Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection in second PC


  • This topic is locked This topic is locked
19 replies to this topic

#1 duffsparky

duffsparky

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 29 February 2012 - 01:39 PM

Hi all,

With the help of Bleeping Computer (Gringo) I've managed to clean out malware from one PC on my home network, see here, and I now need to clean out the second PC.

This PC runs XP Pro SP3 fully updated and uses Sophos Endpoint Security Control version 9.5 fully updated for anti-virus protection. The PC has been slow for quite some while and has got progressively worse. It now freezes after a few minutes and this happens on all accounts when running in normal mode, and occassionally in safe mode.

I recently altered the access profiles, see here, and since then I have been unable to fully access the Sophos configuration panel to switch the 'on-access' scanner off (prior to using other malware scanners). After a lot of trying I've managed to uninstall(?) the Sophos with the intension of reinstalling it but the reinstall will not work; in normal mode it either freezes or copies the files/folders and that is all or it simply reboots itself. A safe mode install of the Sophos gets to the actual install itself but stops with an error message "The installation of **** has failed (error 0x80041f09). Contact Network Administrator". Although this may be because Sophos can not be installed through Safe Mode.

Any help would be much appreciated.

Best regards.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:23 PM

Posted 29 February 2012 - 01:49 PM

Hello, lets see if we can find out.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware

http://img233.imageshack.us/img233/7729/mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file,

    rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's

Teatimer), they may interfere or alert you. Temporarily disable such programs or permit

them to allow the changes.


  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in

    FAQ Section A: 4. Issues
    .
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating

    system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection

process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes

Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen

instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or

C:\Program Files (x86)\Malwarebytes' Anti-Malware).





Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 29 February 2012 - 02:49 PM

Hi Bloopme,

How long should MiniToolBox take to complete its run.

Malwarebytes was already installed on the machine but I have uninstalled(?) it, except I can't get rid of the Desktop shortcut and at the moment I can't access explorer to see if the Malwarebytes folder has gone either.

Can MiniToolBox and Malwarebytes be run satisfactorily from Safe Mode?

Cheers

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:23 PM

Posted 29 February 2012 - 03:34 PM

I'd say at most 20 minutes for MINI.
Both can be run from safe mode. Better if you can from normal.

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 29 February 2012 - 08:44 PM

MiniToolBox wouldn't run in normal mode so I tried it in Safe Mode. After running it for one and a half hours and the counter had reach 65K (and was still going) I stopped the scan figuring something was wrong.

I haven't downloaded Malwarebytes yet as the link you provided, when types in to the infected PC, gets redirected via several sites leaving me to wonder if the download would be genuine.

Cheers.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:23 PM

Posted 29 February 2012 - 09:26 PM

Try again from

Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode

<<><<><><><><><><><><><><><><><><><><><><><>
Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 01 March 2012 - 08:09 AM

Hi boopme,

I've done as requested, started MiniToolBox at 10:38am and it's still running at 12:55pm (2hrs 17mins) with 'Getting Hosts Content:' at 51000+. The PC uses HostsMan which has 265354 hosts listed, so I guess that is the delay. At this rate it will take about another 5 to 6 hours just to complete the Hosts file content logging.

Would it be better if I restarted the MiniToolBox but unchecked the 'List contents of Hosts' file, I can then copy the Hosts file content direct from HostsMan and either paste it into my reply or attach it to my reply along with the Malwarebytes log.

You didn't make comment on the redirect issue with Malwarebytes - is it OK to download from a redirected site???

Cheers.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:23 PM

Posted 01 March 2012 - 11:43 AM

OK, yes do that.. Except as you use Hostsman I dont even need that. I was looking to see if the Hosts was infected.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 01 March 2012 - 03:10 PM

I could not get the MiniToolBox (MTB) to run properly even from a new admin account so I ran MTB from the XP Start Run box by typing in its URL (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) and pressed OK. To my surprise IE flashed on the screen and up popped the MTB Run/Save/Cancel dialogue box, pressed Run, up came the MTB start screen and all seemed to work OK(i've never tried that before). The scan was over and done in very short while, especially when compared to previous attampts. Once complete the MTB just left the Results log on the desktop. I've only gone into detail here in case my method is/was flawed and therefore could/would lead to erroneous results.

As I had been having redirect issues when trying to download Malwarebytes I thought I'd try the same approach. So I typed https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ into the XP Start Run box which took me directly to a different Malwarebytes webpage than I had previously seen (however, this page turns out to be the one I would have gone to, if I'd clicked simply clicked that link (from your post Yesterday at 06:49PM)). I clicked on the pro version which redirected me straight back to Bleepingcomputer for the download - which seemed kind of strange. Even stranger is that when I click on your link (as mentioned above), then select the pro version option I'm redirected to the Malwarebytes 'Shopping cart' page and not back to BC for the download. Anyway the installation went seemingly OK without the software exe appearing as a download; I guess it went straight into a temp folder somewhere on the machine although I couldn't find. The Malwarebytes scan appeared to go OK but did not show any infections. Again I've only gone into detail here in case my method is/was flawed etc etc.

I hope that all makes sense????????????

Both the MiniToolBox and Malwarebytes scans were run from a new admin account running in Safe Mode. As requested the logs for both are below.

MiniToolBox by Farbar Version: 18-01-2012
Ran by 3rdadmin (administrator) on 01-03-2012 at 18:59:40
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Nerwork
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Could not flush the DNS Resolver Cache: Function failed during execution.




========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= IP Configuration: ================================

Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : xw6000

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

Physical Address. . . . . . . . . : 00-0D-9D-57-41-6A

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.69

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : 01 March 2012 18:35:27

Lease Expires . . . . . . . . . . : 02 March 2012 18:35:27

Server: api.home
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.34.99, 173.194.34.101, 173.194.34.110, 173.194.34.102
173.194.34.104, 173.194.34.100, 173.194.34.105, 173.194.34.98, 173.194.34.96
173.194.34.97, 173.194.34.103



Pinging google.com [173.194.34.98] with 32 bytes of data:



Reply from 173.194.34.98: bytes=32 time=27ms TTL=52

Reply from 173.194.34.98: bytes=32 time=31ms TTL=52



Ping statistics for 173.194.34.98:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 31ms, Average = 29ms

Server: api.home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70, 98.139.127.62, 98.139.183.24



Pinging yahoo.com [98.139.127.62] with 32 bytes of data:



Reply from 98.139.127.62: bytes=32 time=619ms TTL=45

Reply from 98.139.127.62: bytes=32 time=680ms TTL=44



Ping statistics for 98.139.127.62:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 619ms, Maximum = 680ms, Average = 649ms

Server: api.home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0d 9d 57 41 6a ...... Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.69 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.69 192.168.1.69 20
192.168.1.69 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.69 192.168.1.69 20
224.0.0.0 240.0.0.0 192.168.1.69 192.168.1.69 20
255.255.255.255 255.255.255.255 192.168.1.69 192.168.1.69 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/28/2012 10:31:25 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (02/28/2012 10:31:10 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (02/17/2012 03:35:25 PM) (Source: MsiInstaller) (User: Glenn)Glenn
Description: The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISE985A59EC5B7473BBC2A80DAB3EC3D44_1_2_3.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Error: (02/16/2012 08:36:42 PM) (Source: Application Error) (User: )
Description: Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe, version 0.0.0.0, fault address 0x00081683.
Processing media-specific event for [pev.exe!ws!]

Error: (02/16/2012 08:36:40 PM) (Source: Application Error) (User: )
Description: Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe, version 0.0.0.0, fault address 0x00081683.
Processing media-specific event for [pev.exe!ws!]

Error: (02/16/2012 08:36:29 PM) (Source: Application Error) (User: )
Description: Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe, version 0.0.0.0, fault address 0x00081683.
Processing media-specific event for [pev.exe!ws!]

Error: (02/16/2012 08:35:51 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 0.0.0.0, faulting module iexplore.exe, version 0.0.0.0, fault address 0x00081683.
Processing media-specific event for [iexplore.exe!ws!]

Error: (02/16/2012 05:35:04 PM) (Source: ESENT) (User: )
Description: wuauclt (2448) The database page read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" at offset 27078656 (0x00000000019d3000) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup.

Error: (02/16/2012 03:56:34 PM) (Source: MsiInstaller) (User: Glenn)Glenn
Description: Product: Adobe Reader 9.4.1 -- Error 1704.An installation for Sophos AutoUpdate is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Error: (02/11/2012 10:29:57 PM) (Source: ESENT) (User: )
Description: wuauclt (3664) The database page read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" at offset 44191744 (0x0000000002a25000) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was 0 (0x00000000) and the actual checksum was 1648963633 (0x62493031). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup.


System errors:
=============
Error: (03/01/2012 06:58:02 PM) (Source: DCOM) (User: 3rdadmin)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/01/2012 06:49:03 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/01/2012 06:44:35 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/01/2012 06:36:40 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
NetworkX
sptd

Error: (03/01/2012 06:36:40 PM) (Source: Service Control Manager) (User: )
Description: The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error:
%%1068

Error: (03/01/2012 06:36:14 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/01/2012 06:35:39 PM) (Source: 0) (User: )
Description:

Error: (03/01/2012 06:27:54 PM) (Source: Service Control Manager) (User: )
Description: The Windows Time service hung on starting.

Error: (03/01/2012 06:23:18 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/01/2012 10:36:54 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
NetworkX
sptd


Microsoft Office Sessions:
=========================
Error: (04/11/2011 05:04:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6529.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 60 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

10-Strike LANState (Version: 5.3)
Adobe Acrobat 6.0 Professional (Version: 006.000.000)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Advanced System Optimizer (Version: 3.2.648.12202)
Advanced SystemCare 3 (Version: 3.8.0)
Agent Ransack 2010
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.3.127)
Belarc Advisor 8.2 (Version: 8.2.1.0)
Bonjour (Version: 2.0.4.0)
Broadcom Management Programs (Version: 9.03.02)
Broadcom NetXtreme Ethernet Controller (Version: 9.02.06)
Brother MFL-Pro Suite (Version: 1.00.000)
CadStd (Version: 3.7.2)
CCleaner (Version: 3.15)
CDBurnerXP (Version: 4.4.0.2905)
DAEMON Tools Pro (Version: 4.41.0314.0232)
Data Doctor Recovery - SIM Card (Demo) (Version: 4.4.1.2)
Data Doctor Recovery - SIM Card (Evaluation) 3.0.1.5
Defraggler (Version: 1.21)
Dia (remove only)
DriverAgent by eSupport.com
EASEUS Partition Master 8.0.1 Home Edition
ErrorEND (Version: 1.0.6.1)
GMX File Storage Manager (Version: 2.0.615)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.99)
GoToAssist Corporate (Version: 9.0.570)
HostsMan 3.2.73 (Version: 3.2.73)
HoverIP v1.0 beta (Version: 1.0 beta)
HP Product Detection (Version: 4.0.0013)
Iomega REV System Software (Version: 5.0.4.24)
iTunes (Version: 10.1.2.17)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Junior Icon Editor (Version: 4.0)
MailWasher Free 6.5.4
Matrox Graphics Software (remove only)
Matrox PowerDesk-SE (Version: 11.12.0810.0001)
Matrox PowerSpace (Version: 2.01.0035)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 97, Professional Edition
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6425.1000)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6425.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MozBackup 1.4.10
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
Mozilla Thunderbird 10.0.2 (x86 en-GB) (Version: 10.0.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyPDFConverter (Version: 2.5058.00033)
MyPhoneExplorer (Version: 1.8.2)
NeoTrace Pro 3.25 Trial
Nmap 5.21
PDF-Viewer (Version: 2.0.54.0)
Picasa 3 (Version: 3.8)
QuickTime (Version: 7.69.80.9)
RegTweaker version 3.2.2
Sentinel Protection Installer 7.5.0 (Version: 7.5.0)
Smart Defrag 2 (Version: 2.0)
Sony Ericsson PC Companion 2.01.231 (Version: 2.01.231)
Stellar Phoenix Password Recovery (Version: 1.5.0.0)
UK-Info People Finder V14
UltraMon (Version: 3.1.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 System (KB2539530)
USBInfo
VitalSource Bookshelf (Version: 5.04.0014)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPcap 4.1.1 (Version: 4.1.0.1753)
WinRAR 4.00 beta 4 (32-bit) (Version: 4.00.4)

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 1023.51 MB
Available physical RAM: 738.95 MB
Total Pagefile: 2462.93 MB
Available Pagefile: 2297.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.65 MB

========================= Partitions: =====================================

2 Drive c: (SYSTEM 40Gb) (Fixed) (Total:38.28 GB) (Free:13.49 GB) NTFS
5 Drive f: (D0.System 19.5Gb(Seagate7-120GB)) (Fixed) (Total:19.53 GB) (Free:8.95 GB) NTFS
6 Drive g: (Download Stor 19.5Gb(Sea7-120GB)) (Fixed) (Total:19.53 GB) (Free:16.1 GB) NTFS
7 Drive h: (D0.InstProgs 58.5(Seagate7-120G)) (Fixed) (Total:58.59 GB) (Free:55 GB) NTFS
8 Drive i: (EMPTY 14Gb (Seagate7-120G)) (Fixed) (Total:14.12 GB) (Free:13.8 GB) NTFS

========================= Users: ========================================

User accounts for \\XW6000

3rdadmin Administrator ASPNET
Carole Glenn Guest
HelpAssistant IUSR_XW6000 IWAM_XW6000
UserAdmin

========================= Minidump Files ==================================

No minidump file found

**** End of log ****


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.01.04

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 6.0.2900.5512
3rdadmin :: XW6000 [administrator]

Protection: Disabled

01/03/2012 19:07:35
mbam-log-2012-03-01 (19-07-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 259040
Time elapsed: 8 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Cheers.

Edited by duffsparky, 01 March 2012 - 05:09 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:23 PM

Posted 02 March 2012 - 10:35 AM

Sorry,for the delay.. You may have installed an infected application from the other site... Anyway as you have multiple drives we need to do a full scan.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

>>>>
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

>>>>
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these [COLOR=blue]instructions
for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.




Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 02 March 2012 - 01:49 PM

Boopme

Malwarebytes won't run properly.

mbam.exe appears in Task Manager 'Processes' and 'Applications' but its Status shows as Not Responding, there is also no user interface.

First attempt at running Malwarebytes caused the PC to reboot. Second attempt started Windows Media Player.

Should I continue trying with the rest of your instructions

Thanks.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:23 PM

Posted 02 March 2012 - 02:13 PM

Yes, do the rest we may clear what is stopping MBAM..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 03 March 2012 - 06:29 PM

SuperAntiSpyware
  • Very difficult to start in either normal start or Alternate Start.
  • Usually GUI does not appear although the program appears in Task Manager Processes.
  • Yesterday after repeated retries a Complete Scan found 3 threats but the PC rebooted before the scan had finished with no log file created.
  • Second scan (yesterday), again after repeated retries, unable to run Complete Scan but a Quick Scan ran to completion(?) however, it only found 1 threat as per log included.
  • Third scan (today) after repeated attempts, Complete Scan started but then PC froze before scan could complete.
,
Malwarebytes
  • Will not install unless the install file is renamed before it is downloaded (copied across from other PC because direct download will not start), and it's default installation name is changed ie C:\Program Files\Malwarebytes changed to C:\Program Files\GWAP2.
  • When run, no GUI appears although the program shows up in Task Manager Processes.
----------------------------------------------------------------------------------------------------------------

PC now freezes more often than not and frequently will not complete loading windows before it freezes.

There may also be a problem with the first PC, the one cleaned with the help of Gringo. An infection may be hoping from one PC to the other via my home network.
----------------------------------------------------------------------------------------------------------------

Please find below log files created so far.

21:43:19.0828 0932 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
21:43:21.0828 0932 ============================================================
21:43:21.0828 0932 Current date / time: 2012/03/02 21:43:21.0828
21:43:21.0828 0932 SystemInfo:
21:43:21.0828 0932
21:43:21.0828 0932 OS Version: 5.1.2600 ServicePack: 3.0
21:43:21.0828 0932 Product type: Workstation
21:43:21.0828 0932 ComputerName: XW6000
21:43:21.0828 0932 UserName: 3rdadmin
21:43:21.0828 0932 Windows directory: C:\WINDOWS
21:43:21.0828 0932 System windows directory: C:\WINDOWS
21:43:21.0828 0932 Processor architecture: Intel x86
21:43:21.0828 0932 Number of processors: 4
21:43:21.0828 0932 Page size: 0x1000
21:43:21.0828 0932 Boot type: Normal boot
21:43:21.0828 0932 ============================================================
21:43:41.0015 0932 Drive \Device\Harddisk0\DR0 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x14BE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
21:43:41.0031 0932 Drive \Device\Harddisk1\DR1 - Size: 0x1BF286DE00 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3C91, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
21:43:41.0046 0932 \Device\Harddisk0\DR0:
21:43:41.0078 0932 MBR used
21:43:41.0078 0932 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4C8DA91
21:43:41.0078 0932 \Device\Harddisk1\DR1:
21:43:41.0078 0932 MBR used
21:43:41.0078 0932 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
21:43:41.0078 0932 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x75304A1
21:43:41.0140 0932 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0x2711637
21:43:41.0140 0932 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0xC35318D, BlocksNum 0x1C3C773
21:43:41.0484 0932 Initialize success
21:43:41.0484 0932 ============================================================
21:43:44.0375 2112 ============================================================
21:43:44.0375 2112 Scan started
21:43:44.0375 2112 Mode: Manual;
21:43:44.0375 2112 ============================================================
21:43:46.0265 2112 Abiosdsk - ok
21:43:46.0468 2112 abp480n5 - ok
21:43:46.0765 2112 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:43:46.0828 2112 ACPI - ok
21:43:47.0078 2112 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:43:47.0093 2112 ACPIEC - ok
21:43:47.0328 2112 adpu160m - ok
21:43:47.0609 2112 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
21:43:47.0640 2112 adpu320 - ok
21:43:47.0921 2112 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
21:43:47.0921 2112 aeaudio - ok
21:43:48.0218 2112 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:43:48.0265 2112 aec - ok
21:43:48.0593 2112 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:43:48.0640 2112 AFD - ok
21:43:48.0921 2112 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:43:48.0937 2112 agp440 - ok
21:43:49.0171 2112 Aha154x - ok
21:43:49.0437 2112 aic78u2 - ok
21:43:49.0656 2112 aic78xx - ok
21:43:49.0921 2112 AliIde - ok
21:43:50.0203 2112 amsint - ok
21:43:50.0421 2112 asc - ok
21:43:50.0656 2112 asc3350p - ok
21:43:50.0875 2112 asc3550 - ok
21:43:51.0250 2112 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:43:51.0265 2112 AsyncMac - ok
21:43:51.0546 2112 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:43:51.0546 2112 atapi - ok
21:43:51.0750 2112 Atdisk - ok
21:43:52.0031 2112 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:43:52.0046 2112 Atmarpc - ok
21:43:52.0406 2112 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:43:52.0406 2112 audstub - ok
21:43:52.0734 2112 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:43:52.0734 2112 b57w2k - ok
21:43:52.0984 2112 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:43:52.0984 2112 Beep - ok
21:43:53.0406 2112 Blfp (07a758bffb297819252aa72bab0e6611) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
21:43:53.0453 2112 Blfp - ok
21:43:53.0890 2112 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
21:43:53.0890 2112 BrScnUsb - ok
21:43:54.0171 2112 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys
21:43:54.0203 2112 BrSerIf - ok
21:43:54.0421 2112 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
21:43:54.0421 2112 BrUsbSer - ok
21:43:54.0531 2112 catchme - ok
21:43:54.0812 2112 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:43:54.0812 2112 cbidf2k - ok
21:43:55.0046 2112 cd20xrnt - ok
21:43:55.0296 2112 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:43:55.0296 2112 Cdaudio - ok
21:43:55.0546 2112 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:43:55.0562 2112 Cdfs - ok
21:43:55.0828 2112 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:43:55.0843 2112 Cdrom - ok
21:43:56.0046 2112 Changer - ok
21:43:56.0296 2112 CmdIde - ok
21:43:56.0546 2112 Cpqarray - ok
21:43:56.0781 2112 dac2w2k - ok
21:43:56.0984 2112 dac960nt - ok
21:43:57.0265 2112 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:43:57.0281 2112 Disk - ok
21:43:57.0796 2112 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:43:58.0062 2112 dmboot - ok
21:43:58.0406 2112 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:43:58.0453 2112 dmio - ok
21:43:58.0671 2112 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:43:58.0671 2112 dmload - ok
21:43:58.0968 2112 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:43:59.0000 2112 DMusic - ok
21:43:59.0234 2112 dpti2o - ok
21:43:59.0500 2112 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:43:59.0500 2112 drmkaud - ok
21:43:59.0734 2112 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
21:43:59.0750 2112 DrvAgent32 - ok
21:44:00.0062 2112 dtsoftbus01 (16c5891c6d1fa0b5d9014f85a482eb20) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
21:44:00.0062 2112 dtsoftbus01 - ok
21:44:00.0296 2112 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
21:44:00.0296 2112 epmntdrv - ok
21:44:00.0515 2112 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
21:44:00.0546 2112 EuGdiDrv - ok
21:44:00.0890 2112 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:44:00.0937 2112 Fastfat - ok
21:44:01.0218 2112 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:44:01.0234 2112 Fdc - ok
21:44:01.0453 2112 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:44:01.0453 2112 Fips - ok
21:44:01.0671 2112 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:44:01.0687 2112 Flpydisk - ok
21:44:01.0953 2112 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:44:02.0000 2112 FltMgr - ok
21:44:02.0281 2112 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:44:02.0281 2112 Fs_Rec - ok
21:44:02.0562 2112 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:44:02.0593 2112 Ftdisk - ok
21:44:02.0937 2112 G400 (36feb2ddce5f84128c2a8dbc60538dad) C:\WINDOWS\system32\DRIVERS\G400m.sys
21:44:03.0046 2112 G400 - ok
21:44:03.0390 2112 G400DH (2dd3d27e36ebf6804c40b843ff10872f) C:\WINDOWS\system32\DRIVERS\g400dhm.sys
21:44:03.0500 2112 G400DH - ok
21:44:03.0812 2112 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:44:03.0812 2112 GEARAspiWDM - ok
21:44:04.0062 2112 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
21:44:04.0078 2112 ggflt - ok
21:44:04.0328 2112 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
21:44:04.0343 2112 ggsemc - ok
21:44:04.0609 2112 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:44:04.0625 2112 Gpc - ok
21:44:04.0937 2112 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:44:04.0937 2112 HidUsb - ok
21:44:05.0187 2112 hpn - ok
21:44:05.0515 2112 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:44:05.0593 2112 HTTP - ok
21:44:05.0812 2112 i2omgmt - ok
21:44:06.0031 2112 i2omp - ok
21:44:06.0296 2112 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:44:06.0312 2112 i8042prt - ok
21:44:06.0562 2112 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:44:06.0578 2112 Imapi - ok
21:44:06.0828 2112 imdrvfsf (aec3108ef22cb12b8e35e4f84531be67) C:\WINDOWS\system32\DRIVERS\imdrvfsf.sys
21:44:06.0828 2112 imdrvfsf - ok
21:44:07.0078 2112 ini910u - ok
21:44:07.0343 2112 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:44:07.0343 2112 IntelIde - ok
21:44:07.0578 2112 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:44:07.0593 2112 intelppm - ok
21:44:07.0843 2112 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:44:07.0859 2112 Ip6Fw - ok
21:44:08.0125 2112 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:44:08.0125 2112 IpFilterDriver - ok
21:44:08.0375 2112 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:44:08.0390 2112 IpInIp - ok
21:44:08.0656 2112 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:44:08.0718 2112 IpNat - ok
21:44:08.0968 2112 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:44:08.0984 2112 IPSec - ok
21:44:09.0281 2112 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
21:44:09.0296 2112 irda - ok
21:44:09.0531 2112 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:44:09.0546 2112 IRENUM - ok
21:44:09.0796 2112 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
21:44:09.0796 2112 irsir - ok
21:44:10.0093 2112 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:44:10.0093 2112 isapnp - ok
21:44:10.0359 2112 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:44:10.0375 2112 Kbdclass - ok
21:44:10.0578 2112 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:44:10.0578 2112 kbdhid - ok
21:44:11.0000 2112 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:44:11.0062 2112 kmixer - ok
21:44:11.0359 2112 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:44:11.0390 2112 KSecDD - ok
21:44:11.0625 2112 lbrtfdc - ok
21:44:11.0953 2112 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
21:44:11.0953 2112 MBAMProtector - ok
21:44:12.0218 2112 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
21:44:12.0234 2112 MBAMSwissArmy - ok
21:44:12.0453 2112 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\WINDOWS\system32\1.tmp
21:44:12.0453 2112 MEMSWEEP2 - ok
21:44:12.0750 2112 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:44:12.0750 2112 mnmdd - ok
21:44:13.0015 2112 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:44:13.0015 2112 Modem - ok
21:44:13.0281 2112 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:44:13.0296 2112 Mouclass - ok
21:44:13.0531 2112 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:44:13.0531 2112 mouhid - ok
21:44:13.0812 2112 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:44:13.0828 2112 MountMgr - ok
21:44:14.0031 2112 mraid35x - ok
21:44:14.0343 2112 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:44:14.0406 2112 MRxDAV - ok
21:44:14.0765 2112 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:44:14.0921 2112 MRxSmb - ok
21:44:15.0265 2112 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:44:15.0265 2112 Msfs - ok
21:44:15.0531 2112 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:44:15.0531 2112 MSKSSRV - ok
21:44:15.0781 2112 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:44:15.0781 2112 MSPCLOCK - ok
21:44:16.0015 2112 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:44:16.0031 2112 MSPQM - ok
21:44:16.0312 2112 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:44:16.0328 2112 mssmbios - ok
21:44:16.0609 2112 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:44:16.0640 2112 Mup - ok
21:44:16.0953 2112 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:44:17.0015 2112 NDIS - ok
21:44:17.0265 2112 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:44:17.0265 2112 NdisTapi - ok
21:44:17.0515 2112 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:44:17.0515 2112 Ndisuio - ok
21:44:17.0781 2112 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:44:17.0812 2112 NdisWan - ok
21:44:18.0078 2112 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:44:18.0093 2112 NDProxy - ok
21:44:18.0375 2112 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:44:18.0390 2112 NetBIOS - ok
21:44:18.0640 2112 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:44:18.0703 2112 NetBT - ok
21:44:19.0046 2112 NetworkX (37011b0c609aed94be1a7bd8c4def574) C:\WINDOWS\system32\ckldrv.sys
21:44:19.0046 2112 NetworkX - ok
21:44:19.0359 2112 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys
21:44:19.0375 2112 NPF - ok
21:44:19.0625 2112 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:44:19.0640 2112 Npfs - ok
21:44:20.0062 2112 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:44:20.0250 2112 Ntfs - ok
21:44:20.0562 2112 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:44:20.0562 2112 Null - ok
21:44:20.0796 2112 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:44:20.0796 2112 NwlnkFlt - ok
21:44:21.0078 2112 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:44:21.0093 2112 NwlnkFwd - ok
21:44:21.0453 2112 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:44:21.0484 2112 Parport - ok
21:44:21.0718 2112 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:44:21.0734 2112 PartMgr - ok
21:44:21.0968 2112 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:44:21.0968 2112 ParVdm - ok
21:44:22.0281 2112 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:44:22.0296 2112 PCI - ok
21:44:22.0484 2112 PCIDump - ok
21:44:22.0734 2112 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
21:44:22.0734 2112 PCIIde - ok
21:44:23.0031 2112 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:44:23.0078 2112 Pcmcia - ok
21:44:23.0281 2112 PDCOMP - ok
21:44:23.0468 2112 PDFRAME - ok
21:44:23.0671 2112 PDRELI - ok
21:44:23.0890 2112 PDRFRAME - ok
21:44:24.0109 2112 perc2 - ok
21:44:24.0312 2112 perc2hib - ok
21:44:24.0703 2112 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:44:24.0718 2112 PptpMiniport - ok
21:44:24.0968 2112 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:44:25.0000 2112 PSched - ok
21:44:25.0250 2112 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:44:25.0265 2112 Ptilink - ok
21:44:25.0500 2112 ptiusbf (d584964dffd9a0bbad086cf8f6ddfdc5) C:\WINDOWS\system32\DRIVERS\PTIUSBF.SYS
21:44:25.0500 2112 ptiusbf - ok
21:44:25.0703 2112 ql1080 - ok
21:44:25.0906 2112 Ql10wnt - ok
21:44:26.0109 2112 ql12160 - ok
21:44:26.0312 2112 ql1240 - ok
21:44:26.0515 2112 ql1280 - ok
21:44:26.0750 2112 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:44:26.0750 2112 RasAcd - ok
21:44:27.0046 2112 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
21:44:27.0046 2112 Rasirda - ok
21:44:27.0312 2112 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:44:27.0328 2112 Rasl2tp - ok
21:44:27.0546 2112 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:44:27.0562 2112 RasPppoe - ok
21:44:27.0812 2112 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:44:27.0812 2112 Raspti - ok
21:44:28.0125 2112 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:44:28.0187 2112 Rdbss - ok
21:44:28.0453 2112 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:44:28.0453 2112 RDPCDD - ok
21:44:28.0765 2112 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:44:28.0828 2112 rdpdr - ok
21:44:29.0156 2112 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:44:29.0203 2112 RDPWD - ok
21:44:29.0468 2112 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:44:29.0500 2112 redbook - ok
21:44:29.0859 2112 revfs (71644c853d27de5ffd032a7478e9157e) C:\WINDOWS\system32\drivers\revfs.sys
21:44:29.0953 2112 revfs - ok
21:44:30.0296 2112 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\WINDOWS\system32\DRIVERS\s0016bus.sys
21:44:30.0328 2112 s0016bus - ok
21:44:30.0562 2112 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
21:44:30.0562 2112 s0016mdfl - ok
21:44:30.0828 2112 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\WINDOWS\system32\DRIVERS\s0016mdm.sys
21:44:30.0875 2112 s0016mdm - ok
21:44:31.0156 2112 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
21:44:31.0187 2112 s0016mgmt - ok
21:44:31.0468 2112 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\WINDOWS\system32\DRIVERS\s0016nd5.sys
21:44:31.0484 2112 s0016nd5 - ok
21:44:31.0750 2112 s0016obex (36792935847143e4a3cda0dc87248487) C:\WINDOWS\system32\DRIVERS\s0016obex.sys
21:44:31.0796 2112 s0016obex - ok
21:44:32.0078 2112 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\WINDOWS\system32\DRIVERS\s0016unic.sys
21:44:32.0125 2112 s0016unic - ok
21:44:32.0406 2112 s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\WINDOWS\system32\DRIVERS\s115bus.sys
21:44:32.0437 2112 s115bus - ok
21:44:32.0671 2112 s115mdfl (e24113fc13b8737c94cf4e3415488c76) C:\WINDOWS\system32\DRIVERS\s115mdfl.sys
21:44:32.0687 2112 s115mdfl - ok
21:44:32.0953 2112 s115mdm (4029e49e7c673aa0670bd206b0af1b5b) C:\WINDOWS\system32\DRIVERS\s115mdm.sys
21:44:33.0000 2112 s115mdm - ok
21:44:33.0265 2112 s115mgmt (eb02ab4ca8bccecfde236cad8fc6e135) C:\WINDOWS\system32\DRIVERS\s115mgmt.sys
21:44:33.0312 2112 s115mgmt - ok
21:44:33.0562 2112 s115obex (089869db9ffd2ac807fa87fe82ac7761) C:\WINDOWS\system32\DRIVERS\s115obex.sys
21:44:33.0593 2112 s115obex - ok
21:44:33.0859 2112 s116bus (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys
21:44:33.0890 2112 s116bus - ok
21:44:34.0171 2112 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
21:44:34.0187 2112 s116mdfl - ok
21:44:34.0468 2112 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys
21:44:34.0500 2112 s116mdm - ok
21:44:34.0796 2112 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
21:44:34.0828 2112 s116mgmt - ok
21:44:35.0093 2112 s116nd5 (306f85733671fe507470f0273025e768) C:\WINDOWS\system32\DRIVERS\s116nd5.sys
21:44:35.0109 2112 s116nd5 - ok
21:44:35.0375 2112 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys
21:44:35.0406 2112 s116obex - ok
21:44:35.0671 2112 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\WINDOWS\system32\DRIVERS\s116unic.sys
21:44:35.0703 2112 s116unic - ok
21:44:36.0046 2112 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:44:36.0046 2112 Secdrv - ok
21:44:36.0312 2112 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
21:44:36.0312 2112 seehcri - ok
21:44:36.0593 2112 Sentinel (a2cc81c30bef6ac9f27055490eef6de3) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
21:44:36.0593 2112 Sentinel - ok
21:44:36.0843 2112 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:44:36.0843 2112 serenum - ok
21:44:37.0109 2112 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:44:37.0140 2112 Serial - ok
21:44:37.0468 2112 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:44:37.0468 2112 Sfloppy - ok
21:44:37.0703 2112 Simbad - ok
21:44:37.0750 2112 SIWIO - ok
21:44:38.0000 2112 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
21:44:38.0015 2112 SmartDefragDriver - ok
21:44:38.0468 2112 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
21:44:38.0671 2112 smwdm - ok
21:44:38.0921 2112 Sparrow - ok
21:44:39.0187 2112 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:44:39.0203 2112 splitter - ok
21:44:39.0593 2112 sptd (8ea0fd60a5b047e0c734d51aace531c9) C:\WINDOWS\System32\Drivers\sptd.sys
21:44:39.0593 2112 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: 8ea0fd60a5b047e0c734d51aace531c9
21:44:39.0593 2112 sptd ( LockedFile.Multi.Generic ) - warning
21:44:39.0593 2112 sptd - detected LockedFile.Multi.Generic (1)
21:44:39.0843 2112 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:44:39.0859 2112 sr - ok
21:44:40.0265 2112 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:44:40.0375 2112 Srv - ok
21:44:40.0625 2112 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
21:44:40.0625 2112 StarOpen - ok
21:44:40.0859 2112 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
21:44:40.0859 2112 StillCam - ok
21:44:41.0140 2112 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:44:41.0140 2112 swenum - ok
21:44:41.0359 2112 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:44:41.0390 2112 swmidi - ok
21:44:41.0609 2112 symc810 - ok
21:44:41.0812 2112 symc8xx - ok
21:44:42.0031 2112 sym_hi - ok
21:44:42.0234 2112 sym_u3 - ok
21:44:42.0500 2112 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:44:42.0515 2112 sysaudio - ok
21:44:42.0906 2112 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:44:43.0031 2112 Tcpip - ok
21:44:43.0296 2112 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:44:43.0296 2112 TDPIPE - ok
21:44:43.0562 2112 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:44:43.0562 2112 TDTCP - ok
21:44:43.0828 2112 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:44:43.0843 2112 TermDD - ok
21:44:44.0109 2112 TosIde - ok
21:44:44.0343 2112 TVICHW32 - ok
21:44:44.0609 2112 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:44:44.0640 2112 Udfs - ok
21:44:44.0921 2112 uigcrdr (6a53f947360e00d9318d247571f2e24f) C:\WINDOWS\system32\DRIVERS\uigcrdr.sys
21:44:44.0984 2112 uigcrdr - ok
21:44:45.0203 2112 ultra - ok
21:44:45.0343 2112 UltraMonUtility (5a5bd0f66e84eb039cb227520d49908c) C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
21:44:45.0343 2112 UltraMonUtility - ok
21:44:45.0734 2112 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:44:45.0859 2112 Update - ok
21:44:46.0171 2112 USBAAPL - ok
21:44:46.0421 2112 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:44:46.0421 2112 usbccgp - ok
21:44:46.0671 2112 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:44:46.0687 2112 usbehci - ok
21:44:46.0937 2112 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:44:46.0968 2112 usbhub - ok
21:44:47.0234 2112 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:44:47.0250 2112 usbprint - ok
21:44:47.0484 2112 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:44:47.0484 2112 USBSTOR - ok
21:44:47.0718 2112 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:44:47.0734 2112 usbuhci - ok
21:44:47.0968 2112 UtilNT (9111ddfded7d6c10e9c6b6369e49cf1e) C:\WINDOWS\system32\drivers\UtilNT.sys
21:44:47.0968 2112 UtilNT - ok
21:44:48.0234 2112 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:44:48.0234 2112 VgaSave - ok
21:44:48.0421 2112 ViaIde - ok
21:44:48.0687 2112 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:44:48.0703 2112 VolSnap - ok
21:44:49.0031 2112 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:44:49.0046 2112 Wanarp - ok
21:44:49.0453 2112 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:44:49.0625 2112 Wdf01000 - ok
21:44:49.0843 2112 WDICA - ok
21:44:50.0125 2112 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:44:50.0156 2112 wdmaud - ok
21:44:50.0593 2112 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:44:50.0593 2112 WS2IFSL - ok
21:44:50.0875 2112 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:44:50.0906 2112 WudfPf - ok
21:44:51.0203 2112 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:44:51.0234 2112 WudfRd - ok
21:44:51.0562 2112 zebrceb (6e49cf9c48c551264c4af6de19447515) C:\WINDOWS\system32\DRIVERS\zebrceb.sys
21:44:51.0562 2112 zebrceb - ok
21:44:51.0671 2112 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:44:51.0890 2112 \Device\Harddisk0\DR0 - ok
21:44:51.0937 2112 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:44:52.0000 2112 \Device\Harddisk1\DR1 - ok
21:44:52.0015 2112 Boot (0x1200) (81fa42b344a8b12cd611f75e50425fa4) \Device\Harddisk0\DR0\Partition0
21:44:52.0015 2112 \Device\Harddisk0\DR0\Partition0 - ok
21:44:52.0046 2112 Boot (0x1200) (5c93074299c0edf113492ef361d91a39) \Device\Harddisk1\DR1\Partition0
21:44:52.0062 2112 \Device\Harddisk1\DR1\Partition0 - ok
21:44:52.0109 2112 Boot (0x1200) (14a38a73b483ebc183984587c551175c) \Device\Harddisk1\DR1\Partition1
21:44:52.0109 2112 \Device\Harddisk1\DR1\Partition1 - ok
21:44:52.0140 2112 Boot (0x1200) (e47f46f88f0cd549b7ec97e79a8dd85b) \Device\Harddisk1\DR1\Partition2
21:44:52.0140 2112 \Device\Harddisk1\DR1\Partition2 - ok
21:44:52.0171 2112 Boot (0x1200) (a38c6ed5fa9fbe2c6a300e3f52e25092) \Device\Harddisk1\DR1\Partition3
21:44:52.0187 2112 \Device\Harddisk1\DR1\Partition3 - ok
21:44:52.0187 2112 ============================================================
21:44:52.0187 2112 Scan finished
21:44:52.0187 2112 ============================================================
21:44:52.0234 2100 Detected object count: 1
21:44:52.0234 2100 Actual detected object count: 1
21:45:04.0750 2100 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:45:04.0750 2100 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:47:41.0890 0608 Deinitialize success

MiniToolBox by Farbar Version: 18-01-2012
Ran by 3rdadmin (administrator) on 01-03-2012 at 18:59:40
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Nerwork
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Could not flush the DNS Resolver Cache: Function failed during execution.




========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= IP Configuration: ================================

Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : xw6000

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : home

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

Physical Address. . . . . . . . . : 00-0D-9D-57-41-6A

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.69

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : 01 March 2012 18:35:27

Lease Expires . . . . . . . . . . : 02 March 2012 18:35:27

Server: api.home
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.34.99, 173.194.34.101, 173.194.34.110, 173.194.34.102
173.194.34.104, 173.194.34.100, 173.194.34.105, 173.194.34.98, 173.194.34.96
173.194.34.97, 173.194.34.103



Pinging google.com [173.194.34.98] with 32 bytes of data:



Reply from 173.194.34.98: bytes=32 time=27ms TTL=52

Reply from 173.194.34.98: bytes=32 time=31ms TTL=52



Ping statistics for 173.194.34.98:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 31ms, Average = 29ms

Server: api.home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70, 98.139.127.62, 98.139.183.24



Pinging yahoo.com [98.139.127.62] with 32 bytes of data:



Reply from 98.139.127.62: bytes=32 time=619ms TTL=45

Reply from 98.139.127.62: bytes=32 time=680ms TTL=44



Ping statistics for 98.139.127.62:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 619ms, Maximum = 680ms, Average = 649ms

Server: api.home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0d 9d 57 41 6a ...... Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.69 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.69 192.168.1.69 20
192.168.1.69 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.69 192.168.1.69 20
224.0.0.0 240.0.0.0 192.168.1.69 192.168.1.69 20
255.255.255.255 255.255.255.255 192.168.1.69 192.168.1.69 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/28/2012 10:31:25 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (02/28/2012 10:31:10 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (02/17/2012 03:35:25 PM) (Source: MsiInstaller) (User: Glenn)Glenn
Description: The installation of C:\Program Files\Common Files\Wise Installation Wizard\WISE985A59EC5B7473BBC2A80DAB3EC3D44_1_2_3.MSI is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Error: (02/16/2012 08:36:42 PM) (Source: Application Error) (User: )
Description: Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe, version 0.0.0.0, fault address 0x00081683.
Processing media-specific event for [pev.exe!ws!]

Error: (02/16/2012 08:36:40 PM) (Source: Application Error) (User: )
Description: Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe, version 0.0.0.0, fault address 0x00081683.
Processing media-specific event for [pev.exe!ws!]

Error: (02/16/2012 08:36:29 PM) (Source: Application Error) (User: )
Description: Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe, version 0.0.0.0, fault address 0x00081683.
Processing media-specific event for [pev.exe!ws!]

Error: (02/16/2012 08:35:51 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 0.0.0.0, faulting module iexplore.exe, version 0.0.0.0, fault address 0x00081683.
Processing media-specific event for [iexplore.exe!ws!]

Error: (02/16/2012 05:35:04 PM) (Source: ESENT) (User: )
Description: wuauclt (2448) The database page read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" at offset 27078656 (0x00000000019d3000) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup.

Error: (02/16/2012 03:56:34 PM) (Source: MsiInstaller) (User: Glenn)Glenn
Description: Product: Adobe Reader 9.4.1 -- Error 1704.An installation for Sophos AutoUpdate is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Error: (02/11/2012 10:29:57 PM) (Source: ESENT) (User: )
Description: wuauclt (3664) The database page read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" at offset 44191744 (0x0000000002a25000) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The expected checksum was 0 (0x00000000) and the actual checksum was 1648963633 (0x62493031). The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup.


System errors:
=============
Error: (03/01/2012 06:58:02 PM) (Source: DCOM) (User: 3rdadmin)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/01/2012 06:49:03 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/01/2012 06:44:35 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/01/2012 06:36:40 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
NetworkX
sptd

Error: (03/01/2012 06:36:40 PM) (Source: Service Control Manager) (User: )
Description: The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error:
%%1068

Error: (03/01/2012 06:36:14 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/01/2012 06:35:39 PM) (Source: 0) (User: )
Description:

Error: (03/01/2012 06:27:54 PM) (Source: Service Control Manager) (User: )
Description: The Windows Time service hung on starting.

Error: (03/01/2012 06:23:18 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/01/2012 10:36:54 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
NetworkX
sptd


Microsoft Office Sessions:
=========================
Error: (04/11/2011 05:04:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 10, Application Name: Microsoft Office Visio, Application Version: 12.0.6529.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 60 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

10-Strike LANState (Version: 5.3)
Adobe Acrobat 6.0 Professional (Version: 006.000.000)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Advanced System Optimizer (Version: 3.2.648.12202)
Advanced SystemCare 3 (Version: 3.8.0)
Agent Ransack 2010
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.3.127)
Belarc Advisor 8.2 (Version: 8.2.1.0)
Bonjour (Version: 2.0.4.0)
Broadcom Management Programs (Version: 9.03.02)
Broadcom NetXtreme Ethernet Controller (Version: 9.02.06)
Brother MFL-Pro Suite (Version: 1.00.000)
CadStd (Version: 3.7.2)
CCleaner (Version: 3.15)
CDBurnerXP (Version: 4.4.0.2905)
DAEMON Tools Pro (Version: 4.41.0314.0232)
Data Doctor Recovery - SIM Card (Demo) (Version: 4.4.1.2)
Data Doctor Recovery - SIM Card (Evaluation) 3.0.1.5
Defraggler (Version: 1.21)
Dia (remove only)
DriverAgent by eSupport.com
EASEUS Partition Master 8.0.1 Home Edition
ErrorEND (Version: 1.0.6.1)
GMX File Storage Manager (Version: 2.0.615)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.99)
GoToAssist Corporate (Version: 9.0.570)
HostsMan 3.2.73 (Version: 3.2.73)
HoverIP v1.0 beta (Version: 1.0 beta)
HP Product Detection (Version: 4.0.0013)
Iomega REV System Software (Version: 5.0.4.24)
iTunes (Version: 10.1.2.17)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Junior Icon Editor (Version: 4.0)
MailWasher Free 6.5.4
Matrox Graphics Software (remove only)
Matrox PowerDesk-SE (Version: 11.12.0810.0001)
Matrox PowerSpace (Version: 2.01.0035)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 97, Professional Edition
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6425.1000)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6425.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MozBackup 1.4.10
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
Mozilla Thunderbird 10.0.2 (x86 en-GB) (Version: 10.0.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyPDFConverter (Version: 2.5058.00033)
MyPhoneExplorer (Version: 1.8.2)
NeoTrace Pro 3.25 Trial
Nmap 5.21
PDF-Viewer (Version: 2.0.54.0)
Picasa 3 (Version: 3.8)
QuickTime (Version: 7.69.80.9)
RegTweaker version 3.2.2
Sentinel Protection Installer 7.5.0 (Version: 7.5.0)
Smart Defrag 2 (Version: 2.0)
Sony Ericsson PC Companion 2.01.231 (Version: 2.01.231)
Stellar Phoenix Password Recovery (Version: 1.5.0.0)
UK-Info People Finder V14
UltraMon (Version: 3.1.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 System (KB2539530)
USBInfo
VitalSource Bookshelf (Version: 5.04.0014)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPcap 4.1.1 (Version: 4.1.0.1753)
WinRAR 4.00 beta 4 (32-bit) (Version: 4.00.4)

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 1023.51 MB
Available physical RAM: 738.95 MB
Total Pagefile: 2462.93 MB
Available Pagefile: 2297.99 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.65 MB

========================= Partitions: =====================================

2 Drive c: (SYSTEM 40Gb) (Fixed) (Total:38.28 GB) (Free:13.49 GB) NTFS
5 Drive f: (D0.System 19.5Gb(Seagate7-120GB)) (Fixed) (Total:19.53 GB) (Free:8.95 GB) NTFS
6 Drive g: (Download Stor 19.5Gb(Sea7-120GB)) (Fixed) (Total:19.53 GB) (Free:16.1 GB) NTFS
7 Drive h: (D0.InstProgs 58.5(Seagate7-120G)) (Fixed) (Total:58.59 GB) (Free:55 GB) NTFS
8 Drive i: (EMPTY 14Gb (Seagate7-120G)) (Fixed) (Total:14.12 GB) (Free:13.8 GB) NTFS

========================= Users: ========================================

User accounts for \\XW6000

3rdadmin Administrator ASPNET
Carole Glenn Guest
HelpAssistant IUSR_XW6000 IWAM_XW6000
UserAdmin

========================= Minidump Files ==================================

No minidump file found

**** End of log ****



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/03/2012 at 02:10 AM

Application Version : 5.0.1144

Core Rules Database Version : 0
Trace Rules Database Version: 0

Scan type : Quick Scan
Total Scan Time : 00:09:13

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 365
Memory threats detected : 0
Registry items scanned : 28887
Registry threats detected : 0
File items scanned : 6609
File threats detected : 1

Keylogger.Actual Spy
C:\WINDOWS\system\actualspystart.lnk

--------------end of log-----------------



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/03/2012 at 09:40 PM

Application Version : 5.0.1144

Core Rules Database Version : 8302
Trace Rules Database Version: 6114

Scan type : Quick Scan
Total Scan Time : 00:09:22

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 381
Memory threats detected : 0
Registry items scanned : 28892
Registry threats detected : 0
File items scanned : 6625
File threats detected : 0

-------------end of log--------------



Thanks

#14 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 03 March 2012 - 08:39 PM

I've recently rescanned the PC with SAS which appeared to be running OK when I left it. However, when I came back the PC appears to have rebooted before the scan completed (again) The SAS Home screen tells me that the last scan was an hour ago (which would have been about 00:30 AM this morning, which is about right) but the logs dialogue does not show the results. Is there a temp location where SAS writes the log info to before it stores the finished log in the normal User location? If so, where would it be.

Cheers.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:23 PM

Posted 03 March 2012 - 08:51 PM

Sometimes this happens with SAS and it comes back after a shut down and reboot. Also it sometimes shows up in the Admin or other user account. Or it's just gone.

Well I'd like to run one last scan mut I am wondering if I should just have you post in the DDS log forum as I see alot of iexplore errors.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users