Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV 2012 Removed, now cannot use network and the workstation service won't start


  • This topic is locked This topic is locked
13 replies to this topic

#1 JDNeedsHelp

JDNeedsHelp

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 11 January 2012 - 08:20 PM

I was infected with the Win XP AV 2012 and removed it, but the network is and server shares won't connect. The workstation service will not run. Has anyone else ran into this issue?

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by LWelker at 17:24:25 on 2012-01-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3567.2895 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\LTSVC\LTSVC.exe
C:\WINDOWS\LTSvc\LTSvcMon.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [FileOpenBroker] c:\program files\fileopen\services\FileOpenBroker32.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [tvncontrol] "c:\windows\ltsvc\tvnserver.exe" -controlservice -slave
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit data protect.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\networ~1.lnk - c:\windows\ltsvc\LTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickbooks update agent.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickbooks_standard_21.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: bitdefender.com\www
Trusted Zone: pktech.net\agent
Trusted Zone: pktech.net\help
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.123.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]
R2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\fileopen\services\FileOpenManagerSvc32.exe [2011-10-21 213376]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-12-29 132768]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-1-16 10384]
R2 LTService;PK Tech Zen Agent;c:\windows\ltsvc\LTSVC.exe [2011-7-6 12381184]
R2 LTSvcMon;PK Tech Zen Agent CheckUp Util;c:\windows\ltsvc\LTSvcMon.exe [2011-7-6 98632]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-7-11 104000]
R2 MSSQL$ACT7;MSSQL$ACT7;c:\program files\microsoft sql server\mssql$act7\binn\sqlservr.exe -sact7 --> c:\program files\microsoft sql server\mssql$act7\binn\sqlservr.exe -sACT7 [?]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-1-23 36608]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\lwelker\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\lwelker\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\lwelker\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\lwelker\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 cpuz134;cpuz134;\??\c:\docume~1\lwelker\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\lwelker\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 cpuz135;cpuz135;\\??\\c:\\windows\\temp\\cpuz135\\cpuz135_x32.sys --> \\c:\\windows\\temp\\cpuz135\\cpuz135_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys --> c:\windows\system32\drivers\radpms.sys [?]
S3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\microsoft sql server\mssql$act7\binn\sqlagent.exe -i act7 --> c:\program files\microsoft sql server\mssql$act7\binn\sqlagent.EXE -i ACT7 [?]
.
=============== Created Last 30 ================
.
2012-01-11 00:59:58 19569 ----a-w- c:\windows\000003_.tmp
2011-12-30 01:02:40 -------- d-----w- c:\program files\SystemRequirementsLab
2011-12-30 00:02:25 1614848 ----a-w- c:\windows\system32\sfcfiles.old
2011-12-30 00:02:25 1614848 ----a-w- c:\windows\system32\sfcfiles.dll
2011-12-29 21:52:45 1860 ----a-w- C:\resetlog.exe
2011-12-29 19:07:55 19569 ----a-w- c:\windows\000002_.tmp
2011-12-29 18:04:27 132768 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-12-29 18:02:44 28272 ----a-w- c:\windows\system32\NicCo2.dll
2011-12-29 04:03:44 4356196 ------r- C:\ComboFix.exe
2011-12-29 03:53:36 -------- d-----w- c:\program files\ESET
2011-12-29 00:45:46 9728 ----a-w- c:\windows\system32\dllcache\rwnh.dll
2011-12-29 00:45:46 9728 ------w- c:\windows\system32\rwnh.dll
2011-12-29 00:45:46 221696 ----a-w- c:\windows\system32\dllcache\seo.dll
2011-12-29 00:45:46 189440 ----a-w- c:\windows\system32\dllcache\smtpadm.dll
2011-12-29 00:45:46 10752 ----a-w- c:\windows\system32\dllcache\smtpapi.dll
2011-12-29 00:45:46 10752 ------w- c:\windows\system32\smtpapi.dll
2011-12-29 00:45:45 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2011-12-29 00:45:45 81920 ------w- c:\windows\system32\ieencode.dll
2011-12-29 00:44:39 19569 ----a-w- c:\windows\000001_.tmp
2011-12-28 23:33:49 -------- d-----w- c:\documents and settings\lwelker\application data\SUPERAntiSpyware.com
2011-12-28 23:33:49 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-12-28 23:17:27 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-12-28 23:17:25 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-12-28 23:17:25 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-12-28 23:17:22 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-12-28 23:17:20 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-12-28 23:17:12 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-12-28 23:17:10 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-12-28 23:17:07 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-12-28 23:15:59 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2011-12-28 23:14:57 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-12-28 23:13:59 19072 ----a-w- c:\windows\system32\dllcache\sparrow.sys
2011-12-28 23:12:58 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-12-28 23:11:58 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys
2011-12-28 23:10:58 173696 ----a-w- c:\windows\system32\dllcache\philcam2.sys
2011-12-28 23:09:59 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-12-28 23:08:59 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-12-28 23:07:59 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys
2011-12-28 23:06:59 109085 ----a-w- c:\windows\system32\dllcache\ibmtrp.sys
2011-12-28 23:05:59 28288 ----a-w- c:\windows\system32\dllcache\grserial.sys
2011-12-28 23:04:59 6400 ----a-w- c:\windows\system32\dllcache\enum1394.sys
2011-12-28 23:03:59 93952 ----a-w- c:\windows\system32\dllcache\cwcwdm.sys
2011-12-28 23:02:59 75136 ----a-w- c:\windows\system32\dllcache\atimpae.sys
2011-12-28 22:53:48 321304 ----a-w- c:\windows\UserProfileMigrationService.exe
2011-12-28 22:06:10 -------- d-----w- C:\Intuit
2011-12-28 22:00:18 -------- d-----w- C:\Application Data
2011-12-15 04:17:54 -------- d-----w- c:\program files\Microsoft
.
==================== Find3M ====================
.
2012-01-06 22:49:16 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-12-28 21:27:58 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-10 22:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 00:31:14 169472 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-11-19 00:17:04 683640 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-11-19 00:17:04 557176 ----a-w- c:\windows\system32\accesor.dll
2011-11-19 00:07:10 160376 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-11-19 00:04:14 2241656 ----a-w- c:\windows\system32\ncscolib.dll
2011-11-18 02:23:34 37027 ----a-w- c:\windows\atmoUn.exe
2011-11-12 06:05:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-09 23:27:18 30368 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
.
============= FINISH: 17:25:11.18 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/26/2008 8:16:25 PM
System Uptime: 1/11/2012 11:54:09 AM (6 hours ago)
.
Motherboard: Hewlett-Packard | | 2820h
Processor: Intel Pentium III Xeon processor | XU1 PROCESSOR | 2992/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 98.078 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.565 GiB free.
E: is CDROM ()
Z: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&1E368A7A&0
Manufacturer: Logitech
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&1E368A7A&0
Service: i8042prt
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Keyboard
Device ID: ACPI\PNP0303\4&1E368A7A&0
Manufacturer: Logitech
Name: PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&1E368A7A&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP508: 12/15/2011 7:33:29 AM - Software Distribution Service 3.0
RP509: 12/15/2011 12:04:34 PM - Software Distribution Service 3.0
RP510: 12/16/2011 3:00:18 AM - Software Distribution Service 3.0
RP511: 12/17/2011 3:00:18 AM - Software Distribution Service 3.0
RP512: 12/18/2011 3:00:19 AM - Software Distribution Service 3.0
RP513: 12/19/2011 3:00:18 AM - Software Distribution Service 3.0
RP514: 12/19/2011 8:11:58 AM - Printer Driver LogMeIn Printer Driver Installed
RP515: 12/19/2011 9:26:52 AM - Software Distribution Service 3.0
RP516: 12/20/2011 3:00:19 AM - Software Distribution Service 3.0
RP517: 12/21/2011 3:00:18 AM - Software Distribution Service 3.0
RP518: 12/21/2011 6:06:06 PM - Software Distribution Service 3.0
RP519: 12/12/2011 7:24:06 PM - System Checkpoint
RP520: 12/13/2011 3:00:18 AM - Software Distribution Service 3.0
RP521: 12/15/2011 2:25:34 PM - Software Distribution Service 3.0
RP522: 12/22/2011 3:06:01 PM - Software Distribution Service 3.0
RP523: 12/15/2011 7:15:23 PM - System Checkpoint
RP524: 12/16/2011 3:00:18 AM - Software Distribution Service 3.0
RP525: 12/23/2011 8:48:51 AM - Software Distribution Service 3.0
RP526: 12/24/2011 3:00:19 AM - Software Distribution Service 3.0
RP527: 12/25/2011 3:00:18 AM - Software Distribution Service 3.0
RP528: 12/26/2011 3:00:18 AM - Software Distribution Service 3.0
RP529: 12/27/2011 3:00:18 AM - Software Distribution Service 3.0
RP530: 12/27/2011 8:36:27 AM - Software Distribution Service 3.0
RP531: 12/27/2011 8:38:15 AM - Software Distribution Service 3.0
RP532: 12/28/2011 3:00:18 AM - Software Distribution Service 3.0
RP533: 12/28/2011 4:36:34 PM - Restore Operation
RP534: 12/28/2011 5:44:50 PM - Installed Windows XP Service Pack 3.
RP535: 12/29/2011 8:09:58 AM - Software Distribution Service 3.0
RP536: 12/29/2011 8:54:27 AM - Removed McAfee VirusScan Enterprise
RP537: 12/29/2011 9:15:52 AM - Installed ESET NOD32 Antivirus
RP538: 12/29/2011 9:25:34 AM - Software Distribution Service 3.0
RP539: 12/29/2011 9:33:13 AM - Software Distribution Service 3.0
RP540: 12/29/2011 10:53:39 AM - Removed Intel® PRO Network Connections
RP541: 12/29/2011 11:04:00 AM - Installed VC90_CRT_x86.
RP542: 12/29/2011 11:04:10 AM - Installed VC_CRT_x86
RP543: 12/29/2011 11:04:15 AM - Installed Intel® Network Connections.
RP544: 12/29/2011 12:08:04 PM - Installed Windows XP Service Pack 3.
RP545: 12/29/2011 5:44:44 PM - Restore Operation
RP546: 12/29/2011 6:07:04 PM - Restore Operation
RP547: 12/30/2011 3:00:18 AM - Software Distribution Service 3.0
RP548: 12/30/2011 9:28:37 AM - Installed Microsoft Fix it 50203
RP549: 12/31/2011 3:00:19 AM - Software Distribution Service 3.0
RP550: 12/31/2011 11:13:09 AM - Software Distribution Service 3.0
RP551: 1/1/2012 3:00:16 AM - Software Distribution Service 3.0
RP552: 1/2/2012 3:00:15 AM - Software Distribution Service 3.0
RP553: 1/2/2012 12:18:08 PM - Removed LogMeIn
RP554: 1/2/2012 12:33:10 PM - Software Distribution Service 3.0
RP555: 1/3/2012 3:00:18 AM - Software Distribution Service 3.0
RP556: 1/4/2012 3:00:15 AM - Software Distribution Service 3.0
RP557: 1/5/2012 3:00:18 AM - Software Distribution Service 3.0
RP558: 1/6/2012 3:00:15 AM - Software Distribution Service 3.0
RP559: 1/7/2012 3:00:18 AM - Software Distribution Service 3.0
RP560: 1/8/2012 3:00:18 AM - Software Distribution Service 3.0
RP561: 1/9/2012 3:00:17 AM - Software Distribution Service 3.0
RP562: 1/10/2012 2:19:07 PM - Software Distribution Service 3.0
RP563: 1/11/2012 11:56:41 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
ACT!
ACT! 2005
Ad-Aware
Adobe Acrobat 6.0.1 Professional
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
AONEPRO PC Link Service
Ask Toolbar
Atomic Clock Sync
Avery Wizard 4.0
Bing Bar
CCleaner (remove only)
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diskeeper 2008 Pro Premier
erLT
ESET NOD32 Antivirus
ESET Online Scanner v3
FileOpen Client
Foxit Phantom
FX Solutions - MetaTrader 4.00
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.8.0.723
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 2.0 (KB922981)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Backup and Recovery Manager
HP Help and Support
Informed Filler
Intel® Network Connections 16.8.46.0
Intel® PRO Network Connections Drivers
Intel« Management Engine Interface
InterVideo Register Manager
InterVideo WinDVD
Java™ 6 Update 2
Java™ 7
KhalInstallWrapper
Logitech SetPoint
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office 2000 Small Business
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Outlook 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Professional 2002 [English]
Microsoft Visio Professional 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NVIDIA Drivers
OGA Notifier 2.0.0048.0
QuickBooks
QuickBooks Premier: Accountant Edition 2010
QuickBooks Premier: Accountant Edition 2011
Recuva
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Snapshot Viewer
SoundMAX
Spybot - Search & Destroy
SupportSoft Assisted Service
System Requirements Lab for Intel
Training Manager 3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957258)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinZip 12.1
WOT for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
1/9/2012 4:46:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: epfwtdir i8042prt SASDIFSV SASKUTIL Tcpip
1/9/2012 12:49:01 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The system cannot find the file specified.
1/9/2012 12:49:01 PM, error: Service Control Manager [7000] - The TCP/IP Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
1/9/2012 12:45:31 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: epfwtdir i8042prt MRxSmb SASDIFSV SASKUTIL Tcpip
1/9/2012 12:45:31 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
1/9/2012 12:45:31 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/9/2012 12:45:31 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/9/2012 12:44:09 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
1/6/2012 6:42:14 PM, error: Workstation [5727] - Could not load RDR device driver.
1/6/2012 6:42:14 PM, error: Workstation [5727] - Could not load MRxSmb device driver.
1/6/2012 6:42:14 PM, error: Service Control Manager [7024] - The Workstation service terminated with service-specific error 2250 (0x8CA).
1/6/2012 6:42:14 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service has returned a service-specific error code.
1/6/2012 6:42:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt MRxSmb SASDIFSV SASKUTIL
1/6/2012 6:42:08 PM, error: Service Control Manager [7001] - The Net Logon service depends on the Workstation service which failed to start because of the following error: The service has returned a service-specific error code.
1/6/2012 6:24:27 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the TightVNC Server service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/6/2012 6:24:27 PM, error: Service Control Manager [7031] - The TightVNC Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
1/6/2012 3:00:34 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2617986).
1/6/2012 3:00:24 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007066f: Update for Microsoft Office 2007 System (KB2539530).
1/6/2012 3:00:24 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007066f: Security Update for the 2007 Microsoft Office System (KB972581).
1/6/2012 3:00:24 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007066f: Security Update for Microsoft Office 2007 System (KB2584063).
1/6/2012 3:00:24 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007066f: Security Update for Microsoft Office 2007 suites (KB2596785).
1/6/2012 3:00:24 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2572067).
1/11/2012 11:55:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: epfwtdir SASDIFSV SASKUTIL Tcpip
1/10/2012 2:35:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/10/2012 2:35:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ehdrv epfwtdir Fips i8042prt intelppm SASDIFSV SASKUTIL Tcpip
1/10/2012 2:34:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:29 PM

Posted 16 January 2012 - 12:33 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 JDNeedsHelp

JDNeedsHelp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 17 January 2012 - 07:36 PM

Don't have access to any network.



ComboFix 12-01-17.01 - LWelker 01/17/2012 17:19:29.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3567.2860 [GMT -7:00]
Running from: c:\documents and settings\lwelker\Desktop\COMBO FIX\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2011-12-18 to 2012-01-18 )))))))))))))))))))))))))))))))
.
.
2012-01-18 00:00 . 2012-01-18 00:00 -------- d-----w- c:\documents and settings\lwelker\Local Settings\Application Data\ESET
2012-01-13 04:10 . 2012-01-13 04:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-01-11 00:59 . 2006-12-29 07:31 19569 ----a-w- c:\windows\000003_.tmp
2011-12-30 01:02 . 2011-12-30 01:02 -------- d-----w- c:\documents and settings\NetworkService\Application Data\TightVNC
2011-12-30 01:02 . 2011-12-30 01:02 -------- d-----w- c:\program files\SystemRequirementsLab
2011-12-30 01:01 . 2011-12-30 01:01 -------- d-----w- c:\documents and settings\LocalService\Application Data\TightVNC
2011-12-30 01:01 . 2011-12-30 01:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Logitech
2011-12-30 00:02 . 2008-04-14 00:12 1614848 ----a-w- c:\windows\system32\sfcfiles.old
2011-12-30 00:02 . 2008-04-14 00:12 1614848 ----a-w- c:\windows\system32\sfcfiles.dll
2011-12-30 00:02 . 2008-04-14 00:12 1614848 ----a-w- c:\windows\system32\dllcache\sfcfiles.dll
2011-12-29 23:54 . 2011-12-29 23:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2011-12-29 21:52 . 2011-12-29 21:52 1860 ----a-w- C:\resetlog.exe
2011-12-29 19:07 . 2006-12-29 07:31 19569 ----a-w- c:\windows\000002_.tmp
2011-12-29 18:04 . 2011-11-10 00:38 132768 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-12-29 18:04 . 2011-12-30 01:02 -------- d-----w- c:\program files\Intel
2011-12-29 18:02 . 2007-08-07 07:28 28272 ----a-w- c:\windows\system32\NicCo2.dll
2011-12-29 16:15 . 2011-12-29 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-12-29 03:53 . 2011-12-29 16:15 -------- d-----w- c:\program files\ESET
2011-12-29 00:45 . 2008-04-14 12:42 189440 ----a-w- c:\windows\system32\dllcache\smtpadm.dll
2011-12-29 00:45 . 2008-04-14 12:42 10752 ----a-w- c:\windows\system32\dllcache\smtpapi.dll
2011-12-29 00:45 . 2008-04-14 12:42 10752 ------w- c:\windows\system32\smtpapi.dll
2011-12-29 00:45 . 2008-04-14 12:42 9728 ----a-w- c:\windows\system32\dllcache\rwnh.dll
2011-12-29 00:45 . 2008-04-14 12:42 9728 ------w- c:\windows\system32\rwnh.dll
2011-12-29 00:45 . 2008-04-14 12:42 221696 ----a-w- c:\windows\system32\dllcache\seo.dll
2011-12-29 00:45 . 2008-04-14 12:41 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2011-12-29 00:45 . 2008-04-14 12:41 81920 ------w- c:\windows\system32\ieencode.dll
2011-12-29 00:44 . 2006-12-29 07:31 19569 ----a-w- c:\windows\000001_.tmp
2011-12-28 23:33 . 2011-12-28 23:33 -------- d-----w- c:\documents and settings\lwelker\Application Data\SUPERAntiSpyware.com
2011-12-28 23:33 . 2011-12-28 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-12-28 23:17 . 2008-04-14 12:42 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-12-28 23:17 . 2008-04-14 12:42 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-12-28 23:17 . 2001-08-18 05:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-12-28 23:17 . 2001-08-18 05:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-12-28 23:17 . 2001-08-18 05:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-12-28 23:17 . 2001-08-18 05:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-12-28 23:17 . 2001-08-17 19:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-12-28 23:17 . 2008-04-14 12:42 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-12-28 23:15 . 2001-08-17 20:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2011-12-28 23:14 . 2001-08-17 19:14 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-12-28 23:13 . 2001-08-17 21:07 19072 ----a-w- c:\windows\system32\dllcache\sparrow.sys
2011-12-28 23:12 . 2001-07-21 21:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-12-28 23:11 . 2001-08-17 19:19 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys
2011-12-28 23:10 . 2001-08-17 21:04 173696 ----a-w- c:\windows\system32\dllcache\philcam2.sys
2011-12-28 23:09 . 2001-08-18 05:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-12-28 23:08 . 2008-04-14 07:24 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2011-12-28 23:07 . 2001-08-17 19:12 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys
2011-12-28 23:06 . 2001-08-17 19:12 109085 ----a-w- c:\windows\system32\dllcache\ibmtrp.sys
2011-12-28 23:05 . 2008-04-14 07:10 28288 ----a-w- c:\windows\system32\dllcache\grserial.sys
2011-12-28 23:04 . 2001-08-17 20:46 6400 ----a-w- c:\windows\system32\dllcache\enum1394.sys
2011-12-28 23:03 . 2008-04-14 05:06 48640 ----a-w- c:\windows\system32\dllcache\cwrwdm.sys
2011-12-28 23:02 . 2001-08-18 05:36 37376 ----a-w- c:\windows\system32\dllcache\atievxx.exe
2011-12-28 22:53 . 2011-12-28 22:53 321304 ----a-w- c:\windows\UserProfileMigrationService.exe
2011-12-28 22:45 . 2011-12-28 22:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Intuit
2011-12-28 22:06 . 2011-12-28 22:06 -------- d-----w- C:\Intuit
2011-12-28 22:00 . 2011-12-28 22:00 -------- d-----w- C:\Application Data
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 21:27 . 2006-02-28 02:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-10 22:24 . 2010-12-22 01:22 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2006-02-28 02:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 00:31 . 2011-11-19 00:31 169472 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-11-19 00:17 . 2011-11-19 00:17 683640 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-11-19 00:17 . 2011-11-19 00:17 557176 ----a-w- c:\windows\system32\accesor.dll
2011-11-19 00:07 . 2011-11-19 00:07 160376 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-11-19 00:04 . 2011-11-19 00:04 2241656 ----a-w- c:\windows\system32\ncscolib.dll
2011-11-18 02:23 . 2011-11-18 02:23 37027 ----a-w- c:\windows\atmoUn.exe
2011-11-12 06:05 . 2011-10-30 21:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-09 23:27 . 2011-11-09 23:27 30368 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2011-11-04 19:20 . 2006-02-28 02:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 02:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 02:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 02:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2006-02-28 02:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-02-28 02:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2006-02-28 02:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2006-02-28 02:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-18_00.07.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-18 00:17 . 2012-01-18 00:17 16384 c:\windows\temp\Perflib_Perfdata_6b8.dat
+ 2012-01-18 00:17 . 2012-01-18 00:17 16384 c:\windows\temp\Perflib_Perfdata_584.dat
+ 2012-01-18 00:17 . 2012-01-18 00:17 16384 c:\windows\temp\Perflib_Perfdata_4d8.dat
- 2011-11-19 06:34 . 2012-01-17 23:58 69136 c:\windows\LTSvc\screenhooks.dll
+ 2011-11-19 06:34 . 2012-01-18 00:17 69136 c:\windows\LTSvc\screenhooks.dll
- 2011-11-19 06:34 . 2012-01-17 23:58 42560 c:\windows\LTSvc\SCHook.dll
+ 2011-11-19 06:34 . 2012-01-18 00:17 42560 c:\windows\LTSvc\SCHook.dll
+ 2011-11-19 06:34 . 2012-01-18 00:17 14648 c:\windows\LTSvc\sas.dll
- 2011-11-19 06:34 . 2012-01-17 23:58 14648 c:\windows\LTSvc\sas.dll
- 2011-07-07 01:27 . 2012-01-17 23:58 32256 c:\windows\LTSvc\Interfaces.dll
+ 2011-07-07 01:27 . 2012-01-18 00:17 32256 c:\windows\LTSvc\Interfaces.dll
+ 2011-11-19 06:34 . 2012-01-18 00:17 421704 c:\windows\LTSvc\wodVPN.dll
- 2011-11-19 06:34 . 2012-01-17 23:58 421704 c:\windows\LTSvc\wodVPN.dll
- 2011-07-07 01:27 . 2012-01-17 23:58 107008 c:\windows\LTSvc\vnchooks.dll
+ 2011-07-07 01:27 . 2012-01-18 00:17 107008 c:\windows\LTSvc\vnchooks.dll
+ 2011-12-10 08:03 . 2012-01-18 00:17 819200 c:\windows\LTSvc\tvnserver.exe
- 2011-12-10 08:03 . 2012-01-17 23:58 819200 c:\windows\LTSvc\tvnserver.exe
- 2011-12-30 15:44 . 2012-01-17 23:58 218624 c:\windows\LTSvc\LSR.exe
+ 2011-12-30 15:44 . 2012-01-18 00:17 218624 c:\windows\LTSvc\LSR.exe
+ 2011-11-19 06:34 . 2012-01-18 00:17 980808 c:\windows\LTSvc\labvnc.exe
- 2011-11-19 06:34 . 2012-01-17 23:58 980808 c:\windows\LTSvc\labvnc.exe
+ 2011-07-07 01:27 . 2012-01-18 00:17 112192 c:\windows\LTSvc\cad.exe
- 2011-07-07 01:27 . 2012-01-17 23:58 112192 c:\windows\LTSvc\cad.exe
+ 2011-12-14 10:08 . 2012-01-18 00:17 1274696 c:\windows\LTSvc\LTTray.exe
- 2011-12-14 10:08 . 2012-01-17 23:58 1274696 c:\windows\LTSvc\LTTray.exe
+ 2011-11-19 06:34 . 2012-01-18 00:17 1448960 c:\windows\LTSvc\cpuidsdk.dll
- 2011-11-19 06:34 . 2012-01-17 23:58 1448960 c:\windows\LTSvc\cpuidsdk.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 05:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-14 1527128]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker32.exe" [2011-10-21 724352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"tvncontrol"="c:\windows\LTsvc\tvnserver.exe" [2012-01-18 819200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-6-3 5828952]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-16 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2011-12-14 1274696]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-7-6 1156968]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2011-7-6 1178984]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-19 525640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-05-27 00:47 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck ?╚?╚??╚?╚?╚?╚?╚a╚??╚?╚?╚
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServiceHome]
2005-01-06 20:50 397312 ----a-w- c:\program files\Aone\AONEPRO PC Link Service\PC Service Home.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ACT\\ACT for Win 7\\Act7.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\WINDOWS\\LTsvc\\LTSVC.exe"=
"c:\\WINDOWS\\LTsvc\\LTSVCmon.exe"=
"c:\\WINDOWS\\LTsvc\\LTTray.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4999:TCP"= 4999:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"4998:TCP"= 4998:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"4997:TCP"= 4997:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"4996:TCP"= 4996:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1/12/2011 4:41 PM 810144]
R2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerSvc32.exe [10/21/2011 3:08 PM 213376]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [12/29/2011 11:04 AM 132768]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/16/2010 10:57 AM 10384]
R2 LTService;PK Tech Zen Agent;c:\windows\LTSvc\LTSVC.exe [7/6/2011 6:27 PM 12381184]
R2 LTSvcMon;PK Tech Zen Agent CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [7/6/2011 6:28 PM 98632]
R2 MSSQL$ACT7;MSSQL$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -sACT7 --> c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -sACT7 [?]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [6/30/2011 1:25 PM 1248256]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [1/23/2007 1:13 PM 36608]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2010 1:47 PM 94872]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\lwelker\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\lwelker\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\lwelker\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\lwelker\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 9:21 AM 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 10:08 AM 11336]
S3 cpuz134;cpuz134;\??\c:\docume~1\lwelker\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\lwelker\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 cpuz135;cpuz135;\\??\\c:\\WINDOWS\\TEMP\\cpuz135\\cpuz135_x32.sys --> \\c:\\WINDOWS\\TEMP\\cpuz135\\cpuz135_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 9:21 AM 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys --> c:\windows\system32\DRIVERS\radpms.sys [?]
S3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -i ACT7 --> c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -i ACT7 [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:21]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:21]
.
2012-01-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 05:44]
.
2012-01-18 c:\windows\Tasks\User_Feed_Synchronization-{8DFF9EC8-2652-44A0-A604-1328BC30104D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
Trusted Zone: bitdefender.com\www
Trusted Zone: pktech.net\agent
Trusted Zone: pktech.net\help
TCP: DhcpNameServer = 192.168.123.2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-17 17:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(504)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2012-01-17 17:26:59
ComboFix-quarantined-files.txt 2012-01-18 00:26
ComboFix2.txt 2012-01-18 00:08
ComboFix3.txt 2011-12-30 00:22
ComboFix4.txt 2010-12-22 18:06
ComboFix5.txt 2012-01-18 00:13
.
Pre-Run: 104,755,101,696 bytes free
Post-Run: 104,857,899,008 bytes free
.
- - End Of File - - 474566C244B40540EE738707C4B0E10C

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:29 PM

Posted 17 January 2012 - 07:43 PM

Hello

Lets check your internet connection

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 JDNeedsHelp

JDNeedsHelp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 17 January 2012 - 07:51 PM

Farbar Service Scanner Version: 17-01-2012 00
Ran by LWelker (administrator) on 17-01-2012 at 17:49:59
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
===========
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
epfwtdir(9) Gpc(6) IPSec(5) NetBT(6) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000800000005000000060000000700000009000000
Attention! IpSec Tag value should be 4

**** End of log ****

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:29 PM

Posted 18 January 2012 - 11:06 AM

Hello

here is what I want you to try next

1. Locate the file - C:\Windows\inf\Nettcpip.inf
  • It's important that you first make a copy of the file. Place the copy on your Desktop.
  • Once you have done that, use Notepad open the original file for editing.

Posted Image

2. Locate the [MS_TCPIP.PrimaryInstall] section.

3. Edit the Characteristics = 0xa0 entry and replace 0xa0 with 0Î80.

Posted Image

4. Save the file, and then exit Notepad.

Posted Image

5. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.

Posted Image Posted Image

6. On the General tab, click Install, select Protocol, and then click Add.

Posted Image

7. In the Select Network Protocols window, click Have Disk.

Posted Image

8. In the Copy manufacturerĺs files from: text box, type c:\windows\inf, and then click OK.

Posted Image

9. Select Internet Protocol (TCP/IP), and then click OK.

Posted Image

Note This step will return you to the Local Area Connection Properties screen, but now the Uninstall button is available.

10. Select Internet Protocol (TCP/IP), click Uninstall, and then click Yes.

11. It is important that you restart the computer to complete the uninstall.

------------

Step #2 - Reinstall of TCP/IP

Posted Image

Take the nettcpip.inf which you have earlier copied to Desktop. Move it back to the directory C:\Windows\INF\ overwriting the existing copy. The file shall now look exactly like the sample above.

Redo sub-steps 4-11 to re-install TCP/IP
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 JDNeedsHelp

JDNeedsHelp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 18 January 2012 - 03:19 PM

Thank you very much! That fixed the problem. I could not figure this out for the life of me. You are a life saver. :clapping:

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:29 PM

Posted 18 January 2012 - 06:19 PM

Hello


You are more than welcome



:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 JDNeedsHelp

JDNeedsHelp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 18 January 2012 - 07:56 PM

ComboFix 12-01-18.04 - LWelker 01/18/2012 17:46:40.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3567.3021 [GMT -7:00]
Running from: c:\documents and settings\lwelker\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\lwelker\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
.
.
2012-01-18 22:14 . 2012-01-18 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2012-01-18 00:00 . 2012-01-18 00:00 -------- d-----w- c:\documents and settings\lwelker\Local Settings\Application Data\ESET
2012-01-13 04:10 . 2012-01-13 04:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-01-11 00:59 . 2006-12-29 07:31 19569 ----a-w- c:\windows\000003_.tmp
2011-12-30 01:02 . 2011-12-30 01:02 -------- d-----w- c:\documents and settings\NetworkService\Application Data\TightVNC
2011-12-30 01:02 . 2011-12-30 01:02 -------- d-----w- c:\program files\SystemRequirementsLab
2011-12-30 01:01 . 2011-12-30 01:01 -------- d-----w- c:\documents and settings\LocalService\Application Data\TightVNC
2011-12-30 01:01 . 2011-12-30 01:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Logitech
2011-12-30 00:02 . 2008-04-14 00:12 1614848 ----a-w- c:\windows\system32\sfcfiles.old
2011-12-30 00:02 . 2008-04-14 00:12 1614848 ----a-w- c:\windows\system32\sfcfiles.dll
2011-12-30 00:02 . 2008-04-14 00:12 1614848 ----a-w- c:\windows\system32\dllcache\sfcfiles.dll
2011-12-29 23:54 . 2011-12-29 23:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2011-12-29 21:52 . 2011-12-29 21:52 1860 ----a-w- C:\resetlog.exe
2011-12-29 19:07 . 2006-12-29 07:31 19569 ----a-w- c:\windows\000002_.tmp
2011-12-29 18:04 . 2011-11-10 00:38 132768 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-12-29 18:04 . 2011-12-30 01:02 -------- d-----w- c:\program files\Intel
2011-12-29 18:02 . 2007-08-07 07:28 28272 ----a-w- c:\windows\system32\NicCo2.dll
2011-12-29 03:53 . 2012-01-18 22:14 -------- d-----w- c:\program files\ESET
2011-12-29 00:45 . 2008-04-14 12:42 189440 ----a-w- c:\windows\system32\dllcache\smtpadm.dll
2011-12-29 00:45 . 2008-04-14 12:42 10752 ----a-w- c:\windows\system32\dllcache\smtpapi.dll
2011-12-29 00:45 . 2008-04-14 12:42 10752 ------w- c:\windows\system32\smtpapi.dll
2011-12-29 00:45 . 2008-04-14 12:42 9728 ----a-w- c:\windows\system32\dllcache\rwnh.dll
2011-12-29 00:45 . 2008-04-14 12:42 9728 ------w- c:\windows\system32\rwnh.dll
2011-12-29 00:45 . 2008-04-14 12:42 221696 ----a-w- c:\windows\system32\dllcache\seo.dll
2011-12-29 00:45 . 2008-04-14 12:41 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2011-12-29 00:45 . 2008-04-14 12:41 81920 ------w- c:\windows\system32\ieencode.dll
2011-12-29 00:44 . 2006-12-29 07:31 19569 ----a-w- c:\windows\000001_.tmp
2011-12-28 23:33 . 2011-12-28 23:33 -------- d-----w- c:\documents and settings\lwelker\Application Data\SUPERAntiSpyware.com
2011-12-28 23:33 . 2011-12-28 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-12-28 23:17 . 2008-04-14 12:42 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-12-28 23:17 . 2008-04-14 12:42 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-12-28 23:17 . 2001-08-18 05:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-12-28 23:17 . 2001-08-18 05:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-12-28 23:17 . 2001-08-18 05:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-12-28 23:17 . 2001-08-18 05:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-12-28 23:17 . 2001-08-17 19:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-12-28 23:17 . 2008-04-14 12:42 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-12-28 23:15 . 2001-08-17 20:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2011-12-28 23:14 . 2001-08-17 19:14 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-12-28 23:13 . 2001-08-17 21:07 19072 ----a-w- c:\windows\system32\dllcache\sparrow.sys
2011-12-28 23:12 . 2001-07-21 21:29 161568 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-12-28 23:11 . 2001-08-17 19:19 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys
2011-12-28 23:10 . 2001-08-17 21:04 173696 ----a-w- c:\windows\system32\dllcache\philcam2.sys
2011-12-28 23:09 . 2001-08-18 05:36 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-12-28 23:08 . 2008-04-14 07:24 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2011-12-28 23:07 . 2001-08-17 19:12 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys
2011-12-28 23:06 . 2001-08-17 19:12 109085 ----a-w- c:\windows\system32\dllcache\ibmtrp.sys
2011-12-28 23:05 . 2008-04-14 07:10 28288 ----a-w- c:\windows\system32\dllcache\grserial.sys
2011-12-28 23:04 . 2001-08-17 20:46 6400 ----a-w- c:\windows\system32\dllcache\enum1394.sys
2011-12-28 23:03 . 2008-04-14 05:06 48640 ----a-w- c:\windows\system32\dllcache\cwrwdm.sys
2011-12-28 23:02 . 2001-08-18 05:36 37376 ----a-w- c:\windows\system32\dllcache\atievxx.exe
2011-12-28 22:53 . 2011-12-28 22:53 321304 ----a-w- c:\windows\UserProfileMigrationService.exe
2011-12-28 22:45 . 2011-12-28 22:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Intuit
2011-12-28 22:06 . 2011-12-28 22:06 -------- d-----w- C:\Intuit
2011-12-28 22:00 . 2011-12-28 22:00 -------- d-----w- C:\Application Data
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 21:27 . 2006-02-28 02:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-10 22:24 . 2010-12-22 01:22 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2006-02-28 02:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2006-02-28 02:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 00:31 . 2011-11-19 00:31 169472 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-11-19 00:17 . 2011-11-19 00:17 683640 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-11-19 00:17 . 2011-11-19 00:17 557176 ----a-w- c:\windows\system32\accesor.dll
2011-11-19 00:07 . 2011-11-19 00:07 160376 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-11-19 00:04 . 2011-11-19 00:04 2241656 ----a-w- c:\windows\system32\ncscolib.dll
2011-11-18 12:35 . 2006-02-28 02:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-18 02:23 . 2011-11-18 02:23 37027 ----a-w- c:\windows\atmoUn.exe
2011-11-12 06:05 . 2011-10-30 21:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-09 23:27 . 2011-11-09 23:27 30368 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2011-11-04 19:20 . 2006-02-28 02:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 02:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 02:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 02:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2006-02-28 02:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2006-02-28 02:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2006-02-28 02:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-02-28 02:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2006-02-28 02:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2006-02-28 02:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-18_00.07.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-19 00:43 . 2012-01-19 00:43 16384 c:\windows\temp\Perflib_Perfdata_7f0.dat
+ 2012-01-19 00:43 . 2012-01-19 00:43 16384 c:\windows\temp\Perflib_Perfdata_70c.dat
+ 2012-01-19 00:43 . 2012-01-19 00:43 16384 c:\windows\temp\Perflib_Perfdata_47c.dat
+ 2006-04-25 17:43 . 2012-01-18 20:17 92534 c:\windows\system32\perfc009.dat
- 2006-02-28 02:00 . 2008-04-14 00:11 23040 c:\windows\system32\mciseq.dll
+ 2006-02-28 02:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
+ 2006-02-28 02:00 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
+ 2006-02-28 02:00 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
- 2006-02-28 02:00 . 2008-04-14 00:11 23040 c:\windows\system32\dllcache\mciseq.dll
+ 2011-12-25 10:49 . 2011-12-25 10:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2011-11-19 06:34 . 2012-01-19 00:43 69136 c:\windows\LTSvc\screenhooks.dll
- 2011-11-19 06:34 . 2012-01-17 23:58 69136 c:\windows\LTSvc\screenhooks.dll
+ 2011-11-19 06:34 . 2012-01-19 00:43 42560 c:\windows\LTSvc\SCHook.dll
- 2011-11-19 06:34 . 2012-01-17 23:58 42560 c:\windows\LTSvc\SCHook.dll
- 2011-11-19 06:34 . 2012-01-17 23:58 14648 c:\windows\LTSvc\sas.dll
+ 2011-11-19 06:34 . 2012-01-19 00:43 14648 c:\windows\LTSvc\sas.dll
- 2011-07-07 01:27 . 2012-01-17 23:58 32256 c:\windows\LTSvc\Interfaces.dll
+ 2011-07-07 01:27 . 2012-01-19 00:43 32256 c:\windows\LTSvc\Interfaces.dll
- 2011-12-29 16:16 . 2011-12-29 16:16 10134 c:\windows\Installer\{A66242A1-9101-425D-9BE5-D19A50E1D0D8}\callmsi.exe
+ 2012-01-18 22:15 . 2012-01-18 22:15 10134 c:\windows\Installer\{A66242A1-9101-425D-9BE5-D19A50E1D0D8}\callmsi.exe
+ 2011-10-22 01:48 . 2012-01-18 22:30 34144 c:\windows\Installer\{91140000-0057-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-10-22 01:48 . 2011-12-14 10:04 34144 c:\windows\Installer\{91140000-0057-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-10-22 01:48 . 2011-12-14 10:04 42848 c:\windows\Installer\{91140000-0057-0000-0000-0000000FF1CE}\msouc.exe
+ 2011-10-22 01:48 . 2012-01-18 22:30 42848 c:\windows\Installer\{91140000-0057-0000-0000-0000000FF1CE}\msouc.exe
+ 2011-10-22 01:48 . 2012-01-18 22:30 19296 c:\windows\Installer\{91140000-0057-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-10-22 01:48 . 2011-12-14 10:04 19296 c:\windows\Installer\{91140000-0057-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-06-27 10:03 . 2011-10-13 01:47 69120 c:\windows\assembly\temp\MWOYH0A23M\CustomMarshalers.dll
+ 2012-01-18 20:33 . 2012-01-18 20:33 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-06-27 10:03 . 2011-10-13 01:47 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-06-27 10:03 . 2012-01-18 20:17 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-13 01:47 . 2011-10-13 01:47 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2006-02-28 02:00 . 2008-04-14 00:12 176128 c:\windows\system32\winmm.dll
+ 2006-02-28 02:00 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
+ 2006-04-25 17:43 . 2012-01-18 20:17 493426 c:\windows\system32\perfh009.dat
+ 2006-02-28 02:00 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
- 2006-02-28 02:00 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
- 2006-02-28 02:00 . 2008-04-14 00:12 176128 c:\windows\system32\dllcache\winmm.dll
+ 2006-02-28 02:00 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
+ 2006-02-28 02:00 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
- 2006-02-28 02:00 . 2008-04-14 00:12 386048 c:\windows\system32\dllcache\qdvd.dll
+ 2011-12-25 10:49 . 2011-12-25 10:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2011-11-19 06:34 . 2012-01-19 00:43 421704 c:\windows\LTSvc\wodVPN.dll
- 2011-11-19 06:34 . 2012-01-17 23:58 421704 c:\windows\LTSvc\wodVPN.dll
+ 2011-07-07 01:27 . 2012-01-19 00:43 107008 c:\windows\LTSvc\vnchooks.dll
- 2011-07-07 01:27 . 2012-01-17 23:58 107008 c:\windows\LTSvc\vnchooks.dll
- 2011-12-10 08:03 . 2012-01-17 23:58 819200 c:\windows\LTSvc\tvnserver.exe
+ 2011-12-10 08:03 . 2012-01-19 00:43 819200 c:\windows\LTSvc\tvnserver.exe
- 2011-12-30 15:44 . 2012-01-17 23:58 218624 c:\windows\LTSvc\LSR.exe
+ 2011-12-30 15:44 . 2012-01-19 00:43 218624 c:\windows\LTSvc\LSR.exe
+ 2011-11-19 06:34 . 2012-01-19 00:43 980808 c:\windows\LTSvc\labvnc.exe
- 2011-11-19 06:34 . 2012-01-17 23:58 980808 c:\windows\LTSvc\labvnc.exe
- 2011-07-07 01:27 . 2012-01-17 23:58 112192 c:\windows\LTSvc\cad.exe
+ 2011-07-07 01:27 . 2012-01-19 00:43 112192 c:\windows\LTSvc\cad.exe
+ 2011-12-25 12:40 . 2011-12-25 12:40 819200 c:\windows\Installer\6601f5.msp
+ 2012-01-18 22:15 . 2012-01-18 22:15 969216 c:\windows\Installer\60e5d.msi
+ 2012-01-18 22:15 . 2012-01-18 22:15 101504 c:\windows\Installer\{A66242A1-9101-425D-9BE5-D19A50E1D0D8}\egui.exe
- 2011-12-29 16:16 . 2011-12-29 16:16 101504 c:\windows\Installer\{A66242A1-9101-425D-9BE5-D19A50E1D0D8}\egui.exe
- 2011-10-22 01:48 . 2011-12-14 10:04 571232 c:\windows\Installer\{91140000-0057-0000-0000-0000000FF1CE}\misc.exe
+ 2011-10-22 01:48 . 2012-01-18 22:30 571232 c:\windows\Installer\{91140000-0057-0000-0000-0000000FF1CE}\misc.exe
+ 2011-06-27 10:03 . 2011-10-13 01:47 303104 c:\windows\assembly\temp\5O7ZI1KLMN\System.Runtime.Remoting.dll
+ 2012-01-18 20:33 . 2012-01-18 20:33 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfaf440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll
+ 2012-01-18 20:33 . 2012-01-18 20:33 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll
+ 2012-01-18 20:33 . 2012-01-18 20:33 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll
+ 2012-01-18 20:33 . 2012-01-18 20:33 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll
+ 2012-01-18 20:33 . 2012-01-18 20:33 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll
+ 2012-01-18 20:33 . 2012-01-18 20:33 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll
+ 2012-01-18 20:32 . 2012-01-18 20:32 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll
+ 2012-01-18 20:32 . 2012-01-18 20:32 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe
+ 2012-01-18 20:32 . 2012-01-18 20:32 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-06-27 10:03 . 2012-01-18 20:17 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-06-27 10:03 . 2011-10-13 01:47 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-13 01:48 . 2011-10-13 01:48 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-13 01:48 . 2011-10-13 01:48 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-04-14 00:12 . 2009-07-31 17:05 1372672 c:\windows\system32\msxml6.dll
+ 2006-02-28 02:00 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
+ 2008-04-14 00:12 . 2009-07-31 17:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2011-12-25 10:50 . 2011-12-25 10:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-12-14 10:08 . 2012-01-19 00:43 1274696 c:\windows\LTSvc\LTTray.exe
- 2011-12-14 10:08 . 2012-01-17 23:58 1274696 c:\windows\LTSvc\LTTray.exe
+ 2011-11-19 06:34 . 2012-01-19 00:43 1448960 c:\windows\LTSvc\cpuidsdk.dll
- 2011-11-19 06:34 . 2012-01-17 23:58 1448960 c:\windows\LTSvc\cpuidsdk.dll
+ 2011-12-26 16:59 . 2011-12-26 16:59 4368896 c:\windows\Installer\6601ed.msp
+ 2011-12-12 23:13 . 2011-12-12 23:13 3461120 c:\windows\Installer\14d2fa.msp
- 2011-10-22 01:48 . 2011-12-14 10:04 1162592 c:\windows\Installer\{91140000-0057-0000-0000-0000000FF1CE}\visicon.exe
+ 2011-10-22 01:48 . 2012-01-18 22:30 1162592 c:\windows\Installer\{91140000-0057-0000-0000-0000000FF1CE}\visicon.exe
+ 2012-01-18 20:33 . 2012-01-18 20:33 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll
+ 2012-01-18 20:33 . 2012-01-18 20:33 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll
+ 2012-01-18 20:33 . 2012-01-18 20:33 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll
+ 2012-01-18 20:33 . 2012-01-18 20:33 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll
+ 2012-01-18 20:33 . 2012-01-18 20:33 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
+ 2012-01-18 20:33 . 2012-01-18 20:33 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
+ 2012-01-18 20:33 . 2012-01-18 20:33 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll
+ 2012-01-18 20:33 . 2012-01-18 20:33 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll
+ 2012-01-18 20:32 . 2012-01-18 20:32 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll
+ 2012-01-18 20:32 . 2012-01-18 20:32 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c125799df650c1a959d8fa450b\System.Data.Services.ni.dll
+ 2012-01-18 20:32 . 2012-01-18 20:32 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll
- 2011-10-13 01:48 . 2011-10-13 01:48 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-10-13 01:48 . 2011-10-13 01:48 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-01-18 20:18 . 2012-01-18 20:18 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2010-10-04 10:02 . 2010-10-04 10:02 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-18 20:17 . 2012-01-18 20:17 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-13 01:47 . 2011-10-13 01:47 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-06-27 10:03 . 2011-10-13 01:47 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-06-27 10:03 . 2012-01-18 20:17 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-07-11 15:49 . 2012-01-18 22:29 52128560 c:\windows\system32\MRT.exe
+ 2012-01-18 20:33 . 2012-01-18 20:33 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
+ 2012-01-18 20:32 . 2012-01-18 20:32 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
+ 2012-01-18 20:18 . 2012-01-18 20:18 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 05:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-14 1527128]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker32.exe" [2011-10-21 724352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"tvncontrol"="c:\windows\LTsvc\tvnserver.exe" [2012-01-19 819200]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-6-3 5828952]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-16 813584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2011-12-14 1274696]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-7-6 1156968]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2011-7-6 1178984]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-19 525640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-05-27 00:47 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck ?╚?╚??╚?╚?╚?╚?╚a╚??╚?╚?╚
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServiceHome]
2005-01-06 20:50 397312 ----a-w- c:\program files\Aone\AONEPRO PC Link Service\PC Service Home.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ACT\\ACT for Win 7\\Act7.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\WINDOWS\\LTsvc\\LTSVC.exe"=
"c:\\WINDOWS\\LTsvc\\LTSVCmon.exe"=
"c:\\WINDOWS\\LTsvc\\LTTray.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4999:TCP"= 4999:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"4998:TCP"= 4998:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"4997:TCP"= 4997:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
"4996:TCP"= 4996:TCP:LocalSubNet,127.0.0.1/255.255.255.255:Enabled:allowagent
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2010 1:47 PM 94872]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1/12/2011 4:41 PM 810144]
R2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerSvc32.exe [10/21/2011 3:08 PM 213376]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [12/29/2011 11:04 AM 132768]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/16/2010 10:57 AM 10384]
R2 LTService;PK Tech Zen Agent;c:\windows\LTSvc\LTSVC.exe [7/6/2011 6:27 PM 12381184]
R2 LTSvcMon;PK Tech Zen Agent CheckUp Util;c:\windows\LTSvc\LTSvcMon.exe [7/6/2011 6:28 PM 98632]
R2 MSSQL$ACT7;MSSQL$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -sACT7 --> c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -sACT7 [?]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [6/30/2011 1:25 PM 1248256]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [1/23/2007 1:13 PM 36608]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\lwelker\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\lwelker\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\lwelker\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\lwelker\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 9:21 AM 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 10:08 AM 11336]
S3 cpuz134;cpuz134;\??\c:\docume~1\lwelker\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\lwelker\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 cpuz135;cpuz135;\\??\\c:\\WINDOWS\\TEMP\\cpuz135\\cpuz135_x32.sys --> \\c:\\WINDOWS\\TEMP\\cpuz135\\cpuz135_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 9:21 AM 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys --> c:\windows\system32\DRIVERS\radpms.sys [?]
S3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -i ACT7 --> c:\program files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -i ACT7 [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:21]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 16:21]
.
2012-01-18 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 05:44]
.
2012-01-19 c:\windows\Tasks\User_Feed_Synchronization-{8DFF9EC8-2652-44A0-A604-1328BC30104D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
Trusted Zone: bitdefender.com\www
Trusted Zone: pktech.net\agent
Trusted Zone: pktech.net\help
TCP: DhcpNameServer = 192.168.1.41 192.168.1.44
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-18 17:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(692)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2012-01-18 17:54:08
ComboFix-quarantined-files.txt 2012-01-19 00:54
ComboFix2.txt 2012-01-18 00:26
ComboFix3.txt 2012-01-18 00:08
ComboFix4.txt 2011-12-30 00:22
ComboFix5.txt 2012-01-19 00:34
.
Pre-Run: 104,863,744,000 bytes free
Post-Run: 105,200,898,048 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 11D6BF4112077FD1D9BBEFB9CC2D54A9

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:29 PM

Posted 18 January 2012 - 09:00 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 8.3.1
Ask Toolbar
Bing Bar
JavaÖ 6 Update 2


and click on remove

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop« Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop« Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:29 PM

Posted 21 January 2012 - 02:22 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 JDNeedsHelp

JDNeedsHelp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 23 January 2012 - 04:06 PM

Thank you for your help, the matter is resolved.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:29 PM

Posted 23 January 2012 - 06:33 PM

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:29 PM

Posted 26 January 2012 - 05:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users