Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

404/nginx problem - can anything rid me of this turbulent beast?


  • Please log in to reply
18 replies to this topic

#1 philologist

philologist

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 09 April 2012 - 06:35 PM

For about the last week, I’ve been having the problems others have had with getting a page saying “404 not found nginx” when trying to get to google, or when clicking on some search results after using the google search box on my Firefox search bar. There have also been a few times when I get redirected to some odd sort of page, rather than the 404 one.

Other things that have been going on:
Trouble with Windows update, which seemed to be causing MSE not to be able to update virus definitions. I finally got windows update to download updates (and now I can’t remember what I did – I know at some point I got an error code 0x8000424 from MSE and I found the fixit page for that and ran the fixit), but installing the 4 updates took all night, and in fact I thought the computer had hung (see below) and had to do a hard shutdown. But it actually had updated. And so did MSE. Both MSE and Malwarebytes found some things and removed them.

The computer has been extremely slow at times (even more than usual) and several times it would just hang—I’d just see the yellow background of my desktop and not be able to do anything but a hard shutdown. Other times I still see what was going on and I can click on things, but nothing happens, and task manager will not open even though I can do ctrl alt del.

3 of us in the family have separate accounts. On my husband’s, when we try to open firefox, it asks which program we want to use to open it. Also when we try to use things in the control panel, when in his account, we get the error message “C:/Windows/system32/rundll32.exe application not found”.

On my son’s account, he had some display problems. When he logged in his usual custom desktop background was gone, and he has only the windows classic style available to him, not the windows xp style. He restored his background picture, but there’s no xp style in the dropdown box. This happened to me as well, but at some point in the process my xp style came back.

In addition to running the windows and mse updates, scanning with MSE and Mbam, and the fixit mentioned above, I also tried another fixit (can’t find my note about which one). This one had me restart the computer and at that point the nginx problem was gone. But next time I restarted, it was back.

I think I must either still have the virus or whatever it is somewhere on the machine, or it has corrupted something so that I’m still getting the nginx (and occasional redirect) problems. I don’t know whether the nginx problem is connected to the display problems on my son’s account, or the rundll32 and “open with” errors for my husband.

I figure I’m going to have to use some more powerful anti-malware programs, but don’t know what. And I do know that I don’t have enough computer literacy to want to try this without guidance.

Can anyone help? OS is Windows XP professional.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 PM

Posted 11 April 2012 - 04:43 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 philologist

philologist
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 11 April 2012 - 05:52 PM

Hi Narenxp, thanks for taking my problem on.

I am having difficulties. Before I started with the instructions, I had to copy a few of my son's homework files to a CD. The computer froze on me 2 or 3 times, requiring hard shutdowns. Once I got a blue screen saying that a problem had been detected and that windows has been shut down to prevent further damage. There were 5 stop error codes (which I can provide if you need them). I've never had this before.

I ran TDSSKiller. At the end when I clicked on "reboot" I got another freeze and had to do a hard shutdown. But here's the log.

17:40:07.0968 0300 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
17:40:08.0328 0300 ============================================================
17:40:08.0328 0300 Current date / time: 2012/04/11 17:40:08.0328
17:40:08.0328 0300 SystemInfo:
17:40:08.0328 0300
17:40:08.0328 0300 OS Version: 5.1.2600 ServicePack: 3.0
17:40:08.0328 0300 Product type: Workstation
17:40:08.0328 0300 ComputerName: ANGUS
17:40:08.0328 0300 UserName: Nancy
17:40:08.0328 0300 Windows directory: C:\WINDOWS
17:40:08.0328 0300 System windows directory: C:\WINDOWS
17:40:08.0328 0300 Processor architecture: Intel x86
17:40:08.0328 0300 Number of processors: 2
17:40:08.0328 0300 Page size: 0x1000
17:40:08.0328 0300 Boot type: Normal boot
17:40:08.0328 0300 ============================================================
17:40:09.0359 0300 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:40:09.0359 0300 \Device\Harddisk0\DR0:
17:40:09.0359 0300 MBR used
17:40:09.0359 0300 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x1CA6DA62
17:40:09.0437 0300 Initialize success
17:40:09.0437 0300 ============================================================
17:40:41.0812 2352 ============================================================
17:40:41.0812 2352 Scan started
17:40:41.0812 2352 Mode: Manual; TDLFS;
17:40:41.0812 2352 ============================================================
17:40:42.0890 2352 aawservice (17067069b9a7865028c1f2e6971d0ccc) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
17:40:42.0890 2352 aawservice - ok
17:40:42.0984 2352 Abiosdsk - ok
17:40:43.0062 2352 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:40:43.0062 2352 abp480n5 - ok
17:40:43.0140 2352 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:40:43.0140 2352 ACPI - ok
17:40:43.0203 2352 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:40:43.0203 2352 ACPIEC - ok
17:40:43.0312 2352 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:40:43.0328 2352 AdobeFlashPlayerUpdateSvc - ok
17:40:43.0375 2352 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:40:43.0375 2352 adpu160m - ok
17:40:43.0406 2352 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:40:43.0421 2352 aec - ok
17:40:43.0468 2352 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
17:40:43.0484 2352 AFD - ok
17:40:43.0515 2352 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:40:43.0515 2352 agp440 - ok
17:40:43.0546 2352 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:40:43.0546 2352 agpCPQ - ok
17:40:43.0609 2352 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:40:43.0609 2352 Aha154x - ok
17:40:43.0656 2352 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:40:43.0656 2352 aic78u2 - ok
17:40:43.0703 2352 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:40:43.0703 2352 aic78xx - ok
17:40:43.0765 2352 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:40:43.0765 2352 Alerter - ok
17:40:43.0812 2352 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:40:43.0812 2352 ALG - ok
17:40:43.0828 2352 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:40:43.0828 2352 AliIde - ok
17:40:43.0875 2352 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:40:43.0875 2352 alim1541 - ok
17:40:43.0906 2352 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:40:43.0906 2352 amdagp - ok
17:40:43.0937 2352 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:40:43.0937 2352 amsint - ok
17:40:44.0125 2352 AOL ACS (8fa646f0e639d9a8c8b98e217d471dc0) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
17:40:44.0125 2352 AOL ACS - ok
17:40:44.0218 2352 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:40:44.0218 2352 Apple Mobile Device - ok
17:40:44.0312 2352 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:40:44.0328 2352 AppMgmt - ok
17:40:44.0375 2352 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:40:44.0375 2352 asc - ok
17:40:44.0390 2352 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:40:44.0406 2352 asc3350p - ok
17:40:44.0421 2352 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:40:44.0421 2352 asc3550 - ok
17:40:44.0500 2352 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
17:40:44.0500 2352 ASCTRM - ok
17:40:44.0656 2352 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:40:44.0687 2352 aspnet_state - ok
17:40:44.0765 2352 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:40:44.0765 2352 AsyncMac - ok
17:40:44.0796 2352 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:40:44.0796 2352 atapi - ok
17:40:44.0812 2352 Atdisk - ok
17:40:44.0875 2352 Ati HotKey Poller (2c450e1e3442f3b776b301a67e8c47f0) C:\WINDOWS\system32\Ati2evxx.exe
17:40:44.0890 2352 Ati HotKey Poller - ok
17:40:44.0984 2352 ati2mtag (b8142104502f794689c1c0bcbfb53b98) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:40:45.0000 2352 ati2mtag - ok
17:40:45.0031 2352 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:40:45.0031 2352 Atmarpc - ok
17:40:45.0062 2352 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:40:45.0062 2352 AudioSrv - ok
17:40:45.0078 2352 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:40:45.0078 2352 audstub - ok
17:40:45.0109 2352 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:40:45.0109 2352 Beep - ok
17:40:45.0156 2352 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:40:45.0281 2352 BITS - ok
17:40:45.0437 2352 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe
17:40:45.0437 2352 Bonjour Service - ok
17:40:45.0546 2352 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:40:45.0546 2352 Browser - ok
17:40:45.0640 2352 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
17:40:45.0703 2352 BVRPMPR5 - ok
17:40:45.0750 2352 bvrp_pci - ok
17:40:45.0796 2352 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:40:45.0796 2352 cbidf - ok
17:40:45.0828 2352 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:40:45.0828 2352 cbidf2k - ok
17:40:45.0859 2352 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:40:45.0859 2352 cd20xrnt - ok
17:40:45.0875 2352 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:40:45.0875 2352 Cdaudio - ok
17:40:45.0937 2352 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:40:45.0953 2352 Cdfs - ok
17:40:46.0015 2352 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:40:46.0015 2352 Cdrom - ok
17:40:46.0046 2352 Changer - ok
17:40:46.0125 2352 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:40:46.0125 2352 CiSvc - ok
17:40:46.0187 2352 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:40:46.0187 2352 ClipSrv - ok
17:40:46.0359 2352 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:40:46.0390 2352 clr_optimization_v2.0.50727_32 - ok
17:40:46.0437 2352 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:40:46.0437 2352 CmdIde - ok
17:40:46.0453 2352 COMSysApp - ok
17:40:46.0500 2352 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:40:46.0500 2352 Cpqarray - ok
17:40:46.0562 2352 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.EXE
17:40:46.0562 2352 Creative Service for CDROM Access - ok
17:40:46.0656 2352 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:40:46.0656 2352 CryptSvc - ok
17:40:46.0734 2352 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
17:40:46.0750 2352 ctsfm2k - ok
17:40:46.0828 2352 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:40:46.0921 2352 dac2w2k - ok
17:40:47.0062 2352 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:40:47.0062 2352 dac960nt - ok
17:40:47.0203 2352 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:40:47.0234 2352 DcomLaunch - ok
17:40:47.0265 2352 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:40:47.0265 2352 Dhcp - ok
17:40:47.0296 2352 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:40:47.0296 2352 Disk - ok
17:40:47.0375 2352 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
17:40:47.0406 2352 DLABOIOM - ok
17:40:47.0421 2352 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:40:47.0437 2352 DLACDBHM - ok
17:40:47.0453 2352 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS
17:40:47.0468 2352 DLADResN - ok
17:40:47.0500 2352 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
17:40:47.0546 2352 DLAIFS_M - ok
17:40:47.0640 2352 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
17:40:47.0656 2352 DLAOPIOM - ok


I then disabled spybot's teatimer and MSE, and ran gmer. After scanning for some time, I got the blue screen again. Did hard reboot, started gmer, blue screen almost immediately. So I thought I'd at least give you the TDSSKiller log before I try GMER again.

I'm assuming that these steps need to be followed in order, so I shouldn't go on to the aswMBR step if I can't do GMER? I'll reply again shortly if I have to give up.

#4 philologist

philologist
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 11 April 2012 - 06:01 PM

Well no luck with GMER --tried twice more and got blue screens both times before it got as far through the scan as it did the first time.

Is there help for this? Or should I just go on to the aswMBR step?

Thanks.

#5 philologist

philologist
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 11 April 2012 - 06:09 PM

I forgot to say before that after using TDSSKiller, MSE popped up with a threat warning about:
Win64/Alureon.gen!F
Win64/Alureon.gen!J
DOS/Alureon.I
Win32/Orsam!rts
Win32/Alureon.FK
Win32/Alureon.gen???

Not sure about the end of the last one because MSE removed them before I could finish copying.

No luck with GMER --tried twice more and got blue screens both times before it got as far through the scan as it did the first time.

Is there help for the GMER problem? Or should I just go on to the aswMBR step?

Thanks.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 PM

Posted 11 April 2012 - 11:24 PM

TDSSkiller log is incomplete,paste the full content

Ignore GMER and run aswmbr

If you receive blue screen while running aswmbr run it in safemode

good luck

#7 philologist

philologist
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 12 April 2012 - 07:05 AM

My sincere apologies, I certainly don't mean to waste your time - I could have sworn that's all there was in the file. (I am so red-faced, I'm just hoping there's a prize for the forum's worst idiot.) The computer did freeze up and I had actually wondered if the program hadn't fully run before it did, but the log was there so I assumed it did.

Anyway, here's the TDSSKiller log again. Will run aswmbr shortly, but the computer freezes so frequently I wanted to get this posted first.

17:40:07.0968 0300 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
17:40:08.0328 0300 ============================================================
17:40:08.0328 0300 Current date / time: 2012/04/11 17:40:08.0328
17:40:08.0328 0300 SystemInfo:
17:40:08.0328 0300
17:40:08.0328 0300 OS Version: 5.1.2600 ServicePack: 3.0
17:40:08.0328 0300 Product type: Workstation
17:40:08.0328 0300 ComputerName: ANGUS
17:40:08.0328 0300 UserName: Nancy
17:40:08.0328 0300 Windows directory: C:\WINDOWS
17:40:08.0328 0300 System windows directory: C:\WINDOWS
17:40:08.0328 0300 Processor architecture: Intel x86
17:40:08.0328 0300 Number of processors: 2
17:40:08.0328 0300 Page size: 0x1000
17:40:08.0328 0300 Boot type: Normal boot
17:40:08.0328 0300 ============================================================
17:40:09.0359 0300 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:40:09.0359 0300 \Device\Harddisk0\DR0:
17:40:09.0359 0300 MBR used
17:40:09.0359 0300 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x1CA6DA62
17:40:09.0437 0300 Initialize success
17:40:09.0437 0300 ============================================================
17:40:41.0812 2352 ============================================================
17:40:41.0812 2352 Scan started
17:40:41.0812 2352 Mode: Manual; TDLFS;
17:40:41.0812 2352 ============================================================
17:40:42.0890 2352 aawservice (17067069b9a7865028c1f2e6971d0ccc) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
17:40:42.0890 2352 aawservice - ok
17:40:42.0984 2352 Abiosdsk - ok
17:40:43.0062 2352 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:40:43.0062 2352 abp480n5 - ok
17:40:43.0140 2352 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:40:43.0140 2352 ACPI - ok
17:40:43.0203 2352 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:40:43.0203 2352 ACPIEC - ok
17:40:43.0312 2352 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:40:43.0328 2352 AdobeFlashPlayerUpdateSvc - ok
17:40:43.0375 2352 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:40:43.0375 2352 adpu160m - ok
17:40:43.0406 2352 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:40:43.0421 2352 aec - ok
17:40:43.0468 2352 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
17:40:43.0484 2352 AFD - ok
17:40:43.0515 2352 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:40:43.0515 2352 agp440 - ok
17:40:43.0546 2352 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:40:43.0546 2352 agpCPQ - ok
17:40:43.0609 2352 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:40:43.0609 2352 Aha154x - ok
17:40:43.0656 2352 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:40:43.0656 2352 aic78u2 - ok
17:40:43.0703 2352 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:40:43.0703 2352 aic78xx - ok
17:40:43.0765 2352 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:40:43.0765 2352 Alerter - ok
17:40:43.0812 2352 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:40:43.0812 2352 ALG - ok
17:40:43.0828 2352 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:40:43.0828 2352 AliIde - ok
17:40:43.0875 2352 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:40:43.0875 2352 alim1541 - ok
17:40:43.0906 2352 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:40:43.0906 2352 amdagp - ok
17:40:43.0937 2352 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:40:43.0937 2352 amsint - ok
17:40:44.0125 2352 AOL ACS (8fa646f0e639d9a8c8b98e217d471dc0) C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
17:40:44.0125 2352 AOL ACS - ok
17:40:44.0218 2352 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:40:44.0218 2352 Apple Mobile Device - ok
17:40:44.0312 2352 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:40:44.0328 2352 AppMgmt - ok
17:40:44.0375 2352 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:40:44.0375 2352 asc - ok
17:40:44.0390 2352 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:40:44.0406 2352 asc3350p - ok
17:40:44.0421 2352 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:40:44.0421 2352 asc3550 - ok
17:40:44.0500 2352 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
17:40:44.0500 2352 ASCTRM - ok
17:40:44.0656 2352 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:40:44.0687 2352 aspnet_state - ok
17:40:44.0765 2352 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:40:44.0765 2352 AsyncMac - ok
17:40:44.0796 2352 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:40:44.0796 2352 atapi - ok
17:40:44.0812 2352 Atdisk - ok
17:40:44.0875 2352 Ati HotKey Poller (2c450e1e3442f3b776b301a67e8c47f0) C:\WINDOWS\system32\Ati2evxx.exe
17:40:44.0890 2352 Ati HotKey Poller - ok
17:40:44.0984 2352 ati2mtag (b8142104502f794689c1c0bcbfb53b98) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:40:45.0000 2352 ati2mtag - ok
17:40:45.0031 2352 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:40:45.0031 2352 Atmarpc - ok
17:40:45.0062 2352 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:40:45.0062 2352 AudioSrv - ok
17:40:45.0078 2352 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:40:45.0078 2352 audstub - ok
17:40:45.0109 2352 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:40:45.0109 2352 Beep - ok
17:40:45.0156 2352 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:40:45.0281 2352 BITS - ok
17:40:45.0437 2352 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe
17:40:45.0437 2352 Bonjour Service - ok
17:40:45.0546 2352 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:40:45.0546 2352 Browser - ok
17:40:45.0640 2352 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
17:40:45.0703 2352 BVRPMPR5 - ok
17:40:45.0750 2352 bvrp_pci - ok
17:40:45.0796 2352 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:40:45.0796 2352 cbidf - ok
17:40:45.0828 2352 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:40:45.0828 2352 cbidf2k - ok
17:40:45.0859 2352 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:40:45.0859 2352 cd20xrnt - ok
17:40:45.0875 2352 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:40:45.0875 2352 Cdaudio - ok
17:40:45.0937 2352 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:40:45.0953 2352 Cdfs - ok
17:40:46.0015 2352 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:40:46.0015 2352 Cdrom - ok
17:40:46.0046 2352 Changer - ok
17:40:46.0125 2352 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:40:46.0125 2352 CiSvc - ok
17:40:46.0187 2352 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:40:46.0187 2352 ClipSrv - ok
17:40:46.0359 2352 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:40:46.0390 2352 clr_optimization_v2.0.50727_32 - ok
17:40:46.0437 2352 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:40:46.0437 2352 CmdIde - ok
17:40:46.0453 2352 COMSysApp - ok
17:40:46.0500 2352 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:40:46.0500 2352 Cpqarray - ok
17:40:46.0562 2352 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.EXE
17:40:46.0562 2352 Creative Service for CDROM Access - ok
17:40:46.0656 2352 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:40:46.0656 2352 CryptSvc - ok
17:40:46.0734 2352 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
17:40:46.0750 2352 ctsfm2k - ok
17:40:46.0828 2352 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:40:46.0921 2352 dac2w2k - ok
17:40:47.0062 2352 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:40:47.0062 2352 dac960nt - ok
17:40:47.0203 2352 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:40:47.0234 2352 DcomLaunch - ok
17:40:47.0265 2352 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:40:47.0265 2352 Dhcp - ok
17:40:47.0296 2352 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:40:47.0296 2352 Disk - ok
17:40:47.0375 2352 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
17:40:47.0406 2352 DLABOIOM - ok
17:40:47.0421 2352 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:40:47.0437 2352 DLACDBHM - ok
17:40:47.0453 2352 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS
17:40:47.0468 2352 DLADResN - ok
17:40:47.0500 2352 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
17:40:47.0546 2352 DLAIFS_M - ok
17:40:47.0640 2352 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
17:40:47.0656 2352 DLAOPIOM - ok
17:40:47.0687 2352 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
17:40:47.0703 2352 DLAPoolM - ok
17:40:47.0750 2352 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
17:40:47.0781 2352 DLARTL_N - ok
17:40:47.0812 2352 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
17:40:47.0859 2352 DLAUDFAM - ok
17:40:47.0921 2352 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
17:40:47.0953 2352 DLAUDF_M - ok
17:40:47.0968 2352 dmadmin - ok
17:40:48.0109 2352 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:40:48.0125 2352 dmboot - ok
17:40:48.0171 2352 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:40:48.0171 2352 dmio - ok
17:40:48.0187 2352 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:40:48.0187 2352 dmload - ok
17:40:48.0250 2352 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:40:48.0250 2352 dmserver - ok
17:40:48.0281 2352 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:40:48.0281 2352 DMusic - ok
17:40:48.0343 2352 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:40:48.0343 2352 Dnscache - ok
17:40:48.0421 2352 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:40:48.0437 2352 Dot3svc - ok
17:40:48.0468 2352 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:40:48.0468 2352 dpti2o - ok
17:40:48.0500 2352 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:40:48.0500 2352 drmkaud - ok
17:40:48.0546 2352 drvmcdb (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
17:40:48.0562 2352 drvmcdb - ok
17:40:48.0593 2352 drvnddm (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
17:40:49.0093 2352 drvnddm - ok
17:40:49.0109 2352 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:40:49.0109 2352 E100B - ok
17:40:49.0156 2352 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:40:49.0156 2352 EapHost - ok
17:40:49.0187 2352 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:40:49.0187 2352 ERSvc - ok
17:40:49.0265 2352 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:40:49.0281 2352 Eventlog - ok
17:40:49.0421 2352 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:40:49.0437 2352 EventSystem - ok
17:40:49.0500 2352 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:40:49.0515 2352 Fastfat - ok
17:40:49.0593 2352 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:40:49.0593 2352 FastUserSwitchingCompatibility - ok
17:40:49.0687 2352 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
17:40:49.0687 2352 Fax - ok
17:40:49.0718 2352 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:40:49.0718 2352 Fdc - ok
17:40:49.0750 2352 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:40:49.0750 2352 Fips - ok
17:40:49.0781 2352 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:40:49.0781 2352 Flpydisk - ok
17:40:49.0796 2352 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:40:49.0796 2352 FltMgr - ok
17:40:49.0921 2352 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:40:49.0921 2352 FontCache3.0.0.0 - ok
17:40:49.0984 2352 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:40:49.0984 2352 Fs_Rec - ok
17:40:50.0062 2352 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:40:50.0062 2352 Ftdisk - ok
17:40:50.0125 2352 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:40:50.0125 2352 GEARAspiWDM - ok
17:40:50.0171 2352 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:40:50.0171 2352 Gpc - ok
17:40:50.0296 2352 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:40:50.0296 2352 gupdate - ok
17:40:50.0312 2352 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:40:50.0312 2352 gupdatem - ok
17:40:50.0390 2352 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:40:50.0390 2352 helpsvc - ok
17:40:50.0406 2352 HidServ - ok
17:40:50.0437 2352 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:40:50.0437 2352 HidUsb - ok
17:40:50.0531 2352 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:40:50.0531 2352 hkmsvc - ok
17:40:50.0656 2352 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:40:50.0656 2352 hpn - ok
17:40:50.0750 2352 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:40:50.0765 2352 HTTP - ok
17:40:50.0781 2352 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:40:50.0796 2352 HTTPFilter - ok
17:40:50.0828 2352 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:40:50.0828 2352 i2omgmt - ok
17:40:50.0890 2352 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:40:50.0890 2352 i2omp - ok
17:40:50.0937 2352 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:40:50.0937 2352 i8042prt - ok
17:40:51.0046 2352 IAANTMon (5400c14134e7d6a0069c46febcb2dddf) C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
17:40:51.0046 2352 IAANTMon - ok
17:40:51.0171 2352 iastor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\drivers\iastor.sys
17:40:51.0171 2352 iastor - ok
17:40:51.0312 2352 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:40:51.0312 2352 IDriverT - ok
17:40:51.0515 2352 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:40:51.0546 2352 idsvc - ok
17:40:51.0640 2352 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:40:51.0640 2352 Imapi - ok
17:40:51.0734 2352 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:40:51.0750 2352 ImapiService - ok
17:40:51.0796 2352 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:40:51.0796 2352 ini910u - ok
17:40:51.0859 2352 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
17:40:51.0859 2352 IntelC51 - ok
17:40:51.0906 2352 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
17:40:51.0921 2352 IntelC52 - ok
17:40:52.0078 2352 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
17:40:52.0078 2352 IntelC53 - ok
17:40:52.0156 2352 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:40:52.0156 2352 IntelIde - ok
17:40:52.0187 2352 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:40:52.0203 2352 intelppm - ok
17:40:52.0250 2352 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:40:52.0250 2352 Ip6Fw - ok
17:40:52.0312 2352 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:40:52.0312 2352 IpFilterDriver - ok
17:40:52.0375 2352 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:40:52.0375 2352 IpInIp - ok
17:40:52.0468 2352 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:40:52.0468 2352 IpNat - ok
17:40:52.0656 2352 iPod Service (630d74599070824af3dc63a894adcdfc) C:\Program Files\iPod\bin\iPodService.exe
17:40:52.0656 2352 iPod Service - ok
17:40:52.0718 2352 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:40:52.0718 2352 IPSec - ok
17:40:52.0781 2352 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:40:52.0781 2352 IRENUM - ok
17:40:52.0812 2352 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:40:52.0812 2352 isapnp - ok
17:40:53.0015 2352 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
17:40:53.0015 2352 JavaQuickStarterService - ok
17:40:53.0062 2352 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:40:53.0078 2352 Kbdclass - ok
17:40:53.0093 2352 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:40:53.0093 2352 kbdhid - ok
17:40:53.0171 2352 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:40:53.0171 2352 kmixer - ok
17:40:53.0234 2352 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:40:53.0234 2352 KSecDD - ok
17:40:53.0312 2352 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:40:53.0312 2352 lanmanserver - ok
17:40:53.0375 2352 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:40:53.0375 2352 lanmanworkstation - ok
17:40:53.0406 2352 lbrtfdc - ok
17:40:53.0468 2352 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:40:53.0468 2352 LmHosts - ok
17:40:53.0531 2352 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:40:53.0531 2352 Messenger - ok
17:40:53.0609 2352 mferkdk - ok
17:40:53.0625 2352 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:40:53.0625 2352 mnmdd - ok
17:40:53.0687 2352 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:40:53.0687 2352 mnmsrvc - ok
17:40:53.0750 2352 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:40:53.0765 2352 Modem - ok
17:40:53.0812 2352 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:40:53.0812 2352 MODEMCSA - ok
17:40:53.0828 2352 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
17:40:53.0828 2352 mohfilt - ok
17:40:53.0859 2352 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:40:53.0859 2352 Mouclass - ok
17:40:53.0890 2352 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:40:53.0906 2352 mouhid - ok
17:40:53.0953 2352 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:40:53.0953 2352 MountMgr - ok
17:40:54.0015 2352 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:40:54.0031 2352 MpFilter - ok
17:40:54.0203 2352 MpKsl32a323f5 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E111316F-4753-4994-A754-4075AD1CB375}\MpKsl32a323f5.sys
17:40:54.0218 2352 MpKsl32a323f5 - ok
17:40:54.0281 2352 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:40:54.0281 2352 mraid35x - ok
17:40:54.0328 2352 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:40:54.0328 2352 MRxDAV - ok
17:40:54.0390 2352 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:40:54.0406 2352 MRxSmb - ok
17:40:54.0515 2352 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:40:54.0515 2352 MSDTC - ok
17:40:54.0593 2352 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:40:54.0593 2352 Msfs - ok
17:40:54.0656 2352 MSIServer - ok
17:40:54.0718 2352 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:40:54.0718 2352 MSKSSRV - ok
17:40:54.0859 2352 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
17:40:54.0859 2352 MsMpSvc - ok
17:40:54.0906 2352 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:40:54.0906 2352 MSPCLOCK - ok
17:40:54.0968 2352 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:40:54.0968 2352 MSPQM - ok
17:40:55.0015 2352 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:40:55.0015 2352 mssmbios - ok
17:40:55.0031 2352 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
17:40:55.0046 2352 Mup - ok
17:40:55.0093 2352 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
17:40:55.0093 2352 MXOPSWD - ok
17:40:55.0156 2352 NAL (9121d8ffff773c66bbf4955e4f7aac23) C:\WINDOWS\system32\Drivers\iqvw32.sys
17:40:55.0250 2352 NAL - ok
17:40:55.0359 2352 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:40:55.0375 2352 napagent - ok
17:40:55.0453 2352 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:40:55.0468 2352 NDIS - ok
17:40:55.0484 2352 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:40:55.0484 2352 NdisTapi - ok
17:40:55.0515 2352 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:40:55.0515 2352 Ndisuio - ok
17:40:55.0546 2352 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:40:55.0546 2352 NdisWan - ok
17:40:55.0656 2352 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:40:55.0656 2352 NDProxy - ok
17:40:55.0703 2352 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:40:55.0703 2352 NetBIOS - ok
17:40:55.0734 2352 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:40:55.0734 2352 NetBT - ok
17:40:55.0796 2352 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:40:55.0796 2352 NetDDE - ok
17:40:55.0796 2352 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:40:55.0796 2352 NetDDEdsdm - ok
17:40:55.0890 2352 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:40:55.0890 2352 Netlogon - ok
17:40:55.0937 2352 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:40:55.0953 2352 Netman - ok
17:40:56.0125 2352 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:40:56.0140 2352 NetTcpPortSharing - ok
17:40:56.0250 2352 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:40:56.0250 2352 Nla - ok
17:40:56.0296 2352 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:40:56.0296 2352 Npfs - ok
17:40:56.0359 2352 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:40:56.0375 2352 Ntfs - ok
17:40:56.0390 2352 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:40:56.0390 2352 NtLmSsp - ok
17:40:56.0453 2352 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:40:56.0468 2352 NtmsSvc - ok
17:40:56.0515 2352 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:40:56.0515 2352 Null - ok
17:40:56.0718 2352 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:40:56.0843 2352 nv - ok
17:40:56.0984 2352 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:40:56.0984 2352 NwlnkFlt - ok
17:40:57.0062 2352 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:40:57.0062 2352 NwlnkFwd - ok
17:40:57.0171 2352 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
17:40:57.0187 2352 omci - ok
17:40:57.0312 2352 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:40:57.0312 2352 ose - ok
17:40:57.0390 2352 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
17:40:57.0406 2352 ossrv - ok
17:40:57.0453 2352 P17 (3a7290f2c423b80ba95becae015b9b1b) C:\WINDOWS\system32\drivers\P17.sys
17:40:57.0484 2352 P17 - ok
17:40:57.0531 2352 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:40:57.0546 2352 Parport - ok
17:40:57.0593 2352 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:40:57.0593 2352 PartMgr - ok
17:40:57.0640 2352 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:40:57.0640 2352 ParVdm - ok
17:40:57.0687 2352 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:40:57.0687 2352 PCI - ok
17:40:57.0703 2352 PCIDump - ok
17:40:57.0734 2352 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:40:57.0734 2352 PCIIde - ok
17:40:57.0781 2352 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:40:57.0796 2352 Pcmcia - ok
17:40:57.0828 2352 PDCOMP - ok
17:40:57.0843 2352 PDFRAME - ok
17:40:57.0875 2352 PDRELI - ok
17:40:57.0890 2352 PDRFRAME - ok
17:40:57.0937 2352 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:40:57.0937 2352 perc2 - ok
17:40:58.0015 2352 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:40:58.0015 2352 perc2hib - ok
17:40:58.0109 2352 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:40:58.0109 2352 PlugPlay - ok
17:40:58.0187 2352 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:40:58.0187 2352 PolicyAgent - ok
17:40:58.0203 2352 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:40:58.0203 2352 PptpMiniport - ok
17:40:58.0234 2352 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:40:58.0234 2352 ProtectedStorage - ok
17:40:58.0265 2352 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:40:58.0265 2352 PSched - ok
17:40:58.0281 2352 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:40:58.0281 2352 Ptilink - ok
17:40:58.0328 2352 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:40:58.0328 2352 PxHelp20 - ok
17:40:58.0390 2352 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:40:58.0390 2352 ql1080 - ok
17:40:58.0437 2352 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:40:58.0437 2352 Ql10wnt - ok
17:40:58.0453 2352 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:40:58.0453 2352 ql12160 - ok
17:40:58.0484 2352 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:40:58.0484 2352 ql1240 - ok
17:40:58.0500 2352 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:40:58.0515 2352 ql1280 - ok
17:40:58.0531 2352 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:40:58.0531 2352 RasAcd - ok
17:40:58.0609 2352 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:40:58.0609 2352 RasAuto - ok
17:40:58.0656 2352 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:40:58.0656 2352 Rasl2tp - ok
17:40:58.0750 2352 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:40:58.0750 2352 RasMan - ok
17:40:58.0796 2352 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:40:58.0796 2352 RasPppoe - ok
17:40:58.0812 2352 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:40:58.0812 2352 Raspti - ok
17:40:58.0859 2352 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:40:58.0875 2352 Rdbss - ok
17:40:58.0890 2352 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:40:58.0890 2352 RDPCDD - ok
17:40:58.0921 2352 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:40:58.0921 2352 rdpdr - ok
17:40:58.0968 2352 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
17:40:58.0984 2352 RDPWD - ok
17:40:59.0046 2352 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:40:59.0062 2352 RDSessMgr - ok
17:40:59.0093 2352 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:40:59.0093 2352 redbook - ok
17:40:59.0140 2352 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:40:59.0140 2352 RemoteAccess - ok
17:40:59.0203 2352 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:40:59.0203 2352 RemoteRegistry - ok
17:40:59.0250 2352 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:40:59.0250 2352 RpcLocator - ok
17:40:59.0296 2352 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:40:59.0312 2352 RpcSs - ok
17:40:59.0453 2352 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:40:59.0453 2352 RSVP - ok
17:40:59.0546 2352 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:40:59.0546 2352 SamSs - ok
17:40:59.0687 2352 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\WINDOWS\system32\Drivers\SBKUPNT.SYS
17:40:59.0687 2352 SBKUPNT - ok
17:40:59.0734 2352 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:40:59.0734 2352 SCardSvr - ok
17:40:59.0781 2352 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:40:59.0796 2352 Schedule - ok
17:40:59.0843 2352 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:40:59.0843 2352 Secdrv - ok
17:40:59.0890 2352 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:40:59.0890 2352 seclogon - ok
17:40:59.0906 2352 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:40:59.0921 2352 SENS - ok
17:40:59.0968 2352 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:40:59.0984 2352 serenum - ok
17:41:00.0015 2352 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:41:00.0015 2352 Serial - ok
17:41:00.0062 2352 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:41:00.0062 2352 Sfloppy - ok
17:41:00.0140 2352 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:41:00.0156 2352 SharedAccess - ok
17:41:00.0234 2352 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:41:00.0234 2352 ShellHWDetection - ok
17:41:00.0265 2352 Simbad - ok
17:41:00.0312 2352 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:41:00.0312 2352 sisagp - ok
17:41:00.0406 2352 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:41:00.0406 2352 Sparrow - ok
17:41:00.0453 2352 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:41:00.0453 2352 splitter - ok
17:41:00.0500 2352 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:41:00.0500 2352 Spooler - ok
17:41:00.0546 2352 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:41:00.0546 2352 sr - ok
17:41:00.0578 2352 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:41:00.0609 2352 srservice - ok
17:41:00.0718 2352 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:41:00.0734 2352 Srv - ok
17:41:00.0781 2352 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:41:00.0781 2352 SSDPSRV - ok
17:41:00.0843 2352 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:41:00.0859 2352 stisvc - ok
17:41:00.0890 2352 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:41:00.0890 2352 swenum - ok
17:41:00.0921 2352 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:41:00.0921 2352 swmidi - ok
17:41:00.0953 2352 SwPrv - ok
17:41:01.0000 2352 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:41:01.0000 2352 symc810 - ok
17:41:01.0046 2352 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:41:01.0046 2352 symc8xx - ok
17:41:01.0125 2352 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:41:01.0125 2352 sym_hi - ok
17:41:01.0156 2352 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:41:01.0156 2352 sym_u3 - ok
17:41:01.0234 2352 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:41:01.0234 2352 sysaudio - ok
17:41:01.0281 2352 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:41:01.0281 2352 SysmonLog - ok
17:41:01.0343 2352 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:41:01.0343 2352 TapiSrv - ok
17:41:01.0406 2352 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:41:01.0421 2352 Tcpip - ok
17:41:01.0484 2352 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:41:01.0484 2352 TDPIPE - ok
17:41:01.0546 2352 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:41:01.0546 2352 TDTCP - ok
17:41:01.0703 2352 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:41:01.0703 2352 TermDD - ok
17:41:01.0828 2352 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:41:01.0843 2352 TermService - ok
17:41:01.0906 2352 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:41:01.0906 2352 Themes - ok
17:41:01.0968 2352 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:41:01.0968 2352 TlntSvr - ok
17:41:02.0031 2352 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:41:02.0031 2352 TosIde - ok
17:41:02.0078 2352 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:41:02.0078 2352 TrkWks - ok
17:41:02.0109 2352 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:41:02.0125 2352 Udfs - ok
17:41:02.0140 2352 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:41:02.0140 2352 ultra - ok
17:41:02.0171 2352 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:41:02.0187 2352 Update - ok
17:41:02.0265 2352 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:41:02.0281 2352 upnphost - ok
17:41:02.0328 2352 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:41:02.0343 2352 UPS - ok
17:41:02.0406 2352 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:41:02.0406 2352 USBAAPL - ok
17:41:02.0421 2352 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:41:02.0437 2352 usbehci - ok
17:41:02.0453 2352 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:41:02.0453 2352 usbhub - ok
17:41:02.0531 2352 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:41:02.0531 2352 usbprint - ok
17:41:02.0671 2352 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:41:02.0671 2352 usbscan - ok
17:41:02.0765 2352 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:41:02.0765 2352 USBSTOR - ok
17:41:02.0812 2352 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:41:02.0828 2352 usbuhci - ok
17:41:02.0875 2352 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:41:02.0875 2352 VgaSave - ok
17:41:02.0953 2352 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:41:02.0953 2352 viaagp - ok
17:41:03.0031 2352 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:41:03.0031 2352 ViaIde - ok
17:41:03.0109 2352 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:41:03.0109 2352 VolSnap - ok
17:41:03.0171 2352 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:41:03.0187 2352 VSS - ok
17:41:03.0281 2352 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:41:03.0312 2352 w32time - ok
17:41:03.0515 2352 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:41:03.0515 2352 Wanarp - ok
17:41:03.0765 2352 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
17:41:03.0765 2352 wanatw - ok
17:41:03.0796 2352 WDC_SAM - ok
17:41:03.0828 2352 WDICA - ok
17:41:03.0859 2352 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:41:03.0859 2352 wdmaud - ok
17:41:03.0890 2352 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:41:03.0906 2352 WebClient - ok
17:41:03.0984 2352 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:41:04.0000 2352 winmgmt - ok
17:41:04.0093 2352 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\system32\MsPMSPSv.exe
17:41:04.0093 2352 WMDM PMSP Service - ok
17:41:04.0171 2352 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:41:04.0171 2352 WmdmPmSN - ok
17:41:04.0281 2352 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:41:04.0296 2352 Wmi - ok
17:41:04.0375 2352 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:41:04.0375 2352 WmiApSrv - ok
17:41:04.0515 2352 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
17:41:04.0531 2352 WpdUsb - ok
17:41:04.0859 2352 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:41:04.0859 2352 wscsvc - ok
17:41:04.0921 2352 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:41:04.0921 2352 wuauserv - ok
17:41:04.0984 2352 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:41:05.0000 2352 WudfPf - ok
17:41:05.0031 2352 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:41:05.0046 2352 WudfRd - ok
17:41:05.0093 2352 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:41:05.0093 2352 WudfSvc - ok
17:41:05.0187 2352 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:41:05.0203 2352 WZCSVC - ok
17:41:05.0250 2352 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:41:05.0250 2352 xmlprov - ok
17:41:05.0265 2352 MBR (0x1B8) (dbfb101d7442c448a7964bbb128e1250) \Device\Harddisk0\DR0
17:41:05.0296 2352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
17:41:05.0296 2352 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
17:41:05.0312 2352 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:41:05.0312 2352 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:41:05.0343 2352 Boot (0x1200) (f149fe0c8582b08fdef295afd3abec13) \Device\Harddisk0\DR0\Partition0
17:41:05.0343 2352 \Device\Harddisk0\DR0\Partition0 - ok
17:41:05.0343 2352 ============================================================
17:41:05.0343 2352 Scan finished
17:41:05.0343 2352 ============================================================
17:41:05.0359 0756 Detected object count: 2
17:41:05.0359 0756 Actual detected object count: 2
17:41:45.0531 0756 \Device\Harddisk0\DR0\# - copied to quarantine
17:41:45.0828 0756 \Device\Harddisk0\DR0 - copied to quarantine
17:41:45.0921 0756 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
17:41:45.0937 0756 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:41:46.0093 0756 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
17:41:46.0296 0756 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:41:46.0359 0756 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:41:46.0687 0756 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
17:41:48.0328 0756 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
17:41:48.0437 0756 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
17:41:48.0437 0756 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
17:41:48.0453 0756 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
17:41:48.0453 0756 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
17:41:48.0484 0756 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
17:41:48.0578 0756 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
17:41:48.0578 0756 \Device\Harddisk0\DR0 - ok
17:41:48.0578 0756 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
17:41:48.0578 0756 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:41:48.0578 0756 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:42:12.0046 1712 Deinitialize success

#8 philologist

philologist
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 12 April 2012 - 08:06 AM

(TDSSKiller log reposted in previous reply.)

Here's the aswMBR log.

Also, a question and a comment:
1) I noticed that it scanned
C:\Documents and Settings\Nancy
C:\Documents and Settings\All Users
but not the C:\Documents and Settings\ for either of the other two accounts on the computer. Do I need to run a scan from each of their accounts, too?

2) Shortly after the scan began, and then again right when it finished, MSE detected a threat and removed it. Both times it was DOS/Alureon.I, which it had already removed at least once in the past couple of days.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-12 08:19:44
-----------------------------
08:19:44.078 OS Version: Windows 5.1.2600 Service Pack 3
08:19:44.078 Number of processors: 2 586 0x404
08:19:44.078 ComputerName: ANGUS UserName: Nancy
08:19:57.234 Initialize success
08:22:26.937 AVAST engine defs: 12041200
08:22:37.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
08:22:37.875 Disk 0 Vendor: Maxtor_7 BANC Size: 238418MB BusType: 3
08:22:37.890 Disk 0 MBR read successfully
08:22:37.890 Disk 0 MBR scan
08:22:39.906 Disk 0 TDL4@MBR code has been found
08:22:39.906 Disk 0 MBR hidden
08:22:39.953 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
08:22:40.421 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 234715 MB offset 112455
08:22:40.562 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3639 MB offset 480809385
08:22:40.578 Disk 0 MBR [TDL4] **ROOTKIT**
08:22:40.578 Disk 0 trace - called modules:
08:22:40.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88da149f]<<
08:22:40.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5cfab8]
08:22:40.578 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x89ba3788]
08:22:40.578 \Driver\iastor[0x88ed4900] -> IRP_MJ_CREATE -> 0x88da149f
08:22:45.125 AVAST engine scan C:\WINDOWS
08:23:59.203 AVAST engine scan C:\WINDOWS\system32
08:30:33.296 AVAST engine scan C:\WINDOWS\system32\drivers
08:31:10.625 AVAST engine scan C:\Documents and Settings\Nancy
08:38:22.875 AVAST engine scan C:\Documents and Settings\All Users
08:45:57.406 Scan finished successfully
08:48:30.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Nancy\Desktop\MBR.dat"
08:48:30.171 The log file has been saved successfully to "C:\Documents and Settings\Nancy\Desktop\aswMBR.txt"

Edited by philologist, 12 April 2012 - 08:11 AM.


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 PM

Posted 12 April 2012 - 10:19 AM

Can you restart the PC and run aswmbr again?

Post the new log

good luck

#10 philologist

philologist
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 12 April 2012 - 06:22 PM

It took me 2 or 3 tries before it ran without the computer freezing.

And again, MSE found (and said it cleaned) something right after the scan started and just after I saved the log.

Here's the log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-12 17:07:55
-----------------------------
17:07:55.906 OS Version: Windows 5.1.2600 Service Pack 3
17:07:55.906 Number of processors: 2 586 0x404
17:07:55.906 ComputerName: ANGUS UserName: Nancy
17:07:56.890 Initialize success
17:08:21.421 AVAST engine defs: 12041200
17:08:28.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:08:28.140 Disk 0 Vendor: Maxtor_7 BANC Size: 238418MB BusType: 3
17:08:28.140 Disk 0 MBR read successfully
17:08:28.140 Disk 0 MBR scan
17:08:31.390 Disk 0 TDL4@MBR code has been found
17:08:31.390 Disk 0 MBR hidden
17:08:31.390 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
17:08:31.609 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 234715 MB offset 112455
17:08:31.687 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3639 MB offset 480809385
17:08:31.703 Disk 0 MBR [TDL4] **ROOTKIT**
17:08:31.703 Disk 0 trace - called modules:
17:08:31.703 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88e3449f]<<
17:08:31.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5ccab8]
17:08:31.703 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x898d9130]
17:08:31.703 \Driver\iastor[0x89c45748] -> IRP_MJ_CREATE -> 0x88e3449f
17:08:33.312 AVAST engine scan C:\WINDOWS
17:09:04.656 AVAST engine scan C:\WINDOWS\system32
17:15:12.906 AVAST engine scan C:\WINDOWS\system32\drivers
17:15:49.093 AVAST engine scan C:\Documents and Settings\Nancy
17:23:43.343 AVAST engine scan C:\Documents and Settings\All Users
17:39:31.562 Scan finished successfully
19:17:02.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Nancy\Desktop\MBR.dat"
19:17:04.000 The log file has been saved successfully to "C:\Documents and Settings\Nancy\Desktop\aswMBR.txt"

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 PM

Posted 12 April 2012 - 11:34 PM

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

on reboot,allow fixtdss to RUN and click on REPAIR

Now rerun aswmbr again and post the new log

good luck

#12 philologist

philologist
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 13 April 2012 - 10:24 AM

Ran FIXTDSS

Ran aswmbr again:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-13 10:46:17
-----------------------------
10:46:17.250 OS Version: Windows 5.1.2600 Service Pack 3
10:46:17.250 Number of processors: 2 586 0x404
10:46:17.250 ComputerName: ANGUS UserName: Nancy
10:46:19.390 Initialize success
10:47:03.703 AVAST engine defs: 12041200
10:47:09.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:47:09.609 Disk 0 Vendor: Maxtor_7 BANC Size: 238418MB BusType: 3
10:47:09.703 Disk 0 MBR read successfully
10:47:09.703 Disk 0 MBR scan
10:47:10.062 Disk 0 unknown MBR code
10:47:10.062 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
10:47:10.093 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 234715 MB offset 112455
10:47:10.203 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3639 MB offset 480809385
10:47:10.281 Disk 0 scanning sectors +488263545
10:47:10.453 Disk 0 scanning C:\WINDOWS\system32\drivers
10:48:25.203 Service scanning
10:49:22.296 Service MpKsld61c9a22 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EECCC4F7-115D-4737-910C-128B8E119F9C}\MpKsld61c9a22.sys **LOCKED** 32
10:49:54.781 Modules scanning
10:50:14.062 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
10:50:17.484 Disk 0 trace - called modules:
10:50:17.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
10:50:17.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a556ab8]
10:50:17.484 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a059030]
10:50:20.000 AVAST engine scan C:\WINDOWS
10:51:34.781 AVAST engine scan C:\WINDOWS\system32
10:58:14.500 AVAST engine scan C:\WINDOWS\system32\drivers
10:58:46.031 AVAST engine scan C:\Documents and Settings\Nancy
11:06:31.156 AVAST engine scan C:\Documents and Settings\All Users
11:16:35.093 Scan finished successfully
11:22:33.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Nancy\Desktop\MBR.dat"
11:22:33.875 The log file has been saved successfully to "C:\Documents and Settings\Nancy\Desktop\aswMBR.txt"

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 PM

Posted 13 April 2012 - 10:29 AM

good

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#14 philologist

philologist
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 14 April 2012 - 12:04 PM

The computer is doing much better, by the way. It will do a shutdown or restart, I can get to google search and advanced search fine, I can open firefox from the desktop icon, and the add/remove programs list will populate now.

Here are the logs:

I already had Malwarebytes -- it updated the version and the definitions. Since it did not find anything when I ran it the first time, I didn't run after rebooting, but just rebooted and went on to the next step. Hope that was correct. Here's the log from the run I did:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.14.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Nancy :: ANGUS [administrator]

4/14/2012 9:20:05 AM
mbam-log-2012-04-14 (09-20-05).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 407851
Time elapsed: 2 hour(s), 21 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Here's the eset list:

C:\Documents and Settings\Max\Application Data\Sun\Java\Deployment\cache\6.0\27\58ce481b-739a956e a variant of Java/TrojanDownloader.Agent.ME trojan cleaned by deleting - quarantined


And the mini toobox results:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Nancy (administrator) on 14-04-2012 at 12:49:22
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : ANGUS

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-12-3F-75-AE-B1

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Saturday, April 14, 2012 12:09:24 PM

Lease Expires . . . . . . . . . . : Sunday, April 15, 2012 12:09:24 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.43.32, 173.194.43.46, 173.194.43.34, 173.194.43.36
173.194.43.33, 173.194.43.35, 173.194.43.40, 173.194.43.39, 173.194.43.37
173.194.43.41, 173.194.43.38



Pinging google.com [74.125.226.228] with 32 bytes of data:



Reply from 74.125.226.228: bytes=32 time=64ms TTL=50

Reply from 74.125.226.228: bytes=32 time=65ms TTL=50



Ping statistics for 74.125.226.228:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 64ms, Maximum = 65ms, Average = 64ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=54ms TTL=48

Reply from 209.191.122.70: bytes=32 time=54ms TTL=48



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 54ms, Maximum = 54ms, Average = 54ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 12 3f 75 ae b1 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.3 192.168.1.3 20
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 20
192.168.1.3 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 20
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 20
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/13/2012 10:54:36 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/11/2012 05:39:56 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/11/2012 05:39:56 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/11/2012 09:49:44 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/11/2012 09:36:18 AM) (Source: Microsoft Office 11) (User: )
Description: Rejected Safe Mode action : Microsoft Office Word.

Error: (04/11/2012 08:32:44 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/09/2012 04:24:04 PM) (Source: MsiInstaller) (User: Nancy)Nancy
Description: Product: Microsoft Fix it 50267 -- Error 1704. An installation for Microsoft Fix it 50687 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?


System errors:
=============
Error: (04/13/2012 10:54:33 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.123.1329.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (04/13/2012 10:54:33 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.123.1329.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (04/13/2012 10:54:33 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.123.1329.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (04/12/2012 04:46:24 PM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.

Error: (04/08/2012 08:53:38 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/08/2012 06:56:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Fips
intelppm
IPSec
MpFilter
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Error: (04/08/2012 06:56:20 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (04/08/2012 06:56:20 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (04/08/2012 06:56:20 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (04/08/2012 06:56:20 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================
Error: (04/13/2012 10:54:36 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80240016begininstallinstall3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (04/11/2012 05:39:56 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/11/2012 05:39:56 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/11/2012 09:49:44 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759308unspecifiedscanfile3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (04/11/2012 09:36:18 AM) (Source: Microsoft Office 11)(User: )
Description: Microsoft Office Word

Error: (04/11/2012 08:32:44 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759308unspecifiedscanfile3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (04/09/2012 04:24:04 PM) (Source: MsiInstaller)(User: Nancy)Nancy
Description: Product: Microsoft Fix it 50267 -- Error 1704. An installation for Microsoft Fix it 50687 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Ad-Aware (Version: 7.1.0.7)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.233)
Adobe Flash Player 11 Plugin (Version: 11.2.202.233)
Adobe Reader 9.5.1 (Version: 9.5.1)
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOLIcon (Version: 1.00.0000)
Apple Application Support (Version: 1.3.1)
Apple Mobile Device Support (Version: 3.1.0.62)
Apple Software Update (Version: 2.1.1.116)
ArcSoft PhotoStudio 5.5
ArcSoft Software Suite
ATI Control Panel (Version: 6.14.10.5150)
ATI Display Driver (Version: 8.13-050414a2-023179C-Dell)
AXIS Media Control Embedded
Bonjour (Version: 2.0.2.0)
Canon CanoScan Toolbox 4.9
Canon My Printer
Canon Pro9000
Canon Setup Utility 2.1
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Pro
Compatibility Pack for the 2007 Office system (Version: 12.0.6021.5000)
Creative MediaSource
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Media Experience (Version: 3.00)
Dell Picture Studio v3.0 (Version: 3.0.0)
Dell Support 3.1 (Version: 5.1.760)
Dell System Restore (Version: 2.00.0000)
DivX Setup (Version: 2.4.1.4)
EarthLink setup files (Version: 2005.1.47.0)
Easy-WebPrint
ESET Online Scanner v3
Facebook Plug-In
Get High Speed Internet! (Version: 1.00.0000)
Google Chrome (Version: 18.0.1025.152)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
Harry Potter
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
Intel Matrix Storage Manager
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Software v9.2.4.11
Intel® PROSafe for Wired Connections (Version: 8.00.0005)
Intel® PROSafe for Wired Connections (Version: 99.99.9999)
Internet Explorer Default Page (Version: 1.00.03)
iTunes (Version: 9.2.1.5)
Jasc Paint Shop Photo Album 5 (Version: 5.21)
Jasc Paint Shop Pro Studio, Dell Editon (Version: 1.01.0000)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
K-Lite Codec Pack 4.3.1 (Standard) (Version: 4.3.1)
KODAK Picture CD Volume 3 Issue 2
Learn2 Player (Uninstall Only)
LEGO Racers
Macromedia Flash Player (Version: 7.0.19.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Manual CanoScan 9950F
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 5.0.61118.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
MobileMe Control Panel (Version: 3.0.1.1)
Modem Event Monitor
Modem Helper (Version: 2.40)
Modem On Hold (Version: 1.12)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSN
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Musicmatch for Windows Media Player (Version: 0.00.000)
Musicmatch® Jukebox (Version: 9.00.2028)
MyWay Search Assistant (Version: 1.0.1)
NetZeroInstallers (Version: 1.0.0)
Neverwinter Nights 2 (Version: 1.00.0000)
Nikon Message Center (Version: 0.92.000)
Nikon RAW Codec (Version: 1.00.0000)
Nikon Transfer (Version: 1.1.1)
Nikon View 6
OmniPage SE 2.0 (Version: 2.00.0004)
Photo Click (Version: 1.0.0)
Picture Control Utility (Version: 1.1.2)
PowerDVD 5.5
Presto! PageManager 6.11
Qualxserve Service Agreement (Version: 1.11.0000)
QuickBooks Simple Start Special Edition (Version: )
QuickTime (Version: 7.66.71.0)
RealPlayer Basic
Safari (Version: 5.33.17.8)
Sonic DLA (Version: 5.2.1)
Sonic MyDVD LE (Version: 6.1.1)
Sonic RecordNow Audio (Version: 2.0.0)
Sonic RecordNow Copy (Version: 2.0.0)
Sonic RecordNow Data (Version: 2.0.0)
Sonic Update Manager (Version: 3.0.0)
Sony Picture Utility (Version: 3.0.00.11220)
Sound Blaster Live! 24-bit
Spybot - Search & Destroy (Version: 1.6.2)
Swords and Sandals 3 (Version: 1.3.0)
Ultimate Mahjongg
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB976749) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
ViewNX (Version: 1.1.1)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebEx
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WordPerfect Office 12 (Version: 12.01)

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 2046.09 MB
Available physical RAM: 1281.73 MB
Total Pagefile: 3938.1 MB
Available Pagefile: 3341.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.74 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:229.21 GB) (Free:36.52 GB) NTFS

========================= Users: ========================================

User accounts for \\ANGUS

Administrator Guest HelpAssistant
Iain Max Nancy
SUPPORT_388945a0


**** End of log ****

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 PM

Posted 14 April 2012 - 12:30 PM

Download

http://go.microsoft.com/?linkid=9668866

Run the fixit

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your antivirus frequently

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users