10/7/2012 12:02:26 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\WININET.dll. Reference error message: The operation completed successfully. .

10/6/2012 3:52:50 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.

10/6/2012 2:54:15 PM, error: Service Control Manager [7022] - The Windows Search service hung on starting.

10/6/2012 2:53:59 PM, error: System Error [1003] - Error code 100000d1, parameter1 01010050, parameter2 0000000a, parameter3 00000001, parameter4 b9f0cd7f.

10/6/2012 2:51:31 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

10/6/2012 10:59:34 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WindowsShell.Manifest. Reference error message: The operation completed successfully. .

10/6/2012 10:58:16 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.mui. Reference error message: Insufficient system resources exist to complete the requested service. .

10/6/2012 10:51:00 PM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: Insufficient system resources exist to complete the requested service.

10/6/2012 10:21:09 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'McUpdate000.log' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

10/6/2012 10:14:26 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.

10/5/2012 3:03:42 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

10/5/2012 2:26:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/5/2012 2:26:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

10/5/2012 2:24:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

10/5/2012 2:23:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk mfetdi2k MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

10/5/2012 2:23:14 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

10/5/2012 2:23:14 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

10/5/2012 2:23:14 PM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

10/5/2012 2:23:14 PM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

10/5/2012 2:23:14 PM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

10/5/2012 2:23:14 PM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

10/5/2012 2:23:14 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/5/2012 2:23:14 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/5/2012 2:23:14 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

10/5/2012 2:23:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

10/5/2012 2:18:51 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/5/2012 1:33:26 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

10/5/2012 1:30:27 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.

10/12/2012 8:35:50 PM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).

10/12/2012 8:35:31 PM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

10/11/2012 12:54:56 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

10/10/2012 2:00:38 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000024, parameter2 0000000a, parameter3 00000000, parameter4 b9f1090a.

10/10/2012 1:57:27 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Export the threats found (if any), and post them here.

Next, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Next, download my Security Check from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Here is the tdsskiller log:

18:07:03.0640 3372 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47

18:07:04.0031 3372 ============================================================

18:07:04.0031 3372 Current date / time: 2012/10/15 18:07:04.0031

18:07:04.0031 3372 SystemInfo:

18:07:04.0031 3372

18:07:04.0031 3372 OS Version: 5.1.2600 ServicePack: 3.0

18:07:04.0031 3372 Product type: Workstation

18:07:04.0031 3372 ComputerName: KEATONZOE1824

18:07:04.0031 3372 UserName: Harold Cogle

18:07:04.0031 3372 Windows directory: C:\WINDOWS

18:07:04.0031 3372 System windows directory: C:\WINDOWS

18:07:04.0031 3372 Processor architecture: Intel x86

18:07:04.0031 3372 Number of processors: 2

18:07:04.0031 3372 Page size: 0x1000

18:07:04.0031 3372 Boot type: Normal boot

18:07:04.0031 3372 ============================================================

18:07:07.0875 3372 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

18:07:07.0875 3372 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

18:07:07.0937 3372 ============================================================

18:07:07.0937 3372 \Device\Harddisk0\DR0:

18:07:07.0937 3372 MBR partitions:

18:07:07.0937 3372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1

18:07:07.0937 3372 \Device\Harddisk1\DR1:

18:07:07.0937 3372 MBR partitions:

18:07:07.0937 3372 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982

18:07:07.0937 3372 ============================================================

18:07:08.0031 3372 C: <-> \Device\Harddisk0\DR0\Partition1

18:07:08.0046 3372 F: <-> \Device\Harddisk1\DR1\Partition1

18:07:08.0046 3372 ============================================================

18:07:08.0046 3372 Initialize success

18:07:08.0046 3372 ============================================================

18:07:27.0046 0472 ============================================================

18:07:27.0046 0472 Scan started

18:07:27.0046 0472 Mode: Manual;

18:07:27.0046 0472 ============================================================

18:07:27.0578 0472 ================ Scan system memory ========================

18:07:27.0578 0472 System memory - ok

18:07:27.0578 0472 ================ Scan services =============================

18:07:27.0750 0472 [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys

18:07:27.0750 0472 61883 - ok

18:07:27.0765 0472 Abiosdsk - ok

18:07:27.0765 0472 abp480n5 - ok

18:07:27.0937 0472 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

18:07:27.0937 0472 ACDaemon - ok

18:07:28.0015 0472 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:07:28.0015 0472 ACPI - ok

18:07:28.0046 0472 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

18:07:28.0046 0472 ACPIEC - ok

18:07:28.0312 0472 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

18:07:28.0421 0472 AdobeFlashPlayerUpdateSvc - ok

18:07:28.0421 0472 adpu160m - ok

18:07:28.0515 0472 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

18:07:28.0515 0472 aec - ok

18:07:28.0562 0472 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys

18:07:28.0640 0472 Afc - ok

18:07:28.0703 0472 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

18:07:28.0781 0472 AFD - ok

18:07:28.0796 0472 Aha154x - ok

18:07:28.0796 0472 aic78u2 - ok

18:07:28.0812 0472 aic78xx - ok

18:07:28.0843 0472 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

18:07:28.0875 0472 Alerter - ok

18:07:28.0906 0472 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

18:07:28.0921 0472 ALG - ok

18:07:28.0921 0472 AliIde - ok

18:07:28.0937 0472 amsint - ok

18:07:29.0031 0472 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

18:07:29.0046 0472 AppMgmt - ok

18:07:29.0078 0472 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

18:07:29.0078 0472 Arp1394 - ok

18:07:29.0093 0472 asc - ok

18:07:29.0093 0472 asc3350p - ok

18:07:29.0109 0472 asc3550 - ok

18:07:29.0156 0472 [ B979979AB8027F7F53FB16EC4229B7DB ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys

18:07:29.0234 0472 Aspi32 - ok

18:07:29.0421 0472 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

18:07:29.0515 0472 aspnet_state - ok

18:07:29.0609 0472 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:07:29.0625 0472 AsyncMac - ok

18:07:29.0625 0472 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

18:07:29.0625 0472 atapi - ok

18:07:29.0640 0472 Atdisk - ok

18:07:29.0687 0472 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:07:29.0687 0472 Atmarpc - ok

18:07:29.0734 0472 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

18:07:29.0750 0472 AudioSrv - ok

18:07:29.0765 0472 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

18:07:29.0765 0472 audstub - ok

18:07:29.0828 0472 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys

18:07:29.0828 0472 Avc - ok

18:07:30.0015 0472 [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE

18:07:30.0093 0472 BBSvc - ok

18:07:30.0250 0472 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE

18:07:30.0328 0472 BBUpdate - ok

18:07:30.0421 0472 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

18:07:30.0421 0472 Beep - ok

18:07:30.0437 0472 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

18:07:30.0562 0472 BITS - ok

18:07:30.0609 0472 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

18:07:30.0656 0472 Browser - ok

18:07:30.0734 0472 catchme - ok

18:07:30.0796 0472 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

18:07:30.0796 0472 cbidf2k - ok

18:07:30.0921 0472 [ A9ACC4B9730B6D5B0BB2BFFDC53F0812 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe

18:07:30.0921 0472 CCALib8 - ok

18:07:31.0062 0472 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

18:07:31.0140 0472 CCDECODE - ok

18:07:31.0140 0472 cd20xrnt - ok

18:07:31.0281 0472 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

18:07:31.0296 0472 Cdaudio - ok

18:07:31.0296 0472 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

18:07:31.0296 0472 Cdfs - ok

18:07:31.0406 0472 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:07:31.0421 0472 Cdrom - ok

18:07:31.0484 0472 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys

18:07:31.0578 0472 cercsr6 - ok

18:07:31.0671 0472 [ 1C7B1E36F3CED9E4B0B13385E627FE8B ] cfwids C:\WINDOWS\system32\drivers\cfwids.sys

18:07:31.0765 0472 cfwids - ok

18:07:31.0765 0472 Changer - ok

18:07:31.0875 0472 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

18:07:31.0875 0472 CiSvc - ok

18:07:31.0890 0472 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

18:07:31.0890 0472 ClipSrv - ok

18:07:31.0937 0472 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:07:32.0015 0472 clr_optimization_v2.0.50727_32 - ok

18:07:32.0031 0472 CmdIde - ok

18:07:32.0031 0472 COMSysApp - ok

18:07:32.0046 0472 Cpqarray - ok

18:07:32.0109 0472 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe

18:07:32.0109 0472 Creative Service for CDROM Access - ok

18:07:32.0156 0472 [ E08AC114B931DACAFBDD9D5E0B93815C ] crlscsi C:\WINDOWS\system32\drivers\crlscsi.sys

18:07:32.0218 0472 crlscsi - ok

18:07:32.0234 0472 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

18:07:32.0234 0472 CryptSvc - ok

18:07:32.0468 0472 [ 177BC4EE3840119A780EAFAD5A010F8F ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys

18:07:32.0562 0472 ctac32k - ok

18:07:32.0671 0472 [ EB0C0D62D8D2B8F41DA149C866E93397 ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys

18:07:32.0671 0472 ctaud2k - ok

18:07:32.0796 0472 [ 5A0EEB00B02FC78605AA9D3590B24978 ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys

18:07:32.0953 0472 ctdvda2k - ok

18:07:32.0984 0472 [ 7D7EEA7FFBC19E1B712D241490BE51ED ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys

18:07:33.0062 0472 ctprxy2k - ok

18:07:33.0171 0472 [ 538122D33DD4B04CC189D5CA72BD6706 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys

18:07:33.0250 0472 ctsfm2k - ok

18:07:33.0250 0472 dac2w2k - ok

18:07:33.0265 0472 dac960nt - ok

18:07:33.0406 0472 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

18:07:33.0406 0472 DcomLaunch - ok

18:07:33.0421 0472 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

18:07:33.0437 0472 Dhcp - ok

18:07:33.0453 0472 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

18:07:33.0453 0472 Disk - ok

18:07:33.0468 0472 dmadmin - ok

18:07:33.0531 0472 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

18:07:33.0562 0472 dmboot - ok

18:07:33.0609 0472 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

18:07:33.0609 0472 dmio - ok

18:07:33.0656 0472 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

18:07:33.0656 0472 dmload - ok

18:07:33.0671 0472 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

18:07:33.0671 0472 dmserver - ok

18:07:33.0718 0472 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

18:07:33.0718 0472 DMusic - ok

18:07:33.0750 0472 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

18:07:33.0812 0472 Dnscache - ok

18:07:33.0859 0472 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

18:07:33.0875 0472 Dot3svc - ok

18:07:33.0875 0472 dpti2o - ok

18:07:33.0921 0472 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

18:07:33.0921 0472 drmkaud - ok

18:07:34.0015 0472 [ 0849EACDC01487573ADD86F5E470806C ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys

18:07:34.0109 0472 e1express - ok

18:07:34.0187 0472 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

18:07:34.0187 0472 EapHost - ok

18:07:34.0328 0472 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe

18:07:34.0328 0472 ehRecvr - ok

18:07:34.0437 0472 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe

18:07:34.0437 0472 ehSched - ok

18:07:34.0468 0472 [ 8E0EB62BE9F9BEE7C2E4C50685038E8D ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys

18:07:34.0546 0472 emupia - ok

18:07:34.0546 0472 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

18:07:34.0562 0472 ERSvc - ok

18:07:34.0640 0472 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

18:07:34.0640 0472 Eventlog - ok

18:07:34.0765 0472 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

18:07:34.0765 0472 EventSystem - ok

18:07:34.0781 0472 F-Secure Standalone Minifilter - ok

18:07:34.0781 0472 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

18:07:34.0781 0472 Fastfat - ok

18:07:34.0875 0472 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

18:07:34.0937 0472 FastUserSwitchingCompatibility - ok

18:07:34.0953 0472 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

18:07:34.0953 0472 Fdc - ok

18:07:35.0015 0472 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

18:07:35.0031 0472 Fips - ok

18:07:35.0296 0472 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

18:07:35.0531 0472 FirebirdServerMAGIXInstance - ok

18:07:35.0562 0472 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

18:07:35.0562 0472 Flpydisk - ok

18:07:35.0609 0472 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

18:07:35.0609 0472 FltMgr - ok

18:07:35.0718 0472 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

18:07:35.0734 0472 FontCache3.0.0.0 - ok

18:07:35.0750 0472 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:07:35.0750 0472 Fs_Rec - ok

18:07:35.0750 0472 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:07:35.0765 0472 Ftdisk - ok

18:07:35.0828 0472 [ 72FE2BEA6863D4EB93442A1C4FB5CA48 ] GcKernel C:\WINDOWS\system32\DRIVERS\GcKernel.sys

18:07:35.0828 0472 GcKernel - ok

18:07:35.0906 0472 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:07:35.0921 0472 Gpc - ok

18:07:36.0046 0472 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

18:07:36.0140 0472 gupdate - ok

18:07:36.0140 0472 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

18:07:36.0156 0472 gupdatem - ok

18:07:36.0250 0472 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

18:07:36.0328 0472 gusvc - ok

18:07:36.0468 0472 [ F2607D0D89F57D3564CF65A61A237F1A ] ha20x2k C:\WINDOWS\system32\drivers\ha20x2k.sys

18:07:36.0546 0472 ha20x2k - ok

18:07:36.0625 0472 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

18:07:36.0625 0472 HDAudBus - ok

18:07:36.0703 0472 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

18:07:36.0718 0472 helpsvc - ok

18:07:36.0718 0472 HidServ - ok

18:07:36.0718 0472 [ BD205320308FB41C88A4049A2D1764B4 ] HIDSwvd C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys

18:07:36.0796 0472 HIDSwvd - ok

18:07:36.0843 0472 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:07:36.0843 0472 hidusb - ok

18:07:36.0906 0472 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

18:07:36.0906 0472 hkmsvc - ok

18:07:36.0921 0472 hpn - ok

18:07:37.0000 0472 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

18:07:37.0078 0472 HSFHWBS2 - ok

18:07:37.0187 0472 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

18:07:37.0296 0472 HSF_DP - ok

18:07:37.0343 0472 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

18:07:37.0359 0472 HTTP - ok

18:07:37.0421 0472 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

18:07:37.0437 0472 HTTPFilter - ok

18:07:37.0453 0472 i2omgmt - ok

18:07:37.0453 0472 i2omp - ok

18:07:37.0468 0472 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys

18:07:37.0468 0472 i8042prt - ok

18:07:37.0625 0472 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

18:07:37.0765 0472 idsvc - ok

18:07:37.0765 0472 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

18:07:37.0781 0472 Imapi - ok

18:07:37.0828 0472 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

18:07:37.0843 0472 ImapiService - ok

18:07:37.0843 0472 ini910u - ok

18:07:37.0859 0472 IntelIde - ok

18:07:37.0906 0472 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:07:37.0906 0472 intelppm - ok

18:07:37.0953 0472 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

18:07:37.0968 0472 Ip6Fw - ok

18:07:37.0984 0472 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:07:37.0984 0472 IpFilterDriver - ok

18:07:38.0000 0472 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:07:38.0000 0472 IpInIp - ok

18:07:38.0000 0472 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:07:38.0015 0472 IpNat - ok

18:07:38.0031 0472 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:07:38.0046 0472 IPSec - ok

18:07:38.0125 0472 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

18:07:38.0125 0472 IRENUM - ok

18:07:38.0140 0472 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:07:38.0140 0472 isapnp - ok

18:07:38.0218 0472 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

18:07:38.0218 0472 JavaQuickStarterService - ok

18:07:38.0218 0472 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:07:38.0234 0472 Kbdclass - ok

18:07:38.0250 0472 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:07:38.0250 0472 kbdhid - ok

18:07:38.0265 0472 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

18:07:38.0265 0472 kmixer - ok

18:07:38.0359 0472 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

18:07:38.0359 0472 KSecDD - ok

18:07:38.0468 0472 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

18:07:38.0546 0472 lanmanserver - ok

18:07:38.0625 0472 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

18:07:38.0671 0472 lanmanworkstation - ok

18:07:38.0671 0472 lbrtfdc - ok

18:07:38.0765 0472 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

18:07:38.0765 0472 LightScribeService - ok

18:07:38.0796 0472 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

18:07:38.0796 0472 LmHosts - ok

18:07:38.0843 0472 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

18:07:38.0843 0472 MBAMProtector - ok

18:07:38.0953 0472 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

18:07:38.0953 0472 MBAMService - ok

18:07:39.0046 0472 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

18:07:39.0140 0472 mcmscsvc - ok

18:07:39.0140 0472 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

18:07:39.0156 0472 McNaiAnn - ok

18:07:39.0156 0472 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

18:07:39.0156 0472 McNASvc - ok

18:07:39.0281 0472 [ 135AA9E9E7047B7DC1F753205D421A26 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe

18:07:39.0375 0472 McODS - ok

18:07:39.0453 0472 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

18:07:39.0453 0472 McProxy - ok

18:07:39.0640 0472 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe

18:07:39.0718 0472 McrdSvc - ok

18:07:39.0875 0472 [ 593FA4C378818ECE76BA64A11AD56CF2 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

18:07:40.0031 0472 McShield - ok

18:07:40.0031 0472 MCSTRM - ok

18:07:40.0203 0472 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

18:07:40.0203 0472 MDM - ok

18:07:40.0234 0472 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

18:07:40.0312 0472 mdmxsdk - ok

18:07:40.0343 0472 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

18:07:40.0359 0472 Messenger - ok

18:07:40.0437 0472 [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys

18:07:40.0515 0472 mfeapfk - ok

18:07:40.0562 0472 [ C1DC5F42D3367F33B6451BE78B38BD46 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys

18:07:40.0656 0472 mfeavfk - ok

18:07:40.0656 0472 mfeavfk01 - ok

18:07:40.0703 0472 [ 0435C43F4C2BE01B84868AD2A906397B ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys

18:07:40.0781 0472 mfebopk - ok

18:07:40.0843 0472 [ 7E1F8B1BDC8240F08BD358B3A466C005 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

18:07:40.0937 0472 mfefire - ok

18:07:40.0937 0472 [ 4EA6FF90015424517843E931448E00F1 ] mfefirek C:\WINDOWS\system32\drivers\mfefirek.sys

18:07:41.0031 0472 mfefirek - ok

18:07:41.0125 0472 [ D1E998748BA24A731106611D535C6BBF ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys

18:07:41.0171 0472 mfehidk - ok

18:07:41.0187 0472 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendisk C:\WINDOWS\system32\DRIVERS\mfendisk.sys

18:07:41.0281 0472 mfendisk - ok

18:07:41.0281 0472 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendiskmp C:\WINDOWS\system32\DRIVERS\mfendisk.sys

18:07:41.0281 0472 mfendiskmp - ok

18:07:41.0328 0472 [ F454A13377F0A006D20A8C14A753C432 ] mferkdet C:\WINDOWS\system32\drivers\mferkdet.sys

18:07:41.0406 0472 mferkdet - ok

18:07:41.0468 0472 [ 070D3FAF2EAC417C59D8674A8752F7A6 ] mfetdi2k C:\WINDOWS\system32\drivers\mfetdi2k.sys

18:07:41.0546 0472 mfetdi2k - ok

18:07:41.0625 0472 [ B10C4EFD40810C08F4B44DF2EFCB54F7 ] mfevtp C:\WINDOWS\system32\mfevtps.exe

18:07:41.0640 0472 mfevtp - ok

18:07:41.0703 0472 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll

18:07:41.0765 0472 MHN - ok

18:07:41.0781 0472 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys

18:07:41.0937 0472 MHNDRV - ok

18:07:41.0953 0472 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

18:07:41.0953 0472 mnmdd - ok

18:07:41.0968 0472 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

18:07:41.0984 0472 mnmsrvc - ok

18:07:42.0000 0472 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

18:07:42.0000 0472 Modem - ok

18:07:42.0046 0472 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys

18:07:42.0125 0472 MODEMCSA - ok

18:07:42.0171 0472 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:07:42.0187 0472 Mouclass - ok

18:07:42.0203 0472 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:07:42.0218 0472 mouhid - ok

18:07:42.0265 0472 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

18:07:42.0265 0472 MountMgr - ok

18:07:42.0343 0472 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

18:07:42.0421 0472 MozillaMaintenance - ok

18:07:42.0453 0472 mraid35x - ok

18:07:42.0468 0472 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:07:42.0484 0472 MRxDAV - ok

18:07:42.0562 0472 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:07:42.0578 0472 MRxSmb - ok

18:07:42.0593 0472 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

18:07:42.0593 0472 MSDTC - ok

18:07:42.0656 0472 [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys

18:07:42.0656 0472 MSDV - ok

18:07:42.0671 0472 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

18:07:42.0671 0472 Msfs - ok

18:07:42.0671 0472 MSIServer - ok

18:07:42.0687 0472 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:07:42.0703 0472 MSKSSRV - ok

18:07:42.0703 0472 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:07:42.0718 0472 MSPCLOCK - ok

18:07:42.0734 0472 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

18:07:42.0734 0472 MSPQM - ok

18:07:42.0750 0472 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:07:42.0765 0472 mssmbios - ok

18:07:42.0812 0472 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

18:07:42.0812 0472 MSTEE - ok

18:07:42.0843 0472 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

18:07:42.0843 0472 Mup - ok

18:07:42.0890 0472 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

18:07:42.0890 0472 NABTSFEC - ok

18:07:42.0937 0472 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

18:07:42.0953 0472 napagent - ok

18:07:42.0984 0472 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

18:07:42.0984 0472 NDIS - ok

18:07:43.0000 0472 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

18:07:43.0000 0472 NdisIP - ok

18:07:43.0046 0472 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:07:43.0125 0472 NdisTapi - ok

18:07:43.0140 0472 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:07:43.0156 0472 Ndisuio - ok

18:07:43.0187 0472 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:07:43.0203 0472 NdisWan - ok

18:07:43.0265 0472 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

18:07:43.0343 0472 NDProxy - ok

18:07:43.0390 0472 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

18:07:43.0390 0472 NetBIOS - ok

18:07:43.0406 0472 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

18:07:43.0421 0472 NetBT - ok

18:07:43.0468 0472 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

18:07:43.0484 0472 NetDDE - ok

18:07:43.0484 0472 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

18:07:43.0484 0472 NetDDEdsdm - ok

18:07:43.0515 0472 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

18:07:43.0515 0472 Netlogon - ok

18:07:43.0625 0472 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

18:07:43.0640 0472 Netman - ok

18:07:43.0687 0472 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:07:43.0703 0472 NetTcpPortSharing - ok

18:07:43.0718 0472 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

18:07:43.0734 0472 NIC1394 - ok

18:07:43.0765 0472 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

18:07:43.0765 0472 Nla - ok

18:07:43.0890 0472 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU C:\Program Files\CDBurnerXP\NMSAccessU.exe

18:07:43.0890 0472 NMSAccessU - ok

18:07:43.0890 0472 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

18:07:43.0906 0472 Npfs - ok

18:07:43.0984 0472 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

18:07:44.0000 0472 Ntfs - ok

18:07:44.0000 0472 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

18:07:44.0000 0472 NtLmSsp - ok

18:07:44.0125 0472 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

18:07:44.0140 0472 NtmsSvc - ok

18:07:44.0203 0472 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

18:07:44.0218 0472 Null - ok

18:07:44.0359 0472 [ 0A83977B8909FDA12E45112575A59BA7 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

18:07:44.0515 0472 nv - ok

18:07:44.0609 0472 [ 153C0BA143A174B38CB06338C6EF4CC5 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe

18:07:44.0609 0472 NVSvc - ok

18:07:44.0656 0472 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:07:44.0671 0472 NwlnkFlt - ok

18:07:44.0687 0472 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:07:44.0687 0472 NwlnkFwd - ok

18:07:44.0703 0472 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

18:07:44.0703 0472 ohci1394 - ok

18:07:44.0812 0472 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:07:44.0843 0472 ose - ok

18:07:44.0875 0472 [ 611B58C2FD89AA9E80743A197BA62277 ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys

18:07:44.0953 0472 ossrv - ok

18:07:44.0968 0472 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys

18:07:44.0984 0472 Parport - ok

18:07:44.0984 0472 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

18:07:44.0984 0472 PartMgr - ok

18:07:45.0031 0472 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

18:07:45.0046 0472 ParVdm - ok

18:07:45.0046 0472 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

18:07:45.0062 0472 PCI - ok

18:07:45.0062 0472 PCIDump - ok

18:07:45.0109 0472 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

18:07:45.0250 0472 PCIIde - ok

18:07:45.0312 0472 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

18:07:45.0328 0472 Pcmcia - ok

18:07:45.0343 0472 PDCOMP - ok

18:07:45.0343 0472 PDFRAME - ok

18:07:45.0359 0472 PDRELI - ok

18:07:45.0359 0472 PDRFRAME - ok

18:07:45.0375 0472 perc2 - ok

18:07:45.0375 0472 perc2hib - ok

18:07:45.0468 0472 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

18:07:45.0468 0472 PlugPlay - ok

18:07:45.0484 0472 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

18:07:45.0484 0472 PolicyAgent - ok

18:07:45.0500 0472 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:07:45.0500 0472 PptpMiniport - ok

18:07:45.0515 0472 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

18:07:45.0515 0472 ProtectedStorage - ok

18:07:45.0531 0472 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

18:07:45.0546 0472 PSched - ok

18:07:45.0578 0472 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:07:45.0578 0472 Ptilink - ok

18:07:45.0609 0472 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:07:45.0609 0472 PxHelp20 - ok

18:07:45.0625 0472 ql1080 - ok

18:07:45.0625 0472 Ql10wnt - ok

18:07:45.0640 0472 ql12160 - ok

18:07:45.0640 0472 ql1240 - ok

18:07:45.0656 0472 ql1280 - ok

18:07:45.0656 0472 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:07:45.0671 0472 RasAcd - ok

18:07:45.0703 0472 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

18:07:45.0718 0472 RasAuto - ok

18:07:45.0781 0472 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:07:45.0796 0472 Rasl2tp - ok

18:07:45.0828 0472 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

18:07:45.0828 0472 RasMan - ok

18:07:45.0843 0472 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:07:45.0843 0472 RasPppoe - ok

18:07:45.0875 0472 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

18:07:45.0875 0472 Raspti - ok

18:07:45.0890 0472 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:07:45.0890 0472 Rdbss - ok

18:07:45.0906 0472 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:07:45.0906 0472 RDPCDD - ok

18:07:45.0921 0472 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:07:45.0937 0472 rdpdr - ok

18:07:46.0062 0472 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

18:07:46.0250 0472 RDPWD - ok

18:07:46.0296 0472 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

18:07:46.0312 0472 RDSessMgr - ok

18:07:46.0359 0472 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

18:07:46.0375 0472 redbook - ok

18:07:46.0453 0472 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

18:07:46.0468 0472 RemoteAccess - ok

18:07:46.0531 0472 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

18:07:46.0531 0472 RemoteRegistry - ok

18:07:46.0718 0472 [ 8CFCA7E2FD4B57C2BEF929C1C1A4C56E ] RichVideo C:\Program Files\Cyberlink\Shared files\RichVideo.exe

18:07:46.0718 0472 RichVideo - ok

18:07:46.0906 0472 [ 6BFC6C564E75B1CCAA3D24342DC77C13 ] RoxioNow Service C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe

18:07:46.0921 0472 RoxioNow Service - ok

18:07:46.0921 0472 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

18:07:46.0937 0472 RpcLocator - ok

18:07:46.0953 0472 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll

18:07:46.0953 0472 RpcSs - ok

18:07:47.0015 0472 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

18:07:47.0031 0472 RSVP - ok

18:07:47.0046 0472 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

18:07:47.0046 0472 SamSs - ok

18:07:47.0046 0472 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

18:07:47.0062 0472 SCardSvr - ok

18:07:47.0140 0472 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

18:07:47.0156 0472 Schedule - ok

18:07:47.0203 0472 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:07:47.0218 0472 Secdrv - ok

18:07:47.0218 0472 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

18:07:47.0234 0472 seclogon - ok

18:07:47.0234 0472 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

18:07:47.0250 0472 SENS - ok

18:07:47.0250 0472 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys

18:07:47.0265 0472 Serial - ok

18:07:47.0312 0472 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

18:07:47.0328 0472 Sfloppy - ok

18:07:47.0406 0472 [ D94129B1417148FAC9E4AE3ED8AE9E5D ] SgtSch2Svc C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe

18:07:47.0515 0472 SgtSch2Svc - ok

18:07:47.0640 0472 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

18:07:47.0656 0472 SharedAccess - ok

18:07:47.0671 0472 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

18:07:47.0671 0472 ShellHWDetection - ok

18:07:47.0671 0472 Simbad - ok

18:07:47.0734 0472 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

18:07:47.0734 0472 SLIP - ok

18:07:47.0781 0472 [ C3BF55189AA92B8F919108EF9E4ACCAE ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys

18:07:47.0781 0472 snapman - ok

18:07:47.0796 0472 Sparrow - ok

18:07:47.0812 0472 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

18:07:47.0812 0472 splitter - ok

18:07:47.0890 0472 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

18:07:47.0890 0472 Spooler - ok

18:07:47.0890 0472 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

18:07:47.0890 0472 sr - ok

18:07:47.0937 0472 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

18:07:47.0953 0472 srservice - ok

18:07:48.0015 0472 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

18:07:48.0015 0472 Srv - ok

18:07:48.0109 0472 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

18:07:48.0125 0472 SSDPSRV - ok

18:07:48.0203 0472 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

18:07:48.0218 0472 stisvc - ok

18:07:48.0234 0472 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

18:07:48.0343 0472 streamip - ok

18:07:48.0406 0472 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

18:07:48.0421 0472 swenum - ok

18:07:48.0484 0472 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

18:07:48.0500 0472 swmidi - ok

18:07:48.0500 0472 SwPrv - ok

18:07:48.0515 0472 symc810 - ok

18:07:48.0515 0472 symc8xx - ok

18:07:48.0531 0472 sym_hi - ok

18:07:48.0531 0472 sym_u3 - ok

18:07:48.0593 0472 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

18:07:48.0593 0472 sysaudio - ok

18:07:48.0640 0472 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

18:07:48.0656 0472 SysmonLog - ok

18:07:48.0718 0472 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

18:07:48.0718 0472 TapiSrv - ok

18:07:48.0750 0472 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:07:48.0750 0472 Tcpip - ok

18:07:48.0796 0472 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

18:07:48.0812 0472 TDPIPE - ok

18:07:48.0812 0472 [ 3B7B6779EB231F731BBA8F9FE67AADFC ] tdrpman C:\WINDOWS\system32\DRIVERS\tdrpman.sys

18:07:48.0828 0472 tdrpman - ok

18:07:48.0828 0472 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

18:07:48.0843 0472 TDTCP - ok

18:07:48.0843 0472 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

18:07:48.0843 0472 TermDD - ok

18:07:48.0859 0472 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

18:07:48.0875 0472 TermService - ok

18:07:48.0875 0472 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

18:07:48.0875 0472 Themes - ok

18:07:48.0890 0472 [ B0B3122BFF3910E0BA97014045467778 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

18:07:48.0890 0472 tifsfilter - ok

18:07:48.0953 0472 [ 13BFE330880AC0CE8672D00AA5AFF738 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys

18:07:48.0968 0472 timounter - ok

18:07:49.0031 0472 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

18:07:49.0046 0472 TlntSvr - ok

18:07:49.0046 0472 TosIde - ok

18:07:49.0062 0472 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

18:07:49.0062 0472 TrkWks - ok

18:07:49.0187 0472 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

18:07:49.0203 0472 Udfs - ok

18:07:49.0218 0472 ultra - ok

18:07:49.0218 0472 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

18:07:49.0234 0472 Update - ok

18:07:49.0296 0472 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

18:07:49.0312 0472 upnphost - ok

18:07:49.0437 0472 [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

18:07:49.0765 0472 UPnPService - ok

18:07:49.0812 0472 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

18:07:49.0812 0472 UPS - ok

18:07:49.0859 0472 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:07:49.0859 0472 usbccgp - ok

18:07:49.0890 0472 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:07:49.0890 0472 usbehci - ok

18:07:49.0921 0472 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:07:49.0937 0472 usbhub - ok

18:07:49.0968 0472 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:07:49.0968 0472 usbprint - ok

18:07:49.0984 0472 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:07:50.0000 0472 usbscan - ok

18:07:50.0031 0472 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:07:50.0046 0472 USBSTOR - ok

18:07:50.0156 0472 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:07:50.0171 0472 usbuhci - ok

18:07:50.0171 0472 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

18:07:50.0187 0472 VgaSave - ok

18:07:50.0187 0472 ViaIde - ok

18:07:50.0234 0472 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

18:07:50.0234 0472 VolSnap - ok

18:07:50.0265 0472 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

18:07:50.0281 0472 VSS - ok

18:07:50.0390 0472 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

18:07:50.0406 0472 W32Time - ok

18:07:50.0421 0472 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:07:50.0421 0472 Wanarp - ok

18:07:50.0437 0472 WDICA - ok

18:07:50.0484 0472 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

18:07:50.0500 0472 wdmaud - ok

18:07:50.0515 0472 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

18:07:50.0515 0472 WebClient - ok

18:07:50.0546 0472 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

18:07:50.0562 0472 winachsf - ok

18:07:50.0703 0472 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

18:07:50.0718 0472 winmgmt - ok

18:07:50.0781 0472 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

18:07:50.0781 0472 WmdmPmSN - ok

18:07:50.0859 0472 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

18:07:50.0859 0472 Wmi - ok

18:07:50.0937 0472 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

18:07:50.0937 0472 WmiApSrv - ok

18:07:51.0109 0472 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

18:07:51.0140 0472 WMPNetworkSvc - ok

18:07:51.0218 0472 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys

18:07:51.0234 0472 WpdUsb - ok

18:07:51.0296 0472 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

18:07:51.0296 0472 WS2IFSL - ok

18:07:51.0421 0472 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

18:07:51.0437 0472 wscsvc - ok

18:07:51.0437 0472 WSearch - ok

18:07:51.0546 0472 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

18:07:51.0546 0472 WSTCODEC - ok

18:07:51.0578 0472 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

18:07:51.0625 0472 wuauserv - ok

18:07:51.0625 0472 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:07:51.0625 0472 WudfPf - ok

18:07:51.0687 0472 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

18:07:51.0703 0472 WudfRd - ok

18:07:51.0734 0472 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

18:07:51.0750 0472 WudfSvc - ok

18:07:51.0859 0472 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

18:07:51.0875 0472 WZCSVC - ok

18:07:51.0921 0472 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

18:07:51.0984 0472 xmlprov - ok

18:07:51.0984 0472 ================ Scan global ===============================

18:07:52.0046 0472 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

18:07:52.0156 0472 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

18:07:52.0234 0472 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

18:07:52.0265 0472 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

18:07:52.0281 0472 [Global] - ok

18:07:52.0281 0472 ================ Scan MBR ==================================

18:07:52.0328 0472 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

18:07:52.0546 0472 \Device\Harddisk0\DR0 - ok

18:07:52.0562 0472 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1

18:07:52.0593 0472 \Device\Harddisk1\DR1 - ok

18:07:52.0593 0472 ================ Scan VBR ==================================

18:07:52.0609 0472 [ 8961167C5C5486922BA7F75750B4FFD3 ] \Device\Harddisk0\DR0\Partition1

18:07:52.0609 0472 \Device\Harddisk0\DR0\Partition1 - ok

18:07:52.0625 0472 [ 328019E4F1B251FE602D31B745B9C0CF ] \Device\Harddisk1\DR1\Partition1

18:07:52.0625 0472 \Device\Harddisk1\DR1\Partition1 - ok

18:07:52.0625 0472 ============================================================

18:07:52.0625 0472 Scan finished

18:07:52.0625 0472 ============================================================

18:07:52.0625 1536 Detected object count: 0

18:07:52.0625 1536 Actual detected object count: 0

18:08:20.0984 2348 Deinitialize success

Link to post
Share on other sites

Here is the ESET online scanner list of threats:

C:\Documents and Settings\Harold Cogle\My Documents\Downloads\PDFReaderSetup.exe a variant of Win32/InstallCore.AW application cleaned by deleting - quarantined

C:\Games\Mech\MechWarrior 3 Pirate's Moon\setup\gendel32.ex_ Win32/HackTool.Gendel.A trojan cleaned by deleting - quarantined

Link to post
Share on other sites

Here is adwcleaner log:

# AdwCleaner v2.005 - Logfile created 10/16/2012 at 03:52:18

# Updated 14/10/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Harold Cogle - KEATONZOE1824

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Harold Cogle\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint

Folder Found : C:\Program Files\Viewpoint

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKLM\Software\MetaStream

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Found : HKU\S-1-5-21-2052111302-162531612-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default

File : C:\Documents and Settings\Harold Cogle\Application Data\Mozilla\Firefox\Profiles\5qdv0tms.default\prefs.js

[OK] File is clean.

Profile name : default

File : C:\Documents and Settings\Jennifer Cogle\Application Data\Mozilla\Firefox\Profiles\2l54bbu1.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Documents and Settings\Harold Cogle\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1897 octets] - [16/10/2012 03:52:18]

########## EOF - C:\AdwCleaner[R1].txt - [1957 octets] ##########

Link to post
Share on other sites

and finally here is the Security Check log:

Results of screen317's Security Check version 0.99.51

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

McAfee Anti-Virus and Anti-Spyware

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 31

Java version out of Date!

Adobe Flash Player 11.4.402.287

Adobe Reader 9 Adobe Reader out of Date!

Adobe Reader X 10.1.3 Adobe Reader out of Date!

Mozilla Firefox 14.0.1 Firefox out of Date!

Google Chrome 21.0.1180.79

Google Chrome 21.0.1180.83

Google Chrome 22.0.1229.79

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites

As far as I can tell things seem to be running normaly. The only thing that is still happening is that on startup for the past couple of months I all of a sudden started getting this "Run as" popup as shown on this site:

http://superuser.com/questions/452427/run-as-dialog-pops-up-at-windows-boot-login-what-program-is-trying-to-run

I haven't figured out what it is yet.

And I need to defrag.

Link to post
Share on other sites

As far as I can tell things seem to be running normaly. The only thing that is still happening is that on startup for the past couple of months I all of a sudden started getting this "Run as" popup as shown on this site:

http://superuser.com...s-trying-to-run

I haven't figured out what it is yet.

And I need to defrag.

Well I solved the "Run as" popup window problem....so I guess I don't have any issues. I'll defrag tonight. What now?

Link to post
Share on other sites

  • Staff

Hi,

Thank you for the updates.

Run TFC by OldTimer to clear temporary files:

  • Open TFC.exe if you already have it. If not, please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck and TDSSKiller.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java™ 6 Update 31

Adobe Reader 9 (if present)

Adobe Reader X 10.1.3

Restart your computer.

Get the latest version of Java and Adobe Reader.

Open Firefox. Click Help --> About, then ensure that it updates to version 16.

Defragmenting is a must. It's one of the large reasons for system slowdowns. I use Defraggler to defragment. It is free to download and you can use it forever. I recommend installing it and defragmenting as soon as possible.

Reboot.

Let me know what issues remain.

Link to post
Share on other sites

  • 1 month later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.