Jump to content

Infected With Virus -Need Help


Recommended Posts

Hello,

I have run the dds.scr and attaching the zip file which contains log files.

Here are the issues im facing with my system.

1) I ran McAfee & Combofix and both reported that im infected with Rootkit.ZeroAccess

2) SVCHost.exe comsumes lot of memory upto 1194287K

3) When i search anything in google and open any link from search results, it redirects to unknown sites.

Thanks

Vin

Link to post
Share on other sites

Thanks MrCharlie!!. Below are the contents of the log.

DDS Log: -

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26

Run by Administrator at 20:07:15 on 2012-02-15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2036.700 [GMT -5:00]

.

AV: McAfee® Security-as-a-Service Anti-virus *Disabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C}

FW: McAfee® Security-as-a-Service firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\idt\dellxpm09b_6124v037\wdm\stacsv.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\PROGRA~1\mcafee\SITEAD~2\mcsacore.exe

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\AESTFltr.exe

C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe

C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\WINDOWS\VM303_STI.EXE

C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\salesforce.com\Chatter Desktop\Chatter Desktop.exe

C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local;<local>

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~2\mcieplg.dll

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110913093132.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~2\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~2\mcieplg.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

uRun: [Octoshape Streaming Services] "c:\documents and settings\administrator\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe"

mRun: [intelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray

mRun: [sonicWALLNetExtender] c:\program files\sonicwall\ssl-vpn\netextender\NEGui.exe -hideGUI

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [bigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized

dRun: [dplaysvr] %APPDATA%\dplaysvr.exe

StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\chatte~1.lnk - c:\program files\salesforce.com\chatter desktop\Chatter Desktop.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: nuance.com

Trusted Zone: nuance.com\bn-orclqaapp01

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/62.14/uploader2.cab

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.a123systems.com/CACHE/stc/1/binaries/vpnweb.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1276700372265

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://fw.acmepacket.com:4433/NELX.cab

DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} - hxxps://www.member-data.com/rdc/EZTwainX.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://fwmia.mastec.com/CSHELL/extender.cab

DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} - hxxp://devapp.a123systems.com:8004/jinitiator/oajinit.exe

DPF: {CAFEEFAC-0011-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.1.0/jinstall-1_1_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://member.tvnsports.com/vjocx-en.cab

DPF: {DD60442B-829E-4476-8B1B-AD13A5094AB7} - hxxps://bn-orclqaapp01.nuance.com:4001/OA_HTML/CRM/Download/RASWebControl.CAB

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27L/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E34F52FE-7769-46CE-8F8B-5E8ABAD2E9FC} - hxxps://vpn.a123systems.com/CACHE/sdesktop/install/binaries/instweb.cab

TCP: Interfaces\{84DA661C-FA0B-4814-8381-EE195D97DA1B} : DhcpNameServer = 216.41.101.15 204.17.65.2 198.6.100.25

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~2\McIEPlg.dll

Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~2\McIEPlg.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-19 461864]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-19 89624]

R2 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2009-4-2 353672]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-8-30 47640]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~2\mcsacore.exe [2011-1-18 88176]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-6-4 166024]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-6-4 160344]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-4 148520]

R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2011-6-4 291064]

R2 RumorServer;McAfee Peer Distribution Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2011-6-4 291064]

R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2011-5-23 465872]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-5-13 112128]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2010-5-13 244368]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-19 180008]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-19 59288]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-19 338040]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-19 83688]

R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\drivers\NxDrv.sys [2009-10-21 22600]

R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2009-4-2 129304]

S0 cerc6;cerc6; [x]

S0 mafesd;mafesd;c:\windows\system32\drivers\thikq.sys --> c:\windows\system32\drivers\thikq.sys [?]

S2 BMFMySQL;BMFMySQL;"c:\program files\quest software\benchmark factory for databases\repository\mysql\bin\mysqld-max-nt.exe" --defaults-file="c:\program files\quest software\benchmark factory for databases\repository\mysql\my.ini" bmfmysql --> c:\program files\quest software\benchmark factory for databases\repository\mysql\bin\mysqld-max-nt.exe [?]

S2 EngineServer;EngineServer;"c:\program files\mcafee\managed virusscan\vscan\engineserver.exe" --> c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [?]

S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]

S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;"c:\program files\mcafee\siteadvisor enterprise\mcsacore.exe" --> c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [?]

S2 OracleFormsServer-Forms60Server;Oracle Forms Server [Forms60Server];c:\oracle\bitoolshome_1\bin\ifsrv60.exe -start_service --> c:\oracle\bitoolshome_1\bin\ifsrv60.exe -start_service [?]

S2 OracleReportServer-Rep60_VINODK-BIToolsHome6;Oracle Reports Server [Rep60_VINODK-BIToolsHome6];c:\oracle\bitoolshome_6\bin\rwmts60.exe --> c:\oracle\bitoolshome_6\bin\rwmts60.exe [?]

S2 OracleReportServer-Rep60_VINODK;Oracle Reports Server [Rep60_VINODK];c:\oracle\bitoolshome_1\bin\rwmts60.exe --> c:\oracle\bitoolshome_1\bin\rwmts60.exe [?]

S3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [2011-10-13 36624]

S3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [2011-10-13 46480]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-19 83688]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-19 87808]

S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-5-13 34248]

S3 OracleBIToolsHome_1ClientCache;OracleBIToolsHome_1ClientCache;c:\new oracle\bitoolshome_1\bin\ONRSD.EXE [2000-1-25 408568]

S3 OracleBIToolsHome2ClientCache;OracleBIToolsHome2ClientCache;c:\oracle\bitoolshome_2\bin\onrsd.exe --> c:\oracle\bitoolshome_2\bin\ONRSD.EXE [?]

S3 OracleBIToolsHome2ClientCache80;OracleBIToolsHome2ClientCache80;c:\oracle\bitoolshome_2\bin\onrsd80.exe --> c:\oracle\bitoolshome_2\bin\ONRSD80.EXE [?]

S3 OracleBIToolsHome6ClientCache80;OracleBIToolsHome6ClientCache80;c:\oracle\bitoolshome_6\bin\onrsd80.exe --> c:\oracle\bitoolshome_6\bin\ONRSD80.EXE [?]

S3 OracleClientCache80;OracleClientCache80;c:\oracle\product\10.2.0\bin\ONRSD80.EXE [2011-3-21 101136]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2012-02-15 23:46:08 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-02-15 23:46:08 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-15 23:45:39 -------- d--h--w- C:\VJVod_Cache

2012-02-15 23:45:39 -------- d-----w- C:\New Folder

2012-02-15 23:45:39 -------- d-----w- C:\AVATAR

2012-02-15 23:45:30 -------- d-----w- C:\desktop

2012-02-15 23:44:33 -------- d-----w- c:\program files\Sun

2012-02-15 23:44:29 -------- d-----w- C:\Songs

2012-02-15 23:44:29 -------- d-----w- C:\PHOTOS

2012-02-15 23:43:35 -------- d-----w- c:\windows\system32\nagasoft

2012-02-15 23:32:53 -------- d-----w- c:\documents and settings\administrator\application data\684AA

2012-02-15 15:38:12 -------- d-----w- c:\program files\LP

2012-02-14 15:31:30 -------- dc----w- c:\windows\ie7(2)

2012-02-14 02:43:43 -------- d-----w- C:\RECYCLER(2)

2012-02-13 19:58:00 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-13 19:44:16 -------- d-s---w- C:\ComboFix(2)

2012-02-10 05:39:57 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Sony Corporation

2012-02-10 05:39:28 -------- d-----w- c:\program files\Sony

2012-02-10 05:37:05 -------- d-----w- c:\documents and settings\all users\application data\Sony Corporation

2012-01-20 18:53:27 -------- d-----w- c:\documents and settings\administrator\New Folder (2)

.

==================== Find3M ====================

.

2011-12-28 20:32:33 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-12-28 20:32:33 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-12-28 20:32:13 0 ----a-w- c:\windows\system32\REN2C7.tmp

2011-12-28 20:32:13 0 ----a-w- c:\windows\system32\REN2C6.tmp

2011-12-21 06:12:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-05 16:01:29 0 ----a-w- c:\windows\system32\REN2D.tmp

2011-12-05 16:01:29 0 ----a-w- c:\windows\system32\REN2C.tmp

2011-11-20 14:20:34 0 ----a-w- c:\windows\svcs.exe

.

============= FINISH: 20:08:20.31 ===============

Attach Log: -

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/15/2010 12:59:23 PM

System Uptime: 2/15/2012 7:35:24 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0X564R

Processor: Intel Pentium III Xeon processor | Microprocessor | 2393/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 91.437 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Broadcom USH

Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000

Manufacturer:

Name: Broadcom USH

PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000

Service:

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_024F1028&REV_11\4&A85581B&0&0BF0

Manufacturer:

Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_024F1028&REV_11\4&A85581B&0&0BF0

Service:

.

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}

Description: CD-ROM Drive

Device ID: IDE\CDROMHL-DT-ST_DVD+-RW_GU10N__________________A102____\4&3AC9D9DD&0&0.1.0

Manufacturer: (Standard CD-ROM drives)

Name: HL-DT-ST DVD+-RW GU10N

PNP Device ID: IDE\CDROMHL-DT-ST_DVD+-RW_GU10N__________________A102____\4&3AC9D9DD&0&0.1.0

Service: cdrom

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: SM Bus Controller

Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_024F1028&REV_03\3&61AAA01&0&FB

Manufacturer:

Name: SM Bus Controller

PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_024F1028&REV_03\3&61AAA01&0&FB

Service:

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows

Device ID: ROOT\NET\0002

Manufacturer: Cisco Systems

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows

PNP Device ID: ROOT\NET\0002

Service: vpnva

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: WinpkFilter Miniport

Device ID: ROOT\NT_NDISRDMP\0000

Manufacturer: NTKR

Name: Check Point Virtual Network Adapter For SSL Network Extender - WinpkFilter Miniport

PNP Device ID: ROOT\NT_NDISRDMP\0000

Service: Ndisrd

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: WinpkFilter Miniport

Device ID: ROOT\NT_NDISRDMP\0004

Manufacturer: NTKR

Name: WAN Miniport (IP) - WinpkFilter Miniport

PNP Device ID: ROOT\NT_NDISRDMP\0004

Service: Ndisrd

.

==== System Restore Points ===================

.

RP320: 11/17/2011 2:39:47 PM - System Checkpoint

RP321: 11/18/2011 8:24:07 PM - System Checkpoint

RP322: 11/20/2011 9:27:41 AM - System Checkpoint

RP323: 11/21/2011 12:27:53 PM - System Checkpoint

RP324: 11/22/2011 12:37:27 PM - System Checkpoint

RP325: 11/24/2011 1:38:38 PM - System Checkpoint

RP326: 11/26/2011 12:13:21 PM - System Checkpoint

RP327: 11/27/2011 9:58:35 PM - System Checkpoint

RP328: 11/29/2011 12:40:50 PM - System Checkpoint

RP329: 11/30/2011 3:10:56 PM - System Checkpoint

RP330: 12/1/2011 4:19:19 PM - System Checkpoint

RP331: 12/2/2011 11:00:42 PM - System Checkpoint

RP332: 12/5/2011 11:01:04 AM - Removed Java 6 Update 26

RP333: 12/5/2011 11:49:40 AM - Installed Java SE Development Kit 6 Update 18

RP334: 12/5/2011 11:51:06 AM - Installed Java 6 Update 18

RP335: 12/6/2011 12:16:35 PM - System Checkpoint

RP336: 12/8/2011 12:11:53 PM - System Checkpoint

RP337: 12/9/2011 12:43:00 PM - System Checkpoint

RP338: 12/12/2011 11:34:27 AM - System Checkpoint

RP339: 12/14/2011 10:43:43 AM - System Checkpoint

RP340: 12/16/2011 1:20:48 PM - System Checkpoint

RP341: 12/18/2011 4:01:40 PM - System Checkpoint

RP342: 12/20/2011 10:56:17 AM - System Checkpoint

RP343: 12/21/2011 11:40:43 AM - System Checkpoint

RP344: 12/22/2011 12:02:57 PM - System Checkpoint

RP345: 12/23/2011 12:40:52 PM - System Checkpoint

RP346: 12/27/2011 11:19:15 AM - System Checkpoint

RP347: 12/28/2011 11:24:39 AM - System Checkpoint

RP348: 12/29/2011 11:30:46 AM - System Checkpoint

RP349: 12/30/2011 12:23:51 PM - System Checkpoint

RP350: 1/1/2012 11:38:54 AM - System Checkpoint

RP351: 1/2/2012 10:24:22 PM - System Checkpoint

RP352: 1/4/2012 1:08:38 AM - System Checkpoint

RP353: 1/5/2012 1:09:41 PM - System Checkpoint

RP354: 1/6/2012 1:36:07 PM - System Checkpoint

RP355: 1/7/2012 2:21:17 PM - System Checkpoint

RP356: 1/8/2012 4:37:04 PM - System Checkpoint

RP357: 1/9/2012 5:13:44 PM - System Checkpoint

RP358: 1/10/2012 5:49:37 PM - System Checkpoint

RP359: 1/11/2012 7:27:17 PM - System Checkpoint

RP360: 1/13/2012 1:46:18 PM - System Checkpoint

RP361: 1/15/2012 12:11:36 PM - System Checkpoint

RP362: 1/16/2012 12:12:07 PM - System Checkpoint

RP363: 1/17/2012 9:00:22 PM - System Checkpoint

RP364: 1/18/2012 9:33:19 PM - System Checkpoint

RP365: 1/20/2012 1:01:58 PM - System Checkpoint

RP366: 1/21/2012 2:10:15 PM - System Checkpoint

RP367: 1/22/2012 2:12:46 PM - System Checkpoint

RP368: 1/23/2012 9:11:17 PM - System Checkpoint

RP369: 1/24/2012 10:03:19 PM - System Checkpoint

RP370: 1/25/2012 11:17:43 PM - System Checkpoint

RP371: 1/26/2012 11:56:16 PM - System Checkpoint

RP372: 1/29/2012 11:20:05 AM - System Checkpoint

RP373: 1/30/2012 12:16:24 PM - System Checkpoint

RP374: 1/31/2012 10:36:44 PM - System Checkpoint

RP375: 2/2/2012 12:21:38 PM - System Checkpoint

RP376: 2/3/2012 12:35:19 PM - System Checkpoint

RP377: 2/5/2012 11:16:23 AM - System Checkpoint

RP378: 2/6/2012 12:57:02 PM - System Checkpoint

RP379: 2/7/2012 1:15:59 PM - System Checkpoint

RP380: 2/8/2012 1:47:34 PM - System Checkpoint

RP381: 2/9/2012 10:58:51 PM - System Checkpoint

RP382: 2/11/2012 11:36:30 AM - System Checkpoint

RP383: 2/13/2012 9:42:14 AM - Restore Operation

RP384: 2/13/2012 3:16:36 PM - Restore Operation

RP385: 2/14/2012 9:55:21 AM - Removed Benchmark Factory for Databases

RP386: 2/14/2012 9:56:12 AM - Removed Java DB 10.5.3.0

RP387: 2/14/2012 10:26:57 AM - Software Distribution Service 3.0

RP388: 2/14/2012 10:30:28 AM - Installed Windows XP KB915865.

RP389: 2/14/2012 10:31:01 AM - Installed Windows NLSDownlevelMapping.

RP390: 2/14/2012 10:31:18 AM - Installed Windows IDNMitigationAPIs.

RP391: 2/14/2012 10:31:48 AM - Installed Windows Internet Explorer 7.

RP392: 2/14/2012 10:32:07 AM - Software Distribution Service 3.0

RP393: 2/14/2012 4:12:58 PM - Removed Google Talk Plugin

RP394: 2/15/2012 6:41:57 PM - Restore Operation

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.1)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Benchmark Factory for Databases

Bonjour

Chatter Desktop

Check Point SSL Network Extender

Cisco AnyConnect Secure Mobility Client

Cisco AnyConnect Secure Mobility Client

Cisco Systems VPN Client 5.0.06.0160

CodeSite 3.0.1 Client Tools

Crystal Reports XI Release 2 .NET 2005 Server

Dell Resource CD

DivX Setup

Facebook Video Calling 1.1.1.1

FileZilla Client 3.5.3

Formatter Plus V1.4

Google Chrome

Google Talk (remove only)

Google Talk Plugin

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB961118)

IDT Audio

Intel PROSet Wireless

Intel® Network Connections Drivers

Intel® PROSet/Wireless WiFi Software

iTunes

Java Auto Updater

Java DB 10.5.3.0

Java 6 Update 26

Java SE Development Kit 6 Update 18

Knowledge Xpert for Oracle Administration V9.1.1

Knowledge Xpert for PLSQL V9.0

Knowledge Xpert for PLSQL V9.1.1

KONICA MINOLTA bizhub C353 Series

Malwarebytes Anti-Malware version 1.60.1.1000

McAfee Firewall Protection Service

McAfee SiteAdvisor

McAfee Virus and Spyware Protection Service

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2008

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Management Studio

Microsoft SQL Server 2008 Native Client

Microsoft SQL Server 2008 Policies

Microsoft SQL Server 2008 Setup Support Files

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft SQL Server Compact 3.5 SP1 Query Tools English

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual Studio Tools for Applications 2.0 - ENU

MobileMe Control Panel

Mozilla Firefox 9.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Numara Track-It! Technician Client

NVIDIA Drivers

Octoshape add-in for Adobe Flash Player

Octoshape Streaming Services

Oracle BI Publisher Desktop

Oracle Data Provider for .NET Help

Oracle JInitiator 1.3.1.18

Oracle XML Publisher Reporting Tools For Word

Qexplain2full

QHM500-8LM (S) USB PC Camera

Quest Software Toad for Oracle Version 9.0.1

Quest SQL Tuning for Oracle

QuickTime

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office 2007 System (KB2541012)

Security Update for Microsoft Office Excel 2007 (KB2541007)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)

Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)

Skype™ 5.5

SonicWALL SSL-VPN NetExtender

SourceGear Vault Client

TeamViewer 5

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Outlook 2007 (KB2509470)

Update for Outlook 2007 Junk Email Filter (KB2536413)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VC80CRTRedist - 8.0.50727.6195

Visual C++ 8.0 x86 Runtime Setup Package

VLC media player 1.1.4

WebEx

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

WinRAR archiver

WinZip

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

2/9/2012 9:30:00 AM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402

2/9/2012 9:30:00 AM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402

2/9/2012 9:27:32 AM, error: Dhcp [1002] - The IP address lease 172.19.0.228 for the Network Card with network address 0024E8AD395D has been denied by the DHCP server 10.0.1.51 (The DHCP Server sent a DHCPNACK message).

2/9/2012 1:40:12 PM, error: Dhcp [1002] - The IP address lease 192.168.1.11 for the Network Card with network address 00216A68A894 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).

2/8/2012 10:44:28 PM, error: Dhcp [1002] - The IP address lease 172.36.1.133 for the Network Card with network address 00216A68A894 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

2/15/2012 10:34:36 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

2/14/2012 9:23:02 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.

2/14/2012 9:23:02 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.

2/14/2012 9:20:25 AM, error: Dhcp [1002] - The IP address lease 192.168.1.11 for the Network Card with network address 00216A68A894 has been denied by the DHCP server 172.36.1.1 (The DHCP Server sent a DHCPNACK message).

2/14/2012 4:22:44 PM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.

2/14/2012 10:14:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/14/2012 10:06:36 AM, error: Internet Explorer 7 Disk [4375] - Internet Explorer 7 ie7 uninstall failed.

The system cannot find the file specified.

2/14/2012 10:06:16 AM, error: Internet Explorer 7 Disk [4375] - Internet Explorer 7 ie7 uninstall failed.

The system cannot find the file specified.

2/13/2012 9:50:20 AM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

2/13/2012 9:50:20 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

2/13/2012 9:50:20 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/13/2012 9:49:49 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/13/2012 9:43:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

2/13/2012 9:41:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

2/13/2012 9:28:15 AM, error: Dhcp [1002] - The IP address lease 10.11.65.8 for the Network Card with network address 0024E8AD395D has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

2/13/2012 8:07:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk mfetdi2k mfetdik MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL

2/13/2012 7:57:54 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Spooler service.

2/13/2012 7:39:16 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk mfetdi2k mfetdik MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

2/13/2012 7:30:00 AM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402

2/13/2012 7:30:00 AM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402

2/13/2012 6:30:00 AM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402

2/13/2012 6:30:00 AM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402

2/13/2012 6:03:19 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 21 time(s).

2/13/2012 5:58:40 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 20 time(s).

2/13/2012 5:52:22 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 19 time(s).

2/13/2012 5:47:07 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 18 time(s).

2/13/2012 5:42:04 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 17 time(s).

2/13/2012 5:36:22 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 16 time(s).

2/13/2012 5:30:47 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 15 time(s).

2/13/2012 5:30:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402

2/13/2012 5:30:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402

2/13/2012 5:24:50 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 14 time(s).

2/13/2012 5:19:11 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 13 time(s).

2/13/2012 5:12:26 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 12 time(s).

2/13/2012 5:07:17 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 11 time(s).

2/13/2012 4:58:17 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 10 time(s).

2/13/2012 4:53:45 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 9 time(s).

2/13/2012 4:49:14 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 8 time(s).

2/13/2012 4:44:35 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 7 time(s).

2/13/2012 4:39:13 AM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 6 time(s).

2/13/2012 4:33:44 AM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

2/13/2012 4:30:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402

2/13/2012 4:30:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402

2/13/2012 4:28:56 AM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

2/13/2012 4:24:27 AM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

2/13/2012 4:19:58 AM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

2/13/2012 4:14:39 AM, error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

2/13/2012 4:05:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

2/13/2012 4:04:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Cdrom Fips Imapi intelppm IPSec mfehidk mfetdi2k mfetdik MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The Cisco AnyConnect Secure Mobility Agent service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/13/2012 4:04:17 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/13/2012 4:03:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/13/2012 3:30:00 PM, error: Schedule [7901] - The At32.job command failed to start due to the following error: General access denied error

2/13/2012 3:30:00 PM, error: Schedule [7901] - The At31.job command failed to start due to the following error: General access denied error

2/13/2012 3:30:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402

2/13/2012 3:30:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402

2/13/2012 2:37:24 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).

2/13/2012 2:30:00 PM, error: Schedule [7901] - The At30.job command failed to start due to the following error: General access denied error

2/13/2012 2:30:00 PM, error: Schedule [7901] - The At29.job command failed to start due to the following error: General access denied error

2/13/2012 2:30:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402

2/13/2012 2:30:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402

2/13/2012 12:48:35 AM, error: Service Control Manager [7031] - The Cisco AnyConnect Secure Mobility Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 4000 milliseconds: Restart the service.

2/13/2012 12:30:00 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: General access denied error

2/13/2012 12:30:00 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: General access denied error

2/13/2012 11:30:00 AM, error: Schedule [7901] - The At24.job command failed to start due to the following error: General access denied error

2/13/2012 11:30:00 AM, error: Schedule [7901] - The At23.job command failed to start due to the following error: General access denied error

2/13/2012 1:30:00 PM, error: Schedule [7901] - The At28.job command failed to start due to the following error: General access denied error

2/13/2012 1:30:00 PM, error: Schedule [7901] - The At27.job command failed to start due to the following error: General access denied error

2/12/2012 9:15:40 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the vpnagent service.

2/12/2012 9:15:40 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

2/12/2012 9:15:40 AM, error: Service Control Manager [7000] - The Oracle Reports Server [Rep60_VINODK] service failed to start due to the following error: The system cannot find the path specified.

2/12/2012 9:15:40 AM, error: Service Control Manager [7000] - The Oracle Reports Server [Rep60_VINODK-BIToolsHome6] service failed to start due to the following error: The system cannot find the path specified.

2/12/2012 9:15:40 AM, error: Service Control Manager [7000] - The Oracle Forms Server [Forms60Server] service failed to start due to the following error: The system cannot find the path specified.

2/12/2012 9:15:40 AM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Enterprise Service service failed to start due to the following error: The system cannot find the file specified.

2/12/2012 9:15:40 AM, error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The system cannot find the path specified.

2/12/2012 9:15:40 AM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.

2/12/2012 9:15:40 AM, error: Service Control Manager [7000] - The EngineServer service failed to start due to the following error: The system cannot find the file specified.

2/12/2012 9:15:40 AM, error: Service Control Manager [7000] - The BMFMySQL service failed to start due to the following error: The system cannot find the path specified.

2/12/2012 2:28:37 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 206 time(s).

2/12/2012 2:28:36 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 205 time(s).

2/12/2012 2:28:34 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 204 time(s).

2/12/2012 2:28:32 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 203 time(s).

2/12/2012 2:28:30 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 202 time(s).

2/12/2012 2:28:26 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 201 time(s).

2/12/2012 2:28:24 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 200 time(s).

2/12/2012 2:28:22 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 199 time(s).

2/12/2012 2:28:19 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 198 time(s).

2/12/2012 2:28:17 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 197 time(s).

2/12/2012 2:28:15 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 196 time(s).

2/12/2012 2:28:10 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 195 time(s).

2/12/2012 2:28:09 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 194 time(s).

2/12/2012 2:28:06 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 193 time(s).

2/12/2012 2:28:03 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 192 time(s).

2/12/2012 2:28:00 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 191 time(s).

2/12/2012 2:27:56 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 190 time(s).

2/12/2012 2:27:53 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 189 time(s).

2/12/2012 2:27:42 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 188 time(s).

2/12/2012 2:27:31 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 187 time(s).

2/12/2012 2:27:18 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 186 time(s).

2/12/2012 2:27:09 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 185 time(s).

2/12/2012 2:27:01 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 184 time(s).

2/12/2012 2:26:57 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 183 time(s).

2/12/2012 2:26:53 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 182 time(s).

2/12/2012 2:26:50 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 181 time(s).

2/12/2012 2:26:46 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 180 time(s).

2/12/2012 2:26:42 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 179 time(s).

2/12/2012 2:26:38 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 178 time(s).

2/12/2012 2:26:35 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 177 time(s).

2/12/2012 2:26:31 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 176 time(s).

2/12/2012 2:26:29 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 175 time(s).

2/12/2012 2:26:25 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 174 time(s).

2/12/2012 2:26:14 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 173 time(s).

2/12/2012 2:26:05 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 172 time(s).

2/12/2012 2:26:01 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 171 time(s).

2/12/2012 2:25:56 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 170 time(s).

2/12/2012 2:25:54 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 169 time(s).

2/12/2012 2:25:50 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 168 time(s).

2/12/2012 2:25:45 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 167 time(s).

2/12/2012 2:25:41 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 166 time(s).

2/12/2012 2:25:38 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 165 time(s).

2/12/2012 2:25:34 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 164 time(s).

2/12/2012 2:25:29 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 163 time(s).

2/12/2012 2:25:26 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 162 time(s).

2/12/2012 2:25:24 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 161 time(s).

2/12/2012 2:25:20 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 160 time(s).

2/12/2012 2:25:16 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 159 time(s).

2/12/2012 2:25:12 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 158 time(s).

2/12/2012 2:25:10 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 157 time(s).

2/12/2012 2:25:05 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 156 time(s).

2/12/2012 2:25:01 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 155 time(s).

2/12/2012 2:24:58 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 154 time(s).

2/12/2012 2:24:54 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 153 time(s).

2/12/2012 2:24:50 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 152 time(s).

2/12/2012 2:24:46 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 151 time(s).

2/12/2012 2:24:42 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 150 time(s).

2/12/2012 2:24:38 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 149 time(s).

2/12/2012 2:24:34 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 148 time(s).

2/12/2012 2:24:33 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 147 time(s).

2/12/2012 2:24:29 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 146 time(s).

2/12/2012 2:24:25 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 145 time(s).

2/12/2012 2:24:21 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 144 time(s).

2/12/2012 2:24:18 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 143 time(s).

2/12/2012 2:24:14 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 142 time(s).

2/12/2012 2:24:10 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 141 time(s).

2/12/2012 2:24:06 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 140 time(s).

2/12/2012 2:24:03 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 139 time(s).

2/12/2012 2:24:00 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 138 time(s).

2/12/2012 2:23:55 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 137 time(s).

2/12/2012 2:23:52 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 136 time(s).

2/12/2012 2:23:48 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 135 time(s).

2/12/2012 2:23:44 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 134 time(s).

2/12/2012 2:23:40 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 133 time(s).

2/12/2012 2:23:33 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 132 time(s).

2/12/2012 2:23:29 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 131 time(s).

2/12/2012 2:23:25 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 130 time(s).

2/12/2012 2:23:22 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 129 time(s).

2/12/2012 2:23:18 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 128 time(s).

2/12/2012 2:23:15 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 127 time(s).

2/12/2012 2:23:11 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 126 time(s).

2/12/2012 2:23:08 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 125 time(s).

2/12/2012 2:23:00 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 124 time(s).

2/12/2012 2:22:56 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 123 time(s).

2/12/2012 2:22:52 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 122 time(s).

2/12/2012 2:22:49 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 121 time(s).

2/12/2012 2:22:45 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 120 time(s).

2/12/2012 2:22:43 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 119 time(s).

2/12/2012 2:22:40 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 118 time(s).

2/12/2012 2:22:37 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 117 time(s).

2/12/2012 2:22:36 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 116 time(s).

2/12/2012 2:22:32 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 115 time(s).

2/12/2012 2:22:27 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 114 time(s).

2/12/2012 2:22:23 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 113 time(s).

2/12/2012 2:22:19 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 112 time(s).

2/12/2012 2:22:15 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 111 time(s).

2/12/2012 2:22:11 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 110 time(s).

2/12/2012 2:22:08 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 109 time(s).

2/12/2012 2:22:05 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 108 time(s).

2/12/2012 2:21:59 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 107 time(s).

2/12/2012 2:21:54 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 106 time(s).

2/12/2012 2:21:48 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 105 time(s).

2/12/2012 2:21:43 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 104 time(s).

2/12/2012 2:21:36 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

2/12/2012 2:21:31 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 103 time(s).

2/12/2012 2:21:27 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 102 time(s).

2/12/2012 2:21:23 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 101 time(s).

2/12/2012 2:21:20 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 100 time(s).

2/12/2012 2:21:16 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 99 time(s).

2/12/2012 2:21:12 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 98 time(s).

2/12/2012 2:21:09 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 97 time(s).

2/12/2012 2:21:05 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 96 time(s).

2/12/2012 2:21:01 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 95 time(s).

2/12/2012 2:20:57 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 94 time(s).

2/12/2012 2:20:54 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 93 time(s).

2/12/2012 2:20:50 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 92 time(s).

2/12/2012 2:20:48 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 91 time(s).

2/12/2012 2:20:44 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 90 time(s).

2/12/2012 2:20:37 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 89 time(s).

2/12/2012 2:20:33 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 88 time(s).

2/12/2012 2:20:30 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 87 time(s).

2/12/2012 2:20:26 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 86 time(s).

2/12/2012 2:20:22 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 85 time(s).

2/12/2012 2:20:19 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 84 time(s).

2/12/2012 2:20:15 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 83 time(s).

2/12/2012 2:20:11 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 82 time(s).

2/12/2012 2:20:07 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 81 time(s).

2/12/2012 2:20:04 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 80 time(s).

2/12/2012 2:20:00 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 79 time(s).

2/12/2012 2:19:56 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 78 time(s).

2/12/2012 2:19:52 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 77 time(s).

2/12/2012 2:19:51 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 76 time(s).

2/12/2012 2:19:47 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 75 time(s).

2/12/2012 2:19:43 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 74 time(s).

2/12/2012 2:19:39 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 73 time(s).

2/12/2012 2:19:35 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 72 time(s).

2/12/2012 2:19:32 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 71 time(s).

2/12/2012 2:19:28 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 70 time(s).

2/12/2012 2:19:24 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 69 time(s).

2/12/2012 2:19:22 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 68 time(s).

2/12/2012 2:19:18 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 67 time(s).

2/12/2012 2:19:15 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 66 time(s).

2/12/2012 2:19:09 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 65 time(s).

2/12/2012 2:19:05 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 64 time(s).

2/12/2012 2:19:04 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 63 time(s).

2/12/2012 2:18:59 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 62 time(s).

2/12/2012 2:18:58 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 61 time(s).

2/12/2012 2:18:54 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 60 time(s).

2/12/2012 2:18:50 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 59 time(s).

2/12/2012 2:18:48 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 58 time(s).

2/12/2012 2:18:46 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 57 time(s).

2/12/2012 2:18:42 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 56 time(s).

2/12/2012 2:18:39 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 55 time(s).

2/12/2012 2:18:35 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 54 time(s).

2/12/2012 2:18:31 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 53 time(s).

2/12/2012 2:18:27 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 52 time(s).

2/12/2012 2:18:23 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 51 time(s).

2/12/2012 2:18:21 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 50 time(s).

2/12/2012 2:18:18 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 49 time(s).

2/12/2012 2:18:14 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 48 time(s).

2/12/2012 2:18:10 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 47 time(s).

2/12/2012 2:18:07 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 46 time(s).

2/12/2012 2:18:03 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 45 time(s).

2/12/2012 2:18:00 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 44 time(s).

2/12/2012 2:17:56 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 43 time(s).

2/12/2012 2:17:52 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 42 time(s).

2/12/2012 2:17:49 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 41 time(s).

2/12/2012 2:17:44 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 40 time(s).

2/12/2012 2:17:41 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 39 time(s).

2/12/2012 2:17:37 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 38 time(s).

2/12/2012 2:17:34 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 37 time(s).

2/12/2012 2:17:32 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 36 time(s).

2/12/2012 2:17:30 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 35 time(s).

2/12/2012 2:17:26 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 34 time(s).

2/12/2012 2:17:22 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 33 time(s).

2/12/2012 2:17:19 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 32 time(s).

2/12/2012 2:17:17 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 31 time(s).

2/12/2012 2:17:13 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 30 time(s).

2/12/2012 2:17:09 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 29 time(s).

2/12/2012 2:17:08 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 28 time(s).

2/12/2012 2:17:04 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 27 time(s).

2/12/2012 2:17:02 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 26 time(s).

2/12/2012 2:16:58 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 25 time(s).

2/12/2012 2:16:55 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 24 time(s).

2/12/2012 2:16:51 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 23 time(s).

2/12/2012 2:16:47 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 22 time(s).

2/12/2012 2:16:46 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 21 time(s).

2/12/2012 2:16:43 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 20 time(s).

2/12/2012 2:16:40 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 19 time(s).

2/12/2012 2:16:38 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 18 time(s).

2/12/2012 2:16:34 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 17 time(s).

2/12/2012 2:16:32 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 16 time(s).

2/12/2012 2:16:29 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 15 time(s).

2/12/2012 2:16:25 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 14 time(s).

2/12/2012 2:16:21 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 13 time(s).

2/12/2012 2:16:18 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 12 time(s).

2/12/2012 2:16:14 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 11 time(s).

2/12/2012 2:16:10 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 10 time(s).

2/12/2012 2:16:08 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 9 time(s).

2/12/2012 2:16:04 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 8 time(s).

2/12/2012 2:16:00 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 7 time(s).

2/12/2012 2:15:57 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 6 time(s).

2/12/2012 2:15:53 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 5 time(s).

2/12/2012 2:15:49 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 4 time(s).

2/12/2012 2:15:47 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 3 time(s).

2/12/2012 2:15:44 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 2 time(s).

2/12/2012 2:15:16 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).

2/12/2012 2:11:20 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer AA-8MK56L1-HQ that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CABDCE5D-F690-. The master browser is stopping or an election is being forced.

2/12/2012 12:55:00 AM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.11. The machine with the IP address 192.168.1.204 did not allow the name to be claimed by this machine.

2/12/2012 12:30:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402

2/12/2012 12:30:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402

2/12/2012 1:30:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402

2/12/2012 1:30:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402

2/11/2012 9:55:01 PM, error: SCardSvr [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The device has been removed.

2/11/2012 9:30:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402

2/11/2012 9:30:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402

2/11/2012 8:30:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402

2/11/2012 8:30:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402

2/11/2012 7:30:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402

2/11/2012 7:30:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402

2/11/2012 6:30:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402

2/11/2012 6:30:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402

2/11/2012 5:30:00 PM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402

2/11/2012 5:30:00 PM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402

2/11/2012 4:39:01 PM, error: Service Control Manager [7031] - The Cisco AnyConnect Secure Mobility Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

2/11/2012 4:30:00 PM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402

2/11/2012 4:30:00 PM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402

2/11/2012 3:30:00 PM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402

2/11/2012 3:30:00 PM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402

2/11/2012 2:30:00 PM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402

2/11/2012 2:30:00 PM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402

2/11/2012 12:30:00 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402

2/11/2012 12:30:00 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402

2/11/2012 11:30:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402

2/11/2012 11:30:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402

2/11/2012 11:30:00 AM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402

2/11/2012 11:30:00 AM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402

2/11/2012 11:23:00 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi

2/11/2012 10:30:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402

2/11/2012 10:30:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402

2/11/2012 1:30:00 PM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402

2/11/2012 1:30:00 PM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402

2/11/2012 1:17:28 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/10/2012 7:11:20 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

2/10/2012 10:30:00 AM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402

2/10/2012 10:30:00 AM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402

.

==== End Of File ===========================

Thanks.

Link to post
Share on other sites

Read this warning about your infection.

---------------------------------

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Edited by MrCharlie
Link to post
Share on other sites

Here is the report of RougeKiller Scan

RogueKiller V7.1.0 [02/15/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Administrator [Admin rights]

Mode: Scan -- Date: 02/17/2012 02:40:04

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[sUSP PATH] HKLM\[...]\Run : BigDog303 (C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters : NameServer (93.188.162.147,93.188.160.27) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{ADA914D4-C293-469A-89C0-2F017216C44A} : NameServer (93.188.162.147,93.188.160.27) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] c70a6cd0ad44b530251352d49dea1ff4

[bSP] d70be290b98a79d156a2df3543938e3d : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] 420a8166b395f612de9a0507b280883c

[bSP] 9fae179b60c745cdf972a9c2b760f800 : PiHar MBR Code!

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] 420a8166b395f612de9a0507b280883c

[bSP] 9fae179b60c745cdf972a9c2b760f800 : PiHar MBR Code!

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Thanks.

Link to post
Share on other sites

Here is the report:-

10:00:16.0953 3124 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

10:00:18.0953 3124 ============================================================

10:00:18.0953 3124 Current date / time: 2012/02/17 10:00:18.0953

10:00:18.0953 3124 SystemInfo:

10:00:18.0953 3124

10:00:18.0953 3124 OS Version: 5.1.2600 ServicePack: 3.0

10:00:18.0953 3124 Product type: Workstation

10:00:18.0953 3124 ComputerName: VINODK

10:00:18.0953 3124 UserName: Administrator

10:00:18.0953 3124 Windows directory: C:\WINDOWS

10:00:18.0953 3124 System windows directory: C:\WINDOWS

10:00:18.0953 3124 Processor architecture: Intel x86

10:00:18.0953 3124 Number of processors: 2

10:00:18.0953 3124 Page size: 0x1000

10:00:18.0953 3124 Boot type: Normal boot

10:00:18.0953 3124 ============================================================

10:00:19.0875 3124 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

10:00:19.0875 3124 \Device\Harddisk0\DR0:

10:00:19.0875 3124 MBR used

10:00:19.0875 3124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1

10:00:19.0906 3124 Initialize success

10:00:19.0906 3124 ============================================================

10:01:12.0140 1056 ============================================================

10:01:12.0140 1056 Scan started

10:01:12.0140 1056 Mode: Manual; SigCheck; TDLFS;

10:01:12.0140 1056 ============================================================

10:01:12.0468 1056 Abiosdsk - ok

10:01:12.0500 1056 abp480n5 - ok

10:01:12.0546 1056 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:01:13.0718 1056 ACPI - ok

10:01:13.0796 1056 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

10:01:13.0906 1056 ACPIEC - ok

10:01:13.0968 1056 acsint (d2c5c56dd26386efa289ea0b92eadfd2) C:\WINDOWS\system32\DRIVERS\acsint.sys

10:01:14.0156 1056 acsint - ok

10:01:14.0171 1056 acsmux (45d6057452eafe7ac27cab55a0fed296) C:\WINDOWS\system32\DRIVERS\acsmux.sys

10:01:14.0296 1056 acsmux - ok

10:01:14.0312 1056 adpu160m - ok

10:01:14.0343 1056 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

10:01:14.0421 1056 aec - ok

10:01:14.0453 1056 AESTAud (20f078136f3bdc4c0405c0527b769303) C:\WINDOWS\system32\drivers\AESTAud.sys

10:01:14.0546 1056 AESTAud - ok

10:01:14.0593 1056 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

10:01:14.0718 1056 AFD - ok

10:01:14.0718 1056 Aha154x - ok

10:01:14.0718 1056 aic78u2 - ok

10:01:14.0734 1056 aic78xx - ok

10:01:14.0734 1056 AliIde - ok

10:01:14.0750 1056 amsint - ok

10:01:14.0781 1056 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

10:01:14.0859 1056 Arp1394 - ok

10:01:14.0859 1056 asc - ok

10:01:14.0859 1056 asc3350p - ok

10:01:14.0875 1056 asc3550 - ok

10:01:14.0890 1056 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:01:14.0968 1056 AsyncMac - ok

10:01:15.0000 1056 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys

10:01:15.0078 1056 atapi - ok

10:01:15.0078 1056 Atdisk - ok

10:01:15.0109 1056 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:01:15.0187 1056 Atmarpc - ok

10:01:15.0218 1056 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

10:01:15.0312 1056 audstub - ok

10:01:15.0343 1056 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

10:01:15.0421 1056 Beep - ok

10:01:15.0500 1056 catchme - ok

10:01:15.0515 1056 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

10:01:15.0609 1056 cbidf2k - ok

10:01:15.0656 1056 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

10:01:15.0734 1056 CCDECODE - ok

10:01:15.0750 1056 cd20xrnt - ok

10:01:15.0765 1056 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

10:01:15.0843 1056 Cdaudio - ok

10:01:15.0859 1056 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

10:01:15.0937 1056 Cdfs - ok

10:01:15.0953 1056 Cdrom - ok

10:01:15.0953 1056 cerc6 - ok

10:01:15.0984 1056 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

10:01:16.0046 1056 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

10:01:16.0046 1056 cercsr6 - detected UnsignedFile.Multi.Generic (1)

10:01:16.0046 1056 Changer - ok

10:01:16.0078 1056 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

10:01:16.0156 1056 CmBatt - ok

10:01:16.0156 1056 CmdIde - ok

10:01:16.0171 1056 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

10:01:16.0265 1056 Compbatt - ok

10:01:16.0281 1056 Cpqarray - ok

10:01:16.0296 1056 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

10:01:16.0390 1056 CVirtA - ok

10:01:16.0453 1056 CVPNDRVA (c23025ac5ae45a105d63bd6e2408edd4) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

10:01:16.0500 1056 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

10:01:16.0500 1056 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

10:01:16.0515 1056 dac2w2k - ok

10:01:16.0515 1056 dac960nt - ok

10:01:16.0546 1056 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

10:01:16.0625 1056 Disk - ok

10:01:16.0656 1056 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

10:01:16.0765 1056 dmboot - ok

10:01:16.0796 1056 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys

10:01:16.0890 1056 dmio - ok

10:01:16.0921 1056 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

10:01:17.0000 1056 dmload - ok

10:01:17.0031 1056 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

10:01:17.0093 1056 DMusic - ok

10:01:17.0140 1056 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys

10:01:17.0203 1056 DNE - ok

10:01:17.0203 1056 dpti2o - ok

10:01:17.0218 1056 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

10:01:17.0296 1056 drmkaud - ok

10:01:17.0343 1056 e1yexpress (10cbd2b278ce365b41de378632cb5ddb) C:\WINDOWS\system32\DRIVERS\e1y5132.sys

10:01:17.0453 1056 e1yexpress - ok

10:01:17.0500 1056 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

10:01:17.0578 1056 Fastfat - ok

10:01:17.0609 1056 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

10:01:17.0687 1056 Fdc - ok

10:01:17.0703 1056 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

10:01:17.0781 1056 Fips - ok

10:01:17.0796 1056 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

10:01:17.0890 1056 Flpydisk - ok

10:01:17.0906 1056 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

10:01:17.0984 1056 FltMgr - ok

10:01:18.0015 1056 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:01:18.0093 1056 Fs_Rec - ok

10:01:18.0109 1056 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:01:18.0187 1056 Ftdisk - ok

10:01:18.0218 1056 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

10:01:18.0265 1056 GEARAspiWDM - ok

10:01:18.0281 1056 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:01:18.0375 1056 Gpc - ok

10:01:18.0390 1056 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

10:01:18.0468 1056 HDAudBus - ok

10:01:18.0500 1056 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:01:18.0578 1056 hidusb - ok

10:01:18.0578 1056 hpn - ok

10:01:18.0625 1056 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

10:01:18.0671 1056 HTTP - ok

10:01:18.0687 1056 i2omgmt - ok

10:01:18.0687 1056 i2omp - ok

10:01:18.0703 1056 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

10:01:18.0796 1056 i8042prt - ok

10:01:18.0828 1056 iastor (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\DRIVERS\iaStor.sys

10:01:18.0843 1056 iastor - ok

10:01:18.0859 1056 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

10:01:18.0953 1056 Imapi - ok

10:01:18.0968 1056 ini910u - ok

10:01:18.0968 1056 IntelIde - ok

10:01:19.0000 1056 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

10:01:19.0062 1056 intelppm - ok

10:01:19.0093 1056 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

10:01:19.0171 1056 Ip6Fw - ok

10:01:19.0203 1056 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:01:19.0281 1056 IpFilterDriver - ok

10:01:19.0312 1056 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:01:19.0390 1056 IpInIp - ok

10:01:19.0421 1056 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:01:19.0531 1056 IpNat - ok

10:01:19.0562 1056 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:01:19.0640 1056 IPSec - ok

10:01:19.0671 1056 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

10:01:19.0718 1056 IRENUM - ok

10:01:19.0750 1056 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:01:19.0828 1056 isapnp - ok

10:01:19.0859 1056 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:01:19.0937 1056 Kbdclass - ok

10:01:19.0953 1056 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

10:01:20.0015 1056 kbdhid - ok

10:01:20.0031 1056 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

10:01:20.0125 1056 kmixer - ok

10:01:20.0156 1056 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

10:01:20.0218 1056 KSecDD - ok

10:01:20.0234 1056 lbrtfdc - ok

10:01:20.0281 1056 LMIInfo - ok

10:01:20.0312 1056 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

10:01:20.0390 1056 lmimirr - ok

10:01:20.0390 1056 LMIRfsClientNP - ok

10:01:20.0406 1056 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

10:01:20.0484 1056 LMIRfsDriver - ok

10:01:20.0484 1056 mafesd - ok

10:01:20.0531 1056 mfeapfk (37364b530339ff0b0ababc8df1c532c3) C:\WINDOWS\system32\drivers\mfeapfk.sys

10:01:20.0609 1056 mfeapfk - ok

10:01:20.0625 1056 mfeavfk (cd2a8a43bd6b0d15a3255829b1778285) C:\WINDOWS\system32\drivers\mfeavfk.sys

10:01:20.0687 1056 mfeavfk - ok

10:01:20.0687 1056 mfeavfk01 - ok

10:01:20.0718 1056 mfebopk (2cd52e91ba338f10ba14d3f90bbda5e8) C:\WINDOWS\system32\drivers\mfebopk.sys

10:01:20.0781 1056 mfebopk - ok

10:01:20.0812 1056 mfefirek (2a068871402874cb6487910b904a4321) C:\WINDOWS\system32\drivers\mfefirek.sys

10:01:20.0890 1056 mfefirek - ok

10:01:20.0906 1056 mfehidk (cf669582f5f98c4ba79d59cfe169198b) C:\WINDOWS\system32\drivers\mfehidk.sys

10:01:21.0046 1056 mfehidk - ok

10:01:21.0046 1056 mfendisk (f5b00ed653a80f7452b2fc267257f5ac) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

10:01:21.0125 1056 mfendisk - ok

10:01:21.0125 1056 mfendiskmp (f5b00ed653a80f7452b2fc267257f5ac) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

10:01:21.0140 1056 mfendiskmp - ok

10:01:21.0171 1056 mferkdet (42f84c2a82a057d74c54ef70e0cf0a2c) C:\WINDOWS\system32\drivers\mferkdet.sys

10:01:21.0234 1056 mferkdet - ok

10:01:21.0265 1056 MfeRKDK (820d6aa3f7f0cfa8a1fa8f63d3f1df04) C:\WINDOWS\system32\drivers\MfeRKDK.sys

10:01:21.0312 1056 MfeRKDK - ok

10:01:21.0343 1056 mfetdi2k (03b2b8bd4d0a2d3636be9248b5dce33a) C:\WINDOWS\system32\drivers\mfetdi2k.sys

10:01:21.0390 1056 mfetdi2k - ok

10:01:21.0437 1056 mfetdik (3812e49fa67a3f604895f0d0c2e1ef90) C:\WINDOWS\system32\drivers\mfetdik.sys

10:01:21.0484 1056 mfetdik - ok

10:01:21.0515 1056 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

10:01:21.0593 1056 mnmdd - ok

10:01:21.0640 1056 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

10:01:21.0718 1056 Modem - ok

10:01:21.0734 1056 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:01:21.0812 1056 Mouclass - ok

10:01:21.0843 1056 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:01:21.0937 1056 mouhid - ok

10:01:21.0953 1056 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

10:01:22.0015 1056 MountMgr - ok

10:01:22.0046 1056 MPFP (136157e79849b9e5316ba4008d6075a8) C:\WINDOWS\system32\Drivers\Mpfp.sys

10:01:22.0156 1056 MPFP - ok

10:01:22.0171 1056 mraid35x - ok

10:01:22.0203 1056 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:01:22.0312 1056 MRxDAV - ok

10:01:22.0343 1056 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:01:22.0531 1056 MRxSmb - ok

10:01:22.0578 1056 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

10:01:22.0656 1056 Msfs - ok

10:01:22.0687 1056 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:01:22.0765 1056 MSKSSRV - ok

10:01:22.0781 1056 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:01:22.0859 1056 MSPCLOCK - ok

10:01:22.0859 1056 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

10:01:22.0937 1056 MSPQM - ok

10:01:22.0953 1056 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:01:23.0031 1056 mssmbios - ok

10:01:23.0062 1056 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

10:01:23.0125 1056 MSTEE - ok

10:01:23.0156 1056 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

10:01:23.0234 1056 Mup - ok

10:01:23.0265 1056 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

10:01:23.0343 1056 NABTSFEC - ok

10:01:23.0375 1056 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

10:01:23.0468 1056 NDIS - ok

10:01:23.0484 1056 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

10:01:23.0546 1056 NdisIP - ok

10:01:23.0593 1056 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:01:23.0656 1056 NdisTapi - ok

10:01:23.0703 1056 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:01:23.0765 1056 Ndisuio - ok

10:01:23.0781 1056 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:01:23.0875 1056 NdisWan - ok

10:01:23.0890 1056 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

10:01:24.0015 1056 NDProxy - ok

10:01:24.0031 1056 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

10:01:24.0109 1056 NetBIOS - ok

10:01:24.0125 1056 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

10:01:24.0203 1056 NetBT - ok

10:01:24.0296 1056 NETw5x32 (cfe1981a47a2f7650a1ef8917dc4d1c3) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys

10:01:24.0578 1056 NETw5x32 - ok

10:01:24.0656 1056 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

10:01:24.0734 1056 NIC1394 - ok

10:01:24.0750 1056 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

10:01:24.0828 1056 Npfs - ok

10:01:24.0859 1056 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

10:01:24.0968 1056 Ntfs - ok

10:01:24.0984 1056 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

10:01:25.0062 1056 Null - ok

10:01:25.0203 1056 nv (3de17fbc295d1c996890ed1315b7d42e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

10:01:25.0609 1056 nv - ok

10:01:25.0640 1056 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

10:01:25.0750 1056 NwlnkFlt - ok

10:01:25.0765 1056 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

10:01:25.0890 1056 NwlnkFwd - ok

10:01:25.0921 1056 NxDrv (cdf2a5f20509593140f8b3b965448c5b) C:\WINDOWS\system32\DRIVERS\NxDrv.sys

10:01:26.0093 1056 NxDrv - ok

10:01:26.0125 1056 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

10:01:26.0234 1056 ohci1394 - ok

10:01:26.0281 1056 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

10:01:26.0406 1056 Parport - ok

10:01:26.0437 1056 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

10:01:26.0562 1056 PartMgr - ok

10:01:26.0593 1056 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

10:01:26.0718 1056 ParVdm - ok

10:01:26.0734 1056 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

10:01:26.0843 1056 PCI - ok

10:01:26.0859 1056 PCIDump - ok

10:01:26.0859 1056 PCIIde - ok

10:01:26.0890 1056 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

10:01:27.0015 1056 Pcmcia - ok

10:01:27.0031 1056 PDCOMP - ok

10:01:27.0031 1056 PDFRAME - ok

10:01:27.0046 1056 PDRELI - ok

10:01:27.0046 1056 PDRFRAME - ok

10:01:27.0062 1056 perc2 - ok

10:01:27.0062 1056 perc2hib - ok

10:01:27.0093 1056 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

10:01:27.0203 1056 PptpMiniport - ok

10:01:27.0203 1056 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

10:01:27.0296 1056 PSched - ok

10:01:27.0312 1056 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

10:01:27.0406 1056 Ptilink - ok

10:01:27.0421 1056 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

10:01:27.0484 1056 PxHelp20 - ok

10:01:27.0500 1056 ql1080 - ok

10:01:27.0500 1056 Ql10wnt - ok

10:01:27.0500 1056 ql12160 - ok

10:01:27.0515 1056 ql1240 - ok

10:01:27.0515 1056 ql1280 - ok

10:01:27.0562 1056 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

10:01:27.0625 1056 RasAcd - ok

10:01:27.0656 1056 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

10:01:27.0734 1056 Rasl2tp - ok

10:01:27.0734 1056 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

10:01:27.0812 1056 RasPppoe - ok

10:01:27.0812 1056 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

10:01:27.0890 1056 Raspti - ok

10:01:27.0921 1056 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

10:01:28.0000 1056 Rdbss - ok

10:01:28.0046 1056 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

10:01:28.0109 1056 RDPCDD - ok

10:01:28.0140 1056 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

10:01:28.0203 1056 rdpdr - ok

10:01:28.0234 1056 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

10:01:28.0312 1056 RDPWD - ok

10:01:28.0343 1056 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

10:01:28.0421 1056 redbook - ok

10:01:28.0468 1056 s24trans (1f950f97dbf5e0ba4fbbfaf074d3b47c) C:\WINDOWS\system32\DRIVERS\s24trans.sys

10:01:28.0531 1056 s24trans ( UnsignedFile.Multi.Generic ) - warning

10:01:28.0531 1056 s24trans - detected UnsignedFile.Multi.Generic (1)

10:01:28.0562 1056 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

10:01:28.0640 1056 sdbus - ok

10:01:28.0656 1056 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

10:01:28.0703 1056 Secdrv - ok

10:01:28.0718 1056 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

10:01:28.0796 1056 Serenum - ok

10:01:28.0828 1056 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

10:01:28.0906 1056 Serial - ok

10:01:28.0937 1056 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

10:01:29.0015 1056 sffdisk - ok

10:01:29.0015 1056 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

10:01:29.0093 1056 sffp_sd - ok

10:01:29.0109 1056 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

10:01:29.0171 1056 Sfloppy - ok

10:01:29.0187 1056 Simbad - ok

10:01:29.0203 1056 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

10:01:29.0281 1056 SLIP - ok

10:01:29.0296 1056 Sparrow - ok

10:01:29.0328 1056 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

10:01:29.0390 1056 splitter - ok

10:01:29.0421 1056 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

10:01:29.0468 1056 sr - ok

10:01:29.0515 1056 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

10:01:29.0625 1056 Srv - ok

10:01:29.0687 1056 STHDA (886c708c91db573656d64c626468d707) C:\WINDOWS\system32\drivers\sthda.sys

10:01:29.0875 1056 STHDA - ok

10:01:29.0890 1056 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

10:01:30.0000 1056 streamip - ok

10:01:30.0015 1056 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

10:01:30.0093 1056 swenum - ok

10:01:30.0109 1056 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

10:01:30.0187 1056 swmidi - ok

10:01:30.0203 1056 symc810 - ok

10:01:30.0203 1056 symc8xx - ok

10:01:30.0203 1056 sym_hi - ok

10:01:30.0218 1056 sym_u3 - ok

10:01:30.0218 1056 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

10:01:30.0296 1056 sysaudio - ok

10:01:30.0328 1056 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

10:01:30.0406 1056 Tcpip - ok

10:01:30.0437 1056 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

10:01:30.0515 1056 TDPIPE - ok

10:01:30.0531 1056 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

10:01:30.0609 1056 TDTCP - ok

10:01:30.0640 1056 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

10:01:30.0703 1056 TermDD - ok

10:01:30.0718 1056 TosIde - ok

10:01:30.0765 1056 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

10:01:30.0828 1056 Udfs - ok

10:01:30.0843 1056 ultra - ok

10:01:30.0890 1056 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

10:01:31.0000 1056 Update - ok

10:01:31.0062 1056 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

10:01:31.0234 1056 USBAAPL - ok

10:01:31.0250 1056 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

10:01:31.0343 1056 usbccgp - ok

10:01:31.0375 1056 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys

10:01:31.0500 1056 USBCCID - ok

10:01:31.0531 1056 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

10:01:31.0609 1056 usbehci - ok

10:01:31.0625 1056 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

10:01:31.0703 1056 usbhub - ok

10:01:31.0734 1056 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

10:01:31.0796 1056 usbscan - ok

10:01:31.0843 1056 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

10:01:31.0906 1056 USBSTOR - ok

10:01:31.0921 1056 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

10:01:32.0015 1056 usbuhci - ok

10:01:32.0046 1056 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

10:01:32.0109 1056 VgaSave - ok

10:01:32.0125 1056 ViaIde - ok

10:01:32.0156 1056 VNA (48007916b1d0dab3e6c0d701de7c4afb) C:\WINDOWS\system32\DRIVERS\vna.sys

10:01:32.0203 1056 VNA - ok

10:01:32.0234 1056 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

10:01:32.0296 1056 VolSnap - ok

10:01:32.0343 1056 vpnva (0d8df4058901616a4e716ab67d472581) C:\WINDOWS\system32\DRIVERS\vpnva.sys

10:01:32.0406 1056 vpnva - ok

10:01:32.0453 1056 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys

10:01:32.0609 1056 vsdatant - ok

10:01:32.0656 1056 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

10:01:32.0734 1056 Wanarp - ok

10:01:32.0750 1056 WDICA - ok

10:01:32.0781 1056 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

10:01:32.0875 1056 wdmaud - ok

10:01:32.0921 1056 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

10:01:33.0031 1056 WmiAcpi - ok

10:01:33.0062 1056 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

10:01:33.0187 1056 WSTCODEC - ok

10:01:33.0234 1056 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

10:01:33.0296 1056 WudfPf - ok

10:01:33.0312 1056 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

10:01:33.0343 1056 WudfRd - ok

10:01:33.0359 1056 ZSMC303 - ok

10:01:33.0359 1056 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0

10:01:33.0390 1056 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

10:01:33.0390 1056 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

10:01:33.0437 1056 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

10:01:33.0437 1056 \Device\Harddisk0\DR0 - detected TDSS File System (1)

10:01:33.0437 1056 Boot (0x1200) (bc97e7bb417bb36ab2d154bba1832cd7) \Device\Harddisk0\DR0\Partition0

10:01:33.0437 1056 \Device\Harddisk0\DR0\Partition0 - ok

10:01:33.0437 1056 ============================================================

10:01:33.0437 1056 Scan finished

10:01:33.0437 1056 ============================================================

10:01:33.0546 3660 Detected object count: 5

10:01:33.0546 3660 Actual detected object count: 5

10:04:54.0062 3660 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:54.0062 3660 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:54.0078 3660 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:54.0078 3660 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:54.0078 3660 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:54.0078 3660 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:54.0734 3660 \Device\Harddisk0\DR0\# - copied to quarantine

10:04:54.0734 3660 \Device\Harddisk0\DR0 - copied to quarantine

10:04:54.0796 3660 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

10:04:54.0812 3660 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

10:05:06.0687 3660 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

10:05:13.0328 3660 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

10:05:20.0015 3660 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

10:05:20.0062 3660 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

10:05:20.0140 3660 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

10:05:26.0671 3660 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

10:05:26.0703 3660 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

10:05:26.0703 3660 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

10:05:26.0718 3660 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

10:05:33.0171 3660 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

10:05:39.0687 3660 \Device\Harddisk0\DR0\TDLFS\cqqx - copied to quarantine

10:05:39.0734 3660 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

10:05:39.0734 3660 \Device\Harddisk0\DR0 - ok

10:05:39.0734 3660 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

10:05:39.0734 3660 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

10:05:39.0734 3660 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

10:05:48.0437 1296 Deinitialize success

Thanks,

Link to post
Share on other sites

We're getting there.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

Ran it. No threats found.

I wasn't able to login to gtalk from last 4 days due to authentication issues. Looks like it is resolved now.

Here is the MBAM quick scan report

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.18.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 7.0.5730.13

Administrator :: VINODK [administrator]

2/17/2012 9:17:16 PM

mbam-log-2012-02-17 (21-17-16).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 196290

Time elapsed: 7 minute(s), 17 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Great

A little cleanup to do.

Your Java i out of date, older versions are vulnerable to malware.

Go to your control panel > Java > Update Tab > Update Now

Java™ 6 Update 26 <------should be 31

-------------------------------------

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

-------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.