TechSpot

[A] Rogue iexplorer.exe in Task Manager unable to remove

Inactive
By Vasunss75
Nov 29, 2011
  1. Ok i need help and i am here after trying different option. Basically i have two issues :

    1) I see iexplorer.exe process spawns up in the taskmanager processess tab list automatically even if i don't have Internet explorer opened up. If i try killing the process it keeps coming back after some time.

    2) Firefox has got infected with google redirects issue. Whenever i click on a google search link some time it work but some times it take me to some wierd sites. Also a lot of cookies and trackers get downloaded. For now i have disabled cookies.

    I did the following for problems 1 & 2 before posting this issue here :

    1) Downloaded and ran the following :
    a.Spybotsd162
    b. Super Antispyware
    c.hitman pro
    d.trojan killar
    e. used rkill and then ran hitmanpro and then trojan killer
    f. today i am running windows defender

    but none of them are stopping the iexplore.exe from coming back again in the taskmanager.

    There is one thing i noticed. Mcfee virus scan showed : services.exe as infected with W32/Mariofev!mem but failed cleaning it.

    I am attaching the following Logs :

    1.HijackThis
    2.GMER

    Please help me get over this annoying issue. :(
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Vasunss75

    Vasunss75 TS Rookie Topic Starter

    Followed the steps as mentioned

    Hi Broni,

    Thanks for responding to help. I followed the exact steps mentioned in the instruction link . I installed and ran Malwarebytes , then i ran GMER but when i ran dds it progressed for 10 mins and then everything hung. I left it for the night and checked today but the dos screen stayed there with '#####..' .Log screens did not appear. So i have attached the 1st two logs for your review :

    >> Malwarebytes Log : Date run: 30th Nov 2011

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8281

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/30/2011 11:22:52 PM
    mbam-log-2011-11-30 (23-22-52).txt

    Scan type: Quick scan
    Objects scanned: 280628
    Time elapsed: 17 minute(s), 8 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    >> GMER Log : Date run : 30th Nov 2011

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-11-30 23:38:10
    Windows 5.1.2600 Service Pack 3
    Running: 2w45m4yp.exe; Driver: C:\DOCUME~1\SVASUD~1\LOCALS~1\Temp\kwlyqaog.sys


    ---- Services - GMER 1.0.15 ----

    Service (*** hidden *** ) [DISABLED] USBSTOR <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----
     
  4. Vasunss75

    Vasunss75 TS Rookie Topic Starter

    Adding one more observation to my previous reply

    Adding 1 more observation just in case this is important : :)

    Observation 1:

    Also, when I first tried to open GMER program from Desktop and got a message like this:

    LoadDriver ("C\Docume~1\ADMINI~\LOCALS~1\TEMP\pxddipog.sys")
    error: 0xC0000: Cannot create a stable subkey under a volatile parent key.

    But onced X'd out i could still open the program and run scan

    Observation 2:
    Every time i perform a 'Normal' Start up and run Mcfee on demand scan it detects the following :

    TDSS.e!RootKit - Mcfee deletes it succesfully but when i restart the system again and run the Mcfee scan it again detects the same virus. So it seems to be coming back when i start up.

    Also when i perform a safe boot with networking and perform a scan the virus does seem to be coming up.

    hope this helps you to help ME !!
     
  5. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  6. Vasunss75

    Vasunss75 TS Rookie Topic Starter

    Downloaded TDSSKiller.exe

    Ok Broni. Here is the status :

    1.I downloaded the TDSSKiller.exe from the link and saved on my desktop
    2.Double clicked it
    3.It came up with a windows security warning message whether allow the program to run
    4.Clicked ok
    5.Nothing happens

    I did not see any scan window coming up. So i thought the mcfee antivirus might be blocking the program

    so i restarted the system in safe mode, ensured that mcfee access protection was turned to 'off' and on-access scanner was also turned off

    now i double clicked the TDSSKiller.exe file ,warning comes up. I say ok and nothing happens. I then renamed the file and checked still it doesn't work.

    The iexplorer.exe problem still persists if i am connect to network during system startup and if 'only' i have Iexplorer on online mode. So for now i have switched 'Iexplorer' to offline mode and started using Mozilla firefox.

    Running the mcfee scan on start still finds TDSS_XPT and deletes it. But once it deletes the virus the system / processor performance is better.

    i am not sure how to check why TDSSKiller.exe is not working when double clicked.
     
  7. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
     
  8. Vasunss75

    Vasunss75 TS Rookie Topic Starter

    Yoooohoooo !!!! First run after cleanup shows no symptoms

    Hi Broni,

    I downloaded FixTDSS and ran it. A screen followed that said your system will be restarted. I pressed ok button.

    After the system restart FixTDSS process was the first to run. The scan result showed the following message "MBR is infected !!" Rectify ? I clicked on
    Rectify. The result showed 'successful disinfection' ..then i did some checks on the symptoms i used to see :

    1.Checked the CPU usage - it came down to normal levels
    2.Restarted the computer and ran mcfee scan to check if it still brings up TDSS rootkit error i used to see before. Nope...it came out clean

    3.Then i also restarted internet explorer brought it back online and close it to see if any other instance of iexplorer.exe persists. waited for 10 mins and nope came out clean.


    and Yay !! my system looks cool... better than before because of the cleanup hell process i had gone through !.

    Thanks a ton to Broni !!!
     
  9. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Good news :)
    But we're not done.
    We have to make sure nothing is hiding there.

    Give me fresh GMER log.
    See if DDS will run now.
    If so post both logs.
     
  10. Vasunss75

    Vasunss75 TS Rookie Topic Starter

    Post treatment checks - attaching logs

    yes i agree with you.. :slurp:

    I ran both GMER and DDS . This time DDS ran successfully. I am attaching all the logs .

    GMER Log
    --------------

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-12-04 09:48:38
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 Hitachi_HTS722016K9A300 rev.DCDOCA1H
    Running: 8jftztkh.exe; Driver: C:\DOCUME~1\SVASUD~1\LOCALS~1\Temp\kwlyqaog.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwConnectPort [0xB9D48260]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9D480F6]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB9D48090]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB9D480A4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9D4810A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9D48136]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB9D481A4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB9D4818E]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xB9D481BA]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMakeTemporaryObject [0xB9D4824C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB9D481E6]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9D480E2]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9D48054]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9D48068]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xB9D48222]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB9D48178]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB9D48162]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9D48120]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xB9D4820E]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xB9D481FA]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB9D480CE]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB9D480BA]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9D48238]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9D4814C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9D4807C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xB9D481D0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtConnectPort
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- Services - GMER 1.0.15 ----

    Service (*** hidden *** ) [DISABLED] USBSTOR <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----

    ************************************************************************************

    DDS Log file name : DDS.txt >>>

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Run by svasudevan at 9:51:04 on 2011-12-04
    .
    ============== Running Processes ===============
    .
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
    C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\Program Files\DevMonitor\DevMonitor Pluggin\MonitorDevPluggin.exe
    C:\Program Files\AT&T Global Network Client\netcfgsvr.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Microsoft Lync\communicator.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\udaterui.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\Notepad.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Documents and Settings\svasudevan\Desktop\dds(1).scr
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k eapsvcs
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k dot3svc
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://team/myvirtusa
    uInternet Settings,ProxyServer = atlisgbluearray.alere.com:8080
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - c:\program files\microsoft lync\OCHelper.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    EB: iOpus iMacros: {0483894e-2422-45e0-8384-021aff1af3cd} - c:\program files\imacros\imacros.dll
    uRun: [NetSP - restore settings on power failure] "c:\program files\at&t global network client\NetSP.exe" -show
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [AdobeBridge]
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
    mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
    dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\imacros\imacros.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {043BECED-7279-47F5-90D3-26D5A45E97FD} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/prbatchscanning.cab
    DPF: {072EBF73-01D7-40E5-AC5C-C35B2FEAEA8D} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/prDynamicMenus.CAB
    DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxp://mt-dwbicore3/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=z5qgdk45yvn4v33harjtcb45&ControlID=92ab5913e63c415d8e1dd8f907721ce5&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1322409531269
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1322409518491
    DPF: {7162A103-007A-4A9B-85EE-F030AA23509A} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/prkeyutils.cab
    DPF: {7C7AD9C7-6873-49A4-9EA3-92E4DAD2AB59} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/primportmanager.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {92C97DFA-09CB-11D5-B823-00105A1F06DB} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/legintwincapture.cab
    DPF: {92F6C891-8282-4953-9A63-5C712783C668} - hxxp://chnpulse/Pulse/eT247.CAB
    DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://inblrm06.tcs.com/dwa8W.cab
    DPF: {ABA23149-06BA-440D-88FF-69203B966083} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/openauthoring.cab
    DPF: {BE8EEE38-A7C5-4674-A6C4-C2D7421FDD10} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/prvisiointerface.cab
    DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://ukfreetrial.webex.com/client/T27L/webex/ieatgpc.cab
    TCP: DhcpNameServer = 68.87.71.230 68.87.73.246
    TCP: Interfaces\{E9951A37-82E7-4D5A-A5F6-9EB2D97B7DF5} : DhcpNameServer = 68.87.71.230 68.87.73.246
    Notify: igfxcui - igfxdev.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\svasudevan\application data\mozilla\firefox\profiles\ej2qykuv.default\
    FF - prefs.js: browser.search.selectedEngine - Twitter
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=106&q=
    FF - component: c:\documents and settings\svasudevan\application data\mozilla\firefox\profiles\ej2qykuv.default\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}\components\dtTransparency.dll
    FF - plugin: c:\documents and settings\svasudevan\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\svasudevan\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\svasudevan\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? enterceptAgent;McAfee Host Intrusion Prevention Service
    R? Firehk;McAfee NDIS Intermediate Filter
    R? gupdate;Google Update Service (gupdate)
    R? gupdatem;Google Update Service (gupdatem)
    R? mferkdet;McAfee Inc. mferkdet
    R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
    R? vsdatant;vsdatant
    R? WinDefend;Windows Defender
    R? WinRM;Windows Remote Management (WS-Management)
    S? FirehkMP;FirehkMP
    S? HIPK;McAfee Inc. HIPK
    S? HIPPSK;McAfee Inc. HIPPSK
    S? HIPQK;McAfee Inc. HIPQK
    S? hips;McAfee HIPSCore Service
    S? McAfeeEngineService;McAfee Engine Service
    S? McAfeeFramework;McAfee Framework Service
    S? McShield;McAfee McShield
    S? McTaskManager;McAfee Task Manager
    S? mfeavfk;McAfee Inc. mfeavfk
    S? mfebopk;McAfee Inc. mfebopk
    S? mfehidk;McAfee Inc. mfehidk
    S? mfevtp;McAfee Validation Trust Protection Service
    S? MonitorDevPluggin;MonitorDevPluggin
    .
    =============== Created Last 30 ================
    .
    2011-12-04 14:37:54 -------- d-----w- c:\documents and settings\svasudevan\application data\comcasttb
    2011-12-04 14:32:42 39816 ----a-w- c:\windows\system32\HIPIS0e011aa.dll
    2011-12-03 21:00:24 -------- d-----w- c:\program files\common files\Kodak
    2011-12-03 20:55:16 -------- d-----w- c:\documents and settings\all users\application data\PC Drivers HeadQuarters
    2011-12-01 03:57:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-12-01 03:25:37 -------- d-----w- c:\documents and settings\svasudevan\application data\McAfee
    2011-12-01 03:19:18 65224 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-12-01 03:19:18 43288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-12-01 03:19:17 91640 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-12-01 03:19:17 342128 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-12-01 03:18:05 -------- d-----w- c:\program files\common files\McAfee
    2011-12-01 01:14:48 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    2011-11-30 01:07:38 2321288 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
    2011-11-30 01:07:31 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{4e526ad6-d73e-4745-8225-e7a3b93f4c48}\mpengine.dll
    2011-11-30 01:07:29 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-30 00:25:18 -------- d-----w- c:\program files\Trojan Remover
    2011-11-29 05:01:26 -------- d-----w- c:\program files\common files\PC Tools
    2011-11-29 05:01:25 -------- d-----w- c:\program files\PC Tools Security
    2011-11-29 04:40:08 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
    2011-11-29 02:33:04 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2011-11-28 23:57:46 -------- d-----w- c:\program files\GridinSoft Trojan Killer
    2011-11-28 23:18:29 -------- d-----w- c:\program files\Hitman Pro 3.5
    2011-11-28 23:02:27 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-11-28 23:01:23 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
    2011-11-28 05:13:58 -------- d-----w- c:\documents and settings\svasudevan\application data\QuickScan
    2011-11-28 04:57:38 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
    2011-11-27 22:06:44 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2011-11-27 15:59:11 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
    2011-11-25 21:59:06 -------- d-----w- c:\documents and settings\svasudevan\application data\DDMSettings
    2011-11-22 04:51:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-11-22 04:51:01 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
    2011-11-22 04:51:01 1989592 ----a-w- c:\program files\mozilla firefox\mozjs.dll
    2011-11-22 04:51:00 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
    2011-11-22 04:51:00 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
    2011-11-22 04:51:00 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2011-11-22 04:51:00 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
    2011-11-22 04:51:00 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
    2011-11-21 03:41:11 -------- d-----w- c:\windows\pss
    2011-11-20 22:35:04 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-11-20 22:25:20 388096 ----a-r- c:\documents and settings\svasudevan\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-11-20 03:38:07 -------- d-----w- c:\documents and settings\svasudevan\local settings\application data\NPE
    2011-11-20 03:19:12 -------- d-----w- c:\program files\common files\Symantec Shared
    2011-11-20 03:18:47 -------- d-----w- c:\documents and settings\all users\application data\Norton
    2011-11-20 03:18:33 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
    2011-11-20 03:08:13 -------- d-----w- c:\documents and settings\svasudevan\application data\xfin_portal
    2011-11-20 03:08:00 -------- d-----w- c:\program files\xfin_portal
    2011-11-17 22:52:17 -------- d-----w- c:\documents and settings\svasudevan\application data\CallingID
    2011-11-17 22:51:58 -------- d-----w- c:\program files\common files\scanner
    2011-11-17 22:51:58 -------- d-----w- c:\program files\comcasttb
    2011-11-17 22:51:43 -------- d-----w- c:\program files\CA
    .
    ==================== Find3M ====================
    .
    2011-11-07 22:02:08 140864 ----a-w- c:\windows\system32\KevlarSigs.dll
    2011-10-20 23:26:22 94208 ----a-w- c:\windows\system32\dpl100.dll
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 06:11:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 06:11:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 06:11:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-23 18:23:50 52352 ----a-w- c:\windows\system32\drivers\VolSnap.sys
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2004-09-10 08:10:38 75264 ----a-w- c:\program files\DECCHECK.exe
    .
    ============= FINISH: 9:53:05.53 ===============

    --Continued part 2 of log in next reply
     
  11. Vasunss75

    Vasunss75 TS Rookie Topic Starter

    Continued part 2 of log in next reply

    Continued ..Log file Attach.txt from DDS >>>>


    .
    ==== Installed Programs ======================
    .
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Reader 8.1.5
    Adobe Shockwave Player 11
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    AT&T Global Network Client Managed VPN Edition
    BDE Version 5.2.0.2
    BusinessObjects Enterprise XI Release 2
    Canon Camera Access Library
    CCScore
    Cisco Systems VPN Client 5.0.00.0340
    Compatibility Pack for the 2007 Office system
    Conexant HDA D330 MDC V.92 Modem
    Configuration Manager Client
    Data Access Objects (DAO) 3.0
    Data Access Objects (DAO) 3.5
    DevMonitor Pluggin
    DivX Setup
    DScaler 5 Mpeg Decoders
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    Google Chrome
    Google Talk (remove only)
    Google Talk Plugin
    Google Update Helper
    GoToMeeting 4.5.0.457
    High Definition Audio Driver Package - KB835221
    High Definition Audio Driver Package - KB888111
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB945060-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB969084)
    Hotfix for Windows XP (KB979306)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless Software
    J2SE Development Kit 5.0 Update 16
    J2SE Runtime Environment 5.0 Update 16
    Java Auto Updater
    Java(TM) 6 Update 22
    Juniper Networks Host Checker
    KB408682
    Kodak EasyShare software
    McAfee Agent
    McAfee AntiSpyware Enterprise Module
    McAfee Host Intrusion Prevention
    McAfee VirusScan Enterprise
    mCore
    mDriver
    mDrWiFi
    mHlpDell
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Baseline Security Analyzer 2.0.1
    Microsoft Conferencing Add-in for Microsoft Office Outlook
    Microsoft Lync - Welcome
    Microsoft Lync 2010
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Meeting 2005
    Microsoft Office Live Meeting 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Project Professional 2003
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio 2007 Service Pack 3 (SP3)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2003
    Microsoft Office Visio Professional 2007
    Microsoft Office Visio Viewer 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft System Center Service Manager Portal ActiveX Control
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Windows XP Video Decoder Checkup Utility
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    mIWA
    mLogView
    mMHouse
    Mozilla Firefox 8.0.1 (x86 en-US)
    mPfMgr
    mPfWiz
    mProSafe
    mSCfg
    mSSO
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    mWlsSafe
    mWMI
    mZConfig
    netbrdg
    Octoshape add-in for Adobe Flash Player
    OfotoXMI
    OZ776 SCR Driver V1.1.3.9
    PLATINUM ERwin 3.5.2
    Quest Software Toad for SQL Server Freeware 4.6
    QuickTime
    RDC
    RealPlayer
    Realtek USB 2.0 Card Reader
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2483614)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    SFR
    SHASTA
    SigmaTel Audio
    skin0001
    SKINXSDK
    Skype™ 5.5
    staticcr
    TortoiseSVN
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB957244)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Visio 2007 Help (KB963666)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Script Editor Help (KB957253)
    Update for Microsoft Windows (KB971513)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    VC80CRTRedist - 8.0.50727.6195
    VLC media player 1.0.3
    VPRINTOL
    WebEx
    WebFldrs XP
    WIMGAPI
    Windows Defender
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Management Framework Core
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip
    WIRELESS
    XFINITY Toolbar
    Xvid 1.2.1 final uninstall
    Yahoo! Messenger
    .
    ==== End Of File ===========================

    That is all Broni !
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    See if TDSSKiller will run now.
     
  13. Vasunss75

    Vasunss75 TS Rookie Topic Starter

    Ran TDSSKiller.exe

    Yes now i am able to execute TDSSKiller.exe. It ran successfully and then i extracted the text from the log file it created under c: drive: Here is it :

    18:25:49.0454 4008 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
    18:25:49.0604 4008 ============================================================
    18:25:49.0604 4008 Current date / time: 2011/12/04 18:25:49.0604
    18:25:49.0604 4008 SystemInfo:
    18:25:49.0604 4008
    18:25:49.0604 4008 OS Version: 5.1.2600 ServicePack: 3.0
    18:25:49.0604 4008 Product type: Workstation
    18:25:49.0604 4008 ComputerName: ML-SVASUDEVAN
    18:25:49.0604 4008 UserName: svasudevan
    18:25:49.0604 4008 Windows directory: C:\WINDOWS
    18:25:49.0604 4008 System windows directory: C:\WINDOWS
    18:25:49.0604 4008 Processor architecture: Intel x86
    18:25:49.0604 4008 Number of processors: 1
    18:25:49.0604 4008 Page size: 0x1000
    18:25:49.0604 4008 Boot type: Normal boot
    18:25:49.0604 4008 ============================================================
    18:25:51.0437 4008 Initialize success
    18:26:37.0133 2064 ============================================================
    18:26:37.0133 2064 Scan started
    18:26:37.0133 2064 Mode: Manual;
    18:26:37.0133 2064 ============================================================
    18:26:38.0695 2064 Abiosdsk - ok
    18:26:38.0745 2064 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    18:26:38.0745 2064 abp480n5 - ok
    18:26:38.0855 2064 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    18:26:38.0945 2064 ACPI - ok
    18:26:39.0035 2064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    18:26:39.0055 2064 ACPIEC - ok
    18:26:39.0126 2064 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    18:26:39.0136 2064 adpu160m - ok
    18:26:39.0296 2064 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    18:26:39.0296 2064 aec - ok
    18:26:39.0356 2064 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    18:26:39.0356 2064 AegisP - ok
    18:26:39.0416 2064 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    18:26:39.0416 2064 AFD - ok
    18:26:39.0626 2064 agnfilt (e40f1f658c70bc5fe9a70dd82c255080) C:\WINDOWS\system32\DRIVERS\agnfilt.sys
    18:26:39.0626 2064 agnfilt - ok
    18:26:39.0676 2064 agnwifi (685443afa5d1a94c5f47e4846b0e4c3d) C:\WINDOWS\system32\DRIVERS\agnwifi.sys
    18:26:39.0676 2064 agnwifi - ok
    18:26:39.0736 2064 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    18:26:39.0746 2064 agp440 - ok
    18:26:39.0766 2064 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    18:26:39.0766 2064 agpCPQ - ok
    18:26:39.0887 2064 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    18:26:39.0897 2064 Aha154x - ok
    18:26:39.0967 2064 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    18:26:39.0967 2064 aic78u2 - ok
    18:26:40.0007 2064 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    18:26:40.0007 2064 aic78xx - ok
    18:26:40.0057 2064 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    18:26:40.0057 2064 AliIde - ok
    18:26:40.0087 2064 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    18:26:40.0097 2064 alim1541 - ok
    18:26:40.0137 2064 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    18:26:40.0137 2064 amdagp - ok
    18:26:40.0157 2064 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    18:26:40.0167 2064 amsint - ok
    18:26:40.0197 2064 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    18:26:40.0197 2064 Arp1394 - ok
    18:26:40.0217 2064 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    18:26:40.0217 2064 asc - ok
    18:26:40.0227 2064 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    18:26:40.0237 2064 asc3350p - ok
    18:26:40.0257 2064 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    18:26:40.0257 2064 asc3550 - ok
    18:26:40.0287 2064 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:26:40.0287 2064 AsyncMac - ok
    18:26:40.0297 2064 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:26:40.0307 2064 atapi - ok
    18:26:40.0317 2064 Atdisk - ok
    18:26:40.0347 2064 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:26:40.0347 2064 Atmarpc - ok
    18:26:40.0387 2064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:26:40.0387 2064 audstub - ok
    18:26:40.0518 2064 avpnnic (ca91a96e5e24799c551216a70072f979) C:\WINDOWS\system32\DRIVERS\avpnnic.sys
    18:26:40.0518 2064 avpnnic - ok
    18:26:40.0558 2064 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    18:26:40.0558 2064 b57w2k - ok
    18:26:40.0748 2064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    18:26:40.0748 2064 Beep - ok
    18:26:40.0798 2064 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    18:26:40.0798 2064 BVRPMPR5 - ok
    18:26:40.0808 2064 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    18:26:40.0808 2064 cbidf - ok
    18:26:40.0828 2064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:26:40.0828 2064 cbidf2k - ok
    18:26:40.0858 2064 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    18:26:40.0858 2064 cd20xrnt - ok
    18:26:40.0878 2064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:26:40.0938 2064 Cdaudio - ok
    18:26:41.0018 2064 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    18:26:41.0048 2064 Cdfs - ok
    18:26:41.0128 2064 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    18:26:41.0138 2064 Cdrom - ok
    18:26:41.0168 2064 Changer - ok
    18:26:41.0329 2064 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    18:26:41.0329 2064 CmBatt - ok
    18:26:41.0369 2064 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    18:26:41.0369 2064 CmdIde - ok
    18:26:41.0389 2064 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    18:26:41.0399 2064 Compbatt - ok
    18:26:41.0429 2064 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    18:26:41.0429 2064 Cpqarray - ok
    18:26:41.0469 2064 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
    18:26:41.0469 2064 CVirtA - ok
    18:26:41.0529 2064 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
    18:26:41.0529 2064 CVPNDRVA - ok
    18:26:41.0639 2064 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    18:26:41.0639 2064 dac2w2k - ok
    18:26:41.0759 2064 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    18:26:41.0759 2064 dac960nt - ok
    18:26:41.0789 2064 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    18:26:41.0789 2064 Disk - ok
    18:26:41.0839 2064 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    18:26:41.0960 2064 dmboot - ok
    18:26:42.0100 2064 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    18:26:42.0100 2064 dmio - ok
    18:26:42.0140 2064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    18:26:42.0140 2064 dmload - ok
    18:26:42.0210 2064 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    18:26:42.0210 2064 DMusic - ok
    18:26:42.0300 2064 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
    18:26:42.0310 2064 DNE - ok
    18:26:42.0480 2064 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    18:26:42.0480 2064 dpti2o - ok
    18:26:42.0520 2064 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    18:26:42.0520 2064 drmkaud - ok
    18:26:42.0570 2064 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    18:26:42.0580 2064 Fastfat - ok
    18:26:42.0751 2064 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    18:26:42.0751 2064 Fdc - ok
    18:26:42.0791 2064 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    18:26:42.0791 2064 Fips - ok
    18:26:42.0821 2064 Firehk (f96d1c2c40902604329933374950babb) C:\WINDOWS\system32\DRIVERS\firehk.sys
    18:26:42.0821 2064 Firehk - ok
    18:26:42.0831 2064 FirehkMP (f96d1c2c40902604329933374950babb) C:\WINDOWS\system32\DRIVERS\firehk.sys
    18:26:42.0831 2064 FirehkMP - ok
    18:26:42.0881 2064 firelm01 (b4016f8c5be680b7f6849dcc8a8b99ce) C:\WINDOWS\system32\drivers\firelm01.sys
    18:26:42.0881 2064 firelm01 - ok
    18:26:42.0931 2064 FirePM (62ed0af07964feceee7429a0c82c8b0d) C:\WINDOWS\system32\Drivers\FirePM.sys
    18:26:42.0931 2064 FirePM - ok
    18:26:43.0201 2064 FireTDI (605ff6edc1e2cc337070c5317ca80040) C:\WINDOWS\system32\Drivers\FireTDI.sys
    18:26:43.0201 2064 FireTDI - ok
    18:26:43.0271 2064 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    18:26:43.0271 2064 Flpydisk - ok
    18:26:43.0332 2064 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    18:26:43.0332 2064 FltMgr - ok
    18:26:43.0382 2064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    18:26:43.0382 2064 Fs_Rec - ok
    18:26:43.0412 2064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    18:26:43.0432 2064 Ftdisk - ok
    18:26:43.0482 2064 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    18:26:43.0482 2064 Gpc - ok
    18:26:43.0632 2064 guardian2 (0e1fd1ea2837d6b7a1d7b6c928014d05) C:\WINDOWS\system32\Drivers\oz776.sys
    18:26:43.0642 2064 guardian2 - ok
    18:26:43.0672 2064 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    18:26:43.0682 2064 HDAudBus - ok
    18:26:43.0722 2064 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    18:26:43.0732 2064 HidUsb - ok
    18:26:43.0772 2064 HIPK (1be9041b7d9d2d7f1774b384f773ea67) C:\WINDOWS\system32\drivers\HIPK.sys
    18:26:43.0772 2064 HIPK - ok
    18:26:43.0962 2064 HIPPSK (383e70750cbb1a1c208c93e398f46e96) C:\WINDOWS\system32\drivers\HIPPSK.sys
    18:26:43.0962 2064 HIPPSK - ok
    18:26:43.0982 2064 HIPQK (744b01bc7303275487092e1a33a2769c) C:\WINDOWS\system32\drivers\HIPQK.sys
    18:26:43.0982 2064 HIPQK - ok
    18:26:44.0023 2064 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    18:26:44.0023 2064 hpn - ok
    18:26:44.0053 2064 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    18:26:44.0053 2064 HSFHWAZL - ok
    18:26:44.0253 2064 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    18:26:44.0363 2064 HSF_DPV - ok
    18:26:44.0543 2064 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    18:26:44.0553 2064 HTTP - ok
    18:26:44.0633 2064 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    18:26:44.0633 2064 i2omgmt - ok
    18:26:44.0673 2064 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    18:26:44.0673 2064 i2omp - ok
    18:26:44.0714 2064 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    18:26:44.0714 2064 i8042prt - ok
    18:26:44.0914 2064 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    18:26:45.0084 2064 ialm - ok
    18:26:45.0204 2064 idisw2km - ok
    18:26:45.0264 2064 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    18:26:45.0264 2064 Imapi - ok
    18:26:45.0294 2064 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    18:26:45.0294 2064 ini910u - ok
    18:26:45.0314 2064 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    18:26:45.0314 2064 IntelIde - ok
    18:26:45.0374 2064 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    18:26:45.0374 2064 intelppm - ok
    18:26:45.0405 2064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    18:26:45.0405 2064 IpFilterDriver - ok
    18:26:45.0435 2064 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    18:26:45.0435 2064 IpInIp - ok
    18:26:45.0475 2064 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    18:26:45.0475 2064 IpNat - ok
    18:26:45.0505 2064 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    18:26:45.0525 2064 IPSec - ok
    18:26:45.0575 2064 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
    18:26:45.0575 2064 irda - ok
    18:26:45.0605 2064 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    18:26:45.0605 2064 IRENUM - ok
    18:26:45.0665 2064 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    18:26:45.0665 2064 isapnp - ok
    18:26:45.0805 2064 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    18:26:45.0805 2064 Kbdclass - ok
    18:26:45.0815 2064 kbstuff - ok
    18:26:45.0865 2064 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    18:26:45.0865 2064 kmixer - ok
    18:26:46.0096 2064 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    18:26:46.0096 2064 KSecDD - ok
    18:26:46.0126 2064 lbrtfdc - ok
    18:26:46.0206 2064 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    18:26:46.0206 2064 mdmxsdk - ok
    18:26:46.0276 2064 mfeapfk (a8d2c54c2f71f5cba7ca2734341e57e6) C:\WINDOWS\system32\drivers\mfeapfk.sys
    18:26:46.0276 2064 mfeapfk - ok
    18:26:46.0326 2064 mfeavfk (1fae237d343904e24b3a9eb04bbd8170) C:\WINDOWS\system32\drivers\mfeavfk.sys
    18:26:46.0326 2064 mfeavfk - ok
    18:26:46.0356 2064 mfebopk (8c324da46f9fcc5c107ceda4dbcfc7ae) C:\WINDOWS\system32\drivers\mfebopk.sys
    18:26:46.0356 2064 mfebopk - ok
    18:26:46.0506 2064 mfehidk (d0123e113243bdd427611f265bbd21b8) C:\WINDOWS\system32\drivers\mfehidk.sys
    18:26:46.0516 2064 mfehidk - ok
    18:26:46.0546 2064 mferkdet (d528f31cad4411d3ae3ce0c634232851) C:\WINDOWS\system32\drivers\mferkdet.sys
    18:26:46.0546 2064 mferkdet - ok
    18:26:46.0596 2064 mfetdik (78efa6fd2a486c476045eaa1d2f218b7) C:\WINDOWS\system32\drivers\mfetdik.sys
    18:26:46.0596 2064 mfetdik - ok
    18:26:46.0636 2064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    18:26:46.0636 2064 mnmdd - ok
    18:26:46.0666 2064 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    18:26:46.0666 2064 Modem - ok
    18:26:46.0726 2064 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    18:26:46.0726 2064 Mouclass - ok
    18:26:46.0927 2064 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    18:26:46.0927 2064 mouhid - ok
    18:26:46.0997 2064 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    18:26:47.0017 2064 MountMgr - ok
    18:26:47.0087 2064 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    18:26:47.0107 2064 mraid35x - ok
    18:26:47.0137 2064 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    18:26:47.0137 2064 MRxDAV - ok
    18:26:47.0207 2064 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    18:26:47.0217 2064 MRxSmb - ok
    18:26:47.0297 2064 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    18:26:47.0297 2064 Msfs - ok
    18:26:47.0337 2064 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    18:26:47.0337 2064 MSKSSRV - ok
    18:26:47.0367 2064 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    18:26:47.0367 2064 MSPCLOCK - ok
    18:26:47.0578 2064 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    18:26:47.0588 2064 MSPQM - ok
    18:26:47.0668 2064 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    18:26:47.0668 2064 mssmbios - ok
    18:26:47.0718 2064 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    18:26:47.0718 2064 Mup - ok
    18:26:47.0878 2064 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    18:26:47.0908 2064 NDIS - ok
    18:26:47.0988 2064 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    18:26:47.0988 2064 NdisTapi - ok
    18:26:48.0018 2064 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    18:26:48.0028 2064 Ndisuio - ok
    18:26:48.0058 2064 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    18:26:48.0058 2064 NdisWan - ok
    18:26:48.0108 2064 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    18:26:48.0108 2064 NDProxy - ok
    18:26:48.0199 2064 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    18:26:48.0199 2064 NetBIOS - ok
    18:26:48.0229 2064 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:26:48.0229 2064 NetBT - ok
    18:26:48.0359 2064 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
    18:26:48.0389 2064 NETw4x32 - ok
    18:26:48.0499 2064 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    18:26:48.0509 2064 NIC1394 - ok
    18:26:48.0599 2064 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    18:26:48.0599 2064 Npfs - ok
    18:26:48.0639 2064 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    18:26:48.0649 2064 Ntfs - ok
    18:26:48.0679 2064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    18:26:48.0679 2064 Null - ok
    18:26:48.0719 2064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:26:48.0719 2064 NwlnkFlt - ok
    18:26:48.0749 2064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:26:48.0749 2064 NwlnkFwd - ok
    18:26:48.0779 2064 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    18:26:48.0779 2064 ohci1394 - ok
    18:26:48.0829 2064 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    18:26:48.0829 2064 Parport - ok
    18:26:48.0920 2064 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    18:26:48.0930 2064 PartMgr - ok
    18:26:49.0010 2064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    18:26:49.0010 2064 ParVdm - ok
    18:26:49.0050 2064 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    18:26:49.0050 2064 PCI - ok
    18:26:49.0080 2064 PCIDump - ok
    18:26:49.0140 2064 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    18:26:49.0140 2064 PCIIde - ok
    18:26:49.0160 2064 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    18:26:49.0160 2064 Pcmcia - ok
    18:26:49.0180 2064 PDCOMP - ok
    18:26:49.0210 2064 PDFRAME - ok
    18:26:49.0230 2064 PDRELI - ok
    18:26:49.0250 2064 PDRFRAME - ok
    18:26:49.0280 2064 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    18:26:49.0280 2064 perc2 - ok
    18:26:49.0300 2064 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    18:26:49.0300 2064 perc2hib - ok
    18:26:49.0430 2064 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:26:49.0440 2064 PptpMiniport - ok
    18:26:49.0520 2064 prepdrvr (2a4514a9233d35a355f569ff8b8f6240) C:\WINDOWS\system32\CCM\prepdrv.sys
    18:26:49.0550 2064 prepdrvr - ok
    18:26:49.0591 2064 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    18:26:49.0601 2064 PSched - ok
    18:26:49.0621 2064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:26:49.0621 2064 Ptilink - ok
    18:26:49.0671 2064 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    18:26:49.0681 2064 PxHelp20 - ok
    18:26:49.0701 2064 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    18:26:49.0701 2064 ql1080 - ok
    18:26:49.0731 2064 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    18:26:49.0741 2064 Ql10wnt - ok
    18:26:49.0761 2064 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    18:26:49.0761 2064 ql12160 - ok
    18:26:49.0781 2064 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    18:26:49.0791 2064 ql1240 - ok
    18:26:49.0871 2064 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    18:26:49.0871 2064 ql1280 - ok
    18:26:49.0971 2064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:26:49.0971 2064 RasAcd - ok
    18:26:50.0151 2064 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    18:26:50.0151 2064 Rasirda - ok
    18:26:50.0191 2064 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:26:50.0191 2064 Rasl2tp - ok
    18:26:50.0221 2064 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:26:50.0221 2064 RasPppoe - ok
    18:26:50.0241 2064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:26:50.0241 2064 Raspti - ok
    18:26:50.0282 2064 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:26:50.0292 2064 Rdbss - ok
    18:26:50.0422 2064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:26:50.0432 2064 RDPCDD - ok
    18:26:50.0512 2064 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    18:26:50.0532 2064 rdpdr - ok
    18:26:50.0622 2064 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    18:26:50.0632 2064 RDPWD - ok
    18:26:50.0692 2064 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:26:50.0702 2064 redbook - ok
    18:26:50.0822 2064 RSUSBSTOR (6b065c88a4c05cf44793ac2bfc331ac5) C:\WINDOWS\system32\Drivers\RtsUStor.sys
    18:26:50.0832 2064 RSUSBSTOR - ok
    18:26:50.0892 2064 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    18:26:50.0892 2064 s24trans - ok
    18:26:51.0003 2064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:26:51.0013 2064 Secdrv - ok
    18:26:51.0123 2064 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    18:26:51.0123 2064 serenum - ok
    18:26:51.0163 2064 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    18:26:51.0163 2064 Serial - ok
    18:26:51.0213 2064 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    18:26:51.0213 2064 Sfloppy - ok
    18:26:51.0273 2064 Simbad - ok
    18:26:51.0333 2064 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    18:26:51.0373 2064 sisagp - ok
    18:26:51.0543 2064 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
    18:26:51.0543 2064 SMCIRDA - ok
    18:26:51.0834 2064 smsmdd (4b4ab78e866bbecf93f6eabc3270178a) C:\WINDOWS\system32\DRIVERS\smsmdm.sys
    18:26:51.0834 2064 smsmdd - ok
    18:26:51.0994 2064 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    18:26:51.0994 2064 Sparrow - ok
    18:26:52.0024 2064 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    18:26:52.0024 2064 splitter - ok
    18:26:52.0114 2064 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    18:26:52.0114 2064 sr - ok
    18:26:52.0154 2064 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    18:26:52.0164 2064 Srv - ok
    18:26:52.0204 2064 sst150 (3c7d7ef4ba8d3a37bced5d74d3f0d1c0) C:\WINDOWS\system32\drivers\sst150.sys
    18:26:52.0204 2064 sst150 - ok
    18:26:52.0284 2064 STHDA (31ba85e1cff39a57f702a2a0877bb8e1) C:\WINDOWS\system32\drivers\sthda.sys
    18:26:52.0294 2064 STHDA - ok
    18:26:52.0365 2064 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:26:52.0365 2064 swenum - ok
    18:26:52.0455 2064 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    18:26:52.0455 2064 swmidi - ok
    18:26:52.0515 2064 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    18:26:52.0515 2064 symc810 - ok
    18:26:52.0545 2064 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    18:26:52.0545 2064 symc8xx - ok
    18:26:52.0565 2064 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    18:26:52.0565 2064 sym_hi - ok
    18:26:52.0595 2064 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    18:26:52.0595 2064 sym_u3 - ok
    18:26:52.0635 2064 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    18:26:52.0635 2064 sysaudio - ok
    18:26:52.0675 2064 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:26:52.0685 2064 Tcpip - ok
    18:26:52.0735 2064 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:26:52.0735 2064 TDPIPE - ok
    18:26:52.0775 2064 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    18:26:52.0775 2064 TDTCP - ok
    18:26:52.0845 2064 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:26:52.0845 2064 TermDD - ok
    18:26:52.0935 2064 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    18:26:52.0935 2064 TosIde - ok
    18:26:52.0985 2064 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    18:26:52.0985 2064 Udfs - ok
    18:26:53.0025 2064 UIUSys - ok
    18:26:53.0076 2064 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    18:26:53.0076 2064 ultra - ok
    18:26:53.0126 2064 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    18:26:53.0136 2064 Update - ok
    18:26:53.0236 2064 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:26:53.0236 2064 usbehci - ok
    18:26:53.0296 2064 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:26:53.0296 2064 usbhub - ok
    18:26:53.0336 2064 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    18:26:53.0336 2064 usbscan - ok
    18:26:53.0346 2064 Suspicious service (NoAccess): USBSTOR
    18:26:53.0366 2064 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    18:26:53.0366 2064 usbuhci - ok
    18:26:53.0386 2064 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    18:26:53.0386 2064 VgaSave - ok
    18:26:53.0416 2064 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    18:26:53.0416 2064 viaagp - ok
    18:26:53.0436 2064 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    18:26:53.0436 2064 ViaIde - ok
    18:26:53.0466 2064 VolSnap (8108075f136a7bc26ca53d86beef8b00) C:\WINDOWS\system32\drivers\VolSnap.sys
    18:26:53.0466 2064 VolSnap - ok
    18:26:53.0526 2064 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
    18:26:53.0576 2064 vsdatant - ok
    18:26:53.0646 2064 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:26:53.0646 2064 Wanarp - ok
    18:26:53.0716 2064 WDICA - ok
    18:26:53.0817 2064 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    18:26:53.0817 2064 wdmaud - ok
    18:26:53.0907 2064 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    18:26:53.0917 2064 winachsf - ok
    18:26:54.0067 2064 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    18:26:54.0067 2064 WmiAcpi - ok
    18:26:54.0177 2064 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    18:26:54.0177 2064 WS2IFSL - ok
    18:26:54.0277 2064 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    18:26:54.0918 2064 \Device\Harddisk0\DR0 - ok
    18:26:54.0918 2064 Boot (0x1200) (a73b0c7b014e3c6ee9f48fab3b445785) \Device\Harddisk0\DR0\Partition0
    18:26:54.0938 2064 \Device\Harddisk0\DR0\Partition0 - ok
    18:26:54.0948 2064 ============================================================
    18:26:54.0948 2064 Scan finished
    18:26:54.0948 2064 ============================================================
    18:26:54.0988 2416 Detected object count: 0
    18:26:54.0988 2416 Actual detected object count: 0

    Thanks !
     
  14. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Very good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  15. Vasunss75

    Vasunss75 TS Rookie Topic Starter

    Unable to disable Mcfee antivirus and firewall

    Hi Broni,

    Since this is my work laptop i am not able to disable Mcfee and Windows firewall services. May be due to current policy for my username. But other wise i have administrative rights on this system.

    Mcfee
    -----
    Program --> Mcfee --> McFee VirusScan Console --> On the console there 2 of these tasks : 1) Access protection 2) On-Access Scanner when i right click it has the 'disable' button grayed out.


    Windows Firewall
    ----------------
    Also when i right click on Windows Firewall - I see this message : For your security ,some settings ar controlled by Group Policy

    and the i see "On recommended" radio button disabled and also 'Off' button is also disabled.

    Not sure how disable it. I will see if i can get help from work IT team.
     
  16. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Run Combofix from safe mode and disregard any warnings.
     
  17. Vasunss75

    Vasunss75 TS Rookie Topic Starter

    I ran Combofix in safe mode

    Broni,

    I downloaded Combofix and ran in safe mode ignored warnings.
    During the run it detected bootkit activity and wanted to restart.
    I pressed ok and the system restarted.
    Then it downloaded and created system restore point.
    Finally the scan started and went through many stages.
    This was followed by system restart request.
    pressed ok.
    after restart it created the log file. Pasting it below :

    ComboFix 11-12-06.01 - svasudevan 12/06/2011 18:30:21.1.1 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1654 [GMT -5:00]
    Running from: c:\documents and settings\svasudevan\Desktop\ComboFix.exe
    AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    FW: McAfee Host Intrusion Prevention Firewall *Disabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\svasudevan\Application Data\Toolbar4
    c:\documents and settings\svasudevan\g2mdlhlpx.exe
    c:\documents and settings\svasudevan\WINDOWS
    c:\program files\INSTALL.LOG
    C:\Thumbs.db
    c:\windows\CSC\d6
    c:\windows\system32\ad26132.dll
    c:\windows\system32\drivers\sst150.sys
    c:\windows\system32\drivers\sst150.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_sst150
    -------\Service_sst150
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-06 21:56 . 2011-12-06 21:56 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
    2011-12-06 21:56 . 2011-12-06 21:56 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
    2011-12-06 21:56 . 2011-12-06 21:56 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
    2011-12-06 21:56 . 2011-12-06 21:56 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
    2011-12-06 21:56 . 2011-12-06 21:56 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
    2011-12-06 21:56 . 2011-12-06 21:56 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
    2011-12-06 21:56 . 2011-12-06 21:56 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
    2011-12-06 21:56 . 2011-12-06 21:56 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
    2011-12-06 21:56 . 2011-12-06 21:56 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
    2011-12-06 21:55 . 2011-12-06 21:56 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
    2011-12-06 21:55 . 2011-12-06 21:55 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
    2011-12-06 21:55 . 2011-12-06 21:55 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
    2011-12-06 21:55 . 2011-12-06 21:55 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
    2011-12-06 21:55 . 2011-12-06 21:55 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
    2011-12-06 21:55 . 2011-12-06 21:55 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
    2011-12-06 21:55 . 2011-12-06 21:55 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
    2011-12-06 21:55 . 2011-12-06 21:55 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
    2011-12-04 14:37 . 2011-12-04 14:37 -------- d-----w- c:\documents and settings\svasudevan\Application Data\comcasttb
    2011-12-03 21:00 . 2011-12-03 21:01 -------- d-----w- c:\program files\Common Files\Kodak
    2011-12-03 20:55 . 2011-12-03 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
    2011-12-01 03:57 . 2011-12-01 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-12-01 03:25 . 2011-12-01 03:25 -------- d-----w- c:\documents and settings\svasudevan\Application Data\McAfee
    2011-12-01 03:19 . 2009-04-30 01:07 65224 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2011-12-01 03:19 . 2009-04-30 01:07 43288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2011-12-01 03:19 . 2009-04-30 01:07 91640 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2011-12-01 03:19 . 2009-04-30 01:07 342128 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2011-12-01 03:18 . 2011-12-01 03:18 -------- d-----w- c:\program files\Common Files\McAfee
    2011-12-01 02:19 . 2011-12-01 02:19 -------- d-----w- c:\documents and settings\arunachalam-it
    2011-12-01 01:14 . 2009-04-30 01:07 23864 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
    2011-11-30 07:02 . 2011-11-30 07:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
    2011-11-30 01:07 . 2007-03-09 16:25 2321288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-11-30 01:07 . 2011-10-18 06:28 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{4E526AD6-D73E-4745-8225-E7A3B93F4C48}\mpengine.dll
    2011-11-30 01:07 . 2011-05-24 23:14 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-30 01:06 . 2011-11-30 01:06 -------- d-----w- c:\program files\Windows Defender
    2011-11-30 00:25 . 2011-11-30 03:30 -------- d-----w- c:\program files\Trojan Remover
    2011-11-29 05:01 . 2011-11-29 05:28 -------- d-----w- c:\program files\Common Files\PC Tools
    2011-11-29 05:01 . 2011-11-29 05:28 -------- d-----w- c:\program files\PC Tools Security
    2011-11-29 04:40 . 2011-11-29 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2011-11-29 02:33 . 2011-11-29 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-11-28 23:57 . 2011-11-29 17:01 -------- d-----w- c:\program files\GridinSoft Trojan Killer
    2011-11-28 23:18 . 2011-11-30 12:36 -------- d-----w- c:\program files\Hitman Pro 3.5
    2011-11-28 23:02 . 2011-12-04 23:25 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-11-28 23:01 . 2011-11-28 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
    2011-11-28 05:13 . 2011-11-28 05:14 -------- d-----w- c:\documents and settings\svasudevan\Application Data\QuickScan
    2011-11-28 04:57 . 2011-11-29 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2011-11-27 22:06 . 2011-11-30 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-11-27 15:59 . 2009-08-07 00:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
    2011-11-25 21:59 . 2011-11-25 21:59 -------- d-----w- c:\documents and settings\svasudevan\Application Data\DDMSettings
    2011-11-22 04:51 . 2011-11-21 04:04 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2011-11-22 04:51 . 2011-11-21 04:04 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
    2011-11-22 04:51 . 2011-11-21 04:04 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
    2011-11-22 04:51 . 2011-11-21 04:04 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
    2011-11-22 04:51 . 2011-11-21 04:04 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
    2011-11-22 04:51 . 2011-11-21 04:04 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
    2011-11-22 04:51 . 2011-11-21 01:04 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2011-11-22 04:51 . 2011-11-21 01:04 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
    2011-11-20 22:35 . 2011-11-20 22:34 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-11-20 22:25 . 2011-11-20 22:25 388096 ----a-r- c:\documents and settings\svasudevan\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-20 03:38 . 2011-11-20 04:15 -------- d-----w- c:\documents and settings\svasudevan\Local Settings\Application Data\NPE
    2011-11-20 03:19 . 2011-11-20 03:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2011-11-20 03:18 . 2011-11-20 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2011-11-20 03:08 . 2011-12-05 01:30 -------- d-----w- c:\program files\xfin_portal
    2011-11-17 22:52 . 2011-12-05 00:59 -------- d-----w- c:\documents and settings\svasudevan\Application Data\CallingID
    2011-11-17 22:51 . 2011-12-01 16:10 -------- d-----w- c:\program files\comcasttb
    2011-11-17 22:51 . 2011-12-01 03:31 -------- d-----w- c:\program files\Common Files\scanner
    2011-11-17 22:51 . 2011-11-17 22:51 -------- d-----w- c:\program files\CA
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-07 22:02 . 2009-11-12 06:35 140864 ----a-w- c:\windows\system32\KevlarSigs.dll
    2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\system32\dpl100.dll
    2011-10-10 14:22 . 2008-05-13 06:28 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 06:11 . 2008-07-29 14:29 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 06:11 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 06:11 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2004-09-10 08:10 . 2004-09-10 08:10 75264 ----a-w- c:\program files\DECCHECK.exe
    2011-11-21 04:04 . 2011-11-22 04:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2009-04-30 01:07 . 2011-12-01 01:14 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NetSP - restore settings on power failure"="c:\program files\AT&T Global Network Client\NetSP.exe" [2007-06-27 42264]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-16 138008]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-16 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-16 162584]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2011-07-21 12023568]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-30 124240]
    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-10-15 140608]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-08 185872]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
    "TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    Uninstall LastPass RunOnce.lnk - c:\documents and settings\Administrator\Application Data\lpuninstall.exe [2011-4-9 9163464]
    .
    c:\documents and settings\svasudevan.ML-SVASUDEVAN\Start Menu\Programs\Startup\
    Uninstall LastPass RunOnce.lnk - c:\documents and settings\svasudevan.ML-SVASUDEVAN\Application Data\lpuninstall.exe [2011-4-9 9163464]
    .
    c:\documents and settings\aravind-it\Start Menu\Programs\Startup\
    Uninstall LastPass RunOnce.lnk - c:\documents and settings\aravind-it\Application Data\lpuninstall.exe [2011-4-9 9163464]
    .
    c:\documents and settings\govindan-it\Start Menu\Programs\Startup\
    Uninstall LastPass RunOnce.lnk - c:\documents and settings\govindan-it\Application Data\lpuninstall.exe [2011-4-9 9163464]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2011-2-23 323584]
    VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-7-9 6144]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-55364\Scripts\Logon\0\0]
    "Script"=RPCHTTPSCHE.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-55364\Scripts\Logon\1\0]
    "Script"=ClientInstall.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-55364\Scripts\Logon\2\0]
    "Script"=Logon.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-55564\Scripts\Logon\0\0]
    "Script"=RPCHTTPSCHE.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-55564\Scripts\Logon\1\0]
    "Script"=ClientInstall.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-55564\Scripts\Logon\2\0]
    "Script"=Logon.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-68332\Scripts\Logon\0\0]
    "Script"=Logon.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-68332\Scripts\Logon\0\1]
    "Script"=login.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-68332\Scripts\Logon\1\0]
    "Script"=Logon.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-68332\Scripts\Logon\1\1]
    "Script"=login.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1935655697-2139871995-682003330-68332\Scripts\Logon\2\0]
    "Script"=CachedMode.vbs
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Documents and Settings\\svasudevan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\Microsoft Lync\\communicator.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [11/12/2009 1:33 AM 44680]
    S2 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [11/12/2009 1:34 AM 35696]
    S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [4/29/2009 8:07 PM 21256]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [6/17/2009 3:20 AM 69192]
    S2 MonitorDevPluggin;MonitorDevPluggin;c:\program files\DevMonitor\DevMonitor Pluggin\MonitorDevPluggin.exe [3/28/2009 5:11 AM 10240]
    S3 enterceptAgent;McAfee Host Intrusion Prevention Service;"c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe" --> c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [?]
    S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [11/12/2009 1:33 AM 44680]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2010 9:18 PM 135664]
    S3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [11/12/2009 1:34 AM 110384]
    S3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [11/12/2009 1:34 AM 38200]
    S3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [11/12/2009 1:34 AM 35584]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [11/30/2011 10:19 PM 65224]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [12/11/2010 7:22 AM 181792]
    S3 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 7:00 AM 14336]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/5/2010 9:18 PM 135664]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 02:18]
    .
    2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 02:18]
    .
    2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2139871995-682003330-68332Core.job
    - c:\documents and settings\svasudevan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-25 12:24]
    .
    2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2139871995-682003330-68332UA.job
    - c:\documents and settings\svasudevan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-25 12:24]
    .
    2011-12-04 c:\windows\Tasks\User_Feed_Synchronization-{881D4A6C-7445-4262-A56B-E9FA531C2DA2}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = hxxp://team/myvirtusa
    uInternet Settings,ProxyServer = atlisgbluearray.alere.com:8080
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TCP: DhcpNameServer = 68.87.71.230 68.87.73.246
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {043BECED-7279-47F5-90D3-26D5A45E97FD} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/prbatchscanning.cab
    DPF: {072EBF73-01D7-40E5-AC5C-C35B2FEAEA8D} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/prDynamicMenus.CAB
    DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxp://mt-dwbicore3/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=z5qgdk45yvn4v33harjtcb45&ControlID=92ab5913e63c415d8e1dd8f907721ce5&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
    DPF: {7162A103-007A-4A9B-85EE-F030AA23509A} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/prkeyutils.cab
    DPF: {7C7AD9C7-6873-49A4-9EA3-92E4DAD2AB59} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/primportmanager.cab
    DPF: {92C97DFA-09CB-11D5-B823-00105A1F06DB} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/legintwincapture.cab
    DPF: {92F6C891-8282-4953-9A63-5C712783C668} - hxxp://chnpulse/Pulse/eT247.CAB
    DPF: {ABA23149-06BA-440D-88FF-69203B966083} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/openauthoring.cab
    DPF: {BE8EEE38-A7C5-4674-A6C4-C2D7421FDD10} - hxxp://10.5.81.139:9090/prweb/PRServlet/oapRl87D_PvrML_UOScT-IP_k9v30gjhmy6FSXkJwu0%5B*/prvisiointerface.cab
    FF - ProfilePath - c:\documents and settings\svasudevan\Application Data\Mozilla\Firefox\Profiles\ej2qykuv.default\
    FF - prefs.js: browser.search.selectedEngine - Twitter
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=106&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    HKCU-Run-AdobeBridge - (no file)
    HKLM-Run-McAfee Host Intrusion Prevention Tray - c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe
    AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE
    AddRemove-2255305426.localhost - c:\program files\Microsoft Silverlight\4.0.60531.0\Silverlight.Configuration.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-06 18:37
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet007\Services\USBSTOR]
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet007\Services\USBSTOR]
    @Denied: (Full) (Owner)
    @Denied: (Full) (Administrators)
    @Denied: (Full) (S-1-5-21-1935655697-2139871995-682003330-68332)
    "Start"=dword:00000004
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1932)
    c:\windows\system32\WININET.dll
    c:\program files\TortoiseSVN\bin\tortoisesvn.dll
    c:\program files\TortoiseSVN\bin\libdb43.dll
    c:\program files\TortoiseSVN\bin\intl3_svn.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\IEFRAME.dll
    c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\TortoiseSVN\bin\TSVNCache.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-06 18:42:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-06 23:41
    .
    Pre-Run: 94,882,013,184 bytes free
    Post-Run: 95,302,311,936 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - D0C295DF1292AA735AE75D2184912988
     
  18. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Looks good now.

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. Vasunss75

    Vasunss75 TS Rookie Topic Starter

    OLT Run and logs

    Hi Broni :wave: sorry for the delay.. No issues as of now. My computer seems to run as normal.

    The text log files were spanning across more than 3 replies so i have attached the log files. Let me know if you want me to copy the paste the text to make is easier.

    Regards,
    Vasu

    EXTRAS.txt
    --------------
    OTL Extras logfile created on: 12/10/2011 11:21:25 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\svasudevan\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.20% Memory free
    3.84 Gb Paging File | 3.23 Gb Available in Paging File | 84.16% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 90.04 Gb Free Space | 60.41% Space Free | Partition Type: NTFS

    Computer Name: ML-SVASUDEVAN | User Name: svasudevan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1935655697-2139871995-682003330-68332\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
    "DisableSR" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 4

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
    "AllowUserPrefMerge" = 0
    "Enabled" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
    "%programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:OfficeCommunicator" = %programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:OfficeCommunicator
    "C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe:*:enabled:Apache2.2" = C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe:*:enabled:Apache2.2
    "C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:enabled:SR_GUI" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:enabled:SR_GUI
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:enabled:MacafeeFW" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:enabled:MacafeeFW -- (McAfee, Inc.)
    "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:enabled:LM" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:enabled:LM -- (Microsoft Corporation)
    "C:\Program Files\Nortel Networks\Extranet.exe" = C:\Program Files\Nortel Networks\Extranet.exe
    "C:\Program Files\SunView Software\ChangeGear\Client\CG.exe:*:enabled:ChangeGear" = C:\Program Files\SunView Software\ChangeGear\Client\CG.exe:*:enabled:ChangeGear
    "C:\Windows\System32\ftp.exe:*:enabled:FTPService" = C:\Windows\System32\ftp.exe:*:enabled:FTPService -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
    "AllowUserPrefMerge" = 0
    "Enabled" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
    "1800:TCP:*:enabled:BT" = 1800:TCP:*:enabled:BT
    "21:TCP:*:enabled:FTP" = 21:TCP:*:enabled:FTP

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
    "AllowOutboundDestinationUnreachable" = 1
    "AllowOutboundSourceQuench" = 1
    "AllowRedirect" = 1
    "AllowInboundEchoRequest" = 1
    "AllowInboundRouterRequest" = 1
    "AllowOutboundTimeExceeded" = 1
    "AllowOutboundParameterProblem" = 1
    "AllowInboundTimestampRequest" = 1
    "AllowInboundMaskRequest" = 1
    "AllowOutboundPacketTooBig" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
    "LogDroppedPackets" = 1
    "LogSuccessfulConnections" = 1
    "LogFilePath" = c:\firewall.log -- ()
    "LogFileSize" = 4096

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
    "Enabled" = 1
    "RemoteAddresses" = 10.4.66.21,10.4.66.20,10.2.162.15,10.5.66.21,10.3.8.99,10.2.69.12,10.4.69.11,10.5.69.11,10.3.8.26,10.4.66.35,10.2.165.66,10.4.67.154

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
    "Enabled" = 1
    "RemoteAddresses" = 10.4.66.21,10.4.66.20,10.2.162.15,10.5.66.21,10.3.8.99,10.2.69.12,10.4.69.11,10.5.69.11,10.3.8.26,10.4.66.35,10.2.165.66

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
    "Enabled" = 1
    "RemoteAddresses" = *

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework]
    "Enabled" = 1
    "RemoteAddresses" = *

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
    "AllowUserPrefMerge" = 0
    "Enabled" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List]
    "%programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:MSCommunicator" = %programfiles%\Microsoft Office Communicator\communicator.exe:*:enabled:MSCommunicator
    "C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe:*:enabled:Apache2.2" = C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe:*:enabled:Apache2.2
    "C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:enabled:SR_GUI" = C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:enabled:SR_GUI
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:enabled:MacafeeFW" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:enabled:MacafeeFW -- (McAfee, Inc.)
    "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:enabled:LM" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:enabled:LM -- (Microsoft Corporation)
    "C:\Program Files\Nortel Networks\Extranet.exe" = C:\Program Files\Nortel Networks\Extranet.exe
    "C:\Program Files\SunView Software\ChangeGear\Client\CG.exe:*:enabled:ChangeGear" = C:\Program Files\SunView Software\ChangeGear\Client\CG.exe:*:enabled:ChangeGear

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
    "AllowUserPrefMerge" = 0
    "Enabled" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List]
    "1800:TCP:*:enabled:BT" = 1800:TCP:*:enabled:BT
    "21:TCP:*:enabled:FTP" = 21:TCP:*:enabled:FTP

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings]
    "AllowOutboundDestinationUnreachable" = 1
    "AllowOutboundSourceQuench" = 1
    "AllowRedirect" = 1
    "AllowInboundEchoRequest" = 1
    "AllowInboundRouterRequest" = 1
    "AllowOutboundTimeExceeded" = 1
    "AllowOutboundParameterProblem" = 1
    "AllowInboundTimestampRequest" = 1
    "AllowInboundMaskRequest" = 1
    "AllowOutboundPacketTooBig" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging]
    "LogDroppedPackets" = 1
    "LogSuccessfulConnections" = 1
    "LogFilePath" = c:\firewall.log -- ()
    "LogFileSize" = 4096

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]
    "Enabled" = 1
    "RemoteAddresses" = 10.4.66.21,10.4.66.20,10.2.162.15,10.5.66.21,10.3.8.99,10.2.69.12,10.4.69.11,10.5.69.11,10.3.8.26,10.4.66.35,10.2.165.66,10.4.67.154

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
    "Enabled" = 1
    "RemoteAddresses" = 10.4.66.21,10.4.66.20,10.2.162.15,10.5.66.21,10.3.8.99,10.2.69.12,10.4.69.11,10.5.69.11,10.3.8.26,10.4.66.35,10.2.165.66,10.4.67.154

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop]
    "Enabled" = 1
    "RemoteAddresses" = *

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework]
    "Enabled" = 1
    "RemoteAddresses" = *

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\ARM Software\MacroMaker\MacroMaker.exe" = C:\Program Files\ARM Software\MacroMaker\MacroMaker.exe:*:Disabled:MacroMaker
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
    "C:\Documents and Settings\svasudevan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\svasudevan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Program Files\Microsoft Lync\UcMapi.exe" = C:\Program Files\Microsoft Lync\UcMapi.exe:*:Enabled:UcMapi -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Lync\communicator.exe" = C:\Program Files\Microsoft Lync\communicator.exe:*:Enabled:Lync -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
    "C:\Documents and Settings\svasudevan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\svasudevan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Program Files\Microsoft Lync\communicator.exe" = C:\Program Files\Microsoft Lync\communicator.exe:*:Disabled:Microsoft Lync 2010 -- (Microsoft Corporation)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{11849FBC-C416-4742-8279-17C3A2C85F72}" = Microsoft Lync 2010
    "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FF06B85-EB4F-400D-8602-30A1DD48673B}" = BusinessObjects Enterprise XI Release 2
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{3248F0A8-6813-11D6-A77B-00B0D0150160}" = J2SE Runtime Environment 5.0 Update 16
    "{32A3A4F4-B792-11D6-A78A-00B0D0150160}" = J2SE Development Kit 5.0 Update 16
    "{343D8DE3-AE1F-431A-830C-B66352E8CA12}" = OZ776 SCR Driver V1.1.3.9
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
    "{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
    "{572BDC42-E46E-455B-BFAD-86FDBB3771A1}" = Quest Software Toad for SQL Server Freeware 4.6
    "{5841488D-A0B8-41C7-A718-EFC6764F5652}" = DevMonitor Pluggin
    "{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{605FBD65-6741-44D9-903A-FCAD3874A672}" = Microsoft System Center Service Manager Portal ActiveX Control
    "{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7F231232-C309-4401-964A-2A002B6E1ED9}" = Microsoft Baseline Security Analyzer 2.0.1
    "{813B302C-2014-4166-B5D2-8C211AE4F22E}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
    "{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
    "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
    "{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
    "{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{993A1CF7-311D-4990-B41E-77F1A04BADDE}" = AT&T Global Network Client Managed VPN Edition
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AB6972B2-CF5D-4CC8-AF4F-B5D6888AB120}" = Microsoft Office Live Meeting 2005
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
    "{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B332732A-4958-41DD-B439-DDA2D32753C5}" = McAfee Host Intrusion Prevention
    "{B4496BE1-295F-4A17-9856-FEA2C9AA1A47}" = McAfee Agent
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
    "{BE66348A-E83F-4982-941F-DFF2F742B851}" = Microsoft Office Live Meeting 2007
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C2AA63A0-27E0-458B-862A-BEC09DEA5286}" = TortoiseSVN
    "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
    "{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
    "{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "ActiveTouchMeetingClient" = WebEx
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "BDE_is1" = BDE Version 5.2.0.2
    "CAL" = Canon Camera Access Library
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Data Access Objects (DAO)" = Data Access Objects (DAO) 3.0
    "Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
    "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
    "DivX Setup" = DivX Setup
    "DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
    "Google Chrome" = Google Chrome
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{343D8DE3-AE1F-431A-830C-B66352E8CA12}" = OZ776 SCR Driver V1.1.3.9
    "McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MMOPN_30_32" = PLATINUM ERwin 3.5.2
    "Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
    "ProInst" = Intel(R) PROSet/Wireless Software
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "RDC" = RDC
    "RealPlayer 6.0" = RealPlayer
    "VISPRO" = Microsoft Office Visio Professional 2007
    "VLC media player" = VLC media player 1.0.3
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WinZip" = WinZip
    "Xvid_is1" = Xvid 1.2.1 final uninstall
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1935655697-2139871995-682003330-68332\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "Neoteris_Host_Checker" = Juniper Networks Host Checker
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/10/2011 12:03:43 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script startdot3svc.bat. The system
    cannot find the file specified. .

    Error - 12/10/2011 12:03:43 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script USBStor.vbs. The system cannot
    find the file specified. .

    Error - 12/10/2011 12:04:48 PM | Computer Name = ML-SVASUDEVAN | Source = MsiInstaller | ID = 1013
    Description = Product: Microsoft Office Communicator 2007 -- Your computer has a
    newer version of Microsoft Office Communicator 2007 than the one you are trying
    to install. To install an older version, first remove the current version (Click
    Start, Control Panel, Add or Remove Programs, Microsoft Office Communicator 2007),
    and then run this Setup again.

    Error - 12/10/2011 12:17:38 PM | Computer Name = ML-SVASUDEVAN | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 12/10/2011 12:17:41 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script Logon.bat. The system cannot
    find the file specified. .

    Error - 12/10/2011 12:17:42 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script login.vbs. The system cannot
    find the file specified. .

    Error - 12/10/2011 12:17:43 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script Logon.bat. The system cannot
    find the file specified. .

    Error - 12/10/2011 12:17:44 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script login.vbs. The system cannot
    find the file specified. .

    Error - 12/10/2011 12:17:44 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script CachedMode.vbs. The system
    cannot find the file specified. .

    Error - 12/10/2011 12:18:52 PM | Computer Name = ML-SVASUDEVAN | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for VIRTUSA\svasudevan failed to
    contact the active directory (0x8007054b). The specified domain either does not
    exist or could not be contacted. Enrollment will not be performed.

    [ Application Events ]
    Error - 12/10/2011 12:03:43 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script startdot3svc.bat. The system
    cannot find the file specified. .

    Error - 12/10/2011 12:03:43 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script USBStor.vbs. The system cannot
    find the file specified. .

    Error - 12/10/2011 12:04:48 PM | Computer Name = ML-SVASUDEVAN | Source = MsiInstaller | ID = 1013
    Description = Product: Microsoft Office Communicator 2007 -- Your computer has a
    newer version of Microsoft Office Communicator 2007 than the one you are trying
    to install. To install an older version, first remove the current version (Click
    Start, Control Panel, Add or Remove Programs, Microsoft Office Communicator 2007),
    and then run this Setup again.

    Error - 12/10/2011 12:17:38 PM | Computer Name = ML-SVASUDEVAN | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 12/10/2011 12:17:41 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script Logon.bat. The system cannot
    find the file specified. .

    Error - 12/10/2011 12:17:42 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script login.vbs. The system cannot
    find the file specified. .

    Error - 12/10/2011 12:17:43 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script Logon.bat. The system cannot
    find the file specified. .

    Error - 12/10/2011 12:17:44 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script login.vbs. The system cannot
    find the file specified. .

    Error - 12/10/2011 12:17:44 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script CachedMode.vbs. The system
    cannot find the file specified. .

    Error - 12/10/2011 12:18:52 PM | Computer Name = ML-SVASUDEVAN | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for VIRTUSA\svasudevan failed to
    contact the active directory (0x8007054b). The specified domain either does not
    exist or could not be contacted. Enrollment will not be performed.

    [ Application Events ]
    Error - 12/10/2011 12:03:43 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script startdot3svc.bat. The system
    cannot find the file specified. .

    Error - 12/10/2011 12:03:43 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script USBStor.vbs. The system cannot
    find the file specified. .

    Error - 12/10/2011 12:04:48 PM | Computer Name = ML-SVASUDEVAN | Source = MsiInstaller | ID = 1013
    Description = Product: Microsoft Office Communicator 2007 -- Your computer has a
    newer version of Microsoft Office Communicator 2007 than the one you are trying
    to install. To install an older version, first remove the current version (Click
    Start, Control Panel, Add or Remove Programs, Microsoft Office Communicator 2007),
    and then run this Setup again.

    Error - 12/10/2011 12:17:38 PM | Computer Name = ML-SVASUDEVAN | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (The specified domain either does not exist or could not be contacted.
    ). Group Policy processing aborted.

    Error - 12/10/2011 12:17:41 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script Logon.bat. The system cannot
    find the file specified. .

    Error - 12/10/2011 12:17:42 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script login.vbs. The system cannot
    find the file specified. .

    Error - 12/10/2011 12:17:43 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script Logon.bat. The system cannot
    find the file specified. .

    Error - 12/10/2011 12:17:44 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script login.vbs. The system cannot
    find the file specified. .

    Error - 12/10/2011 12:17:44 PM | Computer Name = ML-SVASUDEVAN | Source = UserInit | ID = 1000
    Description = Could not execute the following script CachedMode.vbs. The system
    cannot find the file specified. .

    Error - 12/10/2011 12:18:52 PM | Computer Name = ML-SVASUDEVAN | Source = AutoEnrollment | ID = 15
    Description = Automatic certificate enrollment for VIRTUSA\svasudevan failed to
    contact the active directory (0x8007054b). The specified domain either does not
    exist or could not be contacted. Enrollment will not be performed.

    [ OSession Events ]
    Error - 10/3/2009 10:42:49 AM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 4478
    seconds with 840 seconds of active time. This session ended with a crash.

    Error - 12/4/2009 4:16:44 AM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12304
    seconds with 2760 seconds of active time. This session ended with a crash.

    Error - 3/4/2010 3:46:16 AM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1429
    seconds with 1380 seconds of active time. This session ended with a crash.

    Error - 3/5/2010 8:18:40 AM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6027
    seconds with 1560 seconds of active time. This session ended with a crash.

    Error - 3/15/2010 12:33:40 AM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 272
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 4/5/2010 1:13:37 AM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1885
    seconds with 780 seconds of active time. This session ended with a crash.

    Error - 6/16/2010 10:07:41 AM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 13 seconds with 0 seconds of active time. This session ended with a crash.

    Error - 3/2/2011 8:38:28 AM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 3/28/2011 11:51:55 PM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 95
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 4/18/2011 3:58:09 AM | Computer Name = ML-SVASUDEVAN | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14534
    seconds with 4800 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 6/21/2010 8:33:06 PM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.

    Error - 6/22/2010 9:28:49 AM | Computer Name = ML-SVASUDEVAN | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain VIRTUSA due to the following:
    %%1311. Make sure that the computer is connected to the network and try again. If
    the problem persists, please contact your domain administrator.

    Error - 6/22/2010 9:30:08 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {F80A8D57-D338-43FF-A5E6-5D093EA80775}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.

    Error - 6/22/2010 9:30:10 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {F80A8D57-D338-43FF-A5E6-5D093EA80775}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.

    Error - 6/22/2010 9:32:04 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.

    Error - 6/22/2010 10:57:54 AM | Computer Name = ML-SVASUDEVAN | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain VIRTUSA due to the following:
    %%1311. Make sure that the computer is connected to the network and try again. If
    the problem persists, please contact your domain administrator.

    Error - 6/22/2010 10:58:01 AM | Computer Name = ML-SVASUDEVAN | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.

    Error - 6/22/2010 10:58:01 AM | Computer Name = ML-SVASUDEVAN | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 15 minutes. NtpClient has no source of accurate
    time.

    Error - 6/22/2010 10:59:30 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {F80A8D57-D338-43FF-A5E6-5D093EA80775}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.

    Error - 6/22/2010 10:59:32 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {F80A8D57-D338-43FF-A5E6-5D093EA80775}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.

    [ System Events ]
    Error - 6/21/2010 8:33:06 PM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.

    Error - 6/22/2010 9:28:49 AM | Computer Name = ML-SVASUDEVAN | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain VIRTUSA due to the following:
    %%1311. Make sure that the computer is connected to the network and try again. If
    the problem persists, please contact your domain administrator.

    Error - 6/22/2010 9:30:08 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {F80A8D57-D338-43FF-A5E6-5D093EA80775}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.

    Error - 6/22/2010 9:30:10 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {F80A8D57-D338-43FF-A5E6-5D093EA80775}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.

    Error - 6/22/2010 9:32:04 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.

    Error - 6/22/2010 10:57:54 AM | Computer Name = ML-SVASUDEVAN | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain VIRTUSA due to the following:
    %%1311. Make sure that the computer is connected to the network and try again. If
    the problem persists, please contact your domain administrator.

    Error - 6/22/2010 10:58:01 AM | Computer Name = ML-SVASUDEVAN | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.

    Error - 6/22/2010 10:58:01 AM | Computer Name = ML-SVASUDEVAN | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 15 minutes. NtpClient has no source of accurate
    time.

    Error - 6/22/2010 10:59:30 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {F80A8D57-D338-43FF-A5E6-5D093EA80775}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.

    Error - 6/22/2010 10:59:32 AM | Computer Name = ML-SVASUDEVAN | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {F80A8D57-D338-43FF-A5E6-5D093EA80775}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.


    < End of report >
     

    Attached Files:

  20. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Good news :)

    Please obey forum rules.
    All logs have to be pasted not attached (re: your OTL.txt log).
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.