WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Registry repair/still having issues [Solved]

Started by btbenoit , Jan 27 2014 09:24 AM

Page 6 of 9
4
5
6
7
8

This topic is locked

132 replies to this topic

#76 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 06 February 2014 - 11:34 AM

Yep. That's the easiest way to do it. :thumbup:

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

Advertisements

Register to Remove

#77 btbenoit

Authentic Member

Authentic Member
95 posts

Posted 07 February 2014 - 01:32 PM

System Variables

--------------------------------------------------------------------------------

OS: Microsoft Windows XP

OS Architecture: 32-bit

OS Version: 5.1.2600

OS Service Pack: Service Pack 3

Computer Name: BEAU

Windows Drive: C:\

Windows Path: C:\WINDOWS

Current Profile: C:\Documents and Settings\Beaub

Current Profile SID: S-1-5-21-1715567821-884357618-839522115-1004

Current Profile Classes: S-1-5-21-1715567821-884357618-839522115-1004_Classes

Profiles Location: C:\Documents and Settings

Profiles Location 2: C:\WINDOWS\ServiceProfiles

Local Settings AppData: C:\Documents and Settings\Beaub\Local Settings\Application Data

--------------------------------------------------------------------------------

Starting Repairs...

Start (2/7/2014 6:59:39 AM)

01 - Reset Registry Permissions 01/03

HKEY_CURRENT_USER & Sub Keys

Start (2/7/2014 6:59:39 AM)

Running Repair Under Current User Account

Done (2/7/2014 6:59:51 AM)

01 - Reset Registry Permissions 02/03

HKEY_LOCAL_MACHINE & Sub Keys

Start (2/7/2014 6:59:51 AM)

Running Repair Under System Account

Done (2/7/2014 7:00:53 AM)

01 - Reset Registry Permissions 03/03

HKEY_CLASSES_ROOT & Sub Keys

Start (2/7/2014 7:00:53 AM)

Running Repair Under System Account

Done (2/7/2014 7:01:25 AM)

03 - Register System Files

Start (2/7/2014 7:01:25 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:03:54 AM)

04 - Repair WMI

Start (2/7/2014 7:03:54 AM)

Running Repair Under Current User Account

Done (2/7/2014 7:07:32 AM)

05 - Repair Windows Firewall

Start (2/7/2014 7:07:32 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:07:43 AM)

06 - Repair Internet Explorer

Start (2/7/2014 7:07:43 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:09:10 AM)

07 - Repair MDAC/MS Jet

Start (2/7/2014 7:09:10 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:09:25 AM)

08 - Repair Hosts File

Start (2/7/2014 7:09:25 AM)

Running Repair Under System Account

Done (2/7/2014 7:09:27 AM)

09 - Remove Policies Set By Infections

Start (2/7/2014 7:09:28 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:09:32 AM)

11 - Repair Icons

Start (2/7/2014 7:09:32 AM)

Running Repair Under System Account

Done (2/7/2014 7:09:34 AM)

12 - Repair Winsock & DNS Cache

Start (2/7/2014 7:09:35 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:09:43 AM)

14 - Repair Proxy Settings

Start (2/7/2014 7:09:43 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:09:48 AM)

16 - Repair Windows Updates

Start (2/7/2014 7:09:48 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:10:15 AM)

17 - Repair CD/DVD Missing/Not Working

Start (2/7/2014 7:10:15 AM)

iTunes was found, adding UpperFilters for iTunes Reg Key

UpperFilters added?: True

Done (2/7/2014 7:10:15 AM)

18 - Repair Volume Shadow Copy Service

Start (2/7/2014 7:10:15 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:10:32 AM)

20 - Repair MSI (Windows Installer)

Start (2/7/2014 7:10:32 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:10:47 AM)

22.01 - Repair bat Association

Start (2/7/2014 7:10:47 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:10:51 AM)

22.02 - Repair cmd Association

Start (2/7/2014 7:10:51 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:10:56 AM)

22.03 - Repair com Association

Start (2/7/2014 7:10:56 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:11:01 AM)

22.04 - Repair Directory Association

Start (2/7/2014 7:11:01 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:11:05 AM)

22.05 - Repair Drive Association

Start (2/7/2014 7:11:05 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:11:10 AM)

22.06 - Repair exe Association

Start (2/7/2014 7:11:10 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:11:16 AM)

22.07 - Repair Folder Association

Start (2/7/2014 7:11:16 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:11:21 AM)

22.08 - Repair inf Association

Start (2/7/2014 7:11:21 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:11:26 AM)

22.09 - Repair lnk (Shortcuts) Association

Start (2/7/2014 7:11:26 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:11:30 AM)

22.10 - Repair msc Association

Start (2/7/2014 7:11:30 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:11:35 AM)

22.11 - Repair reg Association

Start (2/7/2014 7:11:35 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:11:40 AM)

22.12 - Repair scr Association

Start (2/7/2014 7:11:40 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:11:44 AM)

23 - Repair Windows Safe Mode

Start (2/7/2014 7:11:44 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:11:49 AM)

24 - Repair Print Spooler

Start (2/7/2014 7:11:49 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:12:00 AM)

25 - Restore Important Windows Services

Start (2/7/2014 7:12:00 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:12:04 AM)

26 - Set Windows Services To Default Startup

Start (2/7/2014 7:12:04 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (2/7/2014 7:12:19 AM)

Skipping Repair.

Repair is for Windows v6.2 (Windows 8 & Newer) or higher.

Current version: 5.1

Skipping Repair.

Repair is for Windows v6.2 (Windows 8 & Newer) or higher.

Current version: 5.1

Cleaning up empty logs...

All Selected Repairs Done.

Done (2/7/2014 7:12:19 AM)

Total Repair Time: 00:12:40

...YOU MUST RESTART YOUR SYSTEM...

Running Repair Under Current User Account

#78 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 07 February 2014 - 01:39 PM

Great. As it was going through the SFC procedure (that's the part where it wanted the disk) did it find any files that needed restored?

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#79 btbenoit

Authentic Member

Authentic Member
95 posts

Posted 07 February 2014 - 01:45 PM

I'm not sure. I put it running and left for work.

#80 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 07 February 2014 - 01:47 PM

No problem.

Please run me a new set of DDS logs.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#81 btbenoit

Authentic Member

Authentic Member
95 posts

Posted 07 February 2014 - 01:53 PM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_2012-11-20.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume3

Install Date: 12/30/2009 8:29:26 AM

System Uptime: 2/7/2014 1:44:18 PM (0 hours ago)

Motherboard: Dell Inc | | 0UW457

Processor: AMD Athlon™ 64 Processor 3200+ | Socket M2 | 2004/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 223 GiB total, 28.982 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 6.007 GiB free.

E: is CDROM ()

G: is FIXED (NTFS) - 1863 GiB total, 1669.267 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP3008: 12/28/2013 4:00:24 AM - Software Distribution Service 3.0

RP3009: 12/29/2013 4:00:22 AM - Software Distribution Service 3.0

RP3010: 12/29/2013 4:18:54 AM - Software Distribution Service 3.0

RP3011: 12/29/2013 11:30:04 PM - Software Distribution Service 3.0

RP3012: 12/30/2013 4:00:21 AM - Software Distribution Service 3.0

RP3013: 12/31/2013 4:08:10 AM - Software Distribution Service 3.0

RP3014: 12/31/2013 10:33:08 AM - Software Distribution Service 3.0

RP3015: 1/1/2014 4:00:19 AM - Software Distribution Service 3.0

RP3016: 1/2/2014 4:00:21 AM - Software Distribution Service 3.0

RP3017: 1/2/2014 4:17:24 AM - Software Distribution Service 3.0

RP3018: 1/3/2014 4:00:24 AM - Software Distribution Service 3.0

RP3019: 1/4/2014 4:00:21 AM - Software Distribution Service 3.0

RP3020: 1/4/2014 4:16:47 AM - Software Distribution Service 3.0

RP3021: 1/5/2014 4:00:19 AM - Software Distribution Service 3.0

RP3022: 1/5/2014 10:47:58 AM - Software Distribution Service 3.0

RP3023: 1/6/2014 3:15:54 AM - Software Distribution Service 3.0

RP3024: 1/6/2014 4:13:43 AM - Software Distribution Service 3.0

RP3025: 1/7/2014 4:07:09 AM - Software Distribution Service 3.0

RP3026: 1/8/2014 4:06:49 AM - Software Distribution Service 3.0

RP3027: 1/8/2014 6:56:36 PM - Software Distribution Service 3.0

RP3028: 1/9/2014 4:07:10 AM - Software Distribution Service 3.0

RP3029: 1/10/2014 4:07:47 AM - Software Distribution Service 3.0

RP3030: 1/10/2014 1:23:43 PM - Software Distribution Service 3.0

RP3031: 1/11/2014 4:02:37 AM - Software Distribution Service 3.0

RP3032: 1/11/2014 6:37:20 PM - Software Distribution Service 3.0

RP3033: 1/12/2014 9:28:08 AM - Software Distribution Service 3.0

RP3034: 1/12/2014 5:05:21 PM - System Checkpoint

RP3035: 1/12/2014 11:04:42 PM - Software Distribution Service 3.0

RP3036: 1/13/2014 4:00:18 AM - Software Distribution Service 3.0

RP3037: 1/14/2014 4:00:19 AM - Software Distribution Service 3.0

RP3038: 1/14/2014 4:16:36 AM - Software Distribution Service 3.0

RP3039: 1/15/2014 4:00:30 AM - Software Distribution Service 3.0

RP3040: 1/16/2014 4:06:27 AM - Software Distribution Service 3.0

RP3041: 1/16/2014 9:20:10 PM - Software Distribution Service 3.0

RP3042: 1/17/2014 4:00:19 AM - Software Distribution Service 3.0

RP3043: 1/18/2014 4:00:20 AM - Software Distribution Service 3.0

RP3044: 1/18/2014 4:17:55 AM - Software Distribution Service 3.0

RP3045: 1/19/2014 4:00:24 AM - Software Distribution Service 3.0

RP3046: 1/19/2014 10:57:18 PM - Software Distribution Service 3.0

RP3047: 1/20/2014 4:00:19 AM - Software Distribution Service 3.0

RP3048: 1/21/2014 4:00:18 AM - Software Distribution Service 3.0

RP3049: 1/21/2014 4:16:10 AM - Software Distribution Service 3.0

RP3050: 1/22/2014 4:00:18 AM - Software Distribution Service 3.0

RP3051: 1/23/2014 4:00:20 AM - Software Distribution Service 3.0

RP3052: 1/23/2014 4:17:06 AM - Software Distribution Service 3.0

RP3053: 1/24/2014 4:06:45 AM - Software Distribution Service 3.0

RP3054: 1/24/2014 7:24:26 AM - Software Distribution Service 3.0

RP3055: 1/25/2014 4:06:23 AM - Software Distribution Service 3.0

RP3056: 1/25/2014 7:33:15 AM - Software Distribution Service 3.0

RP3057: 1/26/2014 8:45:07 AM - Software Distribution Service 3.0

RP3058: 1/26/2014 9:04:18 AM - Software Distribution Service 3.0

RP3059: 1/26/2014 11:23:41 PM - Software Distribution Service 3.0

RP3060: 1/27/2014 4:00:18 AM - Software Distribution Service 3.0

RP3061: 1/28/2014 4:00:19 AM - Software Distribution Service 3.0

RP3062: 1/28/2014 4:16:35 AM - Software Distribution Service 3.0

RP3063: 1/29/2014 4:00:22 AM - Software Distribution Service 3.0

RP3064: 1/30/2014 4:00:19 AM - Software Distribution Service 3.0

RP3065: 1/30/2014 4:17:12 AM - Software Distribution Service 3.0

RP3066: 1/31/2014 7:22:21 AM - System Checkpoint

RP3067: 1/31/2014 7:16:56 PM - Malwarebytes Anti-Rootkit Restore Point

RP3068: 2/1/2014 4:00:17 AM - Software Distribution Service 3.0

RP3069: 2/1/2014 3:34:09 PM - Software Distribution Service 3.0

RP3070: 2/2/2014 4:00:18 AM - Software Distribution Service 3.0

RP3071: 2/2/2014 7:46:05 PM - Software Distribution Service 3.0

RP3072: 2/2/2014 11:20:35 PM - Software Distribution Service 3.0

RP3073: 2/3/2014 4:00:18 AM - Software Distribution Service 3.0

RP3074: 2/4/2014 4:00:18 AM - Software Distribution Service 3.0

RP3075: 2/4/2014 4:16:48 AM - Software Distribution Service 3.0

RP3076: 2/5/2014 4:00:17 AM - Software Distribution Service 3.0

RP3077: 2/6/2014 4:00:17 AM - Software Distribution Service 3.0

RP3078: 2/6/2014 4:16:07 AM - Software Distribution Service 3.0

RP3079: 2/7/2014 4:00:22 AM - Software Distribution Service 3.0

RP3080: 2/7/2014 6:55:37 AM - Software Distribution Service 3.0

RP3081: 2/7/2014 6:58:34 AM - Tweaking.com - Windows Repair

RP3082: 2/7/2014 6:59:08 AM - Tweaking.com - Windows Repair

==== Installed Programs ======================

32 Bit HP CIO Components Installer

3ivx MPEG-4 5.0.2 (remove only)

Acrobat.com

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Flash Player 12 ActiveX

Adobe Photoshop 7.0

Adobe Reader X (10.1.9)

Adobe Shockwave Player 12.0

Adobe SVG Viewer 3.0

AI-Aircraft Editor Version 2.1.0.23

AIO_Scan

AMR to MP3 Converter 1.4

AnyToISO

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Application Mover

ArcSoft Panorama Maker 4

ASPCA Reminder by We-Care.com v4.1.22.1

Athlon 64 Processor Driver

Avanquest update

AviSynth 2.5

Bing Bar

Bonjour

Broadcom 440x 10/100 Integrated Controller

Broadcom Management Programs

BufferChm

C5200

C5200_doccd

c5200_Help

CardRd81

CCleaner

CCScore

ClipGrab 3.3.0.2

Compatibility Pack for the 2007 Office system

Content Transfer

Copy

CR2

Critical Security Update

CustomerResearchQFolder

CutePDF Writer 3.0

Dealio Toolbar v8.2

Defraggler

Delta Force - Black Hawk Down

Destination Component

DeviceDiscovery

DeviceManagementQFolder

Digital Line Detect

DocProc

DocProcQFolder

EditVoicepack

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSPDock

ESSTOOLS

essvatgt

eSupportQFolder

Expstudio Audio Editor FREE

Fax

File Uploader

Fisher-Price Photo Software

Flight Deck 6 for FS2004

Free M4a to MP3 Converter 7.1

Free Mp3 Wma Converter V 1.9

Glary Utilities 4.0

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Google+ Auto Backup

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB954550-v5)

HP Customer Participation Program 9.0

HP Imaging Device Functions 9.0

HP OCR Software 9.0

HP Officejet 6700 Basic Device Software

HP Officejet 6700 Help

HP Officejet 6700 Product Improvement Study

HP Photosmart All-In-One Software 9.0

HP Photosmart Essential 2.01

HP Photosmart Essential2.01

HP Solution Center 9.0

HP Update

HPProductAssistant

HPSSupply

I.R.I.S. OCR

iTunes

Java Auto Updater

Java™ 6 Update 21

K-Lite Codec Pack 7.0.0 (Standard)

KATL Atlanta

KEDDS

Kodak EasyShare digital display software

Malwarebytes Anti-Malware version 1.75.0.1300

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2833941)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Flight Simulator 2004 A Century of Flight

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office Professional Edition 2003

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Military AI Works - RAF Lakenheath 48th FW

MobileMe Control Panel

Motorola Driver Installation 4.5.0

Mouse Suite for Desktop Computers

Mozilla Firefox 21.0 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NASCAR® Racing 2007 Season

netbrdg

Nikon Message Center

Nikon Transfer

NNC Series Mod

NRatings

NVIDIA Drivers

OfotoXMI

PanoStandAlone

PGA Championship Golf 2000

Picasa 3

Prop-Liners Collection

PS Panels 737NG Version 1.1

PS_AIO_02_ProductContext

PS_AIO_02_Software

PS_AIO_02_Software_min

PSSWCORE

QuickTime

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

RealUpgrade 1.1

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler

Roxio Update Manager

Safari

SAMSUNG CDMA Modem Driver Set

SAMSUNG Mobile Composite Device Software

SAMSUNG Mobile Modem Driver Set

Samsung Mobile phone USB driver Software

SAMSUNG Mobile USB Modem 1.0 Software

SAMSUNG Mobile USB Modem Software

Samsung PC Studio 3 USB Driver Installer

Samsung Samples Installer

Scan

Secunia PSI (3.0.0.9015)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB2792100)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2799329)

Security Update for Windows Internet Explorer 8 (KB2809289)

Security Update for Windows Internet Explorer 8 (KB2817183)

Security Update for Windows Internet Explorer 8 (KB2829530)

Security Update for Windows Internet Explorer 8 (KB2838727)

Security Update for Windows Internet Explorer 8 (KB2846071)

Security Update for Windows Internet Explorer 8 (KB2847204)

Security Update for Windows Internet Explorer 8 (KB2862772)

Security Update for Windows Internet Explorer 8 (KB2870699)

Security Update for Windows Internet Explorer 8 (KB2879017)

Security Update for Windows Internet Explorer 8 (KB2888505)

Security Update for Windows Internet Explorer 8 (KB2898785)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB2834904-v2)

Security Update for Windows Media Player (KB2834904)

Security Update for Windows Media Player (KB975558)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2808735)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820197)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB2829361)

Security Update for Windows XP (KB2834886)

Security Update for Windows XP (KB2839229)

Security Update for Windows XP (KB2845187)

Security Update for Windows XP (KB2847311)

Security Update for Windows XP (KB2849470)

Security Update for Windows XP (KB2850851)

Security Update for Windows XP (KB2850869)

Security Update for Windows XP (KB2859537)

Security Update for Windows XP (KB2862152)

Security Update for Windows XP (KB2862330)

Security Update for Windows XP (KB2862335)

Security Update for Windows XP (KB2864063)

Security Update for Windows XP (KB2868038)

Security Update for Windows XP (KB2868626)

Security Update for Windows XP (KB2876217)

Security Update for Windows XP (KB2876315)

Security Update for Windows XP (KB2876331)

Security Update for Windows XP (KB2883150)

Security Update for Windows XP (KB2884256)

Security Update for Windows XP (KB2892075)

Security Update for Windows XP (KB2893294)

Security Update for Windows XP (KB2893984)

Security Update for Windows XP (KB2898715)

Security Update for Windows XP (KB2900986)

Security Update for Windows XP (KB2914368)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982802)

SFR

SHASTA

SigmaTel Audio

SimCity 2000® Special Edition

skin0001

SKINXSDK

SolutionCenter

Sonic Activation Module

Spy Sweeper

staticcr

Status

swMSM

TomTom HOME

TomTom HOME Visual Studio Merge Modules

Toolbox

tooltips

TrayApp

Tweaking.com - Windows Repair (All in One)

Unity Web Player

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB2863058)

Update for Windows XP (KB2904266)

Update for Windows XP (KB971029)

VideoToolkit01

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VPRINTOL

WD SmartWare

WebFldrs XP

WebReg

WinDirStat 1.1.2

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live ID Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Player 11

WinPcap 4.1.2

WinX Free AVI to WMV Converter 4.0.15

WinX Free FLV to MP3 Converter 2.0.7

WinX Free FLV to WMV Converter 4.1.9

WinX Free MOV to MP4 Converter 4.1.11

WinX Free MOV to WMV Converter 4.1.11

WinX Free MP4 to AVI Converter 4.1.12

WinX Free MP4 to WMV Converter 4.1.10

WinZip 14.5

WIRELESS

WOT for Internet Explorer

==== Event Viewer Messages From Past Week ========

2/3/2014 1:55:45 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

2/1/2014 4:06:23 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Outlook 2003 Junk E-mail Filter (KB2863822).

2/1/2014 4:06:23 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Office 2003 (KB907417).

2/1/2014 4:04:16 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).

2/1/2014 4:01:03 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Office 2003 Service Pack 3 (SP3).

2/1/2014 3:21:08 PM, error: sptd [4] - Driver detected an internal error in its data structures for .

2/1/2014 10:10:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error

1/31/2014 8:40:00 PM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error

1/31/2014 7:19:37 PM, error: Service Control Manager [7000] - The Process creation detector. service failed to start due to the following error: The system cannot find the file specified.

1/31/2014 7:19:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi PCIIde

1/31/2014 7:19:23 PM, error: Print [23] - Printer Microsoft Office Document Image Writer failed to initialize because a suitable Microsoft Office Document Image Writer Driver driver could not be found.

1/31/2014 7:17:00 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.

1/31/2014 6:21:39 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

1/31/2014 4:12:32 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.2960.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/31/2014 4:12:32 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.165.2960.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10201.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

1/31/2014 2:00:00 PM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error

1/31/2014 1:14:00 PM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2

Run by Beaub at 13:52:22 on 2014-02-07

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1082 [GMT -6:00]

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

============== Running Processes ================

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\Mixer\CTSVolFE.exe

C:\Program Files\Glary Utilities 4\Integrator.exe

C:\Program Files\Fisher-Price\Photo Software\Util\Fisher-Price Photo Software Middleware.exe

C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe

C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Secunia\PSI\sua.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe

C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/

BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll

BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll

TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [CTSVolFE.exe] "c:\program files\creative\mixer\CTSVolFE.exe" /r

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [FPPhotoMiddleWare] c:\program files\fisher-price\photo software\util\Fisher-Price Photo Software Middleware.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Philips Device Listener] "c:\program files\philips\philips songbird resources\autolauncher\PhilipsDeviceListener.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoCDBurning = dword:1

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BackupNoCDBurning = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262200055895

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369003957641

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{67A097C5-EA5A-4A00-B984-FC00705A6157} : DHCPNameServer = 192.168.2.1

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\documents and settings\beaub\application data\mozilla\firefox\profiles\0ixibutj.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z005&form=ZGAPHP

FF - prefs.js: browser.search.selectedEngine - Google

FF - ExtSQL: !HIDDEN! 2010-01-10 14:30; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys [2013-11-29 13504]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 214696]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-6-6 37664]

R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2013-11-4 660184]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2013-8-27 93072]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-9-29 16512]

S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]

S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-8-20 30464]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-11-4 16024]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys --> c:\windows\system32\drivers\revoflt.sys [?]

S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-11-4 1228504]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-1-9 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]

S4 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\kodak\digital display\orbkodaklauncher\DllStartupService.exe [2009-5-14 98304]

S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]

=============== Created Last 30 ================

2014-02-07 19:43:25 115880 ------w- c:\windows\system32\pxinsi64.exe

2014-02-07 19:43:25 114856 ------w- c:\windows\system32\pxcpyi64.exe

2014-02-07 19:36:23 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{14c7d5c5-c9b0-4206-8dac-7bf61bdedc48}\mpengine.dll

2014-02-07 12:56:27 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2014-02-07 12:56:24 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2014-02-07 12:56:22 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll

2014-02-07 12:56:19 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe

2014-02-07 12:56:15 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe

2014-02-07 12:56:06 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe

2014-02-07 12:56:02 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys

2014-02-07 12:56:01 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys

2014-02-07 12:55:57 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys

2014-02-07 12:55:56 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys

2014-02-07 12:55:55 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll

2014-02-07 12:55:33 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys

2014-02-07 12:55:27 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys

2014-02-07 12:55:23 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys

2014-02-07 12:55:16 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys

2014-02-07 12:55:11 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll

2014-02-07 12:55:08 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll

2014-02-07 12:55:03 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys

2014-02-07 12:55:02 23615 -c--a-w- c:\windows\system32\dllcache\wch7xxnt.sys

2014-02-07 12:55:01 31744 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys

2014-02-07 12:53:57 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys

2014-02-07 12:52:59 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys

2014-02-07 12:51:59 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys

2014-02-07 12:50:59 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys

2014-02-07 12:49:59 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys

2014-02-07 12:48:58 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys

2014-02-07 12:47:59 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys

2014-02-07 12:46:59 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll

2014-02-07 12:45:59 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys

2014-02-07 12:44:54 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll

2014-02-07 12:43:57 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll

2014-02-07 12:42:57 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys

2014-02-07 12:41:59 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys

2014-02-07 12:40:59 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll

2014-02-07 12:39:57 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll

2014-02-07 12:38:51 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll

2014-02-07 12:37:53 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys

2014-02-07 12:36:58 101376 -c--a-w- c:\windows\system32\dllcache\hpgt34.dll

2014-02-07 12:35:58 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll

2014-02-07 12:34:59 144896 -c--a-w- c:\windows\system32\dllcache\epcfw2k.sys

2014-02-07 12:33:59 26698 -c--a-w- c:\windows\system32\dllcache\dlh5xnd5.sys

2014-02-07 12:32:59 3072 -c--a-w- c:\windows\system32\dllcache\cwbase.sys

2014-02-06 10:16:10 7760024 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2014-02-03 19:17:54 -------- d-----w- c:\documents and settings\all users\application data\Doctor Web

2014-02-03 19:17:53 -------- d-----w- c:\documents and settings\beaub\Doctor Web

2014-02-01 21:14:11 -------- d-----w- c:\program files\Tweaking.com

2014-02-01 16:16:48 -------- d-----w- C:\FRST

2014-01-31 19:07:02 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-01-31 19:02:01 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-01-31 03:59:24 98816 ----a-w- c:\windows\sed.exe

2014-01-31 03:59:24 256000 ----a-w- c:\windows\PEV.exe

2014-01-31 03:59:24 208896 ----a-w- c:\windows\MBR.exe

2014-01-26 03:35:34 -------- d-----w- c:\program files\CCleaner

2014-01-17 03:23:22 -------- d-----w- c:\windows\system32\NtmsData

==================== Find3M ====================

2014-01-24 21:27:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-01-24 21:27:39 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe

2014-01-06 19:23:36 4558848 ----a-w- c:\windows\system32\GPhotos.scr

2013-12-11 09:01:26 9272200 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-12-02 19:25:48 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2013-11-19 03:57:02 101664 ----a-w- c:\windows\system32\BootDefrag.exe

2013-11-18 01:18:34 13504 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys

2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll

2013-11-12 20:33:41 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: SAMSUNG_SP2504C rev.VT100-52 -> Harddisk0\DR0 -> \Device\00000063

device: opened successfully

user: MBR read successfully

Disk trace:

called modules: ntkrnlpa.exe >>UNKNOWN [0x8A4975D0]<<

_asm { MOV EAX, 0x8a4974f0; XCHG [ESP], EAX; PUSH EAX; PUSH 0x8a439b9c; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }

1 ntkrnlpa!IofCallDriver[0x804EE1A0] -> \Device\Harddisk0\DR0[0x8A43A8D8]

\Driver\Disk[0x8A436A60] -> IRP_MJ_CREATE -> 0x8A4975D0

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\Disk -> 0x8a4975d0

user & kernel MBR OK

Warning: possible MBR rootkit infection !

============= FINISH: 13:54:30.26 ===============

#82 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 07 February 2014 - 02:36 PM

I believe things are OK now... let's run a double check.

MBRCheck
Please download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#83 btbenoit

Authentic Member

Authentic Member
95 posts

Posted 07 February 2014 - 05:00 PM

#84 btbenoit

Authentic Member

Authentic Member
95 posts

Posted 07 February 2014 - 05:01 PM

not sure if this is an unknown bootcode or not??

#85 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 07 February 2014 - 05:07 PM

Nope. It appears to me to say "Windows XP MBR code detected"... which is a good thing. I don't know why gmer's tool keeps saying there might be a MBR problem with ntkrnlpa.exem but it seems to check out fine.

How are things running now? If you haven't done so, give it a test drive and then let me know.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

Advertisements

Register to Remove

#86 btbenoit

Authentic Member

Authentic Member
95 posts

Posted 07 February 2014 - 05:09 PM

MBRCheck, version 1.2.3

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000005c

Kernel Drivers (total 140):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806D1000 \WINDOWS\system32\hal.dll

0xBA5A8000 \WINDOWS\system32\KDCOM.DLL

0xBA4B8000 \WINDOWS\system32\BOOTVID.dll

0xB9F79000 ACPI.sys

0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xB9F68000 pci.sys

0xBA0A8000 isapnp.sys

0xB9E95000 sptd.sys

0xB9E7D000 \WINDOWS\System32\Drivers\SPTD4733.SYS

0xBA670000 pciide.sys

0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xBA0B8000 MountMgr.sys

0xB9E5E000 ftdisk.sys

0xBA330000 PartMgr.sys

0xBA0C8000 VolSnap.sys

0xB9E46000 atapi.sys

0xB9E2C000 nvata.sys

0xBA338000 cercsr6.sys

0xB9E14000 \WINDOWS\System32\Drivers\SCSIPORT.SYS

0xBA0D8000 disk.sys

0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xB9DF4000 fltmgr.sys

0xB9DE2000 sr.sys

0xB9DB2000 MpFilter.sys

0xB9D9C000 DRVMCDB.SYS

0xBA0F8000 PxHelp20.sys

0xB9D85000 KSecDD.sys

0xB9D72000 WudfPf.sys

0xB9CE5000 Ntfs.sys

0xB9CB8000 NDIS.sys

0xB9C9E000 Mup.sys

0xBA5AC000 BootDefragDriver.sys

0xBA218000 \SystemRoot\system32\DRIVERS\AmdK8.sys

0xB8DFB000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xB8DE7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xBA3C0000 \SystemRoot\system32\DRIVERS\usbohci.sys

0xB8DC3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xBA3C8000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xBA228000 \SystemRoot\system32\DRIVERS\imapi.sys

0xBA238000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xBA248000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB8DA0000 \SystemRoot\system32\DRIVERS\ks.sys

0xBA3D0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0xBA258000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys

0xB8D6C000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys

0xB8C6D000 \SystemRoot\system32\DRIVERS\HSF_DP.sys

0xB8BC6000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

0xBA3D8000 \SystemRoot\System32\Drivers\Modem.SYS

0xB8B9E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xBA7CA000 \SystemRoot\system32\DRIVERS\audstub.sys

0xB94D6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xB9C5A000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB8B87000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xB94C6000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xB94B6000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xBA3E0000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB8B76000 \SystemRoot\system32\DRIVERS\psched.sys

0xB94A6000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xBA3E8000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xBA3F0000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB9496000 \SystemRoot\system32\DRIVERS\termdd.sys

0xBA3F8000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xBA400000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xBA5F2000 \SystemRoot\system32\DRIVERS\serscan.sys

0xBA5F4000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB8B18000 \SystemRoot\system32\DRIVERS\update.sys

0xB9C52000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xB8994000 \SystemRoot\system32\drivers\sthda.sys

0xB8970000 \SystemRoot\system32\drivers\portcls.sys

0xB9486000 \SystemRoot\system32\drivers\drmk.sys

0xB9476000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xB9466000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xBA5FC000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xBA604000 \SystemRoot\System32\Drivers\DLACDBHM.SYS

0xBA606000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xBA710000 \SystemRoot\System32\Drivers\Null.SYS

0xBA608000 \SystemRoot\System32\Drivers\Beep.SYS

0xBA428000 \SystemRoot\System32\Drivers\DLARTL_M.SYS

0xB9446000 \??\C:\WINDOWS\system32\drivers\avgtpx86.sys

0xBA430000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xBA438000 \SystemRoot\System32\drivers\vga.sys

0xBA60A000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xBA60C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xBA440000 \SystemRoot\System32\Drivers\Msfs.SYS

0xBA448000 \SystemRoot\System32\Drivers\Npfs.SYS

0xB91DE000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xB6378000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xB631F000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xB62F7000 \SystemRoot\system32\DRIVERS\netbt.sys

0xB91DA000 \SystemRoot\System32\drivers\ws2ifsl.sys

0xB62D5000 \SystemRoot\System32\drivers\afd.sys

0xBA278000 \SystemRoot\system32\DRIVERS\netbios.sys

0xBA450000 \SystemRoot\System32\Drivers\StarOpen.SYS

0xB62AA000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xB6212000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xBA298000 \SystemRoot\System32\Drivers\Fips.SYS

0xB61EC000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xBA2A8000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xBA458000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xBA570000 \SystemRoot\system32\DRIVERS\usbscan.sys

0xBA460000 \SystemRoot\system32\DRIVERS\usbprint.sys

0xBA468000 \SystemRoot\system32\DRIVERS\HPZius12.sys

0xBA470000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xBA158000 \SystemRoot\system32\DRIVERS\HPZid412.sys

0xBA574000 \SystemRoot\system32\DRIVERS\HPZipr12.sys

0xBA578000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xBA188000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xBA580000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xBA584000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xBA1B8000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xB610A000 \SystemRoot\System32\Drivers\dump_nvata.sys

0xBA61A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xB9C6E000 \SystemRoot\System32\drivers\Dxapi.sys

0xBA490000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xBA735000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\nv4_disp.dll

0xBF45C000 \SystemRoot\System32\ATMFD.DLL

0xB616C000 \SystemRoot\System32\Drivers\DRVNDDM.SYS

0xBA7F2000 \SystemRoot\System32\DLA\DLADResM.SYS

0xB51AA000 \SystemRoot\System32\DLA\DLAIFS_M.SYS

0xBA4A8000 \SystemRoot\System32\DLA\DLAOPIOM.SYS

0xBA620000 \SystemRoot\System32\DLA\DLAPoolM.SYS

0xBA4B0000 \SystemRoot\System32\DLA\DLABMFSM.SYS

0xBA348000 \SystemRoot\System32\DLA\DLABOIOM.SYS

0xB5194000 \SystemRoot\System32\DLA\DLAUDFAM.SYS

0xB517D000 \SystemRoot\System32\DLA\DLAUDF_M.SYS

0xB509D000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB3E48000 \SystemRoot\system32\drivers\wdmaud.sys

0xB4FAD000 \SystemRoot\system32\drivers\sysaudio.sys

0xB3709000 \SystemRoot\System32\Drivers\HTTP.sys

0xB3832000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xB3689000 \SystemRoot\system32\DRIVERS\srv.sys

0xBA488000 \SystemRoot\system32\drivers\npf.sys

0xBA4A0000 \??\C:\DOCUME~1\Beaub\LOCALS~1\Temp\mbr.sys

0xB397A000 \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14C7D5C5-C9B0-4206-8DAC-7BF61BDEDC48}\MpKsl233f5647.sys

0xAF4D3000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 51):

0 System Idle Process

4 System

388 C:\WINDOWS\system32\smss.exe

436 csrss.exe

460 C:\WINDOWS\system32\winlogon.exe

504 C:\WINDOWS\system32\services.exe

516 C:\WINDOWS\system32\lsass.exe

676 C:\WINDOWS\system32\svchost.exe

736 svchost.exe

800 C:\Program Files\Microsoft Security Client\MsMpEng.exe

840 C:\WINDOWS\system32\svchost.exe

884 C:\WINDOWS\system32\svchost.exe

1060 svchost.exe

1108 svchost.exe

1196 C:\WINDOWS\system32\spoolsv.exe

1444 C:\WINDOWS\explorer.exe

1552 C:\Program Files\Creative\Mixer\CTSVolFE.exe

1568 C:\Program Files\Glary Utilities 4\Integrator.exe

1584 C:\Program Files\Fisher-Price\Photo Software\Util\Fisher-Price Photo Software Middleware.exe

1604 C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe

1640 C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe

1696 C:\Program Files\real\realplayer\Update\realsched.exe

1748 C:\Program Files\iTunes\iTunesHelper.exe

1756 C:\Program Files\Microsoft Security Client\msseces.exe

1776 C:\WINDOWS\system32\ctfmon.exe

1888 C:\Program Files\WinZip\WZQKPICK.EXE

796 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1024 C:\Program Files\Bonjour\mDNSResponder.exe

992 C:\WINDOWS\system32\svchost.exe

1076 C:\Program Files\Google\Update\GoogleUpdate.exe

1964 C:\WINDOWS\system32\svchost.exe

1992 C:\Program Files\Java\jre7\bin\jqs.exe

2096 C:\WINDOWS\system32\svchost.exe

2284 C:\WINDOWS\system32\nvsvc32.exe

2300 C:\WINDOWS\system32\svchost.exe

2324 C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

2336 C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

2416 C:\Program Files\Secunia\PSI\sua.exe

2624 C:\WINDOWS\system32\svchost.exe

2636 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

2688 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

2776 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

2872 wmpnetwk.exe

3348 C:\Program Files\iPod\bin\iPodService.exe

3728 alg.exe

3336 C:\Documents and Settings\Beaub\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

2464 C:\WINDOWS\system32\wuauclt.exe

1104 C:\WINDOWS\system32\notepad.exe

2536 C:\WINDOWS\system32\notepad.exe

376 C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE

704 C:\Documents and Settings\Beaub\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`82800000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGSP2504C, Rev: VT100-52

PhysicalDrive1 Model Number: WDCWD20EZRX-00D8PB0, Rev: 80.00A80

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

1863 GB \\.\PhysicalDrive1 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

#87 btbenoit

Authentic Member

Authentic Member
95 posts

Posted 07 February 2014 - 05:10 PM

It does seem to be running better

#88 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 07 February 2014 - 05:30 PM

I think we are finally ready to clean you up and let you get back to your regularly scheduled life.

Time for some housekeeping

Click START then RUN
Now type ComboFix /Uninstall in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

The above procedure will:

Implement some cleanup procedures.
Reset System Restore.

Clean up with delfix:

please download delfix to your desktop.
Close all other programms and start delfix.
Please check all the boxes and run the tool.
delfix will now delete all found traces of our removal process

Please re-enable any security that was disabled.

If you have any tools or logs left... just delete them.

The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved. :thumbup:

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#89 btbenoit

Authentic Member

Authentic Member
95 posts

Posted 07 February 2014 - 05:48 PM

I have read and understand.

I happen to put in a thumb drive to see if that issue was fixed, and nothing. No detection that it is there???

#90 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 07 February 2014 - 06:40 PM

Please open Notepad

Click Start , then Run
Type notepad.exe in the Run Box.
Copy and Paste everything from the Quote box into Notepad:

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}]
"UpperFilters"=-
"LowerFilters"=-

Make sure there are NO blank lines before REGEDIT4

Go to File > Save As
Save File name as Fix.reg
Change Save as Type to All Files and save the file to your desktop.

Close Notepad, and double-click Fix.reg on your Desktop. When it asks if you want to merge the info to the registry, hit YES/OK. Reboot the computer.

After reboot, let me know if it can now see your thumb drive.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

Body Background

skin color theme

Registry repair/still having issues [Solved]

#76 Tomk

Advertisements

Register to Remove

#77 btbenoit

#78 Tomk

#79 btbenoit

#80 Tomk

#81 btbenoit

#82 Tomk

#83 btbenoit

#84 btbenoit

#85 Tomk

Advertisements

Register to Remove

#86 btbenoit

#87 btbenoit

#88 Tomk

#89 btbenoit

#90 Tomk

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Registry repair/still having issues [Solved]

#76 Tomk

Advertisements Register to Remove

#77 btbenoit

#78 Tomk

#79 btbenoit

#80 Tomk

#81 btbenoit

#82 Tomk

#83 btbenoit

#84 btbenoit

#85 Tomk

Advertisements Register to Remove

#86 btbenoit

#87 btbenoit

#88 Tomk

#89 btbenoit

#90 Tomk

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove