Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Microsoft Security Essentials sais: restrict privilages

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Microsoft Security Essentials sais: restrict privilages

Unread postby bpw1111 » March 9th, 2012, 10:19 pm

There is a topic in this forumwhere malware caused this, and I thought you guys could help me out. here are my DDS logs
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Memaw at 20:10:09 on 2012-03-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.138 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {D0943516-5076-4020-A3B5-AEFAF26AB263} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PowerMenu] c:\program files\powermenu\PowerMenu.exe -hideself on
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoWinKeys = 01000000
uPolicies-explorer: NoRecentDocsNetHood = 01000000
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: doityourself.com\forum
Trusted Zone: microsoft.com\office
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\www.update
Trusted Zone: windowsupdate.com\download
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5340F835-041A-4B9D-A584-FCDF968F76A8} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{5340F835-041A-4B9D-A584-FCDF968F76A8} : DhcpNameServer = 172.16.0.1
TCP: Interfaces\{C0DCA3BC-E6F0-41AC-97CF-47BCC1AA4E5B} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 OpenDNS Updater.exe;OpenDNS Updater;c:\program files\opendns updater\opendns updater.exe --run --> c:\program files\opendns updater\OpenDNS Updater.exe --run [?]
S0 Cdr4vsd;Cdr4vsd;c:\windows\system32\drivers\CDR4VSD.SYS [2008-11-16 60688]
S1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [2008-12-13 84488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;c:\windows\system32\drivers\BCM4E5.SYS [2012-2-29 26568]
S3 cpuz132;cpuz132; [x]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-9-1 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-9-1 3072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 WinDefend;Windows Defender;"c:\program files\windows defender\msmpeng.exe" --> c:\program files\windows defender\MsMpEng.exe [?]
.
=============== File Associations ===============
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-03-10 01:09:37 6552120 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f3d727f0-ed69-4909-a8c6-d881437d0133}\mpengine.dll
2012-03-09 04:55:43 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-09 04:55:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-09 04:31:35 2810 ----a-w- c:\windows\system32\tmp.reg
2012-03-09 01:09:03 6552120 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-03-08 19:58:37 -------- d-----w- c:\windows\system32\CatRoot2
2012-03-07 22:50:54 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-07 21:10:19 -------- d-----w- c:\windows\SoftwareDistribution.old
2012-03-07 16:28:05 -------- d-----w- c:\documents and settings\memaw\application data\Office Genuine Advantage
2012-03-07 07:33:28 98816 ----a-w- c:\windows\sed.exe
2012-03-07 07:33:28 518144 ----a-w- c:\windows\SWREG.exe
2012-03-07 07:33:28 256000 ----a-w- c:\windows\PEV.exe
2012-03-07 07:33:28 208896 ----a-w- c:\windows\MBR.exe
2012-03-07 06:55:40 -------- d-----w- C:\WINSSLog
2012-03-07 06:25:03 -------- d-----w- c:\windows\system32\DRM
2012-03-05 03:34:48 -------- d-----w- c:\windows\system32\CatRoot2.old
2012-03-05 02:53:18 -------- d-----w- c:\windows\system32\kodak
2012-03-05 02:06:09 -------- d-----w- c:\windows\system32\XPSViewer
2012-03-05 01:29:44 -------- d-----w- c:\windows\system32\URTTemp
2012-03-04 00:17:17 -------- d-----w- c:\documents and settings\memaw\application data\SUPERAntiSpyware.com
2012-03-04 00:16:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-04 00:16:17 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-03-03 00:55:14 -------- d-----w- c:\documents and settings\all users\application data\Kodak
2012-03-02 12:46:26 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-03-02 12:46:26 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-03-01 19:46:37 -------- d-----w- c:\documents and settings\memaw\application data\OpenDNS Updater
2012-03-01 07:32:38 -------- d-----w- c:\documents and settings\memaw\application data\ElevatedDiagnostics
2012-03-01 07:32:27 -------- d--h--w- c:\program files\WindowsUpdate
2012-03-01 04:44:16 -------- d-sha-r- C:\cmdcons
2012-03-01 02:17:46 2036 ----a-w- C:\FixitRegBackup.reg
2012-03-01 02:07:23 -------- d-----w- c:\documents and settings\memaw\local settings\application data\PCHealth
2012-03-01 01:26:23 -------- d-----w- c:\program files\MSXML 4.0
2012-03-01 01:17:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-01 01:11:37 -------- d-sh--w- c:\documents and settings\memaw\IECompatCache
2012-03-01 01:11:15 -------- d-sh--w- c:\documents and settings\memaw\PrivacIE
2012-03-01 00:54:40 -------- d-sh--w- c:\documents and settings\memaw\IETldCache
2012-03-01 00:48:32 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-03-01 00:47:45 -------- d-----w- c:\windows\ie8updates
2012-03-01 00:42:33 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-03-01 00:37:49 -------- dc-h--w- c:\windows\ie8
2012-03-01 00:28:33 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-03-01 00:28:23 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-03-01 00:13:39 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-03-01 00:13:38 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-03-01 00:13:38 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-03-01 00:06:43 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-29 23:17:36 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-29 23:17:30 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-29 23:17:30 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-29 23:12:38 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-02-29 23:02:51 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-29 22:50:24 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-02-29 22:50:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-02-29 22:26:34 163840 ----a-w- c:\windows\system32\igfxres.dll
2012-02-29 21:10:51 43136 ----a-r- c:\windows\system32\drivers\bcm4sbxp.sys
2012-02-29 21:10:48 -------- d-----w- c:\program files\Broadcom
2012-02-29 21:10:25 -------- d-----w- C:\dell
2012-02-29 20:47:36 26568 -c--a-w- c:\windows\system32\dllcache\bcm4e5.sys
2012-02-29 20:47:36 26568 ----a-w- c:\windows\system32\drivers\BCM4E5.SYS
2012-02-29 20:41:31 96640 -c--a-w- c:\windows\system32\dllcache\b57xp32.sys
2012-02-29 20:41:31 96640 ----a-w- c:\windows\system32\drivers\b57xp32.sys
.
==================== Find3M ====================
.
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 20:11:53.87 ===============


attach txt:.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/27/2008 6:39:58 AM
System Uptime: 3/9/2012 6:52:36 PM (2 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Pentium(R) 4 CPU 2.20GHz | Microprocessor | 2193/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 57.136 GiB free.
D: is FIXED (NTFS) - 75 GiB total, 73.648 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_NPF\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_NPF\0000
Service:
.
==== System Restore Points ===================
.
RP151: 2/29/2012 10:24:30 PM - System Checkpoint
RP152: 2/29/2012 10:24:39 PM - OTL Restore Point - 2/29/2012 10:24:34 PM
RP153: 2/29/2012 11:24:17 PM - Installed Windows XP WgaNotify.
RP154: 2/29/2012 11:26:02 PM - Software Distribution Service 3.0
RP155: 3/1/2012 12:58:00 AM - Installed Windows XP WgaNotify.
RP156: 3/1/2012 1:25:56 AM - Installed Microsoft Fix it 50195
RP157: 3/1/2012 1:46:34 AM - Removed Windows Defender
RP158: 3/1/2012 2:13:33 AM - Installed Windows XP WgaNotify.
RP159: 3/1/2012 2:59:43 PM - Installed Windows XP WgaNotify.
RP160: 3/1/2012 10:38:52 PM - Installed Microsoft Fix it 50612
RP161: 3/1/2012 11:47:05 PM - Software Distribution Service 3.0
RP162: 3/2/2012 6:28:49 PM - Software Distribution Service 3.0
RP163: 3/2/2012 6:57:02 PM - Software Distribution Service 3.0
RP164: 3/2/2012 7:03:49 PM - Installed Microsoft Fix it 50612
RP165: 3/2/2012 7:04:28 PM - Installed Microsoft Fix it 50612
RP166: 3/2/2012 7:06:32 PM - Software Distribution Service 3.0
RP167: 3/2/2012 7:17:25 PM - Software Distribution Service 3.0
RP168: 3/3/2012 2:33:55 PM - Installed Windows XP WgaNotify.
RP169: 3/3/2012 7:15:07 PM - Software Distribution Service 3.0
RP170: 3/3/2012 7:40:04 PM - Installed Windows XP WgaNotify.
RP171: 3/3/2012 10:02:14 PM - Installed Microsoft Fix it 50123
RP172: 3/4/2012 3:51:34 PM - Software Distribution Service 3.0
RP173: 3/4/2012 4:06:44 PM - Installed Microsoft .NET Framework 1.1
RP174: 3/4/2012 4:15:42 PM - Software Distribution Service 3.0
RP175: 3/4/2012 5:00:42 PM - Installed Microsoft Fix it 50123
RP176: 3/4/2012 7:07:39 PM - Software Distribution Service 3.0
RP177: 3/4/2012 7:29:38 PM - Installed Microsoft .NET Framework 1.1
RP178: 3/4/2012 7:59:11 PM - Software Distribution Service 3.0
RP179: 3/4/2012 8:39:44 PM - Software Distribution Service 3.0
RP180: 3/4/2012 9:34:28 PM - Installed Microsoft Fix it 50528
RP181: 3/4/2012 9:58:20 PM - Software Distribution Service 3.0
RP182: 3/5/2012 4:09:59 PM - Installed Windows XP WgaNotify.
RP183: 3/5/2012 4:15:00 PM - Removed Macrium Reflect - Free Edition
RP184: 3/5/2012 5:21:11 PM - Installed Windows XP WgaNotify.
RP185: 3/5/2012 7:10:20 PM - Software Distribution Service 3.0
RP186: 3/5/2012 8:09:42 PM - Installed Microsoft Fix it 50692
RP187: 3/5/2012 8:16:07 PM - Installed Windows XP WgaNotify.
RP188: 3/5/2012 8:19:29 PM - Software Distribution Service 3.0
RP189: 3/6/2012 4:49:50 PM - Installed Windows XP WgaNotify.
RP190: 3/6/2012 5:25:39 PM - Installed Windows XP WgaNotify.
RP191: 3/6/2012 5:38:58 PM - Software Distribution Service 3.0
RP192: 3/6/2012 5:45:01 PM - Software Distribution Service 3.0
RP193: 3/6/2012 6:32:25 PM - Installed Windows XP WgaNotify.
RP194: 3/6/2012 11:50:49 PM - Software Distribution Service 3.0
RP195: 3/7/2012 12:09:31 AM - Software Distribution Service 3.0
RP196: 3/7/2012 12:16:53 AM - Installed Microsoft Fix it 50123
RP197: 3/7/2012 12:18:43 AM - Software Distribution Service 3.0
RP198: 3/7/2012 12:24:50 AM - Software Distribution Service 3.0
RP199: 3/7/2012 12:38:04 AM - Software Distribution Service 3.0
RP200: 3/7/2012 1:11:08 AM - Installed Microsoft Fix it 50692
RP201: 3/7/2012 1:20:33 AM - Software Distribution Service 3.0
RP202: 3/7/2012 2:27:38 AM - Installed Microsoft Fix it 50123
RP203: 3/7/2012 2:49:20 PM - Software Distribution Service 3.0
RP204: 3/7/2012 3:53:24 PM - Software Distribution Service 3.0
RP205: 3/7/2012 4:03:19 PM - Installed Windows XP WgaNotify.
RP206: 3/7/2012 4:15:13 PM - Installed Microsoft Fix it 50060
RP207: 3/7/2012 4:52:16 PM - Software Distribution Service 3.0
RP208: 3/7/2012 5:58:47 PM - Software Distribution Service 3.0
RP209: 3/8/2012 2:10:13 PM - Installed Microsoft Fix it 50060
RP210: 3/8/2012 7:08:24 PM - Software Distribution Service 3.0
RP211: 3/9/2012 6:27:15 PM - Installed Microsoft Fix it 50187
RP212: 3/9/2012 6:51:45 PM - Installed Microsoft Fix it 50060
RP213: 3/9/2012 7:09:26 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
7-Zip 9.20
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
Alley 19 Bowling (Requires CD)
AT&T Yahoo! Applications
AXIS Media Control Embedded
Broadcom 440x 10/100 Integrated Controller
Calculator Powertoy for Windows XP
Cam to Scan
CCleaner (remove only)
CDBurnerXP
Children's IQ 4-6
Choice Guard
ClearType Tuning Control Panel Applet
Defraggler (remove only)
e+ 48U
EASEUS Partition Master 4.0 Professional
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB954550-v5)
HTML Slideshow Powertoy for Windows XP
ieSpell
Image Resizer Powertoy for Windows XP
Intel(R) Extreme Graphics Driver
Intel(R) Network Connections Drivers
Junk Mail filter update
Magnifier Powertoy for Windows XP
Malwarebytes Anti-Malware version 1.60.1.1000
Match-Up!
Math Blaster Ages 6-9 Demo
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Calculator Plus
Microsoft Carioca Rummy
Microsoft Color Control Panel Applet for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 2002
Microsoft Works 2004 Setup Launcher
Microsoft XML Parser
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
OGA Notifier 2.0.0048.0
OpenDNS Updater 2.2.1
PDFZilla V1.2
QuickTime
QuickTime for Windows (32-bit)
Reading Blaster Ages 6-9
RealPlayer
Registry First Aid
Ripley's Believe It or Not!
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
SIW version 2008-09-09
Slideshow Generator Powertoy for Windows XP
Sothink SWF Quicker
SoundMAX
StartupMonitor
StudyDog Level 1
StudyDog Level 2
StudyDog Level 3
SUPERAntiSpyware
Ultimate Writing & Creativity Center
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2641690)
Update for Windows XP (KB955759)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
User Profile Hive Cleanup Service
WebFldrs XP
Willow Road Screen Art
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format Runtime
Windows Media Player 10
Windows Resource Kit Tools - SubInAcl.exe
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Support Tools
Writing Blaster Demo
XP Royale Theme
Yahoo! Anti-Spy
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/7/2012 5:39:50 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/7/2012 5:01:00 PM, error: Service Control Manager [7023] - The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: A device attached to the system is not functioning.
3/7/2012 5:01:00 PM, error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The system cannot find the file specified.
3/7/2012 5:01:00 PM, error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The system cannot find the path specified.
3/7/2012 5:00:48 PM, error: Application Popup [876] - Driver Cdr4vsd.SYS has been blocked from loading.
3/7/2012 12:19:07 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office XP (KB2289162).
.
==== End Of File ===========================
Thanks in advance
Sincerely,Brian W.
bpw1111
Active Member
 
Posts: 6
Joined: March 9th, 2012, 9:48 pm
Advertisement
Register to Remove

Re: Microsoft Security Essentials sais: restrict privilages

Unread postby deltalima » March 12th, 2012, 4:50 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Microsoft Security Essentials sais: restrict privilages

Unread postby deltalima » March 12th, 2012, 5:03 pm

Hi bpw1111,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

I see that you have already used advanced tools such as OTL, TDSSKiller and Combofix. Was this done under the guidance of a helper at another forum?
If so then please post a link to the topic.
If not then please post the contents of the logs from those tools.

Also please post the exact wording of the message you receive from Microsoft Security Essentials and the circumstances under which it happens.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Microsoft Security Essentials sais: restrict privilages

Unread postby bpw1111 » March 12th, 2012, 6:17 pm

Security essentials, mpcmdrun.log sais "-genuine check -restrict privilages". I ran them on my own.
here is the combofix log:ComboFix 12-03-06.01 - Memaw 03/07/2012 1:35.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.292 [GMT -6:00]
Running from: c:\downloads\adcd.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.Here is the TDDSKiller log:18:07:03.0625 3796 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
18:07:04.0250 3796 ============================================================
18:07:04.0250 3796 Current date / time: 2012/03/09 18:07:04.0250
18:07:04.0250 3796 SystemInfo:
18:07:04.0250 3796
18:07:04.0250 3796 OS Version: 5.1.2600 ServicePack: 3.0
18:07:04.0250 3796 Product type: Workstation
18:07:04.0250 3796 ComputerName: GODS
18:07:04.0250 3796 UserName: Memaw
18:07:04.0250 3796 Windows directory: C:\WINDOWS
18:07:04.0250 3796 System windows directory: C:\WINDOWS
18:07:04.0250 3796 Processor architecture: Intel x86
18:07:04.0250 3796 Number of processors: 1
18:07:04.0250 3796 Page size: 0x1000
18:07:04.0250 3796 Boot type: Normal boot
18:07:04.0250 3796 ============================================================
18:07:07.0015 3796 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:07:07.0031 3796 Drive \Device\Harddisk1\DR1 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:07:07.0062 3796 \Device\Harddisk0\DR0:
18:07:07.0062 3796 MBR used
18:07:07.0062 3796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950283F
18:07:07.0062 3796 \Device\Harddisk1\DR1:
18:07:07.0062 3796 MBR used
18:07:07.0062 3796 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950283F
18:07:07.0109 3796 Initialize success
18:07:07.0109 3796 ============================================================
18:07:11.0640 3980 ============================================================
18:07:11.0640 3980 Scan started
18:07:11.0640 3980 Mode: Manual;
18:07:11.0640 3980 ============================================================
18:07:11.0984 3980 Abiosdsk - ok
18:07:12.0109 3980 abp480n5 - ok
18:07:12.0203 3980 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
18:07:12.0218 3980 ac97intc - ok
18:07:12.0359 3980 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:07:12.0375 3980 ACPI - ok
18:07:12.0515 3980 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:07:12.0515 3980 ACPIEC - ok
18:07:12.0625 3980 adpu160m - ok
18:07:12.0734 3980 aeaudio - ok
18:07:12.0875 3980 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:07:12.0875 3980 aec - ok
18:07:13.0015 3980 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:07:13.0015 3980 AFD - ok
18:07:13.0125 3980 Aha154x - ok
18:07:13.0250 3980 aic78u2 - ok
18:07:13.0343 3980 aic78xx - ok
18:07:13.0484 3980 AliIde - ok
18:07:13.0593 3980 amsint - ok
18:07:13.0703 3980 asc - ok
18:07:13.0781 3980 asc3350p - ok
18:07:13.0906 3980 asc3550 - ok
18:07:14.0078 3980 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\aspi32.sys
18:07:14.0078 3980 Aspi32 - ok
18:07:14.0218 3980 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:07:14.0218 3980 AsyncMac - ok
18:07:14.0343 3980 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:07:14.0343 3980 atapi - ok
18:07:14.0437 3980 Atdisk - ok
18:07:14.0562 3980 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:07:14.0562 3980 Atmarpc - ok
18:07:14.0671 3980 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:07:14.0671 3980 audstub - ok
18:07:14.0781 3980 b57w2k (b9391a83f075351c923c3a37c53af396) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
18:07:14.0796 3980 b57w2k - ok
18:07:14.0937 3980 BCM44X2 (f13fe9a3648628b29306edb48a4e48d3) C:\WINDOWS\system32\DRIVERS\BCM4E5.SYS
18:07:14.0937 3980 BCM44X2 - ok
18:07:15.0031 3980 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
18:07:15.0031 3980 bcm4sbxp - ok
18:07:15.0171 3980 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:07:15.0171 3980 Beep - ok
18:07:15.0296 3980 catchme - ok
18:07:15.0437 3980 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:07:15.0437 3980 cbidf2k - ok
18:07:15.0531 3980 cd20xrnt - ok
18:07:15.0687 3980 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:07:15.0687 3980 Cdaudio - ok
18:07:15.0796 3980 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:07:15.0812 3980 Cdfs - ok
18:07:15.0937 3980 Cdr4vsd (9fc549cb9099f92f032df52f7a6092d4) C:\WINDOWS\system32\drivers\Cdr4vsd.sys
18:07:16.0000 3980 Cdr4vsd - ok
18:07:16.0125 3980 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:07:16.0125 3980 Cdrom - ok
18:07:16.0234 3980 Changer - ok
18:07:16.0375 3980 CmdIde - ok
18:07:16.0500 3980 Cpqarray - ok
18:07:16.0625 3980 cpuz132 - ok
18:07:16.0734 3980 dac2w2k - ok
18:07:16.0828 3980 dac960nt - ok
18:07:16.0968 3980 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:07:16.0968 3980 Disk - ok
18:07:17.0156 3980 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:07:17.0203 3980 dmboot - ok
18:07:17.0312 3980 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
18:07:17.0328 3980 dmio - ok
18:07:17.0468 3980 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:07:17.0468 3980 dmload - ok
18:07:17.0625 3980 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:07:17.0625 3980 DMusic - ok
18:07:17.0765 3980 dpti2o - ok
18:07:17.0859 3980 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:07:17.0859 3980 drmkaud - ok
18:07:18.0000 3980 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:07:18.0015 3980 E100B - ok
18:07:18.0140 3980 epmntdrv (57cc1bf06c159dfbb989f5783c0e6a50) C:\WINDOWS\system32\epmntdrv.sys
18:07:18.0140 3980 epmntdrv - ok
18:07:18.0250 3980 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) C:\WINDOWS\system32\EuGdiDrv.sys
18:07:18.0250 3980 EuGdiDrv - ok
18:07:18.0406 3980 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:07:18.0406 3980 Fastfat - ok
18:07:18.0531 3980 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:07:18.0531 3980 Fdc - ok
18:07:18.0687 3980 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:07:18.0687 3980 Fips - ok
18:07:18.0828 3980 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:07:18.0828 3980 Flpydisk - ok
18:07:18.0968 3980 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:07:18.0968 3980 FltMgr - ok
18:07:19.0109 3980 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:07:19.0109 3980 Fs_Rec - ok
18:07:19.0234 3980 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:07:19.0234 3980 Ftdisk - ok
18:07:19.0359 3980 fvvuqgu (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\anti.sys
18:07:19.0375 3980 fvvuqgu - ok
18:07:19.0468 3980 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:07:19.0468 3980 GEARAspiWDM - ok
18:07:19.0609 3980 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:07:19.0609 3980 Gpc - ok
18:07:19.0750 3980 hpn - ok
18:07:19.0906 3980 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:07:19.0921 3980 HTTP - ok
18:07:20.0031 3980 i2omgmt - ok
18:07:20.0125 3980 i2omp - ok
18:07:20.0203 3980 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:07:20.0218 3980 i8042prt - ok
18:07:20.0343 3980 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
18:07:20.0359 3980 i81x - ok
18:07:20.0484 3980 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
18:07:20.0484 3980 iAimFP0 - ok
18:07:20.0609 3980 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
18:07:20.0609 3980 iAimFP1 - ok
18:07:20.0734 3980 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
18:07:20.0734 3980 iAimFP2 - ok
18:07:20.0843 3980 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
18:07:20.0843 3980 iAimFP3 - ok
18:07:20.0968 3980 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
18:07:20.0968 3980 iAimFP4 - ok
18:07:21.0109 3980 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
18:07:21.0109 3980 iAimFP5 - ok
18:07:21.0203 3980 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
18:07:21.0203 3980 iAimFP6 - ok
18:07:21.0328 3980 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
18:07:21.0328 3980 iAimFP7 - ok
18:07:21.0453 3980 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
18:07:21.0453 3980 iAimTV0 - ok
18:07:21.0546 3980 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
18:07:21.0546 3980 iAimTV1 - ok
18:07:21.0671 3980 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
18:07:21.0671 3980 iAimTV3 - ok
18:07:21.0781 3980 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
18:07:21.0781 3980 iAimTV4 - ok
18:07:21.0906 3980 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
18:07:21.0906 3980 iAimTV5 - ok
18:07:22.0046 3980 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
18:07:22.0046 3980 iAimTV6 - ok
18:07:22.0234 3980 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:07:22.0281 3980 ialm - ok
18:07:22.0406 3980 IdeBusDr (791f0829de88dd0ca77192f0dfad03b6) C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys
18:07:22.0406 3980 IdeBusDr - ok
18:07:22.0531 3980 IdeChnDr (7d2b8be9e89628663c1fb571f7c34062) C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys
18:07:22.0546 3980 IdeChnDr - ok
18:07:22.0687 3980 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:07:22.0687 3980 Imapi - ok
18:07:22.0796 3980 ini910u - ok
18:07:22.0937 3980 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:07:22.0937 3980 IntelIde - ok
18:07:23.0078 3980 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:07:23.0093 3980 intelppm - ok
18:07:23.0234 3980 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:07:23.0234 3980 Ip6Fw - ok
18:07:23.0359 3980 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:07:23.0359 3980 IpFilterDriver - ok
18:07:23.0484 3980 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:07:23.0484 3980 IpInIp - ok
18:07:23.0625 3980 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:07:23.0625 3980 IpNat - ok
18:07:23.0765 3980 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:07:23.0765 3980 IPSec - ok
18:07:23.0906 3980 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:07:23.0906 3980 IRENUM - ok
18:07:24.0046 3980 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:07:24.0046 3980 isapnp - ok
18:07:24.0187 3980 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:07:24.0187 3980 Kbdclass - ok
18:07:24.0328 3980 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:07:24.0343 3980 kmixer - ok
18:07:24.0484 3980 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
18:07:24.0484 3980 KSecDD - ok
18:07:24.0609 3980 lbrtfdc - ok
18:07:24.0750 3980 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:07:24.0750 3980 mnmdd - ok
18:07:24.0890 3980 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:07:24.0890 3980 Modem - ok
18:07:25.0031 3980 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:07:25.0046 3980 Mouclass - ok
18:07:25.0187 3980 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:07:25.0187 3980 MountMgr - ok
18:07:25.0328 3980 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:07:25.0328 3980 MpFilter - ok
18:07:25.0468 3980 MpKslafec6ed6 (a69630d039c38018689190234f866d77) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B5351277-AF58-4980-BD0B-DEBC8B884A9E}\MpKslafec6ed6.sys
18:07:25.0484 3980 MpKslafec6ed6 - ok
18:07:25.0593 3980 mraid35x - ok
18:07:25.0687 3980 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:07:25.0703 3980 MRxDAV - ok
18:07:25.0875 3980 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:07:25.0937 3980 MRxSmb - ok
18:07:26.0093 3980 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:07:26.0093 3980 Msfs - ok
18:07:26.0218 3980 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:07:26.0218 3980 MSKSSRV - ok
18:07:26.0359 3980 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:07:26.0359 3980 MSPCLOCK - ok
18:07:26.0515 3980 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:07:26.0515 3980 MSPQM - ok
18:07:26.0671 3980 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:07:26.0671 3980 mssmbios - ok
18:07:26.0812 3980 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:07:26.0812 3980 Mup - ok
18:07:26.0968 3980 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:07:26.0968 3980 NDIS - ok
18:07:27.0109 3980 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:07:27.0109 3980 NdisTapi - ok
18:07:27.0265 3980 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:07:27.0265 3980 Ndisuio - ok
18:07:27.0406 3980 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:07:27.0406 3980 NdisWan - ok
18:07:27.0546 3980 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:07:27.0546 3980 NDProxy - ok
18:07:27.0703 3980 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:07:27.0703 3980 NetBIOS - ok
18:07:27.0843 3980 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:07:27.0859 3980 NetBT - ok
18:07:28.0015 3980 NetBurn (1bb84b06973b2b3b583f236bb7e0f28c) C:\WINDOWS\system32\DRIVERS\NetBurn.sys
18:07:28.0015 3980 NetBurn - ok
18:07:28.0187 3980 nnlqsujairip (34d44edd829476e085f5c22ac9dfe315) C:\WINDOWS\system32\drivers\nnlqsujairip.sys
18:07:28.0187 3980 nnlqsujairip - ok
18:07:28.0312 3980 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:07:28.0312 3980 Npfs - ok
18:07:28.0484 3980 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:07:28.0515 3980 Ntfs - ok
18:07:28.0671 3980 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:07:28.0671 3980 Null - ok
18:07:28.0828 3980 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:07:28.0828 3980 NwlnkFlt - ok
18:07:28.0984 3980 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:07:28.0984 3980 NwlnkFwd - ok
18:07:29.0140 3980 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
18:07:29.0140 3980 P3 - ok
18:07:29.0265 3980 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:07:29.0281 3980 Parport - ok
18:07:29.0406 3980 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:07:29.0406 3980 PartMgr - ok
18:07:29.0546 3980 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:07:29.0546 3980 ParVdm - ok
18:07:29.0687 3980 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:07:29.0703 3980 PCI - ok
18:07:29.0812 3980 PCIDump - ok
18:07:29.0921 3980 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:07:29.0921 3980 PCIIde - ok
18:07:30.0062 3980 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:07:30.0062 3980 Pcmcia - ok
18:07:30.0171 3980 PDCOMP - ok
18:07:30.0250 3980 PDFRAME - ok
18:07:30.0296 3980 PDRELI - ok
18:07:30.0359 3980 PDRFRAME - ok
18:07:30.0453 3980 perc2 - ok
18:07:30.0546 3980 perc2hib - ok
18:07:30.0718 3980 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:07:30.0718 3980 PptpMiniport - ok
18:07:30.0843 3980 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:07:30.0859 3980 PSched - ok
18:07:30.0984 3980 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:07:30.0984 3980 Ptilink - ok
18:07:31.0093 3980 ql1080 - ok
18:07:31.0187 3980 Ql10wnt - ok
18:07:31.0281 3980 ql12160 - ok
18:07:31.0390 3980 ql1240 - ok
18:07:31.0500 3980 ql1280 - ok
18:07:31.0609 3980 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:07:31.0609 3980 RasAcd - ok
18:07:31.0734 3980 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:07:31.0734 3980 Rasl2tp - ok
18:07:31.0859 3980 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:07:31.0859 3980 RasPppoe - ok
18:07:31.0968 3980 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:07:31.0968 3980 Raspti - ok
18:07:32.0093 3980 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:07:32.0109 3980 Rdbss - ok
18:07:32.0203 3980 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:07:32.0203 3980 RDPCDD - ok
18:07:32.0359 3980 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:07:32.0375 3980 rdpdr - ok
18:07:32.0531 3980 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:07:32.0531 3980 RDPWD - ok
18:07:32.0687 3980 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:07:32.0687 3980 redbook - ok
18:07:32.0859 3980 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
18:07:32.0875 3980 rspndr - ok
18:07:33.0015 3980 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:07:33.0015 3980 SASDIFSV - ok
18:07:33.0125 3980 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:07:33.0125 3980 SASKUTIL - ok
18:07:33.0281 3980 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:07:33.0281 3980 Secdrv - ok
18:07:33.0453 3980 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
18:07:33.0500 3980 senfilt - ok
18:07:33.0640 3980 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:07:33.0656 3980 serenum - ok
18:07:33.0796 3980 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:07:33.0796 3980 Serial - ok
18:07:34.0000 3980 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:07:34.0000 3980 Sfloppy - ok
18:07:34.0125 3980 Simbad - ok
18:07:34.0312 3980 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
18:07:34.0328 3980 smwdm - ok
18:07:34.0421 3980 Sparrow - ok
18:07:34.0500 3980 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:07:34.0515 3980 splitter - ok
18:07:34.0656 3980 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:07:34.0656 3980 sr - ok
18:07:34.0843 3980 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:07:34.0875 3980 Srv - ok
18:07:35.0015 3980 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
18:07:35.0015 3980 StillCam - ok
18:07:35.0156 3980 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:07:35.0156 3980 swenum - ok
18:07:35.0296 3980 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:07:35.0296 3980 swmidi - ok
18:07:35.0421 3980 symc810 - ok
18:07:35.0484 3980 symc8xx - ok
18:07:35.0531 3980 sym_hi - ok
18:07:35.0593 3980 sym_u3 - ok
18:07:35.0703 3980 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:07:35.0703 3980 sysaudio - ok
18:07:35.0859 3980 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:07:35.0875 3980 Tcpip - ok
18:07:36.0062 3980 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
18:07:36.0078 3980 Tcpip6 - ok
18:07:36.0203 3980 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:07:36.0203 3980 TDPIPE - ok
18:07:36.0343 3980 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:07:36.0343 3980 TDTCP - ok
18:07:36.0484 3980 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:07:36.0484 3980 TermDD - ok
18:07:36.0609 3980 TosIde - ok
18:07:36.0734 3980 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
18:07:36.0734 3980 tunmp - ok
18:07:36.0875 3980 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:07:36.0875 3980 Udfs - ok
18:07:37.0000 3980 UimBus (d0c236d113fbfe0b1b89b63afe472349) C:\WINDOWS\system32\DRIVERS\UimBus.sys
18:07:37.0000 3980 UimBus - ok
18:07:37.0109 3980 Uim_IM (8200dab350cfca0617db28440294e5b4) C:\WINDOWS\system32\Drivers\Uim_IM.sys
18:07:37.0125 3980 Uim_IM - ok
18:07:37.0218 3980 ultra - ok
18:07:37.0375 3980 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:07:37.0390 3980 Update - ok
18:07:37.0578 3980 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:07:37.0593 3980 usbccgp - ok
18:07:37.0734 3980 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:07:37.0734 3980 usbehci - ok
18:07:37.0859 3980 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:07:37.0859 3980 usbhub - ok
18:07:38.0000 3980 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:07:38.0000 3980 usbprint - ok
18:07:38.0140 3980 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:07:38.0140 3980 usbscan - ok
18:07:38.0281 3980 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:07:38.0281 3980 usbuhci - ok
18:07:38.0421 3980 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:07:38.0421 3980 VgaSave - ok
18:07:38.0531 3980 ViaIde - ok
18:07:38.0609 3980 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:07:38.0609 3980 VolSnap - ok
18:07:38.0750 3980 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:07:38.0765 3980 Wanarp - ok
18:07:38.0859 3980 WDICA - ok
18:07:39.0015 3980 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:07:39.0015 3980 wdmaud - ok
18:07:39.0250 3980 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:07:39.0250 3980 WS2IFSL - ok
18:07:39.0390 3980 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:07:39.0406 3980 WudfPf - ok
18:07:39.0468 3980 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:07:39.0609 3980 \Device\Harddisk0\DR0 - ok
18:07:39.0640 3980 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
18:07:39.0703 3980 \Device\Harddisk1\DR1 - ok
18:07:39.0718 3980 Boot (0x1200) (efd2a69c3028e6d14e119f2f8f7261c2) \Device\Harddisk0\DR0\Partition0
18:07:39.0718 3980 \Device\Harddisk0\DR0\Partition0 - ok
18:07:39.0734 3980 Boot (0x1200) (d92faae5de585e2686d2efc8b54f9333) \Device\Harddisk1\DR1\Partition0
18:07:39.0734 3980 \Device\Harddisk1\DR1\Partition0 - ok
18:07:39.0750 3980 ============================================================
18:07:39.0750 3980 Scan finished
18:07:39.0750 3980 ============================================================
18:07:39.0765 2812 Detected object count: 0
18:07:39.0765 2812 Actual detected object count: 0
18:07:48.0250 3476 Deinitialize success
.
((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2012-03-07 07:32 . 2012-03-07 07:32 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE2B09A0-C8CC-4A9E-8BBB-A07B1E13FC0C}\MpKsl631f221f.sys
2012-03-07 07:20 . 2012-02-08 04:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE2B09A0-C8CC-4A9E-8BBB-A07B1E13FC0C}\mpengine.dll
2012-03-07 07:19 . 2012-03-07 07:19 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-07 06:55 . 2012-03-07 06:56 -------- d-----w- C:\WINSSLog
2012-03-07 06:39 . 2012-03-07 06:39 -------- d-----w- c:\program files\Microsoft.NET
2012-03-07 06:25 . 2012-03-07 06:25 -------- d-----w- c:\windows\system32\DRM
2012-03-07 00:03 . 2012-03-07 00:03 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-03-05 03:34 . 2012-03-07 07:19 -------- d-----w- c:\windows\system32\CatRoot2
2012-03-05 02:53 . 2012-03-05 02:53 -------- d-----w- c:\windows\system32\kodak
2012-03-05 02:06 . 2012-03-05 02:06 -------- d-----w- c:\windows\system32\XPSViewer
2012-03-05 02:06 . 2012-03-05 02:06 -------- d-----w- c:\program files\MSBuild
2012-03-05 02:05 . 2012-03-05 02:05 -------- d-----w- c:\program files\Reference Assemblies
2012-03-05 01:29 . 2012-03-05 01:30 -------- d-----w- c:\windows\system32\URTTemp
2012-03-04 01:08 . 2012-03-04 01:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-03-04 00:17 . 2012-03-04 00:17 -------- d-----w- c:\documents and settings\Memaw\Application Data\SUPERAntiSpyware.com
2012-03-04 00:16 . 2012-03-04 00:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-04 00:16 . 2012-03-04 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-03 06:01 . 2012-03-03 06:01 -------- d-----w- c:\program files\7-Zip
2012-03-03 00:55 . 2012-03-03 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2012-03-02 12:46 . 2008-04-14 06:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-03-02 12:46 . 2008-04-14 06:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-03-01 19:46 . 2012-03-01 19:46 -------- d-----w- c:\documents and settings\Memaw\Application Data\OpenDNS Updater
2012-03-01 07:32 . 2012-03-01 07:32 -------- d-----w- c:\documents and settings\Memaw\Application Data\ElevatedDiagnostics
2012-03-01 02:17 . 2012-03-07 07:11 2036 ----a-w- C:\FixitRegBackup.reg
2012-03-01 02:07 . 2012-03-01 02:07 -------- d-----w- c:\documents and settings\Memaw\Local Settings\Application Data\PCHealth
2012-03-01 01:26 . 2012-03-01 01:26 -------- d-----w- c:\program files\MSXML 4.0
2012-03-01 01:17 . 2012-03-01 01:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-01 01:11 . 2012-03-01 01:11 -------- d-sh--w- c:\documents and settings\Memaw\IECompatCache
2012-03-01 01:11 . 2012-03-01 01:11 -------- d-sh--w- c:\documents and settings\Memaw\PrivacIE
2012-03-01 00:54 . 2012-03-01 00:54 -------- d-sh--w- c:\documents and settings\Memaw\IETldCache
2012-03-01 00:48 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-03-01 00:42 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-03-01 00:37 . 2012-03-01 00:44 -------- dc-h--w- c:\windows\ie8
2012-03-01 00:28 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-03-01 00:28 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-03-01 00:13 . 2011-12-17 19:46 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-03-01 00:13 . 2011-12-17 19:46 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-03-01 00:13 . 2011-12-17 19:46 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-03-01 00:06 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-29 23:17 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-29 23:17 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-29 23:17 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-29 23:12 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-02-29 23:02 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-29 22:50 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-02-29 22:26 . 2005-06-22 05:43 163840 ----a-w- c:\windows\system32\igfxres.dll
2012-02-29 21:10 . 2003-07-01 00:11 43136 ----a-r- c:\windows\system32\drivers\bcm4sbxp.sys
2012-02-29 21:10 . 2012-02-29 21:10 -------- d-----w- c:\program files\Broadcom
2012-02-29 21:10 . 2012-02-29 21:10 -------- d-----w- C:\dell
2012-02-29 20:47 . 2001-08-17 18:11 26568 -c--a-w- c:\windows\system32\dllcache\bcm4e5.sys
2012-02-29 20:47 . 2001-08-17 18:11 26568 ----a-w- c:\windows\system32\drivers\BCM4E5.SYS
2012-02-29 20:41 . 2001-08-17 18:11 96640 -c--a-w- c:\windows\system32\dllcache\b57xp32.sys
2012-02-29 20:41 . 2001-08-17 18:11 96640 ----a-w- c:\windows\system32\drivers\b57xp32.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 16:53 . 2004-08-04 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
1997-09-17 11:00 . 2009-05-21 19:09 98304 ----a-w- c:\program files\FFLUSH.EXE
1997-09-17 11:00 . 2009-05-21 19:09 96256 ----a-w- c:\program files\MUDDLE.EXE
1997-09-17 11:00 . 2009-05-21 19:09 957440 ----a-w- c:\program files\SetupENu.DLL
1997-09-17 11:00 . 2009-05-21 19:09 89600 ----a-w- c:\program files\Lineup.EXE
1997-09-17 11:00 . 2009-05-21 19:09 79360 ----a-w- c:\program files\Play.exe
1997-09-17 11:00 . 2009-05-21 19:09 296960 ----a-w- c:\program files\COLC.EXE
1997-09-17 11:00 . 2009-05-21 19:09 228352 ----a-w- c:\program files\UnInstal.exe
1997-09-17 11:00 . 2009-05-21 19:09 211456 ----a-w- c:\program files\MIXGEN.EXE
1997-09-17 11:00 . 2009-05-21 19:09 205312 ----a-w- c:\program files\CHARMER.EXE
1997-09-17 11:00 . 2009-05-21 19:09 196608 ----a-w- c:\program files\Fringer.exe
1997-09-17 11:00 . 2009-05-21 19:09 160256 ----a-w- c:\program files\JEWELCH.EXE
1997-09-17 11:00 . 2009-05-21 19:09 114176 ----a-w- c:\program files\RATPOKER.EXE
1997-09-17 11:00 . 2009-05-21 19:09 103424 ----a-w- c:\program files\SWEEKEND.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoWinKeys"= 01000000
"NoRecentDocsNetHood"= 01000000
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
backup=c:\windows\pss\Office Startup.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Memaw^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]
backup=c:\windows\pss\Greetings Workshop Reminders.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Memaw^Start Menu^Programs^Startup^Vongo Tray.lnk]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Memaw^Start Menu^Programs^Startup^wkcalrem.LNK]
backup=c:\windows\pss\wkcalrem.LNKStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2003-06-07 09:32 50688 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpenDNS Update]
2008-06-09 17:07 209408 ----a-w- c:\opendns updater\OpenDNS Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerMenu]
2002-12-20 16:17 57344 ----a-w- c:\program files\PowerMenu\PowerMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 04:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Vongo Service"=3 (0x3)
"Movielink Core Service"=3 (0x3)
"ImapiService"=2 (0x2)
"aspnet_state"=3 (0x3)
"RasMan"=3 (0x3)
"aawservice"=3 (0x3)
"iPod Service"=3 (0x3)
"ReflectService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\OpenDNS Updater\\OpenDNS Updater.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R1 MpKsl631f221f;MpKsl631f221f;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE2B09A0-C8CC-4A9E-8BBB-A07B1E13FC0C}\MpKsl631f221f.sys [3/7/2012 1:32 AM 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
R2 OpenDNS Updater.exe;OpenDNS Updater;c:\program files\OpenDNS Updater\OpenDNS Updater.exe --run --> c:\program files\OpenDNS Updater\OpenDNS Updater.exe --run [?]
S0 Cdr4vsd;Cdr4vsd;c:\windows\system32\drivers\CDR4VSD.SYS [11/16/2008 10:48 PM 60688]
S1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [12/13/2008 1:48 PM 84488]
S2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;c:\windows\system32\drivers\BCM4E5.SYS [2/29/2012 2:47 PM 26568]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [9/1/2009 7:43 PM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [9/1/2009 7:43 PM 3072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
*NewlyCreated* - MPKSL631F221F
*NewlyCreated* - MSMPSVC
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-07 c:\windows\Tasks\MpCmdRun.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 21:39]
.
2012-03-07 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 21:39]
.
2012-03-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.davidjeremiah.org/site/magazine.aspx?
Trusted Zone: doityourself.com\forum
Trusted Zone: microsoft.com\office
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\www.update
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5340F835-041A-4B9D-A584-FCDF968F76A8}: NameServer = 208.67.222.222,208.67.220.220
.
.
------- File Associations -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-07 01:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap]
@DACL=(02 0000)
@="bootstrap.xps.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\giffile\shell\Open\ddeexec]
@DACL=(02 0000)
@="\"file:%1\",,-1,,,,,"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="REMOVED"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(256)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-03-07 01:49:52
ComboFix-quarantined-files.txt 2012-03-07 07:49
.
Pre-Run: 62,700,122,112 bytes free
Post-Run: 62,996,066,304 bytes free
.
- - End Of File - - 70F44FDECB64F57ABE22B8A9F0323CF2
And I'm not sure about OTL. I will run it again if you want.
Hope that helps
Sincerely Brian W.
bpw1111
Active Member
 
Posts: 6
Joined: March 9th, 2012, 9:48 pm

Re: Microsoft Security Essentials sais: restrict privilages

Unread postby deltalima » March 12th, 2012, 6:32 pm

Hi bpw1111,

Security essentials, mpcmdrun.log sais "-genuine check -restrict privilages".


Does the account you use have administrator rights on the computer?

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

run OTL
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Microsoft Security Essentials sais: restrict privilages

Unread postby bpw1111 » March 13th, 2012, 6:29 pm

HI deltalima: my account is an administrator account. Here is the CK Scanner result:
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.DWNATM
----- EOF -----
Here is the MGA Diag results:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-DX2DP-HMX8W-GQ82B
Windows Product Key Hash: 68vgANjLZ/oVC3WGhM/O7SnGUAw=
Windows Product ID: 76487-OEM-2258675-94892
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {2FF68496-1C71-40D2-9E43-C8A17E2F1AC2}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 101 Not Activated
Microsoft Word 2002 - 101 Not Activated
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-230-1_3E121E02-385-80004005_3E121E02-452-80004005_3E121E02-312-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{2FF68496-1C71-40D2-9E43-C8A17E2F1AC2}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-GQ82B</PKey><PID>76487-OEM-2258675-94892</PID><PIDType>3</PIDType><SID>S-1-5-21-682003330-2049760794-2146849767</SID><SYSTEM><Manufacturer>Dell Computer Corporation</Manufacturer><Model>Dimension 2400 </Model></SYSTEM><BIOS><Manufacturer>Dell Computer Corporation</Manufacturer><Version>A05</Version><SMBIOSVersion major="2" minor="3"/><Date>20031202000000.000000+000</Date></BIOS><HWID>2595389FE184C056</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>101</Result><Products><Product GUID="{911B0409-6000-11D3-8CFE-0050048383C9}"><LegitResult>101</LegitResult><Name>Microsoft Word 2002</Name><Ver>10</Ver><Val>6FFC683EFC69CC8</Val><Hash>Fx4ObSVLY3FcY5JOmbLJC4v3Ztw=</Hash><Pid>54189-OEM-1693763-43620</Pid><PidType>4</PidType></Product></Products><Applications><App Id="1B" Version="10" Result="101"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1B285:Dell Inc|1B285:Microsoft Corporation
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

Here is the OTL results:
OTL logfile created on: 3/13/2012 5:16:20 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\Memaw\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

503.00 Mb Total Physical Memory | 93.04 Mb Available Physical Memory | 18.50% Memory free
1.20 Gb Paging File | 0.82 Gb Available in Paging File | 68.38% Paging File free
Paging file location(s): D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 55.92 Gb Free Space | 75.05% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 73.64 Gb Free Space | 98.84% Space Free | Partition Type: NTFS

Computer Name: GODS | User Name: Memaw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Memaw\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Memaw\Desktop\CKScanner.exe ()
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
PRC - C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe (OpenDNS)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\Program Files\PowerMenu\PowerMenu.exe (Thong Nguyen)
PRC - C:\WINDOWS\StartupMonitor.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Memaw\Desktop\CKScanner.exe ()
MOD - C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
MOD - C:\WINDOWS\StartupMonitor.exe ()


========== Win32 Services (SafeList) ==========

SRV - (WMPNetworkSvc) -- File not found
SRV - (WinDefend) -- File not found
SRV - (Nero BackItUp Scheduler 4.0) -- File not found
SRV - (HidServ) -- File not found
SRV - (aswUpdSv) -- File not found
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (OpenDNS Updater.exe) -- C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe (OpenDNS)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (cpuz132) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- File not found
DRV - (aeaudio) -- File not found
DRV - (MpKsl5e2d80e5) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{84E5B935-94F0-40AB-9362-912A80762C3C}\MpKsl5e2d80e5.sys (Microsoft Corporation)
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (A2DDA) -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (NetBurn) -- C:\WINDOWS\system32\drivers\NetBurn.sys (Rocket Division Software)
DRV - (Uim_IM) -- C:\WINDOWS\system32\drivers\Uim_IM.sys (Paragon)
DRV - (UimBus) -- C:\WINDOWS\system32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wvchntxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wsiintxx.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\watv04nt.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\watv01nt.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wch7xxnt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\watv02nt.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wadv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wadv02nt.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wadv05nt.sys (Intel(R) Corporation)
DRV - (nnlqsujairip) -- C:\WINDOWS\system32\drivers\nnlqsujairip.sys ()
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\watv10nt.sys (Intel(R) Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\watv06nt.sys (Intel(R) Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wadv09nt.sys (Intel(R) Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wadv07nt.sys (Intel(R) Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wadv08nt.sys (Intel(R) Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (IdeChnDr) Intel(R) -- C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys (Intel Corporation)
DRV - (IdeBusDr) -- C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (BCM44X2) -- C:\WINDOWS\system32\drivers\BCM4E5.SYS (Broadcom Corporation)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)
DRV - (Cdr4vsd) -- C:\WINDOWS\System32\drivers\CDR4VSD.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-682003330-2049760794-2146849767-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-21-682003330-2049760794-2146849767-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-682003330-2049760794-2146849767-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-682003330-2049760794-2146849767-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Documents and Settings\Memaw\My Documents\My Videos\Veoh\AppBackup\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1: File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/07/22 23:17:47 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/03/09 19:44:20 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-682003330-2049760794-2146849767-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PowerMenu] C:\Program Files\PowerMenu\PowerMenu.exe (Thong Nguyen)
O4 - HKLM..\Run: [Run StartupMonitor] C:\WINDOWS\StartupMonitor.exe ()
O4 - HKU\S-1-5-21-682003330-2049760794-2146849767-1003..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-682003330-2049760794-2146849767-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-2049760794-2146849767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-682003330-2049760794-2146849767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-682003330-2049760794-2146849767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKU\S-1-5-21-682003330-2049760794-2146849767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-682003330-2049760794-2146849767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-682003330-2049760794-2146849767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-682003330-2049760794-2146849767-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O15 - HKU\S-1-5-21-682003330-2049760794-2146849767-1003\..Trusted Domains: doityourself.com ([forum] http in Trusted sites)
O15 - HKU\S-1-5-21-682003330-2049760794-2146849767-1003\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKU\S-1-5-21-682003330-2049760794-2146849767-1003\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKU\S-1-5-21-682003330-2049760794-2146849767-1003\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O15 - HKU\S-1-5-21-682003330-2049760794-2146849767-1003\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5340F835-041A-4B9D-A584-FCDF968F76A8}: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5340F835-041A-4B9D-A584-FCDF968F76A8}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0DCA3BC-E6F0-41AC-97CF-47BCC1AA4E5B}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\willowrd.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\willowrd.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/21 23:32:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/13 17:14:03 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Memaw\Desktop\OTL.exe
[2012/03/13 16:30:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Memaw\Recent
[2012/03/10 20:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/10 20:09:19 | 009,301,888 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Memaw\My Documents\mseinstall-x86fre-en-us.exe
[2012/03/10 18:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware
[2012/03/10 18:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012/03/10 18:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Memaw\My Documents\Anti-Malware
[2012/03/09 22:48:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Memaw\Local Settings\Application Data\FixItCenter
[2012/03/09 22:41:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2012/03/09 22:41:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2012/03/09 21:09:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Memaw\Desktop\dds.scr
[2012/03/08 23:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/08 23:55:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/08 23:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/08 15:01:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/03/08 14:58:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/03/07 18:25:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/07 16:10:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution.old
[2012/03/07 11:28:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Memaw\Application Data\Office Genuine Advantage
[2012/03/07 02:49:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/03/07 02:33:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/07 02:33:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/07 02:33:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/07 02:33:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/07 02:32:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/07 01:55:40 | 000,000,000 | ---D | C] -- C:\WINSSLog
[2012/03/07 01:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/03/07 01:25:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRM
[2012/03/06 18:25:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/03/04 22:34:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2.old
[2012/03/04 21:53:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kodak
[2012/03/04 21:06:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/03/04 21:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/03/04 21:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/03/04 20:29:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2012/03/03 20:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/03/03 19:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Memaw\Application Data\SUPERAntiSpyware.com
[2012/03/03 19:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/03/03 19:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/03 19:16:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/03/03 01:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2012/03/03 01:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/03/02 19:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2012/03/02 07:46:26 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2012/03/01 14:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Memaw\Application Data\OpenDNS Updater
[2012/03/01 02:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Memaw\Application Data\ElevatedDiagnostics
[2012/03/01 02:32:27 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2012/02/29 23:44:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/29 23:42:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/29 23:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012/02/29 23:42:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Memaw\PrintHood
[2012/02/29 23:06:44 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Memaw\Desktop\TFC.exe
[2012/02/29 21:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Memaw\Local Settings\Application Data\PCHealth
[2012/02/29 20:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/02/29 20:22:20 | 000,326,976 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Memaw\Desktop\aswclear.exe
[2012/02/29 20:17:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/29 20:11:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Memaw\IECompatCache
[2012/02/29 20:11:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Memaw\PrivacIE
[2012/02/29 19:54:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Memaw\IETldCache
[2012/02/29 19:48:32 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2012/02/29 19:47:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/02/29 19:37:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/02/29 19:28:33 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/02/29 19:28:23 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/02/29 19:13:39 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/02/29 18:17:36 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/02/29 18:12:38 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012/02/29 18:02:51 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/02/29 17:50:24 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/02/29 17:50:23 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/02/29 17:39:52 | 000,991,232 | ---- | C] (Sensaura) -- C:\WINDOWS\System32\virtear.dll
[2012/02/29 17:39:52 | 000,065,536 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\Audio3d.dll
[2012/02/29 17:39:52 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2012/02/29 17:39:52 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2012/02/29 17:39:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\VirtualEar
[2012/02/29 17:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2012/02/29 17:39:00 | 000,765,952 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System\crlds3d.dll
[2012/02/29 17:39:00 | 000,732,928 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\senfilt.sys
[2012/02/29 17:39:00 | 000,311,296 | ---- | C] (Analog Devices Incorporated) -- C:\WINDOWS\System32\Edcrypt.dll
[2012/02/29 17:39:00 | 000,023,040 | ---- | C] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\System32\PostProc.dll
[2012/02/29 17:26:34 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2012/02/29 17:25:33 | 001,245,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2012/02/29 17:25:33 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2012/02/29 17:25:33 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2012/02/29 17:25:33 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2012/02/29 17:25:33 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2012/02/29 17:25:33 | 000,167,936 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2012/02/29 17:25:33 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2012/02/29 17:25:33 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2012/02/29 17:25:33 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2012/02/29 17:25:33 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2012/02/29 17:25:33 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2012/02/29 17:25:33 | 000,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
[2012/02/29 17:25:32 | 002,289,664 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmgicd.dll
[2012/02/29 17:25:32 | 000,879,228 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdd5.dll
[2012/02/29 17:25:32 | 000,516,096 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmgdev.dll
[2012/02/29 17:25:32 | 000,178,844 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdev5.dll
[2012/02/29 17:25:32 | 000,108,157 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdnt5.dll
[2012/02/29 17:25:32 | 000,061,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4342.dll
[2012/02/29 17:25:32 | 000,049,152 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrem.dll
[2012/02/29 17:25:32 | 000,038,016 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrnt5.dll
[2012/02/29 17:25:32 | 000,036,864 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2012/02/29 17:25:32 | 000,000,000 | ---D | C] -- C:\Drivers
[2012/02/29 17:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Memaw\My Documents\Downloads
[2012/02/29 16:10:51 | 000,043,136 | R--- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys
[2012/02/29 16:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2012/02/29 16:10:25 | 000,000,000 | ---D | C] -- C:\dell
[2012/02/29 15:47:36 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\BCM4E5.SYS
[2012/02/29 15:47:36 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2012/02/29 15:41:31 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\b57xp32.sys
[2012/02/29 15:41:31 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys

========== Files - Modified Within 30 Days ==========

[2012/03/13 17:14:17 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Memaw\Desktop\OTL.exe
[2012/03/13 17:02:54 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/13 16:56:42 | 000,458,240 | ---- | M] () -- C:\Documents and Settings\Memaw\Desktop\CKScanner.exe
[2012/03/13 16:30:38 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012/03/13 16:23:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/13 16:22:21 | 000,000,345 | RHS- | M] () -- C:\boot.ini
[2012/03/12 21:56:01 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\Memaw\Desktop\Launch StudyDog Level 1.lnk
[2012/03/11 23:36:41 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/03/11 23:29:42 | 000,484,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/11 23:29:42 | 000,082,062 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/11 22:19:22 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\MpCmdRun.job
[2012/03/10 20:09:22 | 009,301,888 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Memaw\My Documents\mseinstall-x86fre-en-us.exe
[2012/03/10 20:02:04 | 000,002,334 | ---- | M] () -- C:\FixitRegBackup.reg
[2012/03/10 18:16:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Memaw\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/03/10 18:16:51 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2012/03/10 16:34:02 | 000,326,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/09 22:41:16 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/03/09 21:43:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Memaw\Desktop\settings.dat
[2012/03/09 21:42:57 | 000,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Memaw\Desktop\RootRepeal.exe
[2012/03/09 21:10:09 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Memaw\Desktop\dds.scr
[2012/03/09 19:44:23 | 000,002,810 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2012/03/09 19:44:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/09 18:33:29 | 000,787,510 | ---- | M] () -- C:\WINDOWS\willowrd.bmp
[2012/03/08 23:55:53 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Memaw\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/03/08 15:00:26 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/03/08 15:00:26 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/03/06 19:53:51 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/05 18:16:28 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.old
[2012/03/05 05:08:43 | 000,002,535 | ---- | M] () -- C:\Documents and Settings\Memaw\Desktop\Launch StudyDog Level 3.lnk
[2012/03/03 19:16:32 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/01 02:21:59 | 000,000,446 | ---- | M] () -- C:\Documents and Settings\Memaw\Desktop\chromehtml.reg
[2012/03/01 02:18:58 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Memaw\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/29 23:06:54 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Memaw\Desktop\TFC.exe
[2012/02/29 20:22:23 | 000,326,976 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Memaw\Desktop\aswclear.exe
[2012/02/29 18:40:55 | 000,000,229 | ---- | M] () -- C:\Boot.bak
[2012/02/29 17:13:02 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak

========== Files Created - No Company Name ==========

[2012/03/13 16:56:36 | 000,458,240 | ---- | C] () -- C:\Documents and Settings\Memaw\Desktop\CKScanner.exe
[2012/03/10 20:10:10 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/10 18:16:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Memaw\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/03/10 18:16:51 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2012/03/09 22:41:16 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk
[2012/03/09 22:41:16 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/03/09 21:43:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Memaw\Desktop\settings.dat
[2012/03/09 21:42:41 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Memaw\Desktop\RootRepeal.exe
[2012/03/08 23:55:53 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Memaw\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/03/08 23:31:35 | 000,002,810 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2012/03/07 02:33:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/07 02:33:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/07 02:33:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/07 02:33:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/07 02:33:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/03 19:16:32 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/02 19:09:12 | 000,000,422 | ---- | C] () -- C:\WINDOWS\tasks\MpCmdRun.job
[2012/03/01 14:47:00 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\Memaw\Start Menu\Programs\OpenDNS Updater.lnk
[2012/03/01 02:21:55 | 000,000,446 | ---- | C] () -- C:\Documents and Settings\Memaw\Desktop\chromehtml.reg
[2012/02/29 23:44:20 | 000,000,229 | ---- | C] () -- C:\Boot.bak
[2012/02/29 23:44:18 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/29 21:17:46 | 000,002,334 | ---- | C] () -- C:\FixitRegBackup.reg
[2012/02/29 18:17:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/29 18:17:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/29 17:27:24 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/02/29 17:25:33 | 000,066,013 | ---- | C] () -- C:\WINDOWS\System32\igfxhkor.lhp
[2012/02/29 17:25:33 | 000,062,836 | ---- | C] () -- C:\WINDOWS\System32\igfxhtha.lhp
[2012/02/29 17:25:33 | 000,061,839 | ---- | C] () -- C:\WINDOWS\System32\igfxhptb.lhp
[2012/02/29 17:25:32 | 000,062,578 | ---- | C] () -- C:\WINDOWS\System32\igfxhjpn.lhp
[2012/02/29 17:25:32 | 000,062,454 | ---- | C] () -- C:\WINDOWS\System32\igfxhfra.lhp
[2012/02/29 17:25:32 | 000,062,339 | ---- | C] () -- C:\WINDOWS\System32\igfxhdeu.lhp
[2012/02/29 17:25:32 | 000,060,786 | ---- | C] () -- C:\WINDOWS\System32\igfxhesp.lhp
[2012/02/29 17:25:32 | 000,059,687 | ---- | C] () -- C:\WINDOWS\System32\igfxhita.lhp
[2012/02/29 17:25:32 | 000,059,354 | ---- | C] () -- C:\WINDOWS\System32\igfxhcht.lhp
[2012/02/29 17:25:32 | 000,058,430 | ---- | C] () -- C:\WINDOWS\System32\igfxhchs.lhp

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\yv12vfw.dll:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\x.264.exe:SummaryInformation

< End of report >
here is the extras result:
OTL Extras logfile created on: 3/13/2012 5:16:20 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\Memaw\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

503.00 Mb Total Physical Memory | 93.04 Mb Available Physical Memory | 18.50% Memory free
1.20 Gb Paging File | 0.82 Gb Available in Paging File | 68.38% Paging File free
Paging file location(s): D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 55.92 Gb Free Space | 75.05% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 73.64 Gb Free Space | 98.84% Space Free | Partition Type: NTFS

Computer Name: GODS | User Name: Memaw | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [opennew] -- explorer.exe /e, %1 (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe" = C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe:*:Enabled:OpenDNS Updater for Windows -- (OpenDNS)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20DEB77C-21D6-4D22-BB47-233E47613D57}" = Microsoft Games for Windows - LIVE Redistributable
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2FBF04DC-404C-4FA4-BA28-99903080D2B9}" = Magnifier Powertoy for Windows XP
"{330A9A13-25F2-4E5F-8CE5-9D1AED7CA342}" = Microsoft Security Client
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{42D2F5FF-E065-4F06-B507-F3C678342128}" = StudyDog Level 3
"{439800C9-FD42-4EA3-94D2-063DF0926873}" = Match-Up!
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58FCA730-74A6-49C0-95A7-696D78E689A3}" = e+ 48U
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{924CCB82-8E0A-4123-B33B-AFDDCF0AFC8F}" = Microsoft Carioca Rummy
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3C993D-B303-42B1-B0E2-AF0A6314091E}" = StudyDog Level 2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2008-09-09
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}" = Slideshow Generator Powertoy for Windows XP
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE378F36-E404-4244-A33F-F50A2A6D31BD}" = Microsoft Color Control Panel Applet for Windows XP
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{EB7FEAB4-4E28-4A17-B49F-AE83772B5654}" = StudyDog Level 1
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alley 19 Bowling" = Alley 19 Bowling (Requires CD)
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"Cam2Scan" = Cam to Scan
"CCleaner" = CCleaner (remove only)
"Defraggler" = Defraggler (remove only)
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"mb69demo" = Math Blaster Ages 6-9 Demo
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"PDFZilla_is1" = PDFZilla V1.2
"PROSet" = Intel(R) Network Connections Drivers
"QuickTime32" = QuickTime for Windows (32-bit)
"rb2000" = Reading Blaster Ages 6-9
"RealPlayer 6.0" = RealPlayer
"Registry First Aid_is1" = Registry First Aid
"Ripley's Believe It or Not!" = Ripley's Believe It or Not!
"RoyaleTheme" = XP Royale Theme
"UnIQ46.exe" = Children's IQ 4-6
"UWCC32.exe" = Ultimate Writing & Creativity Center
"Willowrd.exe" = Willow Road Screen Art
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"WrBlDemo" = Writing Blaster Demo
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/9/2012 11:45:54 AM | Computer Name = GODS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 3/9/2012 11:45:56 AM | Computer Name = GODS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 3/9/2012 11:45:56 AM | Computer Name = GODS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 3/9/2012 11:45:57 AM | Computer Name = GODS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 3/9/2012 11:45:57 AM | Computer Name = GODS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 3/9/2012 11:45:59 AM | Computer Name = GODS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 3/9/2012 11:45:59 AM | Computer Name = GODS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 3/10/2012 9:10:05 PM | Computer Name = GODS | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1111.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 3/11/2012 5:27:25 PM | Computer Name = GODS | Source = Application Error | ID = 1000
Description = Faulting application a2start.exe, version 6.0.0.57, faulting module
unknown, version 0.0.0.0, fault address 0x0165d645.

Error - 3/11/2012 5:53:04 PM | Computer Name = GODS | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070670, P2 patchapplication, P3 am bdd,
P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.0.1111.0, P7 microsoft security essentials,
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 3/7/2012 8:50:14 PM | Computer Name = GODS | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 3/7/2012 8:50:14 PM | Computer Name = GODS | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 3/7/2012 8:51:31 PM | Computer Name = GODS | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 3/7/2012 8:51:31 PM | Computer Name = GODS | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 3/7/2012 8:53:32 PM | Computer Name = GODS | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 3/7/2012 8:53:32 PM | Computer Name = GODS | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 3/7/2012 8:54:13 PM | Computer Name = GODS | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 3/7/2012 8:54:13 PM | Computer Name = GODS | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 3/7/2012 8:55:56 PM | Computer Name = GODS | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 3/7/2012 8:55:56 PM | Computer Name = GODS | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >
Thanks in advance
Sincerely, Brian W.
bpw1111
Active Member
 
Posts: 6
Joined: March 9th, 2012, 9:48 pm

Re: Microsoft Security Essentials sais: restrict privilages

Unread postby deltalima » March 13th, 2012, 7:00 pm

Hi bpw1111,

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Microsoft Security Essentials sais: restrict privilages

Unread postby bpw1111 » March 13th, 2012, 10:20 pm

Here is the eset scanner log.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c2ced4af452bca4a8801d6448fff867f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-14 02:11:48
# local_time=2012-03-13 09:11:48 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5893 16776550 66 7 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=61908
# found=4
# cleaned=0
# scan_time=6103
C:\Downloads\Nero-9.4.12.3_free.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CC288E8E-82F2-43E7-BE5B-FAFCABF6C4B2}\RP218\A0026640.exe Win32/Shutdown.NAA application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CC288E8E-82F2-43E7-BE5B-FAFCABF6C4B2}\RP218\A0026641.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{CC288E8E-82F2-43E7-BE5B-FAFCABF6C4B2}\RP218\A0026642.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
Thanks in advance
Sincerely;Brian W.
bpw1111
Active Member
 
Posts: 6
Joined: March 9th, 2012, 9:48 pm

Re: Microsoft Security Essentials sais: restrict privilages

Unread postby deltalima » March 14th, 2012, 4:32 am

Hi bpw1111,

Security essentials, mpcmdrun.log sais "-genuine check -restrict privilages".


Does this message appear in an on screen warning / error message or just as a line in a log file?

Are there any other signs of symptoms of malware infection on the computer?

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.1.1).
  • Note: remember to Uncheck Free McAfee® Security Scan Plus (optional)


Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    :otl
    O3 - HKLM\..\Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - No CLSID value found.
    :files
    C:\Downloads\Nero-9.4.12.3_free.exe
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [RESETHOSTS]
    [CLEARALLRESTOREPOINTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Microsoft Security Essentials sais: restrict privilages

Unread postby bpw1111 » March 14th, 2012, 4:56 pm

Hello deltalima: It is in the mpcmdrun log file, and Security Essntials will not update automatically, other than that things are fine. here is the otl result:
All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0943516-5076-4020-A3B5-AEFAF26AB263} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0943516-5076-4020-A3B5-AEFAF26AB263}\ not found.
========== FILES ==========
C:\Downloads\Nero-9.4.12.3_free.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: Memaw
->Temp folder emptied: 34111936 bytes
->Temporary Internet Files folder emptied: 33643593 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1830 bytes

User: NetworkService
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 252237 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 65.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: Memaw
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: Memaw
->Java cache emptied: 0 bytes

User: NetworkService

Total Java Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.36.3 log created on 03142012_154322

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Memaw\Local Settings\Temp\~DF5572.tmp not found!
File\Folder C:\Documents and Settings\Memaw\Local Settings\Temp\~DF557E.tmp not found!
File\Folder C:\Documents and Settings\Memaw\Local Settings\Temp\~DF55D8.tmp not found!
File\Folder C:\Documents and Settings\Memaw\Local Settings\Temp\~DF55E4.tmp not found!
File\Folder C:\Documents and Settings\Memaw\Local Settings\Temp\~DF5611.tmp not found!
File\Folder C:\Documents and Settings\Memaw\Local Settings\Temp\~DF561D.tmp not found!
C:\Documents and Settings\Memaw\Local Settings\Temporary Internet Files\Content.IE5\V9HWZS59\mail[2].htm moved successfully.
C:\Documents and Settings\Memaw\Local Settings\Temporary Internet Files\Content.IE5\V9HWZS59\sh74[1].html moved successfully.
C:\Documents and Settings\Memaw\Local Settings\Temporary Internet Files\Content.IE5\PUBWRDMZ\viewtopic[2].htm moved successfully.
C:\Documents and Settings\Memaw\Local Settings\Temporary Internet Files\Content.IE5\LGVI1UBG\magazine[1].htm moved successfully.
C:\Documents and Settings\Memaw\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
Thanks in advance
Sincerely;Brian W.
bpw1111
Active Member
 
Posts: 6
Joined: March 9th, 2012, 9:48 pm

Re: Microsoft Security Essentials sais: restrict privilages

Unread postby deltalima » March 14th, 2012, 5:25 pm

Hi bpw1111,

After a thorough check I have concluded that your system shows no evidence of active malware and the issue

Security Essntials will not update automatically


is not caused by malware.

Please follow these steps in order to remove the tools that are no longer required.

Uninstall ComboFix

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Microsoft Security Essentials sais: restrict privilages

Unread postby bpw1111 » March 14th, 2012, 7:20 pm

Hi deltalima:Thanks for you efforts.
Brian W.
bpw1111
Active Member
 
Posts: 6
Joined: March 9th, 2012, 9:48 pm

Re: Microsoft Security Essentials sais: restrict privilages

Unread postby deltalima » March 15th, 2012, 3:50 am

As your problems do not appear to be malware related, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware