Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WinXP Multiple Issues


  • Please log in to reply
13 replies to this topic

#1 jmd1986

jmd1986

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 25 January 2012 - 11:48 AM

I looked thru a number of topics and followed thru the fixes published for what i thought was my problem, however i would say the computer i trying to fix has multiple issues and each time one get's fixed on reboot another one pops up i will list the issues below.

1. Outlook 2007 would not connect to exchange server. (One program noted i had a root kit which attacked my tcp/ip address, this problem seems to be solved)

2. page redirects in internet explorer and in good chrome (most common being a news7.tv page about a stay at home mom)

3. Also there is constant system errors, browser errors, if i send error report it does not work, if i ignore the error everything keeps working fine i just have to drag the error box out of the scree.

4. Both MBAM and Superanti-spyware have been run and picked up multiple tojans and removed them.

I ran msconfig and disabled all non-essentail start up entries which i found using your site, after that ran MBAM and Super Anti-spyware multiple times in safe mode, after running both twice with no detections i rebooted with the start up entries turned off and it allowed me to re connect to exchange server and receive my emails. However after going back to normal start up my email still works but my browser redirects are back.

Thanks in advance,

JD

Edited by jmd1986, 25 January 2012 - 02:14 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:04 PM

Posted 25 January 2012 - 05:09 PM

Hello and welcome. Lets do these next and see how it is after..

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, [color="#8B0000"]Post new scan log
and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jmd1986

jmd1986
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 27 January 2012 - 12:51 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by lwilliston (administrator) on 27-01-2012 at 13:43:40
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

Atheros L2 Fast Ethernet 10/100 Base-T Controller = Local Area Connection (Connected)
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/27/2012 01:36:12 PM) (Source: Offline Files) (User: )
Description: A portion of the Offline Files cache has become corrupted. Restart the computer to clean up the cache.

Error: (01/27/2012 01:34:57 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (01/27/2012 01:34:57 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (01/27/2012 01:31:33 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (01/27/2012 01:31:33 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (01/27/2012 10:12:44 AM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (01/27/2012 10:12:44 AM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (01/26/2012 03:51:18 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot determine the user or computer name. (The RPC server is unavailable. ). Group Policy processing aborted.

Error: (01/26/2012 00:46:08 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/25/2012 00:19:55 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 16.0.912.77, faulting module unknown, version 0.0.0.0, fault address 0x00b78c67.
Processing media-specific event for [chrome.exe!ws!]


System errors:
=============
Error: (01/27/2012 01:26:06 PM) (Source: DCOM) (User: lwilliston)
Description: DCOM got error "%%1084" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (01/26/2012 11:42:32 PM) (Source: Service Control Manager) (User: )
Description: The USB Service service terminated with the following error:
%%126

Error: (01/26/2012 08:27:50 PM) (Source: Service Control Manager) (User: )
Description: The USB Service service terminated with the following error:
%%126

Error: (01/26/2012 08:27:40 PM) (Source: Service Control Manager) (User: )
Description: The USB Service service terminated with the following error:
%%126

Error: (01/26/2012 08:27:30 PM) (Source: Service Control Manager) (User: )
Description: The USB Service service terminated with the following error:
%%126

Error: (01/26/2012 08:27:20 PM) (Source: Service Control Manager) (User: )
Description: The USB Service service terminated with the following error:
%%126

Error: (01/26/2012 08:27:10 PM) (Source: Service Control Manager) (User: )
Description: The USB Service service terminated with the following error:
%%126

Error: (01/26/2012 08:27:00 PM) (Source: Service Control Manager) (User: )
Description: The USB Service service terminated with the following error:
%%126

Error: (01/26/2012 08:26:50 PM) (Source: Service Control Manager) (User: )
Description: The USB Service service terminated with the following error:
%%126

Error: (01/26/2012 08:25:20 PM) (Source: Service Control Manager) (User: )
Description: The USB Service service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================


========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 2039.17 MB
Available physical RAM: 984.89 MB
Total Pagefile: 3932.16 MB
Available Pagefile: 2963.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.41 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:298.09 GB) (Free:238.69 GB) NTFS
2 Drive d: (Jan 10 2012) (CDROM) (Total:0.69 GB) (Free:0 GB) INCDFS
7 Drive z: (Data) (Network) (Total:367.96 GB) (Free:275.56 GB) NTFS

========================= Users: ========================================

User accounts for \\HIGGINS3

Administrator Greg Guest
HelpAssistant Lynn Owner
SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini011912-01.dmp
C:\WINDOWS\Minidump\Mini011912-02.dmp
C:\WINDOWS\Minidump\Mini011912-03.dmp
C:\WINDOWS\Minidump\Mini011912-04.dmp
C:\WINDOWS\Minidump\Mini011912-05.dmp
C:\WINDOWS\Minidump\Mini011912-06.dmp
C:\WINDOWS\Minidump\Mini011912-07.dmp
C:\WINDOWS\Minidump\Mini011912-08.dmp
C:\WINDOWS\Minidump\Mini011912-09.dmp
C:\WINDOWS\Minidump\Mini011912-10.dmp
C:\WINDOWS\Minidump\Mini011912-11.dmp
C:\WINDOWS\Minidump\Mini011912-12.dmp
C:\WINDOWS\Minidump\Mini011912-13.dmp
C:\WINDOWS\Minidump\Mini011912-14.dmp
C:\WINDOWS\Minidump\Mini011912-15.dmp
C:\WINDOWS\Minidump\Mini011912-16.dmp
C:\WINDOWS\Minidump\Mini011912-17.dmp
C:\WINDOWS\Minidump\Mini011912-18.dmp
C:\WINDOWS\Minidump\Mini011912-19.dmp
C:\WINDOWS\Minidump\Mini011912-20.dmp
C:\WINDOWS\Minidump\Mini011912-21.dmp
C:\WINDOWS\Minidump\Mini011912-22.dmp
C:\WINDOWS\Minidump\Mini011912-23.dmp
C:\WINDOWS\Minidump\Mini011912-24.dmp
C:\WINDOWS\Minidump\Mini011912-25.dmp
C:\WINDOWS\Minidump\Mini011912-26.dmp
C:\WINDOWS\Minidump\Mini011912-27.dmp
C:\WINDOWS\Minidump\Mini011912-28.dmp
C:\WINDOWS\Minidump\Mini011912-29.dmp
C:\WINDOWS\Minidump\Mini011912-30.dmp
C:\WINDOWS\Minidump\Mini011912-31.dmp
C:\WINDOWS\Minidump\Mini011912-32.dmp
C:\WINDOWS\Minidump\Mini011912-33.dmp
C:\WINDOWS\Minidump\Mini011912-34.dmp
C:\WINDOWS\Minidump\Mini011912-35.dmp
C:\WINDOWS\Minidump\Mini011912-36.dmp
C:\WINDOWS\Minidump\Mini011912-37.dmp
C:\WINDOWS\Minidump\Mini011912-38.dmp
C:\WINDOWS\Minidump\Mini011912-39.dmp
C:\WINDOWS\Minidump\Mini011912-40.dmp
C:\WINDOWS\Minidump\Mini011912-41.dmp
C:\WINDOWS\Minidump\Mini011912-42.dmp
C:\WINDOWS\Minidump\Mini011912-43.dmp
C:\WINDOWS\Minidump\Mini011912-44.dmp
C:\WINDOWS\Minidump\Mini011912-45.dmp
C:\WINDOWS\Minidump\Mini011912-46.dmp
C:\WINDOWS\Minidump\Mini011912-47.dmp
C:\WINDOWS\Minidump\Mini011912-48.dmp
C:\WINDOWS\Minidump\Mini011912-49.dmp
C:\WINDOWS\Minidump\Mini011912-50.dmp
C:\WINDOWS\Minidump\Mini011912-51.dmp
C:\WINDOWS\Minidump\Mini011912-52.dmp
C:\WINDOWS\Minidump\Mini011912-53.dmp
C:\WINDOWS\Minidump\Mini011912-54.dmp
C:\WINDOWS\Minidump\Mini011912-55.dmp
C:\WINDOWS\Minidump\Mini011912-56.dmp
C:\WINDOWS\Minidump\Mini011912-57.dmp
C:\WINDOWS\Minidump\Mini011912-58.dmp
C:\WINDOWS\Minidump\Mini011912-59.dmp
C:\WINDOWS\Minidump\Mini011912-60.dmp
C:\WINDOWS\Minidump\Mini011912-61.dmp
C:\WINDOWS\Minidump\Mini011912-62.dmp
C:\WINDOWS\Minidump\Mini011912-63.dmp
C:\WINDOWS\Minidump\Mini011912-64.dmp
C:\WINDOWS\Minidump\Mini011912-65.dmp
C:\WINDOWS\Minidump\Mini011912-66.dmp
C:\WINDOWS\Minidump\Mini011912-67.dmp
C:\WINDOWS\Minidump\Mini011912-68.dmp
C:\WINDOWS\Minidump\Mini011912-69.dmp
C:\WINDOWS\Minidump\Mini011912-70.dmp
C:\WINDOWS\Minidump\Mini011912-71.dmp
C:\WINDOWS\Minidump\Mini011912-72.dmp
C:\WINDOWS\Minidump\Mini011912-73.dmp
C:\WINDOWS\Minidump\Mini011912-74.dmp
C:\WINDOWS\Minidump\Mini011912-75.dmp
C:\WINDOWS\Minidump\Mini011912-76.dmp
C:\WINDOWS\Minidump\Mini011912-77.dmp
C:\WINDOWS\Minidump\Mini011912-78.dmp
C:\WINDOWS\Minidump\Mini011912-79.dmp
C:\WINDOWS\Minidump\Mini011912-80.dmp
C:\WINDOWS\Minidump\Mini011912-81.dmp
C:\WINDOWS\Minidump\Mini011912-82.dmp
C:\WINDOWS\Minidump\Mini011912-83.dmp
C:\WINDOWS\Minidump\Mini011912-84.dmp
C:\WINDOWS\Minidump\Mini011912-85.dmp
C:\WINDOWS\Minidump\Mini011912-86.dmp
C:\WINDOWS\Minidump\Mini012012-01.dmp
C:\WINDOWS\Minidump\Mini012012-02.dmp
C:\WINDOWS\Minidump\Mini012012-03.dmp
C:\WINDOWS\Minidump\Mini012012-04.dmp
C:\WINDOWS\Minidump\Mini012012-05.dmp
C:\WINDOWS\Minidump\Mini012012-06.dmp
C:\WINDOWS\Minidump\Mini012012-07.dmp
C:\WINDOWS\Minidump\Mini012012-08.dmp
C:\WINDOWS\Minidump\Mini012012-09.dmp
C:\WINDOWS\Minidump\Mini012012-10.dmp
C:\WINDOWS\Minidump\Mini012012-11.dmp
C:\WINDOWS\Minidump\Mini012012-12.dmp
C:\WINDOWS\Minidump\Mini012012-13.dmp
C:\WINDOWS\Minidump\Mini012012-14.dmp
C:\WINDOWS\Minidump\Mini012012-15.dmp
C:\WINDOWS\Minidump\Mini012012-16.dmp
C:\WINDOWS\Minidump\Mini012012-17.dmp
C:\WINDOWS\Minidump\Mini012012-18.dmp
C:\WINDOWS\Minidump\Mini012012-19.dmp
C:\WINDOWS\Minidump\Mini012012-20.dmp
C:\WINDOWS\Minidump\Mini012012-21.dmp
C:\WINDOWS\Minidump\Mini012012-22.dmp
C:\WINDOWS\Minidump\Mini012012-23.dmp
C:\WINDOWS\Minidump\Mini012012-24.dmp
C:\WINDOWS\Minidump\Mini012012-25.dmp
C:\WINDOWS\Minidump\Mini012012-26.dmp
C:\WINDOWS\Minidump\Mini012012-27.dmp
C:\WINDOWS\Minidump\Mini012012-28.dmp
C:\WINDOWS\Minidump\Mini012012-29.dmp
C:\WINDOWS\Minidump\Mini012012-30.dmp
C:\WINDOWS\Minidump\Mini012012-31.dmp
C:\WINDOWS\Minidump\Mini012012-32.dmp
C:\WINDOWS\Minidump\Mini012012-33.dmp
C:\WINDOWS\Minidump\Mini012012-34.dmp
C:\WINDOWS\Minidump\Mini012012-35.dmp
C:\WINDOWS\Minidump\Mini012012-36.dmp
C:\WINDOWS\Minidump\Mini012012-37.dmp
C:\WINDOWS\Minidump\Mini012012-38.dmp
C:\WINDOWS\Minidump\Mini012012-39.dmp
C:\WINDOWS\Minidump\Mini012012-40.dmp
C:\WINDOWS\Minidump\Mini012012-41.dmp
C:\WINDOWS\Minidump\Mini012012-42.dmp
C:\WINDOWS\Minidump\Mini012012-43.dmp
C:\WINDOWS\Minidump\Mini012012-44.dmp
C:\WINDOWS\Minidump\Mini012012-45.dmp
C:\WINDOWS\Minidump\Mini012012-46.dmp
C:\WINDOWS\Minidump\Mini012012-47.dmp
C:\WINDOWS\Minidump\Mini012012-48.dmp
C:\WINDOWS\Minidump\Mini012012-49.dmp
C:\WINDOWS\Minidump\Mini012012-50.dmp
C:\WINDOWS\Minidump\Mini012012-51.dmp
C:\WINDOWS\Minidump\Mini012012-52.dmp
C:\WINDOWS\Minidump\Mini012012-53.dmp
C:\WINDOWS\Minidump\Mini012012-54.dmp
C:\WINDOWS\Minidump\Mini012012-55.dmp
C:\WINDOWS\Minidump\Mini012012-56.dmp
C:\WINDOWS\Minidump\Mini012012-57.dmp
C:\WINDOWS\Minidump\Mini012012-58.dmp
C:\WINDOWS\Minidump\Mini012012-59.dmp
C:\WINDOWS\Minidump\Mini012012-60.dmp
C:\WINDOWS\Minidump\Mini012012-61.dmp
C:\WINDOWS\Minidump\Mini012012-62.dmp
C:\WINDOWS\Minidump\Mini012012-63.dmp
C:\WINDOWS\Minidump\Mini012012-64.dmp
C:\WINDOWS\Minidump\Mini012012-65.dmp
C:\WINDOWS\Minidump\Mini012012-66.dmp
C:\WINDOWS\Minidump\Mini012012-67.dmp
C:\WINDOWS\Minidump\Mini012012-68.dmp
C:\WINDOWS\Minidump\Mini012012-69.dmp
C:\WINDOWS\Minidump\Mini012012-70.dmp
C:\WINDOWS\Minidump\Mini012012-71.dmp
C:\WINDOWS\Minidump\Mini012012-72.dmp
C:\WINDOWS\Minidump\Mini012012-73.dmp
C:\WINDOWS\Minidump\Mini012012-74.dmp
C:\WINDOWS\Minidump\Mini012012-75.dmp
C:\WINDOWS\Minidump\Mini012012-76.dmp
C:\WINDOWS\Minidump\Mini012012-77.dmp
C:\WINDOWS\Minidump\Mini012012-78.dmp
C:\WINDOWS\Minidump\Mini012012-79.dmp
C:\WINDOWS\Minidump\Mini012012-80.dmp
C:\WINDOWS\Minidump\Mini012012-81.dmp
C:\WINDOWS\Minidump\Mini012012-82.dmp
C:\WINDOWS\Minidump\Mini012012-83.dmp
C:\WINDOWS\Minidump\Mini012012-84.dmp
C:\WINDOWS\Minidump\Mini012012-85.dmp
C:\WINDOWS\Minidump\Mini012012-86.dmp
C:\WINDOWS\Minidump\Mini012012-87.dmp
C:\WINDOWS\Minidump\Mini012012-88.dmp
C:\WINDOWS\Minidump\Mini012012-89.dmp
C:\WINDOWS\Minidump\Mini012012-90.dmp
C:\WINDOWS\Minidump\Mini012012-91.dmp
C:\WINDOWS\Minidump\Mini012012-92.dmp
C:\WINDOWS\Minidump\Mini012012-93.dmp
C:\WINDOWS\Minidump\Mini012012-94.dmp
C:\WINDOWS\Minidump\Mini012012-95.dmp
C:\WINDOWS\Minidump\Mini012012-96.dmp
C:\WINDOWS\Minidump\Mini012012-97.dmp
C:\WINDOWS\Minidump\Mini012012-98.dmp
C:\WINDOWS\Minidump\Mini012012-99.dmp
C:\WINDOWS\Minidump\Mini012412-01.dmp
C:\WINDOWS\Minidump\Mini012412-02.dmp

**** End of log ****

#4 jmd1986

jmd1986
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 27 January 2012 - 12:59 PM

TDSKiller need a reboot, log file is below:

13:52:52.0804 1568 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
13:52:53.0320 1568 ============================================================
13:52:53.0320 1568 Current date / time: 2012/01/27 13:52:53.0320
13:52:53.0320 1568 SystemInfo:
13:52:53.0320 1568
13:52:53.0320 1568 OS Version: 5.1.2600 ServicePack: 3.0
13:52:53.0320 1568 Product type: Workstation
13:52:53.0320 1568 ComputerName: HIGGINS3
13:52:53.0320 1568 UserName: lwilliston
13:52:53.0320 1568 Windows directory: C:\WINDOWS
13:52:53.0320 1568 System windows directory: C:\WINDOWS
13:52:53.0320 1568 Processor architecture: Intel x86
13:52:53.0320 1568 Number of processors: 2
13:52:53.0320 1568 Page size: 0x1000
13:52:53.0320 1568 Boot type: Normal boot
13:52:53.0320 1568 ============================================================
13:52:55.0068 1568 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:52:55.0131 1568 Initialize success
13:53:15.0759 3048 ============================================================
13:53:15.0759 3048 Scan started
13:53:15.0759 3048 Mode: Manual;
13:53:15.0759 3048 ============================================================
13:53:16.0227 3048 Abiosdsk - ok
13:53:16.0243 3048 abp480n5 - ok
13:53:16.0290 3048 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:53:16.0290 3048 ACPI - ok
13:53:16.0321 3048 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:53:16.0321 3048 ACPIEC - ok
13:53:16.0336 3048 adpu160m - ok
13:53:16.0383 3048 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:53:16.0383 3048 aec - ok
13:53:16.0430 3048 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:53:16.0430 3048 AFD - ok
13:53:16.0446 3048 Aha154x - ok
13:53:16.0446 3048 aic78u2 - ok
13:53:16.0461 3048 aic78xx - ok
13:53:16.0477 3048 AliIde - ok
13:53:16.0477 3048 amsint - ok
13:53:16.0493 3048 asc - ok
13:53:16.0508 3048 asc3350p - ok
13:53:16.0508 3048 asc3550 - ok
13:53:16.0555 3048 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:53:16.0555 3048 AsyncMac - ok
13:53:16.0571 3048 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:53:16.0571 3048 atapi - ok
13:53:16.0602 3048 AtcL002 (cba10ed5a5981fe6122b6e7460df939b) C:\WINDOWS\system32\DRIVERS\l251x86.sys
13:53:16.0602 3048 AtcL002 - ok
13:53:16.0602 3048 Atdisk - ok
13:53:16.0633 3048 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:53:16.0633 3048 Atmarpc - ok
13:53:16.0680 3048 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:53:16.0680 3048 audstub - ok
13:53:16.0711 3048 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
13:53:16.0711 3048 AvgLdx86 - ok
13:53:16.0727 3048 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
13:53:16.0727 3048 AvgMfx86 - ok
13:53:16.0758 3048 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
13:53:16.0758 3048 AvgTdiX - ok
13:53:16.0821 3048 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:53:16.0821 3048 Beep - ok
13:53:16.0945 3048 catchme - ok
13:53:16.0977 3048 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:53:16.0977 3048 cbidf2k - ok
13:53:16.0992 3048 cd20xrnt - ok
13:53:17.0008 3048 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:53:17.0008 3048 Cdaudio - ok
13:53:17.0055 3048 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:53:17.0055 3048 Cdfs - ok
13:53:17.0070 3048 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:53:17.0070 3048 Cdrom - ok
13:53:17.0070 3048 Changer - ok
13:53:17.0086 3048 CmdIde - ok
13:53:17.0117 3048 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:53:17.0117 3048 Compbatt - ok
13:53:17.0133 3048 Cpqarray - ok
13:53:17.0148 3048 dac2w2k - ok
13:53:17.0164 3048 dac960nt - ok
13:53:17.0180 3048 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:53:17.0180 3048 Disk - ok
13:53:17.0227 3048 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:53:17.0242 3048 dmboot - ok
13:53:17.0242 3048 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:53:17.0258 3048 dmio - ok
13:53:17.0273 3048 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:53:17.0273 3048 dmload - ok
13:53:17.0289 3048 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:53:17.0289 3048 DMusic - ok
13:53:17.0305 3048 dpti2o - ok
13:53:17.0305 3048 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:53:17.0305 3048 drmkaud - ok
13:53:17.0336 3048 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:53:17.0336 3048 Fastfat - ok
13:53:17.0351 3048 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:53:17.0351 3048 Fdc - ok
13:53:17.0367 3048 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:53:17.0367 3048 Fips - ok
13:53:17.0383 3048 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:53:17.0383 3048 Flpydisk - ok
13:53:17.0398 3048 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:53:17.0398 3048 FltMgr - ok
13:53:17.0398 3048 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:53:17.0398 3048 Fs_Rec - ok
13:53:17.0414 3048 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:53:17.0414 3048 Ftdisk - ok
13:53:17.0445 3048 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:53:17.0445 3048 GEARAspiWDM - ok
13:53:17.0461 3048 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:53:17.0461 3048 Gpc - ok
13:53:17.0476 3048 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:53:17.0476 3048 HDAudBus - ok
13:53:17.0523 3048 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
13:53:17.0523 3048 HidBatt - ok
13:53:17.0570 3048 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:53:17.0570 3048 HidUsb - ok
13:53:17.0601 3048 hpn - ok
13:53:17.0648 3048 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:53:17.0648 3048 HPZid412 - ok
13:53:17.0664 3048 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:53:17.0664 3048 HPZipr12 - ok
13:53:17.0711 3048 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:53:17.0711 3048 HPZius12 - ok
13:53:17.0757 3048 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:53:17.0757 3048 HTTP - ok
13:53:17.0757 3048 i2omgmt - ok
13:53:17.0773 3048 i2omp - ok
13:53:17.0789 3048 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:53:17.0789 3048 i8042prt - ok
13:53:17.0914 3048 ialm (c4018896856a1a1f1f3a0a6ee7206551) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:53:17.0976 3048 ialm - ok
13:53:17.0976 3048 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:53:17.0976 3048 Imapi - ok
13:53:18.0039 3048 InCDfs (98e96b6f095e6289c3293b99d0f926b2) C:\WINDOWS\system32\drivers\InCDFs.sys
13:53:18.0039 3048 InCDfs - ok
13:53:18.0054 3048 InCDPass (0b3e2517cf826020688650d46adf5b05) C:\WINDOWS\system32\drivers\InCDPass.sys
13:53:18.0054 3048 InCDPass - ok
13:53:18.0070 3048 InCDrec (00ee363ea793a9d8dab5254acbd7d8e6) C:\WINDOWS\system32\drivers\InCDRec.sys
13:53:18.0070 3048 InCDrec - ok
13:53:18.0085 3048 incdrm (d41ab5be8861aff53851594de58dddfa) C:\WINDOWS\system32\drivers\InCDRm.sys
13:53:18.0085 3048 incdrm - ok
13:53:18.0085 3048 ini910u - ok
13:53:18.0226 3048 IntcAzAudAddService (19d3781892a3794672cd1962f3d8d3b8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:53:18.0257 3048 IntcAzAudAddService - ok
13:53:18.0273 3048 IntelIde - ok
13:53:18.0273 3048 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:53:18.0288 3048 intelppm - ok
13:53:18.0304 3048 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:53:18.0304 3048 Ip6Fw - ok
13:53:18.0335 3048 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:53:18.0335 3048 IpFilterDriver - ok
13:53:18.0351 3048 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:53:18.0351 3048 IpInIp - ok
13:53:18.0382 3048 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:53:18.0382 3048 IpNat - ok
13:53:18.0398 3048 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:53:18.0398 3048 IPSec - ok
13:53:18.0429 3048 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:53:18.0429 3048 IRENUM - ok
13:53:18.0445 3048 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:53:18.0445 3048 isapnp - ok
13:53:18.0460 3048 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:53:18.0460 3048 Kbdclass - ok
13:53:18.0491 3048 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:53:18.0491 3048 kmixer - ok
13:53:18.0507 3048 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:53:18.0507 3048 KSecDD - ok
13:53:18.0523 3048 lbrtfdc - ok
13:53:18.0554 3048 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:53:18.0554 3048 mnmdd - ok
13:53:18.0585 3048 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:53:18.0585 3048 Modem - ok
13:53:18.0585 3048 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:53:18.0601 3048 Mouclass - ok
13:53:18.0601 3048 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:53:18.0601 3048 MountMgr - ok
13:53:18.0616 3048 mraid35x - ok
13:53:18.0616 3048 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:53:18.0616 3048 MRxDAV - ok
13:53:18.0663 3048 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:53:18.0663 3048 MRxSmb - ok
13:53:18.0679 3048 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:53:18.0679 3048 Msfs - ok
13:53:18.0710 3048 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:53:18.0710 3048 MSKSSRV - ok
13:53:18.0710 3048 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:53:18.0710 3048 MSPCLOCK - ok
13:53:18.0726 3048 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:53:18.0726 3048 MSPQM - ok
13:53:18.0757 3048 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:53:18.0757 3048 mssmbios - ok
13:53:18.0772 3048 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
13:53:18.0772 3048 MTsensor - ok
13:53:18.0788 3048 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:53:18.0804 3048 Mup - ok
13:53:18.0835 3048 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:53:18.0835 3048 NDIS - ok
13:53:18.0866 3048 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:53:18.0882 3048 NdisTapi - ok
13:53:18.0882 3048 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:53:18.0882 3048 Ndisuio - ok
13:53:18.0897 3048 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:53:18.0897 3048 NdisWan - ok
13:53:18.0929 3048 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:53:18.0929 3048 NDProxy - ok
13:53:18.0944 3048 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:53:18.0944 3048 NetBIOS - ok
13:53:18.0975 3048 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\Drivers\netbt.svs
13:53:18.0975 3048 NetBT - ok
13:53:18.0991 3048 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:53:18.0991 3048 Npfs - ok
13:53:19.0022 3048 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:53:19.0038 3048 Ntfs - ok
13:53:19.0085 3048 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:53:19.0085 3048 Null - ok
13:53:19.0100 3048 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:53:19.0100 3048 NwlnkFlt - ok
13:53:19.0116 3048 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:53:19.0116 3048 NwlnkFwd - ok
13:53:19.0132 3048 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:53:19.0132 3048 Parport - ok
13:53:19.0147 3048 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:53:19.0147 3048 PartMgr - ok
13:53:19.0163 3048 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:53:19.0163 3048 ParVdm - ok
13:53:19.0178 3048 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:53:19.0178 3048 PCI - ok
13:53:19.0178 3048 PCIDump - ok
13:53:19.0194 3048 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:53:19.0194 3048 PCIIde - ok
13:53:19.0225 3048 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:53:19.0225 3048 Pcmcia - ok
13:53:19.0225 3048 PDCOMP - ok
13:53:19.0241 3048 PDFRAME - ok
13:53:19.0241 3048 PDRELI - ok
13:53:19.0257 3048 PDRFRAME - ok
13:53:19.0257 3048 perc2 - ok
13:53:19.0272 3048 perc2hib - ok
13:53:19.0303 3048 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:53:19.0303 3048 PptpMiniport - ok
13:53:19.0319 3048 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:53:19.0319 3048 PSched - ok
13:53:19.0319 3048 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:53:19.0335 3048 Ptilink - ok
13:53:19.0335 3048 ql1080 - ok
13:53:19.0350 3048 Ql10wnt - ok
13:53:19.0350 3048 ql12160 - ok
13:53:19.0366 3048 ql1240 - ok
13:53:19.0366 3048 ql1280 - ok
13:53:19.0381 3048 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:53:19.0381 3048 RasAcd - ok
13:53:19.0413 3048 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:53:19.0413 3048 Rasl2tp - ok
13:53:19.0413 3048 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:53:19.0413 3048 RasPppoe - ok
13:53:19.0428 3048 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:53:19.0428 3048 Raspti - ok
13:53:19.0444 3048 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:53:19.0444 3048 Rdbss - ok
13:53:19.0444 3048 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:53:19.0444 3048 RDPCDD - ok
13:53:19.0460 3048 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:53:19.0460 3048 rdpdr - ok
13:53:19.0506 3048 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:53:19.0506 3048 RDPWD - ok
13:53:19.0522 3048 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:53:19.0538 3048 redbook - ok
13:53:19.0647 3048 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:53:19.0647 3048 SASDIFSV - ok
13:53:19.0647 3048 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:53:19.0647 3048 SASKUTIL - ok
13:53:19.0678 3048 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:53:19.0678 3048 Secdrv - ok
13:53:19.0694 3048 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:53:19.0694 3048 serenum - ok
13:53:19.0709 3048 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:53:19.0709 3048 Serial - ok
13:53:19.0741 3048 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:53:19.0741 3048 Sfloppy - ok
13:53:19.0756 3048 Simbad - ok
13:53:19.0772 3048 Sparrow - ok
13:53:19.0787 3048 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:53:19.0787 3048 splitter - ok
13:53:19.0803 3048 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:53:19.0803 3048 sr - ok
13:53:19.0819 3048 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:53:19.0834 3048 Srv - ok
13:53:19.0834 3048 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:53:19.0834 3048 swenum - ok
13:53:19.0850 3048 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:53:19.0850 3048 swmidi - ok
13:53:19.0866 3048 symc810 - ok
13:53:19.0881 3048 symc8xx - ok
13:53:19.0881 3048 sym_hi - ok
13:53:19.0897 3048 sym_u3 - ok
13:53:19.0912 3048 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:53:19.0928 3048 sysaudio - ok
13:53:19.0959 3048 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:53:19.0959 3048 Tcpip - ok
13:53:19.0975 3048 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:53:19.0975 3048 TDPIPE - ok
13:53:19.0990 3048 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:53:19.0990 3048 TDTCP - ok
13:53:19.0990 3048 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:53:19.0990 3048 TermDD - ok
13:53:20.0006 3048 TosIde - ok
13:53:20.0022 3048 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:53:20.0022 3048 Udfs - ok
13:53:20.0037 3048 ultra - ok
13:53:20.0053 3048 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:53:20.0069 3048 Update - ok
13:53:20.0100 3048 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:53:20.0100 3048 usbccgp - ok
13:53:20.0115 3048 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:53:20.0115 3048 usbehci - ok
13:53:20.0115 3048 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:53:20.0115 3048 usbhub - ok
13:53:20.0131 3048 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:53:20.0131 3048 usbprint - ok
13:53:20.0147 3048 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:53:20.0147 3048 usbscan - ok
13:53:20.0162 3048 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:53:20.0162 3048 USBSTOR - ok
13:53:20.0193 3048 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:53:20.0193 3048 usbuhci - ok
13:53:20.0193 3048 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:53:20.0193 3048 VgaSave - ok
13:53:20.0209 3048 ViaIde - ok
13:53:20.0209 3048 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:53:20.0225 3048 VolSnap - ok
13:53:20.0240 3048 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:53:20.0240 3048 Wanarp - ok
13:53:20.0240 3048 WDICA - ok
13:53:20.0272 3048 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:53:20.0287 3048 wdmaud - ok
13:53:20.0365 3048 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:53:20.0365 3048 WS2IFSL - ok
13:53:20.0396 3048 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:53:20.0396 3048 WudfPf - ok
13:53:20.0428 3048 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:53:20.0428 3048 WudfRd - ok
13:53:20.0443 3048 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:53:20.0475 3048 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
13:53:20.0475 3048 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
13:53:20.0490 3048 Boot (0x1200) (d417d87a3333a1703fde42357a174de4) \Device\Harddisk0\DR0\Partition0
13:53:20.0490 3048 \Device\Harddisk0\DR0\Partition0 - ok
13:53:20.0490 3048 ============================================================
13:53:20.0490 3048 Scan finished
13:53:20.0490 3048 ============================================================
13:53:20.0490 1348 Detected object count: 1
13:53:20.0490 1348 Actual detected object count: 1
13:54:02.0667 1348 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
13:54:02.0667 1348 \Device\Harddisk0\DR0 - ok
13:54:02.0667 1348 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
13:55:02.0107 2704 Deinitialize success

#5 jmd1986

jmd1986
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 27 January 2012 - 01:17 PM

mbam report:


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.27.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
lwilliston :: HIGGINS3 [administrator]

1/27/2012 2:01:21 PM
mbam-log-2012-01-27 (14-01-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 415327
Time elapsed: 15 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:04 PM

Posted 27 January 2012 - 07:30 PM

Ok, The Bootkit removed was a major infection. You did Reboot the PC?
It should be running better now.

I want to run an Online scan ti see what may be left.
Also you skipped installed programs so I cannot tell if you have exploitable and/or risky programs.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 jmd1986

jmd1986
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 31 January 2012 - 07:11 AM

Sorry away for the weekend, Computer seems to be running "better" however still having issues like:

1. Google chrome seems to get corupted, when i try to open it a quick hour glass and than nothing. Below is the log for ESETScan:


C:\Documents and Settings\lwilliston\Local Settings\Temp\jar_cache1284017146551954549.tmp Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Documents and Settings\lwilliston\Local Settings\Temp\jar_cache8821153227928124192.tmp Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir a variant of Win32/Rootkit.Kryptik.HW trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\netbt.sys a variant of Win32/Rootkit.Kryptik.HW trojan unable to clean

#8 jmd1986

jmd1986
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 03 February 2012 - 10:49 AM

Any more i should do???

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:04 PM

Posted 03 February 2012 - 11:02 AM

Everything looks good on the malware end.. If you still have system errors ask in XP as they are better at fixing those than I.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 jmd1986

jmd1986
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 03 February 2012 - 12:39 PM

"C:\WINDOWS\system32\drivers\netbt.sys a variant of Win32/Rootkit.Kryptik.HW trojan unable to clean "

I shouldn't be worried about this?

#11 jmd1986

jmd1986
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 03 February 2012 - 12:43 PM

Also i am still receiving seemingly fake "The system has recovered from a serious error" msg's, if i click dont send it is almost like a constant loop it just keeps coming back.

If i click Send Error Report, the windows site does not recignize the error.

It only seems to come up at a log in also.

Edited by jmd1986, 03 February 2012 - 12:48 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:04 PM

Posted 03 February 2012 - 12:49 PM

I'm sorry, I missed it.. it is a rootkit and we need a different removal procees. I t should also fix the error.
Having run ComboFix we need to see that and a DDS log.
We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.

Edited by boopme, 03 February 2012 - 12:50 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 jmd1986

jmd1986
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 10 February 2012 - 08:34 AM

Sorry i have been busy @ work and didnt get a chance to see this, I do not think we ran Combofix,

Should i run it? i know it says NOT to run it with out supervison lol

let me know
Thanks,

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:04 PM

Posted 10 February 2012 - 11:30 AM

Do NOT run Combo...if needed they will ask and guide you.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users