Inactive [A] Rogue iexplorer.exe in Task Manager unable to remove

Status
Not open for further replies.
V

Vasunss75

Posts: 11   +0
Ok I need help and I am here after trying different option. Basically I have two issues :

1) I see iexplorer.exe process spawns up in the taskmanager processess tab list automatically even if I don't have Internet explorer opened up. If I try killing the process it keeps coming back after some time.

2) Firefox has got infected with google redirects issue. Whenever I click on a google search link some time it work but some times it take me to some wierd sites. Also a lot of cookies and trackers get downloaded. For now I have disabled cookies.

I did the following for problems 1 & 2 before posting this issue here :

1) Downloaded and ran the following :
a.Spybotsd162
b. Super Antispyware
c.hitman pro
d.trojan killar
e. used rkill and then ran hitmanpro and then trojan killer
f. today I am running windows defender

but none of them are stopping the iexplore.exe from coming back again in the taskmanager.

There is one thing I noticed. Mcfee virus scan showed : services.exe as infected with W32/Mariofev!mem but failed cleaning it.

I am attaching the following Logs :

1.HijackThis
2.GMER

Please help me get over this annoying issue. :(
 

Attachments

  • hijackthis_Nov29.log
    14.8 KB · Views: 0
  • GMER_Nov29.log
    333 bytes · Views: 0
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Followed the steps as mentioned

Hi Broni,

Thanks for responding to help. I followed the exact steps mentioned in the instruction link . I installed and ran Malwarebytes , then i ran GMER but when i ran dds it progressed for 10 mins and then everything hung. I left it for the night and checked today but the dos screen stayed there with '#####..' .Log screens did not appear. So i have attached the 1st two logs for your review :

>> Malwarebytes Log : Date run: 30th Nov 2011

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8281

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/30/2011 11:22:52 PM
mbam-log-2011-11-30 (23-22-52).txt

Scan type: Quick scan
Objects scanned: 280628
Time elapsed: 17 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


>> GMER Log : Date run : 30th Nov 2011

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-30 23:38:10
Windows 5.1.2600 Service Pack 3
Running: 2w45m4yp.exe; Driver: C:\DOCUME~1\SVASUD~1\LOCALS~1\Temp\kwlyqaog.sys


---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [DISABLED] USBSTOR <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
 
Adding one more observation to my previous reply

Adding 1 more observation just in case this is important : :)

Observation 1:

Also, when I first tried to open GMER program from Desktop and got a message like this:

LoadDriver ("C\Docume~1\ADMINI~\LOCALS~1\TEMP\pxddipog.sys")
error: 0xC0000: Cannot create a stable subkey under a volatile parent key.

But onced X'd out i could still open the program and run scan

Observation 2:
Every time i perform a 'Normal' Start up and run Mcfee on demand scan it detects the following :

TDSS.e!RootKit - Mcfee deletes it succesfully but when i restart the system again and run the Mcfee scan it again detects the same virus. So it seems to be coming back when i start up.

Also when i perform a safe boot with networking and perform a scan the virus does seem to be coming up.

hope this helps you to help ME !!
 
Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Downloaded TDSSKiller.exe

Ok Broni. Here is the status :

1.I downloaded the TDSSKiller.exe from the link and saved on my desktop
2.Double clicked it
3.It came up with a windows security warning message whether allow the program to run
4.Clicked ok
5.Nothing happens

I did not see any scan window coming up. So i thought the mcfee antivirus might be blocking the program

so i restarted the system in safe mode, ensured that mcfee access protection was turned to 'off' and on-access scanner was also turned off

now i double clicked the TDSSKiller.exe file ,warning comes up. I say ok and nothing happens. I then renamed the file and checked still it doesn't work.

The iexplorer.exe problem still persists if i am connect to network during system startup and if 'only' i have Iexplorer on online mode. So for now i have switched 'Iexplorer' to offline mode and started using Mozilla firefox.

Running the mcfee scan on start still finds TDSS_XPT and deletes it. But once it deletes the virus the system / processor performance is better.

i am not sure how to check why TDSSKiller.exe is not working when double clicked.
 
Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
 
Yoooohoooo !!!! First run after cleanup shows no symptoms

Hi Broni,

I downloaded FixTDSS and ran it. A screen followed that said your system will be restarted. I pressed ok button.

After the system restart FixTDSS process was the first to run. The scan result showed the following message "MBR is infected !!" Rectify ? I clicked on
Rectify. The result showed 'successful disinfection' ..then i did some checks on the symptoms i used to see :

1.Checked the CPU usage - it came down to normal levels
2.Restarted the computer and ran mcfee scan to check if it still brings up TDSS rootkit error i used to see before. Nope...it came out clean

3.Then i also restarted internet explorer brought it back online and close it to see if any other instance of iexplorer.exe persists. waited for 10 mins and nope came out clean.


and Yay !! my system looks cool... better than before because of the cleanup hell process i had gone through !.

Thanks a ton to Broni !!!
 
Good news :)
But we're not done.
We have to make sure nothing is hiding there.

Give me fresh GMER log.
See if DDS will run now.
If so post both logs.
 
Post treatment checks - attaching logs

yes i agree with you.. :slurp:

I ran both GMER and DDS . This time DDS ran successfully. I am attaching all the logs .

GMER Log
--------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-04 09:48:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 Hitachi_HTS722016K9A300 rev.DCDOCA1H
Running: 8jftztkh.exe; Driver: C:\DOCUME~1\SVASUD~1\LOCALS~1\Temp\kwlyqaog.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwConnectPort [0xB9D48260]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9D480F6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB9D48090]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB9D480A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9D4810A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9D48136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB9D481A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB9D4818E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xB9D481BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMakeTemporaryObject [0xB9D4824C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB9D481E6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9D480E2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9D48054]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9D48068]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xB9D48222]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB9D48178]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB9D48162]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9D48120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xB9D4820E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xB9D481FA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB9D480CE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB9D480BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9D48238]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9D4814C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9D4807C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xB9D481D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtConnectPort
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [DISABLED] USBSTOR <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

************************************************************************************

DDS Log file name : DDS.txt >>>

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by svasudevan at 9:51:04 on 2011-12-04
.
============== Running Processes ===============
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\DevMonitor\DevMonitor Pluggin\MonitorDevPluggin.exe
C:\Program Files\AT&T Global Network Client\netcfgsvr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft Lync\communicator.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\Notepad.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\svasudevan\Desktop\dds(1).scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://team/myvirtusa
uInternet Settings,ProxyServer = atlisgbluearray.alere.com:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - c:\program files\microsoft lync\OCHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: iOpus iMacros: {0483894e-2422-45e0-8384-021aff1af3cd} - c:\program files\imacros\imacros.dll
uRun: [NetSP - restore settings on power failure] "c:\program files\at&t global network client\NetSP.exe" -show
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AdobeBridge]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\imacros\imacros.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {043BECED-7279-47F5-90D3-26D5A45E97FD} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/prbatchscanning.cab
DPF: {072EBF73-01D7-40E5-AC5C-C35B2FEAEA8D} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/prDynamicMenus.CAB
DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxp://mt-dwbicore3/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=z5qgdk45yvn4v33harjtcb45&ControlID=92ab5913e63c415d8e1dd8f907721ce5&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1322409531269
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1322409518491
DPF: {7162A103-007A-4A9B-85EE-F030AA23509A} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/prkeyutils.cab
DPF: {7C7AD9C7-6873-49A4-9EA3-92E4DAD2AB59} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/primportmanager.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {92C97DFA-09CB-11D5-B823-00105A1F06DB} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/legintwincapture.cab
DPF: {92F6C891-8282-4953-9A63-5C712783C668} - hxxp://chnpulse/Pulse/eT247.CAB
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://inblrm06.tcs.com/dwa8W.cab
DPF: {ABA23149-06BA-440D-88FF-69203B966083} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/openauthoring.cab
DPF: {BE8EEE38-A7C5-4674-A6C4-C2D7421FDD10} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/prvisiointerface.cab
DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ukfreetrial.webex.com/client/T27L/webex/ieatgpc.cab
TCP: DhcpNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{E9951A37-82E7-4D5A-A5F6-9EB2D97B7DF5} : DhcpNameServer = 68.87.71.230 68.87.73.246
Notify: igfxcui - igfxdev.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\svasudevan\application data\mozilla\firefox\profiles\ej2qykuv.default\
FF - prefs.js: browser.search.selectedEngine - Twitter
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=106&q=
FF - component: c:\documents and settings\svasudevan\application data\mozilla\firefox\profiles\ej2qykuv.default\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}\components\dtTransparency.dll
FF - plugin: c:\documents and settings\svasudevan\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\svasudevan\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\svasudevan\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
.
============= SERVICES / DRIVERS ===============
.
R? enterceptAgent;McAfee Host Intrusion Prevention Service
R? Firehk;McAfee NDIS Intermediate Filter
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? mferkdet;McAfee Inc. mferkdet
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? vsdatant;vsdatant
R? WinDefend;Windows Defender
R? WinRM;Windows Remote Management (WS-Management)
S? FirehkMP;FirehkMP
S? HIPK;McAfee Inc. HIPK
S? HIPPSK;McAfee Inc. HIPPSK
S? HIPQK;McAfee Inc. HIPQK
S? hips;McAfee HIPSCore Service
S? McAfeeEngineService;McAfee Engine Service
S? McAfeeFramework;McAfee Framework Service
S? McShield;McAfee McShield
S? McTaskManager;McAfee Task Manager
S? mfeavfk;McAfee Inc. mfeavfk
S? mfebopk;McAfee Inc. mfebopk
S? mfehidk;McAfee Inc. mfehidk
S? mfevtp;McAfee Validation Trust Protection Service
S? MonitorDevPluggin;MonitorDevPluggin
.
=============== Created Last 30 ================
.
2011-12-04 14:37:54 -------- d-----w- c:\documents and settings\svasudevan\application data\comcasttb
2011-12-04 14:32:42 39816 ----a-w- c:\windows\system32\HIPIS0e011aa.dll
2011-12-03 21:00:24 -------- d-----w- c:\program files\common files\Kodak
2011-12-03 20:55:16 -------- d-----w- c:\documents and settings\all users\application data\PC Drivers HeadQuarters
2011-12-01 03:57:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-01 03:25:37 -------- d-----w- c:\documents and settings\svasudevan\application data\McAfee
2011-12-01 03:19:18 65224 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-12-01 03:19:18 43288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-12-01 03:19:17 91640 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-12-01 03:19:17 342128 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-12-01 03:18:05 -------- d-----w- c:\program files\common files\McAfee
2011-12-01 01:14:48 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2011-11-30 01:07:38 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-11-30 01:07:31 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{4e526ad6-d73e-4745-8225-e7a3b93f4c48}\mpengine.dll
2011-11-30 01:07:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-30 00:25:18 -------- d-----w- c:\program files\Trojan Remover
2011-11-29 05:01:26 -------- d-----w- c:\program files\common files\PC Tools
2011-11-29 05:01:25 -------- d-----w- c:\program files\PC Tools Security
2011-11-29 04:40:08 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-11-29 02:33:04 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-11-28 23:57:46 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-11-28 23:18:29 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-28 23:02:27 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-28 23:01:23 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-11-28 05:13:58 -------- d-----w- c:\documents and settings\svasudevan\application data\QuickScan
2011-11-28 04:57:38 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2011-11-27 22:06:44 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-11-27 15:59:11 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-11-25 21:59:06 -------- d-----w- c:\documents and settings\svasudevan\application data\DDMSettings
2011-11-22 04:51:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-11-22 04:51:01 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-11-22 04:51:01 1989592 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-11-22 04:51:00 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-11-22 04:51:00 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-11-22 04:51:00 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-11-22 04:51:00 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-11-22 04:51:00 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-11-21 03:41:11 -------- d-----w- c:\windows\pss
2011-11-20 22:35:04 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-11-20 22:25:20 388096 ----a-r- c:\documents and settings\svasudevan\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-20 03:38:07 -------- d-----w- c:\documents and settings\svasudevan\local settings\application data\NPE
2011-11-20 03:19:12 -------- d-----w- c:\program files\common files\Symantec Shared
2011-11-20 03:18:47 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-11-20 03:18:33 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2011-11-20 03:08:13 -------- d-----w- c:\documents and settings\svasudevan\application data\xfin_portal
2011-11-20 03:08:00 -------- d-----w- c:\program files\xfin_portal
2011-11-17 22:52:17 -------- d-----w- c:\documents and settings\svasudevan\application data\CallingID
2011-11-17 22:51:58 -------- d-----w- c:\program files\common files\scanner
2011-11-17 22:51:58 -------- d-----w- c:\program files\comcasttb
2011-11-17 22:51:43 -------- d-----w- c:\program files\CA
.
==================== Find3M ====================
.
2011-11-07 22:02:08 140864 ----a-w- c:\windows\system32\KevlarSigs.dll
2011-10-20 23:26:22 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 06:11:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 06:11:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 06:11:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-23 18:23:50 52352 ----a-w- c:\windows\system32\drivers\VolSnap.sys
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2004-09-10 08:10:38 75264 ----a-w- c:\program files\DECCHECK.exe
.
============= FINISH: 9:53:05.53 ===============

--Continued part 2 of log in next reply
 
Continued part 2 of log in next reply

Continued ..Log file Attach.txt from DDS >>>>


.
==== Installed Programs ======================
.
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 8.1.5
Adobe Shockwave Player 11
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
AT&T Global Network Client Managed VPN Edition
BDE Version 5.2.0.2
BusinessObjects Enterprise XI Release 2
Canon Camera Access Library
CCScore
Cisco Systems VPN Client 5.0.00.0340
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Configuration Manager Client
Data Access Objects (DAO) 3.0
Data Access Objects (DAO) 3.5
DevMonitor Pluggin
DivX Setup
DScaler 5 Mpeg Decoders
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Google Chrome
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
GoToMeeting 4.5.0.457
High Definition Audio Driver Package - KB835221
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB979306)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
J2SE Development Kit 5.0 Update 16
J2SE Runtime Environment 5.0 Update 16
Java Auto Updater
Java(TM) 6 Update 22
Juniper Networks Host Checker
KB408682
Kodak EasyShare software
McAfee Agent
McAfee AntiSpyware Enterprise Module
McAfee Host Intrusion Prevention
McAfee VirusScan Enterprise
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Baseline Security Analyzer 2.0.1
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft Lync - Welcome
Microsoft Lync 2010
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2005
Microsoft Office Live Meeting 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Project Professional 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2003
Microsoft Office Visio Professional 2007
Microsoft Office Visio Viewer 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft System Center Service Manager Portal ActiveX Control
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
mIWA
mLogView
mMHouse
Mozilla Firefox 8.0.1 (x86 en-US)
mPfMgr
mPfWiz
mProSafe
mSCfg
mSSO
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mWMI
mZConfig
netbrdg
Octoshape add-in for Adobe Flash Player
OfotoXMI
OZ776 SCR Driver V1.1.3.9
PLATINUM ERwin 3.5.2
Quest Software Toad for SQL Server Freeware 4.6
QuickTime
RDC
RealPlayer
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SFR
SHASTA
SigmaTel Audio
skin0001
SKINXSDK
Skype™ 5.5
staticcr
TortoiseSVN
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Script Editor Help (KB957253)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.0.3
VPRINTOL
WebEx
WebFldrs XP
WIMGAPI
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Management Framework Core
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WinRAR archiver
WinZip
WIRELESS
XFINITY Toolbar
Xvid 1.2.1 final uninstall
Yahoo! Messenger
.
==== End Of File ===========================

That is all Broni !
 
Ran TDSSKiller.exe

Yes now i am able to execute TDSSKiller.exe. It ran successfully and then i extracted the text from the log file it created under c: drive: Here is it :

18:25:49.0454 4008 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
18:25:49.0604 4008 ============================================================
18:25:49.0604 4008 Current date / time: 2011/12/04 18:25:49.0604
18:25:49.0604 4008 SystemInfo:
18:25:49.0604 4008
18:25:49.0604 4008 OS Version: 5.1.2600 ServicePack: 3.0
18:25:49.0604 4008 Product type: Workstation
18:25:49.0604 4008 ComputerName: ML-SVASUDEVAN
18:25:49.0604 4008 UserName: svasudevan
18:25:49.0604 4008 Windows directory: C:\WINDOWS
18:25:49.0604 4008 System windows directory: C:\WINDOWS
18:25:49.0604 4008 Processor architecture: Intel x86
18:25:49.0604 4008 Number of processors: 1
18:25:49.0604 4008 Page size: 0x1000
18:25:49.0604 4008 Boot type: Normal boot
18:25:49.0604 4008 ============================================================
18:25:51.0437 4008 Initialize success
18:26:37.0133 2064 ============================================================
18:26:37.0133 2064 Scan started
18:26:37.0133 2064 Mode: Manual;
18:26:37.0133 2064 ============================================================
18:26:38.0695 2064 Abiosdsk - ok
18:26:38.0745 2064 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:26:38.0745 2064 abp480n5 - ok
18:26:38.0855 2064 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:26:38.0945 2064 ACPI - ok
18:26:39.0035 2064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:26:39.0055 2064 ACPIEC - ok
18:26:39.0126 2064 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:26:39.0136 2064 adpu160m - ok
18:26:39.0296 2064 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:26:39.0296 2064 aec - ok
18:26:39.0356 2064 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:26:39.0356 2064 AegisP - ok
18:26:39.0416 2064 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:26:39.0416 2064 AFD - ok
18:26:39.0626 2064 agnfilt (e40f1f658c70bc5fe9a70dd82c255080) C:\WINDOWS\system32\DRIVERS\agnfilt.sys
18:26:39.0626 2064 agnfilt - ok
18:26:39.0676 2064 agnwifi (685443afa5d1a94c5f47e4846b0e4c3d) C:\WINDOWS\system32\DRIVERS\agnwifi.sys
18:26:39.0676 2064 agnwifi - ok
18:26:39.0736 2064 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:26:39.0746 2064 agp440 - ok
18:26:39.0766 2064 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:26:39.0766 2064 agpCPQ - ok
18:26:39.0887 2064 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:26:39.0897 2064 Aha154x - ok
18:26:39.0967 2064 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:26:39.0967 2064 aic78u2 - ok
18:26:40.0007 2064 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:26:40.0007 2064 aic78xx - ok
18:26:40.0057 2064 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:26:40.0057 2064 AliIde - ok
18:26:40.0087 2064 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:26:40.0097 2064 alim1541 - ok
18:26:40.0137 2064 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:26:40.0137 2064 amdagp - ok
18:26:40.0157 2064 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:26:40.0167 2064 amsint - ok
18:26:40.0197 2064 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:26:40.0197 2064 Arp1394 - ok
18:26:40.0217 2064 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:26:40.0217 2064 asc - ok
18:26:40.0227 2064 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:26:40.0237 2064 asc3350p - ok
18:26:40.0257 2064 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:26:40.0257 2064 asc3550 - ok
18:26:40.0287 2064 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:26:40.0287 2064 AsyncMac - ok
18:26:40.0297 2064 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:26:40.0307 2064 atapi - ok
18:26:40.0317 2064 Atdisk - ok
18:26:40.0347 2064 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:26:40.0347 2064 Atmarpc - ok
18:26:40.0387 2064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:26:40.0387 2064 audstub - ok
18:26:40.0518 2064 avpnnic (ca91a96e5e24799c551216a70072f979) C:\WINDOWS\system32\DRIVERS\avpnnic.sys
18:26:40.0518 2064 avpnnic - ok
18:26:40.0558 2064 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
18:26:40.0558 2064 b57w2k - ok
18:26:40.0748 2064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:26:40.0748 2064 Beep - ok
18:26:40.0798 2064 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
18:26:40.0798 2064 BVRPMPR5 - ok
18:26:40.0808 2064 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:26:40.0808 2064 cbidf - ok
18:26:40.0828 2064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:26:40.0828 2064 cbidf2k - ok
18:26:40.0858 2064 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:26:40.0858 2064 cd20xrnt - ok
18:26:40.0878 2064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:26:40.0938 2064 Cdaudio - ok
18:26:41.0018 2064 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:26:41.0048 2064 Cdfs - ok
18:26:41.0128 2064 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:26:41.0138 2064 Cdrom - ok
18:26:41.0168 2064 Changer - ok
18:26:41.0329 2064 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:26:41.0329 2064 CmBatt - ok
18:26:41.0369 2064 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:26:41.0369 2064 CmdIde - ok
18:26:41.0389 2064 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:26:41.0399 2064 Compbatt - ok
18:26:41.0429 2064 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:26:41.0429 2064 Cpqarray - ok
18:26:41.0469 2064 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
18:26:41.0469 2064 CVirtA - ok
18:26:41.0529 2064 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
18:26:41.0529 2064 CVPNDRVA - ok
18:26:41.0639 2064 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:26:41.0639 2064 dac2w2k - ok
18:26:41.0759 2064 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:26:41.0759 2064 dac960nt - ok
18:26:41.0789 2064 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:26:41.0789 2064 Disk - ok
18:26:41.0839 2064 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:26:41.0960 2064 dmboot - ok
18:26:42.0100 2064 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:26:42.0100 2064 dmio - ok
18:26:42.0140 2064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:26:42.0140 2064 dmload - ok
18:26:42.0210 2064 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:26:42.0210 2064 DMusic - ok
18:26:42.0300 2064 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
18:26:42.0310 2064 DNE - ok
18:26:42.0480 2064 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:26:42.0480 2064 dpti2o - ok
18:26:42.0520 2064 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:26:42.0520 2064 drmkaud - ok
18:26:42.0570 2064 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:26:42.0580 2064 Fastfat - ok
18:26:42.0751 2064 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:26:42.0751 2064 Fdc - ok
18:26:42.0791 2064 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:26:42.0791 2064 Fips - ok
18:26:42.0821 2064 Firehk (f96d1c2c40902604329933374950babb) C:\WINDOWS\system32\DRIVERS\firehk.sys
18:26:42.0821 2064 Firehk - ok
18:26:42.0831 2064 FirehkMP (f96d1c2c40902604329933374950babb) C:\WINDOWS\system32\DRIVERS\firehk.sys
18:26:42.0831 2064 FirehkMP - ok
18:26:42.0881 2064 firelm01 (b4016f8c5be680b7f6849dcc8a8b99ce) C:\WINDOWS\system32\drivers\firelm01.sys
18:26:42.0881 2064 firelm01 - ok
18:26:42.0931 2064 FirePM (62ed0af07964feceee7429a0c82c8b0d) C:\WINDOWS\system32\Drivers\FirePM.sys
18:26:42.0931 2064 FirePM - ok
18:26:43.0201 2064 FireTDI (605ff6edc1e2cc337070c5317ca80040) C:\WINDOWS\system32\Drivers\FireTDI.sys
18:26:43.0201 2064 FireTDI - ok
18:26:43.0271 2064 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:26:43.0271 2064 Flpydisk - ok
18:26:43.0332 2064 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:26:43.0332 2064 FltMgr - ok
18:26:43.0382 2064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:26:43.0382 2064 Fs_Rec - ok
18:26:43.0412 2064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:26:43.0432 2064 Ftdisk - ok
18:26:43.0482 2064 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:26:43.0482 2064 Gpc - ok
18:26:43.0632 2064 guardian2 (0e1fd1ea2837d6b7a1d7b6c928014d05) C:\WINDOWS\system32\Drivers\oz776.sys
18:26:43.0642 2064 guardian2 - ok
18:26:43.0672 2064 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:26:43.0682 2064 HDAudBus - ok
18:26:43.0722 2064 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:26:43.0732 2064 HidUsb - ok
18:26:43.0772 2064 HIPK (1be9041b7d9d2d7f1774b384f773ea67) C:\WINDOWS\system32\drivers\HIPK.sys
18:26:43.0772 2064 HIPK - ok
18:26:43.0962 2064 HIPPSK (383e70750cbb1a1c208c93e398f46e96) C:\WINDOWS\system32\drivers\HIPPSK.sys
18:26:43.0962 2064 HIPPSK - ok
18:26:43.0982 2064 HIPQK (744b01bc7303275487092e1a33a2769c) C:\WINDOWS\system32\drivers\HIPQK.sys
18:26:43.0982 2064 HIPQK - ok
18:26:44.0023 2064 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:26:44.0023 2064 hpn - ok
18:26:44.0053 2064 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
18:26:44.0053 2064 HSFHWAZL - ok
18:26:44.0253 2064 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
18:26:44.0363 2064 HSF_DPV - ok
18:26:44.0543 2064 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:26:44.0553 2064 HTTP - ok
18:26:44.0633 2064 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:26:44.0633 2064 i2omgmt - ok
18:26:44.0673 2064 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:26:44.0673 2064 i2omp - ok
18:26:44.0714 2064 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:26:44.0714 2064 i8042prt - ok
18:26:44.0914 2064 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:26:45.0084 2064 ialm - ok
18:26:45.0204 2064 idisw2km - ok
18:26:45.0264 2064 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:26:45.0264 2064 Imapi - ok
18:26:45.0294 2064 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:26:45.0294 2064 ini910u - ok
18:26:45.0314 2064 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:26:45.0314 2064 IntelIde - ok
18:26:45.0374 2064 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:26:45.0374 2064 intelppm - ok
18:26:45.0405 2064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:26:45.0405 2064 IpFilterDriver - ok
18:26:45.0435 2064 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:26:45.0435 2064 IpInIp - ok
18:26:45.0475 2064 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:26:45.0475 2064 IpNat - ok
18:26:45.0505 2064 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:26:45.0525 2064 IPSec - ok
18:26:45.0575 2064 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
18:26:45.0575 2064 irda - ok
18:26:45.0605 2064 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:26:45.0605 2064 IRENUM - ok
18:26:45.0665 2064 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:26:45.0665 2064 isapnp - ok
18:26:45.0805 2064 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:26:45.0805 2064 Kbdclass - ok
18:26:45.0815 2064 kbstuff - ok
18:26:45.0865 2064 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:26:45.0865 2064 kmixer - ok
18:26:46.0096 2064 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:26:46.0096 2064 KSecDD - ok
18:26:46.0126 2064 lbrtfdc - ok
18:26:46.0206 2064 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:26:46.0206 2064 mdmxsdk - ok
18:26:46.0276 2064 mfeapfk (a8d2c54c2f71f5cba7ca2734341e57e6) C:\WINDOWS\system32\drivers\mfeapfk.sys
18:26:46.0276 2064 mfeapfk - ok
18:26:46.0326 2064 mfeavfk (1fae237d343904e24b3a9eb04bbd8170) C:\WINDOWS\system32\drivers\mfeavfk.sys
18:26:46.0326 2064 mfeavfk - ok
18:26:46.0356 2064 mfebopk (8c324da46f9fcc5c107ceda4dbcfc7ae) C:\WINDOWS\system32\drivers\mfebopk.sys
18:26:46.0356 2064 mfebopk - ok
18:26:46.0506 2064 mfehidk (d0123e113243bdd427611f265bbd21b8) C:\WINDOWS\system32\drivers\mfehidk.sys
18:26:46.0516 2064 mfehidk - ok
18:26:46.0546 2064 mferkdet (d528f31cad4411d3ae3ce0c634232851) C:\WINDOWS\system32\drivers\mferkdet.sys
18:26:46.0546 2064 mferkdet - ok
18:26:46.0596 2064 mfetdik (78efa6fd2a486c476045eaa1d2f218b7) C:\WINDOWS\system32\drivers\mfetdik.sys
18:26:46.0596 2064 mfetdik - ok
18:26:46.0636 2064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:26:46.0636 2064 mnmdd - ok
18:26:46.0666 2064 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:26:46.0666 2064 Modem - ok
18:26:46.0726 2064 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:26:46.0726 2064 Mouclass - ok
18:26:46.0927 2064 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:26:46.0927 2064 mouhid - ok
18:26:46.0997 2064 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:26:47.0017 2064 MountMgr - ok
18:26:47.0087 2064 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:26:47.0107 2064 mraid35x - ok
18:26:47.0137 2064 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:26:47.0137 2064 MRxDAV - ok
18:26:47.0207 2064 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:26:47.0217 2064 MRxSmb - ok
18:26:47.0297 2064 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:26:47.0297 2064 Msfs - ok
18:26:47.0337 2064 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:26:47.0337 2064 MSKSSRV - ok
18:26:47.0367 2064 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:26:47.0367 2064 MSPCLOCK - ok
18:26:47.0578 2064 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:26:47.0588 2064 MSPQM - ok
18:26:47.0668 2064 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:26:47.0668 2064 mssmbios - ok
18:26:47.0718 2064 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:26:47.0718 2064 Mup - ok
18:26:47.0878 2064 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:26:47.0908 2064 NDIS - ok
18:26:47.0988 2064 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:26:47.0988 2064 NdisTapi - ok
18:26:48.0018 2064 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:26:48.0028 2064 Ndisuio - ok
18:26:48.0058 2064 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:26:48.0058 2064 NdisWan - ok
18:26:48.0108 2064 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:26:48.0108 2064 NDProxy - ok
18:26:48.0199 2064 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:26:48.0199 2064 NetBIOS - ok
18:26:48.0229 2064 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:26:48.0229 2064 NetBT - ok
18:26:48.0359 2064 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
18:26:48.0389 2064 NETw4x32 - ok
18:26:48.0499 2064 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:26:48.0509 2064 NIC1394 - ok
18:26:48.0599 2064 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:26:48.0599 2064 Npfs - ok
18:26:48.0639 2064 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:26:48.0649 2064 Ntfs - ok
18:26:48.0679 2064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:26:48.0679 2064 Null - ok
18:26:48.0719 2064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:26:48.0719 2064 NwlnkFlt - ok
18:26:48.0749 2064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:26:48.0749 2064 NwlnkFwd - ok
18:26:48.0779 2064 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:26:48.0779 2064 ohci1394 - ok
18:26:48.0829 2064 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:26:48.0829 2064 Parport - ok
18:26:48.0920 2064 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:26:48.0930 2064 PartMgr - ok
18:26:49.0010 2064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:26:49.0010 2064 ParVdm - ok
18:26:49.0050 2064 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:26:49.0050 2064 PCI - ok
18:26:49.0080 2064 PCIDump - ok
18:26:49.0140 2064 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:26:49.0140 2064 PCIIde - ok
18:26:49.0160 2064 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:26:49.0160 2064 Pcmcia - ok
18:26:49.0180 2064 PDCOMP - ok
18:26:49.0210 2064 PDFRAME - ok
18:26:49.0230 2064 PDRELI - ok
18:26:49.0250 2064 PDRFRAME - ok
18:26:49.0280 2064 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:26:49.0280 2064 perc2 - ok
18:26:49.0300 2064 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:26:49.0300 2064 perc2hib - ok
18:26:49.0430 2064 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:26:49.0440 2064 PptpMiniport - ok
18:26:49.0520 2064 prepdrvr (2a4514a9233d35a355f569ff8b8f6240) C:\WINDOWS\system32\CCM\prepdrv.sys
18:26:49.0550 2064 prepdrvr - ok
18:26:49.0591 2064 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:26:49.0601 2064 PSched - ok
18:26:49.0621 2064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:26:49.0621 2064 Ptilink - ok
18:26:49.0671 2064 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:26:49.0681 2064 PxHelp20 - ok
18:26:49.0701 2064 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:26:49.0701 2064 ql1080 - ok
18:26:49.0731 2064 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:26:49.0741 2064 Ql10wnt - ok
18:26:49.0761 2064 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:26:49.0761 2064 ql12160 - ok
18:26:49.0781 2064 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:26:49.0791 2064 ql1240 - ok
18:26:49.0871 2064 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:26:49.0871 2064 ql1280 - ok
18:26:49.0971 2064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:26:49.0971 2064 RasAcd - ok
18:26:50.0151 2064 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
18:26:50.0151 2064 Rasirda - ok
18:26:50.0191 2064 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:26:50.0191 2064 Rasl2tp - ok
18:26:50.0221 2064 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:26:50.0221 2064 RasPppoe - ok
18:26:50.0241 2064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:26:50.0241 2064 Raspti - ok
18:26:50.0282 2064 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:26:50.0292 2064 Rdbss - ok
18:26:50.0422 2064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:26:50.0432 2064 RDPCDD - ok
18:26:50.0512 2064 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:26:50.0532 2064 rdpdr - ok
18:26:50.0622 2064 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:26:50.0632 2064 RDPWD - ok
18:26:50.0692 2064 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:26:50.0702 2064 redbook - ok
18:26:50.0822 2064 RSUSBSTOR (6b065c88a4c05cf44793ac2bfc331ac5) C:\WINDOWS\system32\Drivers\RtsUStor.sys
18:26:50.0832 2064 RSUSBSTOR - ok
18:26:50.0892 2064 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys
18:26:50.0892 2064 s24trans - ok
18:26:51.0003 2064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:26:51.0013 2064 Secdrv - ok
18:26:51.0123 2064 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:26:51.0123 2064 serenum - ok
18:26:51.0163 2064 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:26:51.0163 2064 Serial - ok
18:26:51.0213 2064 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:26:51.0213 2064 Sfloppy - ok
18:26:51.0273 2064 Simbad - ok
18:26:51.0333 2064 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:26:51.0373 2064 sisagp - ok
18:26:51.0543 2064 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
18:26:51.0543 2064 SMCIRDA - ok
18:26:51.0834 2064 smsmdd (4b4ab78e866bbecf93f6eabc3270178a) C:\WINDOWS\system32\DRIVERS\smsmdm.sys
18:26:51.0834 2064 smsmdd - ok
18:26:51.0994 2064 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:26:51.0994 2064 Sparrow - ok
18:26:52.0024 2064 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:26:52.0024 2064 splitter - ok
18:26:52.0114 2064 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:26:52.0114 2064 sr - ok
18:26:52.0154 2064 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:26:52.0164 2064 Srv - ok
18:26:52.0204 2064 sst150 (3c7d7ef4ba8d3a37bced5d74d3f0d1c0) C:\WINDOWS\system32\drivers\sst150.sys
18:26:52.0204 2064 sst150 - ok
18:26:52.0284 2064 STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINDOWS\system32\drivers\sthda.sys
18:26:52.0294 2064 STHDA - ok
18:26:52.0365 2064 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:26:52.0365 2064 swenum - ok
18:26:52.0455 2064 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:26:52.0455 2064 swmidi - ok
18:26:52.0515 2064 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:26:52.0515 2064 symc810 - ok
18:26:52.0545 2064 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:26:52.0545 2064 symc8xx - ok
18:26:52.0565 2064 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:26:52.0565 2064 sym_hi - ok
18:26:52.0595 2064 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:26:52.0595 2064 sym_u3 - ok
18:26:52.0635 2064 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:26:52.0635 2064 sysaudio - ok
18:26:52.0675 2064 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:26:52.0685 2064 Tcpip - ok
18:26:52.0735 2064 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:26:52.0735 2064 TDPIPE - ok
18:26:52.0775 2064 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:26:52.0775 2064 TDTCP - ok
18:26:52.0845 2064 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:26:52.0845 2064 TermDD - ok
18:26:52.0935 2064 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:26:52.0935 2064 TosIde - ok
18:26:52.0985 2064 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:26:52.0985 2064 Udfs - ok
18:26:53.0025 2064 UIUSys - ok
18:26:53.0076 2064 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:26:53.0076 2064 ultra - ok
18:26:53.0126 2064 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:26:53.0136 2064 Update - ok
18:26:53.0236 2064 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:26:53.0236 2064 usbehci - ok
18:26:53.0296 2064 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:26:53.0296 2064 usbhub - ok
18:26:53.0336 2064 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:26:53.0336 2064 usbscan - ok
18:26:53.0346 2064 Suspicious service (NoAccess): USBSTOR
18:26:53.0366 2064 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:26:53.0366 2064 usbuhci - ok
18:26:53.0386 2064 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:26:53.0386 2064 VgaSave - ok
18:26:53.0416 2064 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:26:53.0416 2064 viaagp - ok
18:26:53.0436 2064 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:26:53.0436 2064 ViaIde - ok
18:26:53.0466 2064 VolSnap (8108075f136a7bc26ca53d86beef8b00) C:\WINDOWS\system32\drivers\VolSnap.sys
18:26:53.0466 2064 VolSnap - ok
18:26:53.0526 2064 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
18:26:53.0576 2064 vsdatant - ok
18:26:53.0646 2064 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:26:53.0646 2064 Wanarp - ok
18:26:53.0716 2064 WDICA - ok
18:26:53.0817 2064 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:26:53.0817 2064 wdmaud - ok
18:26:53.0907 2064 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:26:53.0917 2064 winachsf - ok
18:26:54.0067 2064 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:26:54.0067 2064 WmiAcpi - ok
18:26:54.0177 2064 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:26:54.0177 2064 WS2IFSL - ok
18:26:54.0277 2064 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:26:54.0918 2064 \Device\Harddisk0\DR0 - ok
18:26:54.0918 2064 Boot (0x1200) (a73b0c7b014e3c6ee9f48fab3b445785) \Device\Harddisk0\DR0\Partition0
18:26:54.0938 2064 \Device\Harddisk0\DR0\Partition0 - ok
18:26:54.0948 2064 ============================================================
18:26:54.0948 2064 Scan finished
18:26:54.0948 2064 ============================================================
18:26:54.0988 2416 Detected object count: 0
18:26:54.0988 2416 Actual detected object count: 0

Thanks !
 
Very good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Unable to disable Mcfee antivirus and firewall

Hi Broni,

Since this is my work laptop i am not able to disable Mcfee and Windows firewall services. May be due to current policy for my username. But other wise i have administrative rights on this system.

Mcfee
-----
Program --> Mcfee --> McFee VirusScan Console --> On the console there 2 of these tasks : 1) Access protection 2) On-Access Scanner when i right click it has the 'disable' button grayed out.


Windows Firewall
----------------
Also when i right click on Windows Firewall - I see this message : For your security ,some settings ar controlled by Group Policy

and the i see "On recommended" radio button disabled and also 'Off' button is also disabled.

Not sure how disable it. I will see if i can get help from work IT team.
 
I ran Combofix in safe mode

Broni,

I downloaded Combofix and ran in safe mode ignored warnings.
During the run it detected bootkit activity and wanted to restart.
I pressed ok and the system restarted.
Then it downloaded and created system restore point.
Finally the scan started and went through many stages.
This was followed by system restart request.
pressed ok.
after restart it created the log file. Pasting it below :

ComboFix 11-12-06.01 - svasudevan 12/06/2011 18:30:21.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1654 [GMT -5:00]
Running from: c:\documents and settings\svasudevan\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *Disabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\svasudevan\Application Data\Toolbar4
c:\documents and settings\svasudevan\g2mdlhlpx.exe
c:\documents and settings\svasudevan\WINDOWS
c:\program files\INSTALL.LOG
C:\Thumbs.db
c:\windows\CSC\d6
c:\windows\system32\ad26132.dll
c:\windows\system32\drivers\sst150.sys
c:\windows\system32\drivers\sst150.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_sst150
-------\Service_sst150
.
.
((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 )))))))))))))))))))))))))))))))
.
.
2011-12-06 21:56 . 2011-12-06 21:56 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-12-06 21:56 . 2011-12-06 21:56 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-12-06 21:56 . 2011-12-06 21:56 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-12-06 21:56 . 2011-12-06 21:56 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-12-06 21:56 . 2011-12-06 21:56 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-12-06 21:56 . 2011-12-06 21:56 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-12-06 21:56 . 2011-12-06 21:56 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-12-06 21:56 . 2011-12-06 21:56 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-12-06 21:56 . 2011-12-06 21:56 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-12-06 21:55 . 2011-12-06 21:56 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-12-06 21:55 . 2011-12-06 21:55 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-12-06 21:55 . 2011-12-06 21:55 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-12-06 21:55 . 2011-12-06 21:55 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-12-06 21:55 . 2011-12-06 21:55 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-12-06 21:55 . 2011-12-06 21:55 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-12-06 21:55 . 2011-12-06 21:55 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-12-06 21:55 . 2011-12-06 21:55 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-12-04 14:37 . 2011-12-04 14:37 -------- d-----w- c:\documents and settings\svasudevan\Application Data\comcasttb
2011-12-03 21:00 . 2011-12-03 21:01 -------- d-----w- c:\program files\Common Files\Kodak
2011-12-03 20:55 . 2011-12-03 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2011-12-01 03:57 . 2011-12-01 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-01 03:25 . 2011-12-01 03:25 -------- d-----w- c:\documents and settings\svasudevan\Application Data\McAfee
2011-12-01 03:19 . 2009-04-30 01:07 65224 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-12-01 03:19 . 2009-04-30 01:07 43288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-12-01 03:19 . 2009-04-30 01:07 91640 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-12-01 03:19 . 2009-04-30 01:07 342128 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-12-01 03:18 . 2011-12-01 03:18 -------- d-----w- c:\program files\Common Files\McAfee
2011-12-01 02:19 . 2011-12-01 02:19 -------- d-----w- c:\documents and settings\arunachalam-it
2011-12-01 01:14 . 2009-04-30 01:07 23864 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2011-11-30 07:02 . 2011-11-30 07:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-11-30 01:07 . 2007-03-09 16:25 2321288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-11-30 01:07 . 2011-10-18 06:28 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{4E526AD6-D73E-4745-8225-E7A3B93F4C48}\mpengine.dll
2011-11-30 01:07 . 2011-05-24 23:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-30 01:06 . 2011-11-30 01:06 -------- d-----w- c:\program files\Windows Defender
2011-11-30 00:25 . 2011-11-30 03:30 -------- d-----w- c:\program files\Trojan Remover
2011-11-29 05:01 . 2011-11-29 05:28 -------- d-----w- c:\program files\Common Files\PC Tools
2011-11-29 05:01 . 2011-11-29 05:28 -------- d-----w- c:\program files\PC Tools Security
2011-11-29 04:40 . 2011-11-29 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-11-29 02:33 . 2011-11-29 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-28 23:57 . 2011-11-29 17:01 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-11-28 23:18 . 2011-11-30 12:36 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-28 23:02 . 2011-12-04 23:25 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-28 23:01 . 2011-11-28 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-11-28 05:13 . 2011-11-28 05:14 -------- d-----w- c:\documents and settings\svasudevan\Application Data\QuickScan
2011-11-28 04:57 . 2011-11-29 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2011-11-27 22:06 . 2011-11-30 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-11-27 15:59 . 2009-08-07 00:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-11-25 21:59 . 2011-11-25 21:59 -------- d-----w- c:\documents and settings\svasudevan\Application Data\DDMSettings
2011-11-22 04:51 . 2011-11-21 04:04 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-22 04:51 . 2011-11-21 04:04 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-22 04:51 . 2011-11-21 04:04 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-22 04:51 . 2011-11-21 04:04 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-22 04:51 . 2011-11-21 04:04 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-22 04:51 . 2011-11-21 04:04 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-22 04:51 . 2011-11-21 01:04 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-22 04:51 . 2011-11-21 01:04 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-11-20 22:35 . 2011-11-20 22:34 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-11-20 22:25 . 2011-11-20 22:25 388096 ----a-r- c:\documents and settings\svasudevan\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-20 03:38 . 2011-11-20 04:15 -------- d-----w- c:\documents and settings\svasudevan\Local Settings\Application Data\NPE
2011-11-20 03:19 . 2011-11-20 03:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-11-20 03:18 . 2011-11-20 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-11-20 03:08 . 2011-12-05 01:30 -------- d-----w- c:\program files\xfin_portal
2011-11-17 22:52 . 2011-12-05 00:59 -------- d-----w- c:\documents and settings\svasudevan\Application Data\CallingID
2011-11-17 22:51 . 2011-12-01 16:10 -------- d-----w- c:\program files\comcasttb
2011-11-17 22:51 . 2011-12-01 03:31 -------- d-----w- c:\program files\Common Files\scanner
2011-11-17 22:51 . 2011-11-17 22:51 -------- d-----w- c:\program files\CA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-07 22:02 . 2009-11-12 06:35 140864 ----a-w- c:\windows\system32\KevlarSigs.dll
2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-10-10 14:22 . 2008-05-13 06:28 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 06:11 . 2008-07-29 14:29 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 06:11 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 06:11 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2004-09-10 08:10 . 2004-09-10 08:10 75264 ----a-w- c:\program files\DECCHECK.exe
2011-11-21 04:04 . 2011-11-22 04:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-04-30 01:07 . 2011-12-01 01:14 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetSP - restore settings on power failure"="c:\program files\AT&T Global Network Client\NetSP.exe" [2007-06-27 42264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2011-07-21 12023568]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-30 124240]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-10-15 140608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-08 185872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall LastPass RunOnce.lnk - c:\documents and settings\Administrator\Application Data\lpuninstall.exe [2011-4-9 9163464]
.
c:\documents and settings\svasudevan.ML-SVASUDEVAN\Start Menu\Programs\Startup\
Uninstall LastPass RunOnce.lnk - c:\documents and settings\svasudevan.ML-SVASUDEVAN\Application Data\lpuninstall.exe [2011-4-9 9163464]
.
c:\documents and settings\aravind-it\Start Menu\Programs\Startup\
Uninstall LastPass RunOnce.lnk - c:\documents and settings\aravind-it\Application Data\lpuninstall.exe [2011-4-9 9163464]
.
c:\documents and settings\govindan-it\Start Menu\Programs\Startup\
Uninstall LastPass RunOnce.lnk - c:\documents and settings\govindan-it\Application Data\lpuninstall.exe [2011-4-9 9163464]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2011-2-23 323584]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-7-9 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-55364\Scripts\Logon\0\0]
"Script"=RPCHTTPSCHE.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-55364\Scripts\Logon\1\0]
"Script"=ClientInstall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-55364\Scripts\Logon\2\0]
"Script"=Logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-55564\Scripts\Logon\0\0]
"Script"=RPCHTTPSCHE.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-55564\Scripts\Logon\1\0]
"Script"=ClientInstall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-55564\Scripts\Logon\2\0]
"Script"=Logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-68332\Scripts\Logon\0\0]
"Script"=Logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-68332\Scripts\Logon\0\1]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-68332\Scripts\Logon\1\0]
"Script"=Logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-68332\Scripts\Logon\1\1]
"Script"=login.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-68332\Scripts\Logon\2\0]
"Script"=CachedMode.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\svasudevan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft Lync\\communicator.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [11/12/2009 1:33 AM 44680]
S2 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [11/12/2009 1:34 AM 35696]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [4/29/2009 8:07 PM 21256]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [6/17/2009 3:20 AM 69192]
S2 MonitorDevPluggin;MonitorDevPluggin;c:\program files\DevMonitor\DevMonitor Pluggin\MonitorDevPluggin.exe [3/28/2009 5:11 AM 10240]
S3 enterceptAgent;McAfee Host Intrusion Prevention Service;"c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe" --> c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [?]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [11/12/2009 1:33 AM 44680]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2010 9:18 PM 135664]
S3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [11/12/2009 1:34 AM 110384]
S3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [11/12/2009 1:34 AM 38200]
S3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [11/12/2009 1:34 AM 35584]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [11/30/2011 10:19 PM 65224]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [12/11/2010 7:22 AM 181792]
S3 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2010 9:18 PM 135664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 02:18]
.
2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 02:18]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2139871995-682003330-68332Core.job
- c:\documents and settings\svasudevan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-25 12:24]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2139871995-682003330-68332UA.job
- c:\documents and settings\svasudevan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-25 12:24]
.
2011-12-04 c:\windows\Tasks\User_Feed_Synchronization-{881D4A6C-7445-4262-A56B-E9FA531C2DA2}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://team/myvirtusa
uInternet Settings,ProxyServer = atlisgbluearray.alere.com:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 68.87.71.230 68.87.73.246
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {043BECED-7279-47F5-90D3-26D5A45E97FD} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/prbatchscanning.cab
DPF: {072EBF73-01D7-40E5-AC5C-C35B2FEAEA8D} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/prDynamicMenus.CAB
DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxp://mt-dwbicore3/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=z5qgdk45yvn4v33harjtcb45&ControlID=92ab5913e63c415d8e1dd8f907721ce5&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
DPF: {7162A103-007A-4A9B-85EE-F030AA23509A} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/prkeyutils.cab
DPF: {7C7AD9C7-6873-49A4-9EA3-92E4DAD2AB59} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/primportmanager.cab
DPF: {92C97DFA-09CB-11D5-B823-00105A1F06DB} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/legintwincapture.cab
DPF: {92F6C891-8282-4953-9A63-5C712783C668} - hxxp://chnpulse/Pulse/eT247.CAB
DPF: {ABA23149-06BA-440D-88FF-69203B966083} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/openauthoring.cab
DPF: {BE8EEE38-A7C5-4674-A6C4-C2D7421FDD10} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/prvisiointerface.cab
FF - ProfilePath - c:\documents and settings\svasudevan\Application Data\Mozilla\Firefox\Profiles\ej2qykuv.default\
FF - prefs.js: browser.search.selectedEngine - Twitter
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=106&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-McAfee Host Intrusion Prevention Tray - c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE
AddRemove-2255305426.localhost - c:\program files\Microsoft Silverlight\4.0.60531.0\Silverlight.Configuration.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-06 18:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\USBSTOR]
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\USBSTOR]
@Denied: (Full) (Owner)
@Denied: (Full) (Administrators)
@Denied: (Full) (S-1-5-21-1935655697-2139871995-682003330-68332)
"Start"=dword:00000004
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1932)
c:\windows\system32\WININET.dll
c:\program files\TortoiseSVN\bin\tortoisesvn.dll
c:\program files\TortoiseSVN\bin\libdb43.dll
c:\program files\TortoiseSVN\bin\intl3_svn.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Completion time: 2011-12-06 18:42:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-06 23:41
.
Pre-Run: 94,882,013,184 bytes free
Post-Run: 95,302,311,936 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D0C295DF1292AA735AE75D2184912988
 
Looks good now.

Any current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OLT Run and logs

Hi Broni :wave: sorry for the delay.. No issues as of now. My computer seems to run as normal.

The text log files were spanning across more than 3 replies so I have attached the log files. Let me know if you want me to copy the paste the text to make is easier.

Regards,
Vasu

EXTRAS.txt
--------------
OTL Extras logfile created on: 12/10/2011 11:21:25 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\svasudevan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.20% Memory free
3.84 Gb Paging File | 3.23 Gb Available in Paging File | 84.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 90.04 Gb Free Space | 60.41% Space Free | Partition Type: NTFS

Computer Name: ML-SVASUDEVAN | User Name: svasudevan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1935655697-2139871995-682003330-68332\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 0
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"%programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:OfficeCommunicator" = %programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:OfficeCommunicator
"C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe:*:enabled:Apache2.2" = C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe:*:enabled:Apache2.2
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:enabled:SR_GUI" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:enabled:SR_GUI
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:enabled:MacafeeFW" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:enabled:MacafeeFW -- (McAfee, Inc.)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:enabled:LM" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:enabled:LM -- (Microsoft Corporation)
"C:\Program Files\Nortel Networks\Extranet.exe" = C:\Program Files\Nortel Networks\Extranet.exe
"C:\Program Files\SunView Software\ChangeGear\Client\CG.exe:*:enabled:ChangeGear" = C:\Program Files\SunView Software\ChangeGear\Client\CG.exe:*:enabled:ChangeGear
"C:\Windows\System32\ftp.exe:*:enabled:FTPService" = C:\Windows\System32\ftp.exe:*:enabled:FTPService -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 0
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"1800:TCP:*:enabled:BT" = 1800:TCP:*:enabled:BT
"21:TCP:*:enabled:FTP" = 21:TCP:*:enabled:FTP

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 1
"AllowOutboundSourceQuench" = 1
"AllowRedirect" = 1
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 1
"AllowOutboundTimeExceeded" = 1
"AllowOutboundParameterProblem" = 1
"AllowInboundTimestampRequest" = 1
"AllowInboundMaskRequest" = 1
"AllowOutboundPacketTooBig" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 1
"LogFilePath" = c:\firewall.log -- ()
"LogFileSize" = 4096

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 10.4.66.21,10.4.66.20,10.2.162.15,10.5.66.21,10.3.8.99,10.2.69.12,10.4.69.11,10.5.69.11,10.3.8.26,10.4.66.35,10.2.165.66,10.4.67.154

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = 10.4.66.21,10.4.66.20,10.2.162.15,10.5.66.21,10.3.8.99,10.2.69.12,10.4.69.11,10.5.69.11,10.3.8.26,10.4.66.35,10.2.165.66

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 0
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List]
"%programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:MSCommunicator" = %programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:MSCommunicator
"C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe:*:enabled:Apache2.2" = C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe:*:enabled:Apache2.2
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:enabled:SR_GUI" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:enabled:SR_GUI
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:enabled:MacafeeFW" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:enabled:MacafeeFW -- (McAfee, Inc.)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:enabled:LM" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:enabled:LM -- (Microsoft Corporation)
"C:\Program Files\Nortel Networks\Extranet.exe" = C:\Program Files\Nortel Networks\Extranet.exe
"C:\Program Files\SunView Software\ChangeGear\Client\CG.exe:*:enabled:ChangeGear" = C:\Program Files\SunView Software\ChangeGear\Client\CG.exe:*:enabled:ChangeGear

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 0
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List]
"1800:TCP:*:enabled:BT" = 1800:TCP:*:enabled:BT
"21:TCP:*:enabled:FTP" = 21:TCP:*:enabled:FTP

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 1
"AllowOutboundSourceQuench" = 1
"AllowRedirect" = 1
"AllowInboundEchoRequest" = 1
"AllowInboundRouterRequest" = 1
"AllowOutboundTimeExceeded" = 1
"AllowOutboundParameterProblem" = 1
"AllowInboundTimestampRequest" = 1
"AllowInboundMaskRequest" = 1
"AllowOutboundPacketTooBig" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 1
"LogFilePath" = c:\firewall.log -- ()
"LogFileSize" = 4096

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = 10.4.66.21,10.4.66.20,10.2.162.15,10.5.66.21,10.3.8.99,10.2.69.12,10.4.69.11,10.5.69.11,10.3.8.26,10.4.66.35,10.2.165.66,10.4.67.154

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = 10.4.66.21,10.4.66.20,10.2.162.15,10.5.66.21,10.3.8.99,10.2.69.12,10.4.69.11,10.5.69.11,10.3.8.26,10.4.66.35,10.2.165.66,10.4.67.154

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ARM Software\MacroMaker\MacroMaker.exe" = C:\Program Files\ARM Software\MacroMaker\MacroMaker.exe:*:Disabled:MacroMaker
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Documents and Settings\svasudevan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\svasudevan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Microsoft Lync\UcMapi.exe" = C:\Program Files\Microsoft Lync\UcMapi.exe:*:Enabled:UcMapi -- (Microsoft Corporation)
"C:\Program Files\Microsoft Lync\communicator.exe" = C:\Program Files\Microsoft Lync\communicator.exe:*:Enabled:Lync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Documents and Settings\svasudevan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\svasudevan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Microsoft Lync\communicator.exe" = C:\Program Files\Microsoft Lync\communicator.exe:*:Disabled:Microsoft Lync 2010 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11849FBC-C416-4742-8279-17C3A2C85F72}" = Microsoft Lync 2010
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF06B85-EB4F-400D-8602-30A1DD48673B}" = BusinessObjects Enterprise XI Release 2
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0150160}" = J2SE Runtime Environment 5.0 Update 16
"{32A3A4F4-B792-11D6-A78A-00B0D0150160}" = J2SE Development Kit 5.0 Update 16
"{343D8DE3-AE1F-431A-830C-B66352E8CA12}" = OZ776 SCR Driver V1.1.3.9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{572BDC42-E46E-455B-BFAD-86FDBB3771A1}" = Quest Software Toad for SQL Server Freeware 4.6
"{5841488D-A0B8-41C7-A718-EFC6764F5652}" = DevMonitor Pluggin
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{605FBD65-6741-44D9-903A-FCAD3874A672}" = Microsoft System Center Service Manager Portal ActiveX Control
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F231232-C309-4401-964A-2A002B6E1ED9}" = Microsoft Baseline Security Analyzer 2.0.1
"{813B302C-2014-4166-B5D2-8C211AE4F22E}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{993A1CF7-311D-4990-B41E-77F1A04BADDE}" = AT&T Global Network Client Managed VPN Edition
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB6972B2-CF5D-4CC8-AF4F-B5D6888AB120}" = Microsoft Office Live Meeting 2005
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B332732A-4958-41DD-B439-DDA2D32753C5}" = McAfee Host Intrusion Prevention
"{B4496BE1-295F-4A17-9856-FEA2C9AA1A47}" = McAfee Agent
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BE66348A-E83F-4982-941F-DFF2F742B851}" = Microsoft Office Live Meeting 2007
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2AA63A0-27E0-458B-862A-BEC09DEA5286}" = TortoiseSVN
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"BDE_is1" = BDE Version 5.2.0.2
"CAL" = Canon Camera Access Library
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Data Access Objects (DAO)" = Data Access Objects (DAO) 3.0
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DivX Setup" = DivX Setup
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{343D8DE3-AE1F-431A-830C-B66352E8CA12}" = OZ776 SCR Driver V1.1.3.9
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MMOPN_30_32" = PLATINUM ERwin 3.5.2
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"ProInst" = Intel(R) PROSet/Wireless Software
"PROPLUS" = Microsoft Office Professional Plus 2007
"RDC" = RDC
"RealPlayer 6.0" = RealPlayer
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.3
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1935655697-2139871995-682003330-68332\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/10/2011 12:03:43 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script startdot3svc.bat. The system
cannot find the file specified. .

Error - 12/10/2011 12:03:43 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script USBStor.vbs. The system cannot
find the file specified. .

Error - 12/10/2011 12:04:48 PM | Computer Name = ML-SVASUDEVAN | Source = MsiInstaller | ID = 1013
Description = Product: Microsoft Office Communicator 2007 -- Your computer has a
newer version of Microsoft Office Communicator 2007 than the one you are trying
to install. To install an older version, first remove the current version (Click
Start, Control Panel, Add or Remove Programs, Microsoft Office Communicator 2007),
and then run this Setup again.

Error - 12/10/2011 12:17:38 PM | Computer Name = ML-SVASUDEVAN | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 12/10/2011 12:17:41 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script Logon.bat. The system cannot
find the file specified. .

Error - 12/10/2011 12:17:42 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script login.vbs. The system cannot
find the file specified. .

Error - 12/10/2011 12:17:43 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script Logon.bat. The system cannot
find the file specified. .

Error - 12/10/2011 12:17:44 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script login.vbs. The system cannot
find the file specified. .

Error - 12/10/2011 12:17:44 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script CachedMode.vbs. The system
cannot find the file specified. .

Error - 12/10/2011 12:18:52 PM | Computer Name = ML-SVASUDEVAN | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for VIRTUSA\svasudevan failed to
contact the active directory (0x8007054b). The specified domain either does not
exist or could not be contacted. Enrollment will not be performed.

[ Application Events ]
Error - 12/10/2011 12:03:43 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script startdot3svc.bat. The system
cannot find the file specified. .

Error - 12/10/2011 12:03:43 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script USBStor.vbs. The system cannot
find the file specified. .

Error - 12/10/2011 12:04:48 PM | Computer Name = ML-SVASUDEVAN | Source = MsiInstaller | ID = 1013
Description = Product: Microsoft Office Communicator 2007 -- Your computer has a
newer version of Microsoft Office Communicator 2007 than the one you are trying
to install. To install an older version, first remove the current version (Click
Start, Control Panel, Add or Remove Programs, Microsoft Office Communicator 2007),
and then run this Setup again.

Error - 12/10/2011 12:17:38 PM | Computer Name = ML-SVASUDEVAN | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 12/10/2011 12:17:41 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script Logon.bat. The system cannot
find the file specified. .

Error - 12/10/2011 12:17:42 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script login.vbs. The system cannot
find the file specified. .

Error - 12/10/2011 12:17:43 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script Logon.bat. The system cannot
find the file specified. .

Error - 12/10/2011 12:17:44 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script login.vbs. The system cannot
find the file specified. .

Error - 12/10/2011 12:17:44 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script CachedMode.vbs. The system
cannot find the file specified. .

Error - 12/10/2011 12:18:52 PM | Computer Name = ML-SVASUDEVAN | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for VIRTUSA\svasudevan failed to
contact the active directory (0x8007054b). The specified domain either does not
exist or could not be contacted. Enrollment will not be performed.

[ Application Events ]
Error - 12/10/2011 12:03:43 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script startdot3svc.bat. The system
cannot find the file specified. .

Error - 12/10/2011 12:03:43 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script USBStor.vbs. The system cannot
find the file specified. .

Error - 12/10/2011 12:04:48 PM | Computer Name = ML-SVASUDEVAN | Source = MsiInstaller | ID = 1013
Description = Product: Microsoft Office Communicator 2007 -- Your computer has a
newer version of Microsoft Office Communicator 2007 than the one you are trying
to install. To install an older version, first remove the current version (Click
Start, Control Panel, Add or Remove Programs, Microsoft Office Communicator 2007),
and then run this Setup again.

Error - 12/10/2011 12:17:38 PM | Computer Name = ML-SVASUDEVAN | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 12/10/2011 12:17:41 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script Logon.bat. The system cannot
find the file specified. .

Error - 12/10/2011 12:17:42 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script login.vbs. The system cannot
find the file specified. .

Error - 12/10/2011 12:17:43 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script Logon.bat. The system cannot
find the file specified. .

Error - 12/10/2011 12:17:44 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script login.vbs. The system cannot
find the file specified. .

Error - 12/10/2011 12:17:44 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
Description = Could not execute the following script CachedMode.vbs. The system
cannot find the file specified. .

Error - 12/10/2011 12:18:52 PM | Computer Name = ML-SVASUDEVAN | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for VIRTUSA\svasudevan failed to
contact the active directory (0x8007054b). The specified domain either does not
exist or could not be contacted. Enrollment will not be performed.

[ OSession Events ]
Error - 10/3/2009 10:42:49 AM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 4478
seconds with 840 seconds of active time. This session ended with a crash.

Error - 12/4/2009 4:16:44 AM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12304
seconds with 2760 seconds of active time. This session ended with a crash.

Error - 3/4/2010 3:46:16 AM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1429
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 3/5/2010 8:18:40 AM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6027
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 3/15/2010 12:33:40 AM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 272
seconds with 120 seconds of active time. This session ended with a crash.

Error - 4/5/2010 1:13:37 AM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1885
seconds with 780 seconds of active time. This session ended with a crash.

Error - 6/16/2010 10:07:41 AM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 13 seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/2/2011 8:38:28 AM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/28/2011 11:51:55 PM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 95
seconds with 60 seconds of active time. This session ended with a crash.

Error - 4/18/2011 3:58:09 AM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14534
seconds with 4800 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/21/2010 8:33:06 PM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 6/22/2010 9:28:49 AM | Computer Name = ML-SVASUDEVAN | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain VIRTUSA due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 6/22/2010 9:30:08 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {F80A8D57-D338-43FF-A5E6-5D093EA80775}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 6/22/2010 9:30:10 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {F80A8D57-D338-43FF-A5E6-5D093EA80775}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 6/22/2010 9:32:04 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 6/22/2010 10:57:54 AM | Computer Name = ML-SVASUDEVAN | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain VIRTUSA due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 6/22/2010 10:58:01 AM | Computer Name = ML-SVASUDEVAN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/22/2010 10:58:01 AM | Computer Name = ML-SVASUDEVAN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 6/22/2010 10:59:30 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {F80A8D57-D338-43FF-A5E6-5D093EA80775}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 6/22/2010 10:59:32 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {F80A8D57-D338-43FF-A5E6-5D093EA80775}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

[ System Events ]
Error - 6/21/2010 8:33:06 PM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 6/22/2010 9:28:49 AM | Computer Name = ML-SVASUDEVAN | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain VIRTUSA due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 6/22/2010 9:30:08 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {F80A8D57-D338-43FF-A5E6-5D093EA80775}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 6/22/2010 9:30:10 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {F80A8D57-D338-43FF-A5E6-5D093EA80775}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 6/22/2010 9:32:04 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 6/22/2010 10:57:54 AM | Computer Name = ML-SVASUDEVAN | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain VIRTUSA due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 6/22/2010 10:58:01 AM | Computer Name = ML-SVASUDEVAN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/22/2010 10:58:01 AM | Computer Name = ML-SVASUDEVAN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 6/22/2010 10:59:30 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {F80A8D57-D338-43FF-A5E6-5D093EA80775}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 6/22/2010 10:59:32 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {F80A8D57-D338-43FF-A5E6-5D093EA80775}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.


< End of report >
 

Attachments

  • OTL.Txt
    167.1 KB · Views: 0
  • Extras.Txt
    95.7 KB · Views: 0
Good news :)

Please obey forum rules.
All logs have to be pasted not attached (re: your OTL.txt log).
 
Status
Not open for further replies.

Similar threads

Shawn Knight
Back with a vengeance: SSD prices to surge in 2024
2
Replies
32
Views
851
Bamda
Bamda
C
Solved DWM.exe using 30-40% CPU and 2-4GB of RAM, also creating a suspicious connection
2
Replies
46
Views
7K
Broni
Broni
yRaz
My current switch from Microsoft to Linux, de-googling my life and what it takes.
Replies
2
Views
2K
yRaz
yRaz

Latest posts

Back