Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Host File Hijacked


  • Please log in to reply
9 replies to this topic

#1 CT3

CT3

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 17 May 2012 - 10:08 AM

Recently, I started noticing ads which poppped up in the bottom right corner of my screen while browsing the internet. It was an annoyance and I didn't know what had caused those ads to appear but I thought I would be able to remove them. I had been noticing these ads for several weeks prior to now. Subsequently, on another evening my PC began giving me messages which indicated that the HDD was failing and that I should scan the the drive and restart the machine to prevent data loss. At that moment, I knew that my machine was infected and I began corrective actions. I ran Avira and it identified a trojan called Crypt.ZPACK.Gen8. I removed this. Then I ran MBAM and it identified two other malware/trojan items and removed them. OK. So now it appears that the trojans have been removed, but the ads still appear. Checking further, I found a forum item on this site about the same issue entitled "Recommended for You" and using that information determined that my hosts file had been hijacked. My problem now is that I cannot gain access to the hosts file to delete the file and fix it. I tried the advanced settings found in the TOOLS>FOLDER OPTIONS>VIEW in Explorer to make the hosts file visible by showing hidden files and the other for unhiding system files. This process makes the other icons in the c:Windows\System 32\Drivers\ETC folder visible. The other icons in that folder are full color while the hosts icon is still shaded. I can open the sample hosts file text document in Notepad but am denied access to the files otherwise.

Am using XP Professional with SP3 as my operating system. Please advise. Thanks.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:49 PM

Posted 17 May 2012 - 10:14 AM

Can you please post the logs which show the detections of the malware.

#3 CT3

CT3
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 17 May 2012 - 09:39 PM

Unfortunately, I cannot retreive the text files from Avira that I ran. I can however, provide the names given by that application for the items detected. They are as follows:
TR/Strictor.443.2
TR/Crypt.ZPACK.Gen8
EXP/11-3544.FN.1
EXP/SWF.CK

Here is the MBAM File


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.13.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rita Thompson :: CURT-8CB43AC215 [administrator]

5/13/2012 9:12:12 PM
mbam-log-2012-05-13 (21-12-12).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 413436
Time elapsed: 57 minute(s), 40 second(s)

Memory Processes Detected: 1
C:\Documents and Settings\All Users\Application Data\VkAvnkkWhucqM.exe (Rogue.FakeHDD) -> 3404 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VkAvnkkWhucqM.exe (Rogue.FakeHDD) -> Data: C:\Documents and Settings\All Users\Application Data\VkAvnkkWhucqM.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\All Users\Application Data\VkAvnkkWhucqM.exe (Rogue.FakeHDD) -> Delete on reboot.
c:\documents and settings\rita thompson\recent\msn.exe (Trojan.Passwords) -> Delete on reboot.
c:\documents and settings\rita thompson\recent\bleep_avast.lnk (Malware.Trace) -> Delete on reboot.

(end)

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:49 PM

Posted 17 May 2012 - 10:35 PM

Please download and run TDSS Killer, and if it asks you to fix anything. PLEASE DO NOT FIX ANYTHING, and post the resulting log.

#5 CT3

CT3
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 18 May 2012 - 10:09 PM

Well, I ran the scan and the results were negative. But,I can't figure out how to get the file to paste here. Any advice please.

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:49 PM

Posted 19 May 2012 - 05:08 AM

Can you copy and paste the contents of the log file generated it should be in C:\ under TDSS

#7 CT3

CT3
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 19 May 2012 - 08:57 PM

OK. Found it.

21:40:49.0781 4004 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
21:40:50.0562 4004 ============================================================
21:40:50.0562 4004 Current date / time: 2012/05/19 21:40:50.0562
21:40:50.0562 4004 SystemInfo:
21:40:50.0562 4004
21:40:50.0562 4004 OS Version: 5.1.2600 ServicePack: 3.0
21:40:50.0562 4004 Product type: Workstation
21:40:50.0562 4004 ComputerName: CURT-8CB43AC215
21:40:50.0562 4004 UserName: Curt Thompson
21:40:50.0562 4004 Windows directory: C:\WINDOWS
21:40:50.0562 4004 System windows directory: C:\WINDOWS
21:40:50.0562 4004 Processor architecture: Intel x86
21:40:50.0562 4004 Number of processors: 2
21:40:50.0562 4004 Page size: 0x1000
21:40:50.0562 4004 Boot type: Normal boot
21:40:50.0562 4004 ============================================================
21:40:51.0093 4004 !crdlk
21:40:51.0093 4004 Drive \Device\Harddisk0\DR0 - Size: 0x3A35000000 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76B9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:40:51.0109 4004 ============================================================
21:40:51.0109 4004 \Device\Harddisk0\DR0:
21:40:51.0109 4004 MBR partitions:
21:40:51.0109 4004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1A1079
21:40:51.0109 4004 ============================================================
21:40:51.0125 4004 C: <-> \Device\Harddisk0\DR0\Partition0
21:40:51.0125 4004 ============================================================
21:40:51.0125 4004 Initialize success
21:40:51.0125 4004 ============================================================
21:40:54.0671 0476 ============================================================
21:40:54.0671 0476 Scan started
21:40:54.0671 0476 Mode: Manual;
21:40:54.0671 0476 ============================================================
21:40:54.0890 0476 aawservice - ok
21:40:54.0968 0476 Abiosdsk - ok
21:40:54.0968 0476 abp480n5 - ok
21:40:55.0015 0476 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:40:55.0015 0476 ACPI - ok
21:40:55.0046 0476 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:40:55.0046 0476 ACPIEC - ok
21:40:55.0046 0476 adpu160m - ok
21:40:55.0125 0476 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:40:55.0140 0476 aec - ok
21:40:55.0203 0476 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:40:55.0203 0476 AFD - ok
21:40:55.0203 0476 Aha154x - ok
21:40:55.0218 0476 aic78u2 - ok
21:40:55.0218 0476 aic78xx - ok
21:40:55.0250 0476 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:40:55.0250 0476 Alerter - ok
21:40:55.0281 0476 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:40:55.0281 0476 ALG - ok
21:40:55.0281 0476 AliIde - ok
21:40:55.0281 0476 amsint - ok
21:40:55.0421 0476 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:40:55.0421 0476 AntiVirSchedulerService - ok
21:40:55.0500 0476 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:40:55.0500 0476 AntiVirService - ok
21:40:55.0531 0476 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:40:55.0531 0476 Apple Mobile Device - ok
21:40:55.0562 0476 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:40:55.0609 0476 AppMgmt - ok
21:40:55.0843 0476 AR9271 (8e2257584b2c52d44b4cb1949947d885) C:\WINDOWS\system32\DRIVERS\athuw.sys
21:40:55.0906 0476 AR9271 - ok
21:40:55.0937 0476 asc - ok
21:40:55.0953 0476 asc3350p - ok
21:40:55.0953 0476 asc3550 - ok
21:40:56.0031 0476 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:40:56.0062 0476 aspnet_state - ok
21:40:56.0093 0476 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:40:56.0093 0476 AsyncMac - ok
21:40:56.0125 0476 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:40:56.0140 0476 atapi - ok
21:40:56.0140 0476 Atdisk - ok
21:40:56.0156 0476 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:40:56.0156 0476 Atmarpc - ok
21:40:56.0187 0476 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:40:56.0187 0476 AudioSrv - ok
21:40:56.0203 0476 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:40:56.0203 0476 audstub - ok
21:40:56.0281 0476 Automatic LiveUpdate Scheduler (018fe8992fe4d70b69ae866ea0d83f0d) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
21:40:56.0281 0476 Automatic LiveUpdate Scheduler - ok
21:40:56.0281 0476 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:40:56.0296 0476 avgntflt - ok
21:40:56.0312 0476 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:40:56.0312 0476 avipbb - ok
21:40:56.0328 0476 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
21:40:56.0328 0476 avkmgr - ok
21:40:56.0359 0476 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
21:40:56.0421 0476 BBSvc - ok
21:40:56.0468 0476 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
21:40:56.0468 0476 BBUpdate - ok
21:40:56.0515 0476 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:40:56.0515 0476 Beep - ok
21:40:56.0546 0476 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:40:56.0625 0476 BITS - ok
21:40:56.0687 0476 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:40:56.0703 0476 Bonjour Service - ok
21:40:56.0703 0476 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:40:56.0703 0476 Browser - ok
21:40:56.0734 0476 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:40:56.0734 0476 cbidf2k - ok
21:40:56.0734 0476 cd20xrnt - ok
21:40:56.0750 0476 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:40:56.0750 0476 Cdaudio - ok
21:40:56.0765 0476 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:40:56.0765 0476 Cdfs - ok
21:40:56.0781 0476 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:40:56.0781 0476 Cdrom - ok
21:40:56.0812 0476 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
21:40:56.0812 0476 cercsr6 - ok
21:40:56.0812 0476 Changer - ok
21:40:56.0859 0476 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:40:56.0859 0476 CiSvc - ok
21:40:56.0859 0476 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:40:56.0875 0476 ClipSrv - ok
21:40:56.0921 0476 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:40:56.0968 0476 clr_optimization_v2.0.50727_32 - ok
21:40:56.0968 0476 CmdIde - ok
21:40:56.0984 0476 COMSysApp - ok
21:40:56.0984 0476 Cpqarray - ok
21:40:57.0015 0476 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
21:40:57.0015 0476 cpudrv - ok
21:40:57.0046 0476 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:40:57.0062 0476 CryptSvc - ok
21:40:57.0062 0476 dac2w2k - ok
21:40:57.0062 0476 dac960nt - ok
21:40:57.0093 0476 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:40:57.0109 0476 DcomLaunch - ok
21:40:57.0156 0476 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:40:57.0156 0476 Dhcp - ok
21:40:57.0171 0476 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:40:57.0171 0476 Disk - ok
21:40:57.0187 0476 DLABOIOM (d8d58a84f3ece3359df95fd2e459b330) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:40:57.0187 0476 DLABOIOM - ok
21:40:57.0203 0476 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:40:57.0203 0476 DLACDBHM - ok
21:40:57.0203 0476 DLADResN (27c78078bd9c4f2de2ad3eb04bfe101b) C:\WINDOWS\system32\DLA\DLADResN.SYS
21:40:57.0203 0476 DLADResN - ok
21:40:57.0218 0476 DLAIFS_M (7f2d93e560b763ef5d11422d78da8ed0) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:40:57.0234 0476 DLAIFS_M - ok
21:40:57.0234 0476 DLAOPIOM (f643637de6aac57e38d197aa63d9ea74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:40:57.0234 0476 DLAOPIOM - ok
21:40:57.0234 0476 DLAPoolM (340705474807f57a46d59d18fc2959f1) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:40:57.0250 0476 DLAPoolM - ok
21:40:57.0250 0476 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
21:40:57.0250 0476 DLARTL_N - ok
21:40:57.0265 0476 DLAUDFAM (6984ea763907c045ce813468882bc587) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:40:57.0265 0476 DLAUDFAM - ok
21:40:57.0265 0476 DLAUDF_M (12b30c449cfd36adbed53eb6560933c6) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:40:57.0296 0476 DLAUDF_M - ok
21:40:57.0296 0476 dmadmin - ok
21:40:57.0359 0476 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:40:57.0406 0476 dmboot - ok
21:40:57.0453 0476 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
21:40:57.0484 0476 dmio - ok
21:40:57.0515 0476 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:40:57.0515 0476 dmload - ok
21:40:57.0531 0476 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:40:57.0546 0476 dmserver - ok
21:40:57.0546 0476 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:40:57.0562 0476 DMusic - ok
21:40:57.0593 0476 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:40:57.0593 0476 Dnscache - ok
21:40:57.0656 0476 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:40:57.0703 0476 Dot3svc - ok
21:40:57.0703 0476 dpti2o - ok
21:40:57.0718 0476 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:40:57.0718 0476 drmkaud - ok
21:40:57.0734 0476 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:40:57.0734 0476 DRVMCDB - ok
21:40:57.0734 0476 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:40:57.0750 0476 DRVNDDM - ok
21:40:57.0812 0476 DSBrokerService (245f62a2aa67f4a61f10174bf1017327) C:\Program Files\DellSupport\brkrsvc.exe
21:40:57.0828 0476 DSBrokerService - ok
21:40:57.0859 0476 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
21:40:57.0859 0476 DSproct - ok
21:40:57.0859 0476 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
21:40:57.0875 0476 dsunidrv - ok
21:40:57.0890 0476 DTSRVC (0cedf29cfa2e1209456d98c2ee4ae6f5) C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
21:40:57.0890 0476 DTSRVC - ok
21:40:57.0906 0476 e1express (c31a349d80ab6e8e9a54d3899c864823) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
21:40:57.0921 0476 e1express - ok
21:40:57.0937 0476 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:40:57.0937 0476 EapHost - ok
21:40:57.0953 0476 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:40:57.0953 0476 ERSvc - ok
21:40:57.0968 0476 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:40:57.0968 0476 Eventlog - ok
21:40:58.0015 0476 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:40:58.0015 0476 EventSystem - ok
21:40:58.0046 0476 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:40:58.0078 0476 Fastfat - ok
21:40:58.0125 0476 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:40:58.0125 0476 FastUserSwitchingCompatibility - ok
21:40:58.0156 0476 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:40:58.0156 0476 Fdc - ok
21:40:58.0171 0476 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:40:58.0171 0476 Fips - ok
21:40:58.0171 0476 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:40:58.0187 0476 Flpydisk - ok
21:40:58.0203 0476 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:40:58.0234 0476 FltMgr - ok
21:40:58.0296 0476 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:40:58.0312 0476 FontCache3.0.0.0 - ok
21:40:58.0328 0476 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:40:58.0328 0476 Fs_Rec - ok
21:40:58.0343 0476 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:40:58.0375 0476 Ftdisk - ok
21:40:58.0406 0476 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:40:58.0406 0476 GEARAspiWDM - ok
21:40:58.0421 0476 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:40:58.0421 0476 Gpc - ok
21:40:58.0484 0476 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
21:40:58.0500 0476 gupdate - ok
21:40:58.0500 0476 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
21:40:58.0500 0476 gupdatem - ok
21:40:58.0515 0476 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:40:58.0515 0476 HDAudBus - ok
21:40:58.0546 0476 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:40:58.0562 0476 helpsvc - ok
21:40:58.0593 0476 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:40:58.0593 0476 HidServ - ok
21:40:58.0609 0476 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:40:58.0609 0476 hidusb - ok
21:40:58.0656 0476 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:40:58.0671 0476 hkmsvc - ok
21:40:58.0671 0476 hpn - ok
21:40:58.0687 0476 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
21:40:58.0718 0476 HSFHWBS2 - ok
21:40:58.0781 0476 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
21:40:58.0859 0476 HSF_DP - ok
21:40:58.0906 0476 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:40:58.0906 0476 HTTP - ok
21:40:58.0953 0476 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:40:58.0953 0476 HTTPFilter - ok
21:40:58.0968 0476 i2omgmt - ok
21:40:58.0968 0476 i2omp - ok
21:40:58.0968 0476 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
21:40:58.0984 0476 i8042prt - ok
21:40:59.0015 0476 IAANTMON (ae38a12f79a4980ddb88f36514f8a1da) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
21:40:59.0031 0476 IAANTMON - ok
21:40:59.0078 0476 iastor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:40:59.0078 0476 iastor - ok
21:40:59.0125 0476 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:40:59.0140 0476 IDriverT - ok
21:40:59.0234 0476 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:40:59.0343 0476 idsvc - ok
21:40:59.0390 0476 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:40:59.0390 0476 Imapi - ok
21:40:59.0421 0476 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:40:59.0421 0476 ImapiService - ok
21:40:59.0421 0476 ini910u - ok
21:40:59.0421 0476 IntelIde - ok
21:40:59.0468 0476 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:40:59.0484 0476 intelppm - ok
21:40:59.0500 0476 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:40:59.0500 0476 Ip6Fw - ok
21:40:59.0515 0476 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:40:59.0531 0476 IpFilterDriver - ok
21:40:59.0531 0476 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:40:59.0546 0476 IpInIp - ok
21:40:59.0562 0476 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:40:59.0562 0476 IpNat - ok
21:40:59.0640 0476 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
21:40:59.0640 0476 iPod Service - ok
21:40:59.0687 0476 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:40:59.0734 0476 IPSec - ok
21:40:59.0750 0476 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:40:59.0750 0476 IRENUM - ok
21:40:59.0750 0476 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:40:59.0765 0476 isapnp - ok
21:40:59.0828 0476 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
21:40:59.0828 0476 JavaQuickStarterService - ok
21:40:59.0875 0476 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:40:59.0890 0476 Kbdclass - ok
21:40:59.0890 0476 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:40:59.0890 0476 kbdhid - ok
21:40:59.0906 0476 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:40:59.0984 0476 kmixer - ok
21:41:00.0031 0476 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:41:00.0031 0476 KSecDD - ok
21:41:00.0078 0476 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:41:00.0078 0476 lanmanserver - ok
21:41:00.0093 0476 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:41:00.0093 0476 lanmanworkstation - ok
21:41:00.0109 0476 lbrtfdc - ok
21:41:00.0203 0476 Linksys_adapter_H (bcdf72dce41874b3ad9143d537b493b2) C:\WINDOWS\system32\DRIVERS\AE2500xp.sys
21:41:00.0281 0476 Linksys_adapter_H - ok
21:41:00.0468 0476 LiveUpdate (3c7fcbbc35e0a52ce9b12e9cc4f5b991) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
21:41:00.0484 0476 LiveUpdate - ok
21:41:00.0546 0476 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:41:00.0562 0476 LmHosts - ok
21:41:00.0609 0476 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
21:41:00.0609 0476 MDM - ok
21:41:00.0656 0476 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:41:00.0671 0476 mdmxsdk - ok
21:41:00.0671 0476 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:41:00.0687 0476 Messenger - ok
21:41:00.0765 0476 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:41:00.0781 0476 Microsoft Office Groove Audit Service - ok
21:41:00.0812 0476 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:41:00.0812 0476 mnmdd - ok
21:41:00.0859 0476 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:41:00.0859 0476 mnmsrvc - ok
21:41:00.0890 0476 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:41:00.0890 0476 Modem - ok
21:41:00.0906 0476 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:41:00.0921 0476 MODEMCSA - ok
21:41:00.0937 0476 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:41:00.0953 0476 Mouclass - ok
21:41:00.0953 0476 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:41:00.0968 0476 mouhid - ok
21:41:00.0968 0476 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:41:00.0984 0476 MountMgr - ok
21:41:00.0984 0476 mraid35x - ok
21:41:01.0000 0476 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:41:01.0046 0476 MRxDAV - ok
21:41:01.0125 0476 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:41:01.0156 0476 MRxSmb - ok
21:41:01.0171 0476 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:41:01.0171 0476 MSDTC - ok
21:41:01.0187 0476 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:41:01.0187 0476 Msfs - ok
21:41:01.0187 0476 MSIServer - ok
21:41:01.0203 0476 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:41:01.0203 0476 MSKSSRV - ok
21:41:01.0218 0476 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:41:01.0218 0476 MSPCLOCK - ok
21:41:01.0218 0476 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:41:01.0218 0476 MSPQM - ok
21:41:01.0234 0476 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:41:01.0234 0476 mssmbios - ok
21:41:01.0265 0476 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:41:01.0265 0476 Mup - ok
21:41:01.0281 0476 NAL (7f16ee8322ebdf3c3b2d1a69f8030fd4) C:\WINDOWS\system32\Drivers\iqvw32.sys
21:41:01.0296 0476 NAL - ok
21:41:01.0328 0476 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:41:01.0359 0476 napagent - ok
21:41:01.0390 0476 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:41:01.0437 0476 NDIS - ok
21:41:01.0453 0476 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:41:01.0453 0476 NdisTapi - ok
21:41:01.0468 0476 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:41:01.0468 0476 Ndisuio - ok
21:41:01.0468 0476 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:41:01.0484 0476 NdisWan - ok
21:41:01.0500 0476 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:41:01.0500 0476 NDProxy - ok
21:41:01.0500 0476 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:41:01.0515 0476 NetBIOS - ok
21:41:01.0546 0476 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:41:01.0578 0476 NetBT - ok
21:41:01.0656 0476 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:41:01.0656 0476 NetDDE - ok
21:41:01.0671 0476 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:41:01.0671 0476 NetDDEdsdm - ok
21:41:01.0687 0476 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:41:01.0687 0476 Netlogon - ok
21:41:01.0718 0476 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:41:01.0750 0476 Netman - ok
21:41:01.0812 0476 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:41:01.0875 0476 NetTcpPortSharing - ok
21:41:01.0921 0476 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:41:01.0921 0476 Nla - ok
21:41:02.0187 0476 Norton Save and Restore (16ff61a74a8de710a67f3be100ce38f3) C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
21:41:02.0203 0476 Norton Save and Restore - ok
21:41:02.0296 0476 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:41:02.0312 0476 Npfs - ok
21:41:02.0359 0476 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:41:02.0390 0476 Ntfs - ok
21:41:02.0421 0476 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:41:02.0421 0476 NtLmSsp - ok
21:41:02.0468 0476 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:41:02.0546 0476 NtmsSvc - ok
21:41:02.0578 0476 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:41:02.0578 0476 Null - ok
21:41:03.0234 0476 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:41:03.0593 0476 nv - ok
21:41:03.0734 0476 NVSvc (32f7dec3729b3bae66eebcab7b03b18f) C:\WINDOWS\system32\nvsvc32.exe
21:41:03.0734 0476 NVSvc - ok
21:41:03.0875 0476 nvUpdatusService (2cc4e45b0eb4c48392cec9c83b5b8e3b) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:41:03.0953 0476 nvUpdatusService - ok
21:41:04.0046 0476 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:41:04.0046 0476 NwlnkFlt - ok
21:41:04.0062 0476 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:41:04.0062 0476 NwlnkFwd - ok
21:41:04.0125 0476 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:41:04.0156 0476 odserv - ok
21:41:04.0203 0476 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:41:04.0281 0476 ose - ok
21:41:04.0281 0476 PalmUSBD - ok
21:41:04.0328 0476 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:41:04.0328 0476 Parport - ok
21:41:04.0328 0476 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:41:04.0343 0476 PartMgr - ok
21:41:04.0343 0476 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:41:04.0359 0476 ParVdm - ok
21:41:04.0359 0476 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:41:04.0375 0476 PCI - ok
21:41:04.0375 0476 PCIDump - ok
21:41:04.0390 0476 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:41:04.0390 0476 PCIIde - ok
21:41:04.0406 0476 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:41:04.0468 0476 Pcmcia - ok
21:41:04.0468 0476 PDCOMP - ok
21:41:04.0468 0476 PDFRAME - ok
21:41:04.0515 0476 PdiPorts (089ca80ce0766b031164714b51df99bb) C:\WINDOWS\system32\Drivers\PdiPorts.sys
21:41:04.0515 0476 PdiPorts - ok
21:41:04.0562 0476 PdiService (0a098df98ec8facaa30bd7db4c7aea06) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
21:41:04.0562 0476 PdiService - ok
21:41:04.0562 0476 PDRELI - ok
21:41:04.0562 0476 PDRFRAME - ok
21:41:04.0578 0476 perc2 - ok
21:41:04.0578 0476 perc2hib - ok
21:41:04.0593 0476 Pivot (ec4f52692b5cf116ca6b0428d84a9aba) C:\WINDOWS\system32\drivers\pivot.sys
21:41:04.0609 0476 Pivot - ok
21:41:04.0609 0476 pivotmou (7d72ac1abda06ff42fd57345d0d75523) C:\WINDOWS\System32\drivers\pivotmou.sys
21:41:04.0609 0476 pivotmou - ok
21:41:04.0656 0476 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:41:04.0671 0476 PlugPlay - ok
21:41:04.0671 0476 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:41:04.0671 0476 PolicyAgent - ok
21:41:04.0718 0476 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:41:04.0734 0476 PptpMiniport - ok
21:41:04.0734 0476 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:41:04.0734 0476 ProtectedStorage - ok
21:41:04.0734 0476 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:41:04.0750 0476 PSched - ok
21:41:04.0781 0476 PSI (365622e1f0b6d5f9871d76e89bf0501a) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
21:41:04.0781 0476 PSI - ok
21:41:04.0812 0476 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:41:04.0812 0476 Ptilink - ok
21:41:04.0828 0476 ql1080 - ok
21:41:04.0828 0476 Ql10wnt - ok
21:41:04.0828 0476 ql12160 - ok
21:41:04.0828 0476 ql1240 - ok
21:41:04.0843 0476 ql1280 - ok
21:41:04.0843 0476 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:41:04.0843 0476 RasAcd - ok
21:41:04.0875 0476 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:41:04.0890 0476 RasAuto - ok
21:41:04.0921 0476 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:41:04.0921 0476 Rasl2tp - ok
21:41:04.0984 0476 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:41:05.0062 0476 RasMan - ok
21:41:05.0109 0476 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:41:05.0109 0476 RasPppoe - ok
21:41:05.0109 0476 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:41:05.0109 0476 Raspti - ok
21:41:05.0156 0476 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:41:05.0234 0476 Rdbss - ok
21:41:05.0234 0476 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:41:05.0234 0476 RDPCDD - ok
21:41:05.0250 0476 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:41:05.0281 0476 rdpdr - ok
21:41:05.0328 0476 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:41:05.0328 0476 RDPWD - ok
21:41:05.0343 0476 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:41:05.0375 0476 RDSessMgr - ok
21:41:05.0421 0476 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:41:05.0421 0476 redbook - ok
21:41:05.0453 0476 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:41:05.0453 0476 RemoteAccess - ok
21:41:05.0515 0476 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:41:05.0515 0476 RemoteRegistry - ok
21:41:05.0546 0476 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
21:41:05.0546 0476 RimUsb - ok
21:41:05.0562 0476 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:41:05.0578 0476 RpcLocator - ok
21:41:05.0593 0476 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:41:05.0609 0476 RpcSs - ok
21:41:05.0640 0476 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:41:05.0656 0476 RSVP - ok
21:41:05.0671 0476 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:41:05.0671 0476 SamSs - ok
21:41:05.0687 0476 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:41:05.0687 0476 SCardSvr - ok
21:41:05.0718 0476 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:41:05.0796 0476 Schedule - ok
21:41:05.0859 0476 ScsiAccess (54196cdac7e1d81d71c652e100b99e77) C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
21:41:05.0859 0476 ScsiAccess - ok
21:41:05.0890 0476 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:41:05.0890 0476 Secdrv - ok
21:41:05.0937 0476 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:41:05.0937 0476 seclogon - ok
21:41:05.0968 0476 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:41:05.0968 0476 SENS - ok
21:41:05.0984 0476 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:41:05.0984 0476 Serial - ok
21:41:06.0000 0476 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
21:41:06.0000 0476 sfdrv01 - ok
21:41:06.0015 0476 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
21:41:06.0015 0476 sfhlp02 - ok
21:41:06.0015 0476 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:41:06.0015 0476 Sfloppy - ok
21:41:06.0031 0476 sfsync02 (efebbc1d13fdb77a6af4eddfc7232edf) C:\WINDOWS\system32\drivers\sfsync02.sys
21:41:06.0046 0476 sfsync02 - ok
21:41:06.0078 0476 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:41:06.0093 0476 SharedAccess - ok
21:41:06.0109 0476 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:41:06.0109 0476 ShellHWDetection - ok
21:41:06.0125 0476 Simbad - ok
21:41:06.0140 0476 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
21:41:06.0140 0476 SONYPVU1 - ok
21:41:06.0156 0476 Sparrow - ok
21:41:06.0156 0476 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:41:06.0156 0476 splitter - ok
21:41:06.0187 0476 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:41:06.0187 0476 Spooler - ok
21:41:06.0218 0476 sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
21:41:06.0218 0476 sprtsvc_DellSupportCenter - ok
21:41:06.0234 0476 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:41:06.0234 0476 sr - ok
21:41:06.0250 0476 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:41:06.0281 0476 srservice - ok
21:41:06.0359 0476 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:41:06.0390 0476 Srv - ok
21:41:06.0406 0476 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:41:06.0406 0476 SSDPSRV - ok
21:41:06.0421 0476 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:41:06.0437 0476 ssmdrv - ok
21:41:06.0500 0476 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
21:41:06.0515 0476 STHDA - ok
21:41:06.0546 0476 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:41:06.0593 0476 stisvc - ok
21:41:06.0625 0476 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:41:06.0625 0476 swenum - ok
21:41:06.0671 0476 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:41:06.0671 0476 swmidi - ok
21:41:06.0687 0476 SwPrv - ok
21:41:06.0687 0476 symc810 - ok
21:41:06.0687 0476 symc8xx - ok
21:41:06.0703 0476 symsnap (66918794b1701990be8510565fbd4bc4) C:\WINDOWS\system32\DRIVERS\symsnap.sys
21:41:06.0734 0476 symsnap - ok
21:41:06.0750 0476 sym_hi - ok
21:41:06.0750 0476 sym_u3 - ok
21:41:06.0781 0476 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:41:06.0781 0476 sysaudio - ok
21:41:06.0796 0476 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:41:06.0812 0476 SysmonLog - ok
21:41:06.0859 0476 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:41:06.0906 0476 TapiSrv - ok
21:41:06.0968 0476 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:41:06.0968 0476 Tcpip - ok
21:41:06.0984 0476 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:41:07.0000 0476 TDPIPE - ok
21:41:07.0015 0476 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:41:07.0015 0476 TDTCP - ok
21:41:07.0031 0476 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:41:07.0031 0476 TermDD - ok
21:41:07.0078 0476 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:41:07.0125 0476 TermService - ok
21:41:07.0140 0476 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:41:07.0140 0476 Themes - ok
21:41:07.0171 0476 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:41:07.0171 0476 TlntSvr - ok
21:41:07.0187 0476 TosIde - ok
21:41:07.0187 0476 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:41:07.0203 0476 TrkWks - ok
21:41:07.0203 0476 TSP - ok
21:41:07.0234 0476 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:41:07.0234 0476 Udfs - ok
21:41:07.0234 0476 ultra - ok
21:41:07.0281 0476 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:41:07.0328 0476 Update - ok
21:41:07.0359 0476 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:41:07.0421 0476 upnphost - ok
21:41:07.0468 0476 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:41:07.0468 0476 UPS - ok
21:41:07.0500 0476 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:41:07.0500 0476 USBAAPL - ok
21:41:07.0515 0476 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:41:07.0515 0476 usbccgp - ok
21:41:07.0546 0476 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:41:07.0546 0476 usbehci - ok
21:41:07.0562 0476 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:41:07.0562 0476 usbhub - ok
21:41:07.0609 0476 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:41:07.0625 0476 usbprint - ok
21:41:07.0671 0476 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:41:07.0687 0476 usbscan - ok
21:41:07.0718 0476 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:41:07.0734 0476 usbstor - ok
21:41:07.0750 0476 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:41:07.0750 0476 usbuhci - ok
21:41:07.0765 0476 v2imount (16662738e1ab857fb91ed2d4065440b0) C:\WINDOWS\system32\DRIVERS\v2imount.sys
21:41:07.0765 0476 v2imount - ok
21:41:07.0781 0476 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:41:07.0781 0476 VgaSave - ok
21:41:07.0781 0476 ViaIde - ok
21:41:07.0796 0476 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:41:07.0796 0476 VolSnap - ok
21:41:07.0812 0476 VProEventMonitor (e14b7ae35be1e97830d42ec191d0dea2) C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys
21:41:07.0812 0476 VProEventMonitor - ok
21:41:07.0843 0476 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:41:07.0875 0476 VSS - ok
21:41:07.0890 0476 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:41:07.0953 0476 W32Time - ok
21:41:07.0984 0476 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:41:07.0984 0476 Wanarp - ok
21:41:07.0984 0476 WDICA - ok
21:41:08.0015 0476 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:41:08.0015 0476 wdmaud - ok
21:41:08.0031 0476 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:41:08.0031 0476 WebClient - ok
21:41:08.0046 0476 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
21:41:08.0109 0476 WimFltr - ok
21:41:08.0171 0476 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:41:08.0250 0476 winachsf - ok
21:41:08.0296 0476 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:41:08.0359 0476 winmgmt - ok
21:41:08.0406 0476 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:41:08.0406 0476 WmdmPmSN - ok
21:41:08.0453 0476 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:41:08.0500 0476 Wmi - ok
21:41:08.0531 0476 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:41:08.0609 0476 WmiApSrv - ok
21:41:08.0750 0476 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:41:08.0875 0476 WMPNetworkSvc - ok
21:41:08.0906 0476 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:41:08.0921 0476 wscsvc - ok
21:41:08.0921 0476 WSearch - ok
21:41:08.0937 0476 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:41:08.0937 0476 wuauserv - ok
21:41:08.0953 0476 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:41:08.0968 0476 WudfPf - ok
21:41:08.0984 0476 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:41:09.0000 0476 WudfRd - ok
21:41:09.0015 0476 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:41:09.0031 0476 WudfSvc - ok
21:41:09.0062 0476 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:41:09.0109 0476 WZCSVC - ok
21:41:09.0125 0476 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:41:09.0203 0476 xmlprov - ok
21:41:09.0203 0476 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:41:09.0546 0476 \Device\Harddisk0\DR0 - ok
21:41:09.0546 0476 Boot (0x1200) (0a00df5c3b08974c82eeba435adf44e7) \Device\Harddisk0\DR0\Partition0
21:41:09.0546 0476 \Device\Harddisk0\DR0\Partition0 - ok
21:41:09.0546 0476 ============================================================
21:41:09.0546 0476 Scan finished
21:41:09.0546 0476 ============================================================
21:41:09.0562 3628 Detected object count: 0
21:41:09.0562 3628 Actual detected object count: 0
21:42:23.0109 0648 Deinitialize success

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:49 PM

Posted 20 May 2012 - 05:02 AM

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#9 CT3

CT3
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 20 May 2012 - 09:36 PM

Done. File attached.

MiniToolBox by Farbar Version: 18-01-2012
Ran by Curt Thompson (administrator) on 20-05-2012 at 22:21:34
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost








































































































































































































93.115.241.28 www.google-analytics.com.
93.115.241.28 ad-emea.doubleclick.net.
93.115.241.28 www.statcounter.com.
69.72.252.254 www.google-analytics.com.
69.72.252.254 ad-emea.doubleclick.net.
69.72.252.254 www.statcounter.com.

127.0.0.1 localhost

========================= IP Configuration: ================================

TP-LINK 150Mbps Wireless Lite N Adapter = Wireless Network Connection 2 (Connected)
Intel® 82566DC Gigabit Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : curt-8cb43ac215

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Peer-Peer

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® 82566DC Gigabit Network Connection

Physical Address. . . . . . . . . : 00-19-D1-94-4E-A9



Ethernet adapter Wireless Network Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : TP-LINK 150Mbps Wireless Lite N Adapter

Physical Address. . . . . . . . . : 54-E6-FC-99-1B-D9

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.103

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.10.209

Lease Obtained. . . . . . . . . . : Sunday, May 20, 2012 10:13:26 PM

Lease Expires . . . . . . . . . . : Monday, May 21, 2012 10:13:26 PM

Server: UnKnown
Address: 192.168.10.209

Name: google.com
Addresses: 173.194.37.0, 173.194.37.4, 173.194.37.9, 173.194.37.2
173.194.37.14, 173.194.37.6, 173.194.37.8, 173.194.37.5, 173.194.37.1
173.194.37.3, 173.194.37.7



Pinging google.com [173.194.37.7] with 32 bytes of data:



Reply from 173.194.37.7: bytes=32 time=28ms TTL=51

Reply from 173.194.37.7: bytes=32 time=30ms TTL=51



Ping statistics for 173.194.37.7:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 28ms, Maximum = 30ms, Average = 29ms

Server: UnKnown
Address: 192.168.10.209

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=60ms TTL=48

Reply from 209.191.122.70: bytes=32 time=62ms TTL=48



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 60ms, Maximum = 62ms, Average = 61ms

Server: UnKnown
Address: 192.168.10.209

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 d1 94 4e a9 ...... Intel® 82566DC Gigabit Network Connection - Packet Scheduler Miniport
0x10004 ...54 e6 fc 99 1b d9 ...... TP-LINK 150Mbps Wireless Lite N Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.103 192.168.1.103 20
192.168.1.0 255.255.255.0 192.168.1.103 192.168.1.103 25
192.168.1.103 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.103 192.168.1.103 25
224.0.0.0 240.0.0.0 192.168.1.103 192.168.1.103 25
255.255.255.255 255.255.255.255 192.168.1.103 2 1
255.255.255.255 255.255.255.255 192.168.1.103 192.168.1.103 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/16/2012 06:30:32 PM) (Source: Norton Save and Restore) (User: )
Description: Error EC8F1C50: Cannot create file backup for job: My Documents Backup. Error E7D1000B: Unable to make directory 'E:/'. Error E7D10026: Unable to get attributes for 'E:/'. Error EBAB03F1: The system cannot find the path specified. Error E4BC0004: Unable to backup file C:/Documents and Settings/Curt Thompson/My Documents/Lakeside Medical Center Cover Letter.doc.
Details: 0xEBAB0005
Source: Norton Save & Restore

Error: (05/14/2012 10:36:12 AM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (05/14/2012 10:34:44 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\RITA THOMPSON\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (05/13/2012 09:22:13 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\RITA THOMPSON\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (05/13/2012 09:20:12 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\CURT THOMPSON\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (05/13/2012 09:20:12 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\CURT THOMPSON\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (05/13/2012 09:20:12 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\CURT THOMPSON\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (05/13/2012 09:20:12 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\CURT THOMPSON\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (05/13/2012 09:19:56 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\CURT THOMPSON\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (05/13/2012 09:19:56 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\CURT THOMPSON\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (05/16/2012 09:39:44 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (05/16/2012 09:38:47 PM) (Source: DCOM) (User: Curt Thompson)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (05/16/2012 09:32:14 PM) (Source: DCOM) (User: Curt Thompson)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (05/16/2012 09:32:14 PM) (Source: DCOM) (User: Curt Thompson)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (05/16/2012 09:31:49 PM) (Source: DCOM) (User: Curt Thompson)
Description: DCOM got error "%%1084" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (05/16/2012 09:31:38 PM) (Source: DCOM) (User: Curt Thompson)
Description: DCOM got error "%%1084" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (05/16/2012 09:31:34 PM) (Source: DCOM) (User: Curt Thompson)
Description: DCOM got error "%%1084" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (05/16/2012 09:30:37 PM) (Source: DCOM) (User: Curt Thompson)
Description: DCOM got error "%%1084" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (05/16/2012 09:29:31 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
avipbb
avkmgr
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
ssmdrv
Tcpip

Error: (05/16/2012 09:29:31 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 bit Windows Card Reader Driver (Version: 1.1.0.0)
Acer eDisplay Management (Version: 1.34.003)
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.26)
Adobe Reader 9.5.0 (Version: 9.5.0)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Auslogics Disk Defrag (Version: version 3.1)
Avira Free Antivirus (Version: 12.0.0.1125)
AVS DVD Player version 2.4
Bing Bar (Version: 7.0.822.0)
BlackBerry Device Software Updater (Version: 5.0.1.52)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.16)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Download Manager (Version: 1.1.0.0)
Dell Support Center (Support Software) (Version: 2.2.09085)
DellSupport (Version: 6.0.3075)
Documents To Go (Version: 8.002.173)
Dropbox (Version: 1.2.52)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
HijackThis 2.0.2 (Version: 2.0.2)
hp deskjet 930c series (Remove only)
HP Driver Diagnostics (Version: 1.03.0009)
Intel® Matrix Storage Manager
Intel® Network Connections 15.1.29.0 (Version: 15.1.29.0)
Intel® Processor ID Utility (Version: 4.20.0000)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.26)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Mastering Financial Modelling 2nd Edition (Version: 1.00.0000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
Norton Save and Restore (Version: 2.0.6.26322)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.80.0)
NVIDIA nView 135.85 (Version: 135.85)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Photodex Presenter
Pivot Pro Plugin (Version: 9.50.110)
ProShow Producer
QuickTime (Version: 7.71.80.42)
Roxio DLA (Version: 5.2.0)
SDK (Version: 2.22.002)
Secunia PSI
SigmaTel Audio (Version: 5.10.4803.0)
Speccy (Version: 1.01)
Spybot - Search & Destroy (Version: 1.6.2)
Startup Delayer v2.5 (build 138)
System Requirements Lab
System Requirements Lab for Intel (Version: 4.1.66.0)
TP-LINK Wireless Client Utility (Version: 7.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB968220) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 2045.85 MB
Available physical RAM: 1244.98 MB
Total Pagefile: 3937.64 MB
Available Pagefile: 3130.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.7 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.81 GB) (Free:199.1 GB) NTFS

========================= Users: ========================================

User accounts for \\CURT-8CB43AC215

Administrator Curt IV Curt Thompson
Guest HelpAssistant Rita Jane Thompson
Rita Thompson SUPPORT_388945a0 UpdatusUser

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:49 PM

Posted 21 May 2012 - 04:47 AM

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic. If you receive a reply from the HelpBot, then please follow the instructions outlined in the helpbot's post.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users