Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i8042prt.sys missing and 7.tmp.exe trojan


  • This topic is locked This topic is locked
34 replies to this topic

#1 Hooligan_Mick

Hooligan_Mick

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 20 April 2012 - 12:32 PM

I have an entire office that has been experiencing rampant virus/trojan propagation for weeks now. Even after re-imaging all the machines and only allowing Internet access by white list, 7.tmp.exe has found its way back in. I have used ComboFix as an IT professional many times before. Please see the log below. Suggestions would be great as again, this is affecting 49 XP nodes and I just can't shake it.


ComboFix 12-04-17.01 - user 04/20/2012 12:01:41.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1012.516 [GMT -4:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-19 16:56 . 2012-04-19 16:59 -------- d-----w- c:\documents and settings\jmack
2012-04-19 16:03 . 2012-04-19 16:03 -------- d-----w- c:\documents and settings\user\Application Data\Windows Search
2012-04-16 14:08 . 2012-04-16 14:11 -------- d-----w- c:\documents and settings\zwhitney
2012-04-14 16:12 . 2012-04-14 16:12 -------- d-----w- c:\documents and settings\smitchell
2012-04-13 14:01 . 2012-04-13 14:04 -------- d-----w- c:\documents and settings\cmahoney
2012-04-05 18:32 . 2012-04-05 18:49 -------- d-----w- c:\documents and settings\picadmin
2012-04-04 13:19 . 2012-04-17 13:38 -------- d-----w- c:\documents and settings\bbarnett
2012-04-03 14:04 . 2012-04-03 14:04 -------- d-----w- c:\documents and settings\jcook
2012-04-02 14:00 . 2012-04-02 14:02 -------- d-----w- c:\documents and settings\dchapman
2012-03-30 19:34 . 2012-03-30 19:35 -------- d-----w- c:\documents and settings\trichards
2012-03-30 19:15 . 2012-03-30 19:15 -------- d-----w- c:\program files\RealVNC
2012-03-30 13:58 . 2012-04-11 13:58 -------- d-----w- c:\documents and settings\dblocker
2012-03-29 21:30 . 2012-03-29 21:32 -------- d-----w- c:\documents and settings\MKiselova
2012-03-27 21:32 . 2012-03-28 02:23 -------- d-----w- c:\documents and settings\cfagan
2012-03-26 21:38 . 2012-03-26 21:41 -------- d-----w- c:\documents and settings\dharris
2012-03-25 15:01 . 2012-03-25 15:01 -------- d-----w- c:\documents and settings\pkilli
2012-03-23 14:27 . 2012-03-23 14:27 -------- d-----w- c:\program files\Magical Jelly Bean
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-19 17:21 . 2012-03-19 17:21 4608 ----a-w- c:\windows\system32\bbchlp.dll
2012-03-19 17:21 . 2012-03-19 17:21 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2012-03-19 17:21 . 2012-03-19 17:21 30720 ----a-w- c:\windows\system32\bbcap.dll
2012-03-16 18:02 . 2012-03-16 18:02 315392 ----a-w- c:\windows\HideWin.exe
2012-02-03 09:22 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:57 . 2012-03-19 14:11 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-31 12:57 . 2012-03-19 14:11 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-18 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-18 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-18 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-18 16859648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"Remote Angel"="c:\program files\NNT Change Tracker Suite\Remote Angel\NNT.Angel.Tray.exe" [2011-11-23 203776]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [3/19/2012 10:11 AM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/19/2012 10:11 AM 86224]
R2 NNTAngelService;NNT Remote Angel Core Service;c:\program files\NNT Change Tracker Suite\Remote Angel\NNTAngelService.exe [11/23/2011 12:26 PM 40960]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [3/20/2012 11:38 AM 3027840]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [3/19/2012 1:21 PM 4096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 CorreLog Message;CorreLog Syslog Message Service;c:\correlog\wintools\CO-sysmsg.exe [9/5/2011 6:27 PM 204800]
S3 CorreLog Tunnel Sender;CorreLog Tunnel Sender Service;c:\correlog\wintools\CO-tsend.exe [9/5/2011 6:27 PM 157696]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7.tmp --> c:\windows\system32\7.tmp [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 8:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 71.252.0.12 71.242.0.12
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-20 12:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3828)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-20 12:20:55
ComboFix-quarantined-files.txt 2012-04-20 16:20
.
Pre-Run: 68,977,467,392 bytes free
Post-Run: 69,141,737,472 bytes free
.
- - End Of File - - F24CC1F6ED14918914EA97CE0870DA6B

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 AM

Posted 26 April 2012 - 12:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/450780 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Hooligan_Mick

Hooligan_Mick
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 27 April 2012 - 09:12 AM

Yes, I do still need assistance on this post. Below are the most recent GMER Logs. Also, Win reinstall media is available.


ComboFix 12-04-17.01 - user 04/20/2012 16:42:44.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1012.551 [GMT -4:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-19 16:56 . 2012-04-19 16:59 -------- d-----w- c:\documents and settings\jmack
2012-04-19 16:03 . 2012-04-19 16:03 -------- d-----w- c:\documents and settings\user\Application Data\Windows Search
2012-04-16 14:08 . 2012-04-16 14:11 -------- d-----w- c:\documents and settings\zwhitney
2012-04-14 16:12 . 2012-04-14 16:12 -------- d-----w- c:\documents and settings\smitchell
2012-04-13 14:01 . 2012-04-13 14:04 -------- d-----w- c:\documents and settings\cmahoney
2012-04-05 18:32 . 2012-04-05 18:49 -------- d-----w- c:\documents and settings\picadmin
2012-04-04 13:19 . 2012-04-17 13:38 -------- d-----w- c:\documents and settings\bbarnett
2012-04-03 14:04 . 2012-04-03 14:04 -------- d-----w- c:\documents and settings\jcook
2012-04-02 14:00 . 2012-04-02 14:02 -------- d-----w- c:\documents and settings\dchapman
2012-03-30 19:34 . 2012-03-30 19:35 -------- d-----w- c:\documents and settings\trichards
2012-03-30 19:15 . 2012-03-30 19:15 -------- d-----w- c:\program files\RealVNC
2012-03-30 13:58 . 2012-04-11 13:58 -------- d-----w- c:\documents and settings\dblocker
2012-03-29 21:30 . 2012-03-29 21:32 -------- d-----w- c:\documents and settings\MKiselova
2012-03-27 21:32 . 2012-03-28 02:23 -------- d-----w- c:\documents and settings\cfagan
2012-03-26 21:38 . 2012-03-26 21:41 -------- d-----w- c:\documents and settings\dharris
2012-03-25 15:01 . 2012-03-25 15:01 -------- d-----w- c:\documents and settings\pkilli
2012-03-23 14:27 . 2012-03-23 14:27 -------- d-----w- c:\program files\Magical Jelly Bean
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-19 17:21 . 2012-03-19 17:21 4608 ----a-w- c:\windows\system32\bbchlp.dll
2012-03-19 17:21 . 2012-03-19 17:21 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2012-03-19 17:21 . 2012-03-19 17:21 30720 ----a-w- c:\windows\system32\bbcap.dll
2012-03-16 18:02 . 2012-03-16 18:02 315392 ----a-w- c:\windows\HideWin.exe
2012-02-03 09:22 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:57 . 2012-03-19 14:11 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-31 12:57 . 2012-03-19 14:11 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-20_16.17.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-20 19:41 . 2012-04-20 19:41 16384 c:\windows\Temp\Perflib_Perfdata_b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-18 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-18 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-18 131072]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-18 16859648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"Remote Angel"="c:\program files\NNT Change Tracker Suite\Remote Angel\NNT.Angel.Tray.exe" [2011-11-23 203776]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [3/19/2012 10:11 AM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/19/2012 10:11 AM 86224]
R2 NNTAngelService;NNT Remote Angel Core Service;c:\program files\NNT Change Tracker Suite\Remote Angel\NNTAngelService.exe [11/23/2011 12:26 PM 40960]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [3/20/2012 11:38 AM 3027840]
R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [3/19/2012 1:21 PM 4096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 CorreLog Message;CorreLog Syslog Message Service;c:\correlog\wintools\CO-sysmsg.exe [9/5/2011 6:27 PM 204800]
S3 CorreLog Tunnel Sender;CorreLog Tunnel Sender Service;c:\correlog\wintools\CO-tsend.exe [9/5/2011 6:27 PM 157696]
S3 MEMSWEEP2;MEMSWEEP2; [x]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 8:00 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 71.252.0.12 71.242.0.12
.
.
------- File Associations -------
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-20 16:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(444)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-20 17:01:07
ComboFix-quarantined-files.txt 2012-04-20 21:00
ComboFix2.txt 2012-04-20 16:20
.
Pre-Run: 70,177,406,976 bytes free
Post-Run: 70,160,879,616 bytes free
.
- - End Of File - - 07EF071B8BC21C732656A119BAB4F52F

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:20 AM

Posted 01 May 2012 - 08:15 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    i8042prt.sys
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Posted Image
m0le is a proud member of UNITE

#5 Hooligan_Mick

Hooligan_Mick
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 02 May 2012 - 09:37 AM

Hi and thanks for getting back to me. I will run the scan now and post results shortly.

#6 Hooligan_Mick

Hooligan_Mick
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 02 May 2012 - 09:51 AM

Here are the results:

SystemLook 30.07.11 by jpshortstuff
Log created at 10:48 on 02/05/2012 by user
Administrator - Elevation successful

========== filefind ==========

Searching for "i8042prt.sys"
No files found.

-= EOF =-

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:20 AM

Posted 02 May 2012 - 05:20 PM

You don't have a backup file which is why Combofix reported it but couldn't do the replace.

You have the reinstall disk with the drivers so that can be replaced later. Let's try and diagnose this problem.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Edited by m0le, 03 May 2012 - 06:04 PM.

Posted Image
m0le is a proud member of UNITE

#8 Hooligan_Mick

Hooligan_Mick
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 03 May 2012 - 02:44 PM

Here is the log file:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-03 15:39:41
-----------------------------
15:39:41.921 OS Version: Windows 5.1.2600 Service Pack 3
15:39:41.921 Number of processors: 2 586 0xF0D
15:39:41.921 ComputerName: NEWPC39 UserName: user
15:39:42.218 Initialize success
15:39:58.625 AVAST engine download error: 0
15:40:11.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
15:40:11.875 Disk 0 Vendor: WDC_WD800AAJS-22WAA0 58.01D58 Size: 76319MB BusType: 3
15:40:11.890 Disk 0 MBR read successfully
15:40:11.890 Disk 0 MBR scan
15:40:11.890 Disk 0 Windows XP default MBR code
15:40:11.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
15:40:11.968 Disk 0 scanning sectors +156280320
15:40:12.109 Disk 0 scanning C:\WINDOWS\system32\drivers
15:40:21.921 Service scanning
15:40:29.640 Modules scanning
15:40:38.000 Disk 0 trace - called modules:
15:40:38.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
15:40:38.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86565ab8]
15:40:38.015 3 CLASSPNP.SYS[f7696fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86568d98]
15:40:38.015 Scan finished successfully
15:41:17.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
15:41:17.437 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBRlog.txt"

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:20 AM

Posted 03 May 2012 - 06:05 PM

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#10 Hooligan_Mick

Hooligan_Mick
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 04 May 2012 - 09:10 AM

As requested:


10:08:18.0171 2240 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
10:08:19.0609 2240 ============================================================
10:08:19.0609 2240 Current date / time: 2012/05/04 10:08:19.0609
10:08:19.0609 2240 SystemInfo:
10:08:19.0609 2240
10:08:19.0609 2240 OS Version: 5.1.2600 ServicePack: 3.0
10:08:19.0609 2240 Product type: Workstation
10:08:19.0609 2240 ComputerName: NEWPC39
10:08:19.0609 2240 UserName: user
10:08:19.0609 2240 Windows directory: C:\WINDOWS
10:08:19.0609 2240 System windows directory: C:\WINDOWS
10:08:19.0609 2240 Processor architecture: Intel x86
10:08:19.0609 2240 Number of processors: 2
10:08:19.0609 2240 Page size: 0x1000
10:08:19.0609 2240 Boot type: Normal boot
10:08:19.0609 2240 ============================================================
10:08:22.0312 2240 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:08:22.0328 2240 ============================================================
10:08:22.0328 2240 \Device\Harddisk0\DR0:
10:08:22.0328 2240 MBR partitions:
10:08:22.0328 2240 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
10:08:22.0328 2240 ============================================================
10:08:22.0359 2240 C: <-> \Device\Harddisk0\DR0\Partition0
10:08:22.0359 2240 ============================================================
10:08:22.0359 2240 Initialize success
10:08:22.0359 2240 ============================================================
10:08:26.0500 0540 ============================================================
10:08:26.0500 0540 Scan started
10:08:26.0500 0540 Mode: Manual;
10:08:26.0500 0540 ============================================================
10:08:26.0875 0540 Abiosdsk - ok
10:08:26.0890 0540 abp480n5 - ok
10:08:26.0953 0540 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:08:26.0953 0540 ACPI - ok
10:08:27.0000 0540 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:08:27.0000 0540 ACPIEC - ok
10:08:27.0000 0540 adpu160m - ok
10:08:27.0046 0540 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:08:27.0062 0540 aec - ok
10:08:27.0109 0540 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:08:27.0125 0540 AFD - ok
10:08:27.0125 0540 Aha154x - ok
10:08:27.0140 0540 aic78u2 - ok
10:08:27.0171 0540 aic78xx - ok
10:08:27.0203 0540 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:08:27.0265 0540 Alerter - ok
10:08:27.0296 0540 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:08:27.0296 0540 ALG - ok
10:08:27.0296 0540 AliIde - ok
10:08:27.0328 0540 amsint - ok
10:08:27.0546 0540 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:08:27.0546 0540 AntiVirSchedulerService - ok
10:08:27.0593 0540 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:08:27.0593 0540 AntiVirService - ok
10:08:27.0640 0540 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
10:08:27.0703 0540 AppMgmt - ok
10:08:27.0734 0540 asc - ok
10:08:27.0750 0540 asc3350p - ok
10:08:27.0765 0540 asc3550 - ok
10:08:28.0062 0540 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:08:28.0062 0540 aspnet_state - ok
10:08:28.0125 0540 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:08:28.0125 0540 AsyncMac - ok
10:08:28.0171 0540 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:08:28.0171 0540 atapi - ok
10:08:28.0187 0540 Atdisk - ok
10:08:28.0203 0540 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:08:28.0203 0540 Atmarpc - ok
10:08:28.0265 0540 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:08:28.0312 0540 AudioSrv - ok
10:08:28.0343 0540 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:08:28.0343 0540 audstub - ok
10:08:28.0359 0540 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:08:28.0359 0540 avgntflt - ok
10:08:28.0390 0540 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:08:28.0406 0540 avipbb - ok
10:08:28.0437 0540 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
10:08:28.0437 0540 avkmgr - ok
10:08:28.0484 0540 bbcap (709fbe6eced1c3259d2b50bb0520b765) C:\WINDOWS\system32\DRIVERS\bbcap.sys
10:08:28.0484 0540 bbcap - ok
10:08:28.0531 0540 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:08:28.0531 0540 Beep - ok
10:08:28.0578 0540 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
10:08:28.0703 0540 BITS - ok
10:08:28.0734 0540 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:08:28.0828 0540 Browser - ok
10:08:28.0968 0540 catchme - ok
10:08:28.0984 0540 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:08:28.0984 0540 cbidf2k - ok
10:08:29.0015 0540 cd20xrnt - ok
10:08:29.0046 0540 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:08:29.0062 0540 Cdaudio - ok
10:08:29.0109 0540 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:08:29.0109 0540 Cdfs - ok
10:08:29.0140 0540 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:08:29.0140 0540 Cdrom - ok
10:08:29.0156 0540 Changer - ok
10:08:29.0187 0540 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:08:29.0187 0540 CiSvc - ok
10:08:29.0203 0540 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:08:29.0203 0540 ClipSrv - ok
10:08:29.0265 0540 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:08:29.0265 0540 clr_optimization_v2.0.50727_32 - ok
10:08:29.0375 0540 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:08:29.0375 0540 clr_optimization_v4.0.30319_32 - ok
10:08:29.0406 0540 CmdIde - ok
10:08:29.0421 0540 COMSysApp - ok
10:08:29.0546 0540 CorreLog Message (b88aa034a83f22a941414c83bd3aee9e) C:\CorreLog\wintools\CO-sysmsg.exe
10:08:29.0546 0540 CorreLog Message - ok
10:08:29.0625 0540 CorreLog Tunnel Sender (c84861121a101a4eb5d5c9576845c531) C:\CorreLog\wintools\CO-tsend.exe
10:08:29.0625 0540 CorreLog Tunnel Sender - ok
10:08:29.0640 0540 Cpqarray - ok
10:08:29.0671 0540 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:08:29.0750 0540 CryptSvc - ok
10:08:29.0781 0540 dac2w2k - ok
10:08:29.0781 0540 dac960nt - ok
10:08:29.0859 0540 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:08:29.0859 0540 DcomLaunch - ok
10:08:29.0921 0540 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:08:29.0984 0540 Dhcp - ok
10:08:30.0015 0540 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:08:30.0015 0540 Disk - ok
10:08:30.0015 0540 dmadmin - ok
10:08:30.0109 0540 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:08:30.0125 0540 dmboot - ok
10:08:30.0156 0540 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:08:30.0156 0540 dmio - ok
10:08:30.0171 0540 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:08:30.0171 0540 dmload - ok
10:08:30.0218 0540 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:08:30.0265 0540 dmserver - ok
10:08:30.0312 0540 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:08:30.0312 0540 DMusic - ok
10:08:30.0343 0540 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
10:08:30.0421 0540 Dnscache - ok
10:08:30.0453 0540 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:08:30.0515 0540 Dot3svc - ok
10:08:30.0531 0540 dpti2o - ok
10:08:30.0578 0540 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:08:30.0578 0540 drmkaud - ok
10:08:30.0625 0540 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:08:30.0640 0540 E100B - ok
10:08:30.0671 0540 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:08:30.0718 0540 EapHost - ok
10:08:30.0734 0540 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:08:30.0796 0540 ERSvc - ok
10:08:30.0843 0540 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:08:30.0859 0540 Eventlog - ok
10:08:30.0921 0540 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
10:08:30.0984 0540 EventSystem - ok
10:08:31.0031 0540 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:08:31.0031 0540 Fastfat - ok
10:08:31.0093 0540 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:08:31.0171 0540 FastUserSwitchingCompatibility - ok
10:08:31.0218 0540 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:08:31.0218 0540 Fdc - ok
10:08:31.0234 0540 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:08:31.0234 0540 Fips - ok
10:08:31.0250 0540 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:08:31.0250 0540 Flpydisk - ok
10:08:31.0328 0540 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:08:31.0328 0540 FltMgr - ok
10:08:31.0421 0540 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:08:31.0421 0540 FontCache3.0.0.0 - ok
10:08:31.0453 0540 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:08:31.0453 0540 Fs_Rec - ok
10:08:31.0484 0540 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:08:31.0484 0540 Ftdisk - ok
10:08:31.0500 0540 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:08:31.0515 0540 Gpc - ok
10:08:31.0562 0540 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:08:31.0562 0540 HDAudBus - ok
10:08:31.0593 0540 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:08:31.0671 0540 helpsvc - ok
10:08:31.0671 0540 HidServ - ok
10:08:31.0703 0540 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:08:31.0703 0540 hidusb - ok
10:08:31.0718 0540 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:08:31.0796 0540 hkmsvc - ok
10:08:31.0828 0540 hpn - ok
10:08:31.0890 0540 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:08:31.0890 0540 HTTP - ok
10:08:31.0921 0540 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:08:31.0984 0540 HTTPFilter - ok
10:08:31.0984 0540 i2omgmt - ok
10:08:32.0000 0540 i2omp - ok
10:08:32.0406 0540 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:08:32.0546 0540 ialm - ok
10:08:32.0765 0540 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:08:32.0781 0540 idsvc - ok
10:08:32.0843 0540 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:08:32.0843 0540 Imapi - ok
10:08:32.0890 0540 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
10:08:32.0890 0540 ImapiService - ok
10:08:32.0906 0540 ini910u - ok
10:08:33.0265 0540 IntcAzAudAddService (dbc702fbc70dc58d9122ce56eadbd659) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:08:33.0375 0540 IntcAzAudAddService - ok
10:08:33.0453 0540 IntelIde - ok
10:08:33.0500 0540 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:08:33.0500 0540 intelppm - ok
10:08:33.0531 0540 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:08:33.0531 0540 Ip6Fw - ok
10:08:33.0562 0540 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:08:33.0562 0540 IpFilterDriver - ok
10:08:33.0578 0540 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:08:33.0578 0540 IpInIp - ok
10:08:33.0593 0540 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:08:33.0593 0540 IpNat - ok
10:08:33.0625 0540 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:08:33.0640 0540 IPSec - ok
10:08:33.0656 0540 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:08:33.0656 0540 IRENUM - ok
10:08:33.0687 0540 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:08:33.0687 0540 isapnp - ok
10:08:33.0718 0540 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:08:33.0734 0540 Kbdclass - ok
10:08:33.0750 0540 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:08:33.0750 0540 kbdhid - ok
10:08:33.0796 0540 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:08:33.0796 0540 kmixer - ok
10:08:33.0828 0540 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:08:33.0828 0540 KSecDD - ok
10:08:33.0875 0540 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
10:08:33.0953 0540 LanmanServer - ok
10:08:34.0000 0540 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
10:08:34.0062 0540 lanmanworkstation - ok
10:08:34.0078 0540 lbrtfdc - ok
10:08:34.0125 0540 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:08:34.0171 0540 LmHosts - ok
10:08:34.0171 0540 MEMSWEEP2 - ok
10:08:34.0203 0540 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:08:34.0250 0540 Messenger - ok
10:08:34.0312 0540 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:08:34.0312 0540 mnmdd - ok
10:08:34.0359 0540 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
10:08:34.0359 0540 mnmsrvc - ok
10:08:34.0406 0540 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:08:34.0406 0540 Modem - ok
10:08:34.0437 0540 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:08:34.0437 0540 Mouclass - ok
10:08:34.0484 0540 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:08:34.0484 0540 mouhid - ok
10:08:34.0500 0540 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:08:34.0500 0540 MountMgr - ok
10:08:34.0515 0540 mraid35x - ok
10:08:34.0546 0540 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:08:34.0546 0540 MRxDAV - ok
10:08:34.0625 0540 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:08:34.0625 0540 MRxSmb - ok
10:08:34.0656 0540 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
10:08:34.0671 0540 MSDTC - ok
10:08:34.0718 0540 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:08:34.0718 0540 Msfs - ok
10:08:34.0718 0540 MSIServer - ok
10:08:34.0750 0540 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:08:34.0750 0540 MSKSSRV - ok
10:08:34.0781 0540 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:08:34.0781 0540 MSPCLOCK - ok
10:08:34.0812 0540 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:08:34.0812 0540 MSPQM - ok
10:08:34.0859 0540 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:08:34.0859 0540 mssmbios - ok
10:08:34.0921 0540 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:08:34.0921 0540 Mup - ok
10:08:34.0953 0540 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:08:35.0046 0540 napagent - ok
10:08:35.0093 0540 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:08:35.0093 0540 NDIS - ok
10:08:35.0125 0540 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:08:35.0125 0540 NdisTapi - ok
10:08:35.0171 0540 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:08:35.0187 0540 Ndisuio - ok
10:08:35.0218 0540 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:08:35.0218 0540 NdisWan - ok
10:08:35.0250 0540 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:08:35.0250 0540 NDProxy - ok
10:08:35.0296 0540 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:08:35.0296 0540 NetBIOS - ok
10:08:35.0359 0540 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:08:35.0359 0540 NetBT - ok
10:08:35.0390 0540 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:08:35.0406 0540 NetDDE - ok
10:08:35.0421 0540 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:08:35.0421 0540 NetDDEdsdm - ok
10:08:35.0484 0540 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:08:35.0484 0540 Netlogon - ok
10:08:35.0515 0540 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:08:35.0625 0540 Netman - ok
10:08:35.0750 0540 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:08:35.0765 0540 NetTcpPortSharing - ok
10:08:35.0843 0540 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
10:08:35.0859 0540 Nla - ok
10:08:35.0968 0540 NNTAngelService (81b75a7cad165634c0ae5d3f7300fb59) C:\Program Files\NNT Change Tracker Suite\Remote Angel\NNTAngelService.exe
10:08:35.0968 0540 NNTAngelService - ok
10:08:36.0000 0540 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:08:36.0000 0540 Npfs - ok
10:08:36.0062 0540 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:08:36.0078 0540 Ntfs - ok
10:08:36.0078 0540 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:08:36.0078 0540 NtLmSsp - ok
10:08:36.0140 0540 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:08:36.0250 0540 NtmsSvc - ok
10:08:36.0265 0540 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:08:36.0265 0540 Null - ok
10:08:36.0312 0540 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:08:36.0312 0540 NwlnkFlt - ok
10:08:36.0312 0540 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:08:36.0328 0540 NwlnkFwd - ok
10:08:36.0375 0540 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
10:08:36.0375 0540 Parport - ok
10:08:36.0390 0540 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:08:36.0390 0540 PartMgr - ok
10:08:36.0437 0540 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:08:36.0437 0540 ParVdm - ok
10:08:36.0453 0540 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:08:36.0453 0540 PCI - ok
10:08:36.0484 0540 PCIDump - ok
10:08:36.0500 0540 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:08:36.0500 0540 PCIIde - ok
10:08:36.0546 0540 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:08:36.0546 0540 Pcmcia - ok
10:08:36.0562 0540 PDCOMP - ok
10:08:36.0578 0540 PDFRAME - ok
10:08:36.0593 0540 PDRELI - ok
10:08:36.0640 0540 PDRFRAME - ok
10:08:36.0656 0540 perc2 - ok
10:08:36.0656 0540 perc2hib - ok
10:08:36.0796 0540 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:08:36.0812 0540 PlugPlay - ok
10:08:36.0828 0540 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:08:36.0828 0540 PolicyAgent - ok
10:08:36.0875 0540 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:08:36.0875 0540 PptpMiniport - ok
10:08:36.0890 0540 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:08:36.0890 0540 ProtectedStorage - ok
10:08:36.0921 0540 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:08:36.0921 0540 PSched - ok
10:08:36.0953 0540 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:08:36.0968 0540 Ptilink - ok
10:08:36.0968 0540 ql1080 - ok
10:08:36.0984 0540 Ql10wnt - ok
10:08:37.0015 0540 ql12160 - ok
10:08:37.0031 0540 ql1240 - ok
10:08:37.0046 0540 ql1280 - ok
10:08:37.0093 0540 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:08:37.0093 0540 RasAcd - ok
10:08:37.0125 0540 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:08:37.0203 0540 RasAuto - ok
10:08:37.0234 0540 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:08:37.0234 0540 Rasl2tp - ok
10:08:37.0265 0540 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:08:37.0359 0540 RasMan - ok
10:08:37.0390 0540 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:08:37.0390 0540 RasPppoe - ok
10:08:37.0406 0540 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:08:37.0406 0540 Raspti - ok
10:08:37.0453 0540 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:08:37.0453 0540 Rdbss - ok
10:08:37.0484 0540 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:08:37.0484 0540 RDPCDD - ok
10:08:37.0531 0540 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:08:37.0531 0540 rdpdr - ok
10:08:37.0578 0540 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
10:08:37.0593 0540 RDPWD - ok
10:08:37.0625 0540 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:08:37.0640 0540 RDSessMgr - ok
10:08:37.0687 0540 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:08:37.0687 0540 redbook - ok
10:08:37.0703 0540 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:08:37.0750 0540 RemoteAccess - ok
10:08:37.0781 0540 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
10:08:37.0843 0540 RemoteRegistry - ok
10:08:37.0875 0540 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
10:08:37.0875 0540 RpcLocator - ok
10:08:37.0921 0540 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
10:08:37.0937 0540 RpcSs - ok
10:08:37.0984 0540 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
10:08:38.0000 0540 RSVP - ok
10:08:38.0062 0540 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:08:38.0062 0540 SamSs - ok
10:08:38.0109 0540 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:08:38.0125 0540 SCardSvr - ok
10:08:38.0171 0540 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:08:38.0250 0540 Schedule - ok
10:08:38.0281 0540 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:08:38.0281 0540 Secdrv - ok
10:08:38.0312 0540 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:08:38.0390 0540 seclogon - ok
10:08:38.0437 0540 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:08:38.0484 0540 SENS - ok
10:08:38.0515 0540 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:08:38.0515 0540 serenum - ok
10:08:38.0546 0540 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:08:38.0562 0540 Serial - ok
10:08:38.0625 0540 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:08:38.0625 0540 Sfloppy - ok
10:08:38.0656 0540 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
10:08:38.0718 0540 SharedAccess - ok
10:08:38.0765 0540 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:08:38.0781 0540 ShellHWDetection - ok
10:08:38.0781 0540 Simbad - ok
10:08:38.0828 0540 Sparrow - ok
10:08:38.0859 0540 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:08:38.0859 0540 splitter - ok
10:08:38.0921 0540 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:08:38.0921 0540 Spooler - ok
10:08:38.0968 0540 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:08:38.0968 0540 sr - ok
10:08:39.0000 0540 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
10:08:39.0078 0540 srservice - ok
10:08:39.0093 0540 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:08:39.0109 0540 Srv - ok
10:08:39.0140 0540 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:08:39.0234 0540 SSDPSRV - ok
10:08:39.0312 0540 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:08:39.0312 0540 ssmdrv - ok
10:08:39.0375 0540 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:08:39.0468 0540 stisvc - ok
10:08:39.0500 0540 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:08:39.0500 0540 swenum - ok
10:08:39.0546 0540 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:08:39.0546 0540 swmidi - ok
10:08:39.0562 0540 SwPrv - ok
10:08:39.0578 0540 symc810 - ok
10:08:39.0593 0540 symc8xx - ok
10:08:39.0593 0540 sym_hi - ok
10:08:39.0640 0540 sym_u3 - ok
10:08:39.0687 0540 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:08:39.0687 0540 sysaudio - ok
10:08:39.0750 0540 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:08:39.0765 0540 SysmonLog - ok
10:08:39.0828 0540 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:08:39.0906 0540 TapiSrv - ok
10:08:39.0984 0540 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:08:39.0984 0540 Tcpip - ok
10:08:40.0031 0540 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:08:40.0031 0540 TDPIPE - ok
10:08:40.0046 0540 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:08:40.0062 0540 TDTCP - ok
10:08:40.0406 0540 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
10:08:40.0593 0540 TeamViewer7 - ok
10:08:40.0703 0540 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:08:40.0703 0540 TermDD - ok
10:08:40.0734 0540 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:08:40.0812 0540 TermService - ok
10:08:40.0859 0540 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:08:40.0859 0540 Themes - ok
10:08:40.0906 0540 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
10:08:40.0921 0540 TlntSvr - ok
10:08:40.0937 0540 TosIde - ok
10:08:40.0984 0540 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:08:41.0031 0540 TrkWks - ok
10:08:41.0093 0540 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:08:41.0093 0540 Udfs - ok
10:08:41.0156 0540 ultra - ok
10:08:41.0437 0540 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:08:41.0453 0540 Update - ok
10:08:41.0656 0540 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:08:41.0812 0540 upnphost - ok
10:08:41.0890 0540 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:08:41.0906 0540 UPS - ok
10:08:41.0937 0540 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:08:41.0937 0540 usbehci - ok
10:08:41.0984 0540 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:08:42.0000 0540 usbhub - ok
10:08:42.0046 0540 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:08:42.0046 0540 USBSTOR - ok
10:08:42.0078 0540 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:08:42.0093 0540 usbuhci - ok
10:08:42.0109 0540 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:08:42.0109 0540 VgaSave - ok
10:08:42.0125 0540 ViaIde - ok
10:08:42.0171 0540 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:08:42.0171 0540 VolSnap - ok
10:08:42.0234 0540 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:08:42.0234 0540 VSS - ok
10:08:42.0281 0540 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
10:08:42.0359 0540 W32Time - ok
10:08:42.0406 0540 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:08:42.0406 0540 Wanarp - ok
10:08:42.0406 0540 WDICA - ok
10:08:42.0437 0540 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:08:42.0437 0540 wdmaud - ok
10:08:42.0484 0540 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:08:42.0531 0540 WebClient - ok
10:08:42.0593 0540 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:08:42.0671 0540 winmgmt - ok
10:08:42.0781 0540 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
10:08:42.0890 0540 WinRM - ok
10:08:43.0015 0540 WinVNC4 (f3edc9909a02e6bca863eb702d37b505) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
10:08:43.0046 0540 WinVNC4 - ok
10:08:43.0093 0540 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
10:08:43.0140 0540 WmdmPmSN - ok
10:08:43.0203 0540 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
10:08:43.0218 0540 Wmi - ok
10:08:43.0312 0540 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:08:43.0312 0540 WmiApSrv - ok
10:08:43.0468 0540 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
10:08:43.0500 0540 WMPNetworkSvc - ok
10:08:43.0671 0540 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:08:43.0687 0540 WPFFontCache_v0400 - ok
10:08:43.0781 0540 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:08:43.0781 0540 WS2IFSL - ok
10:08:43.0843 0540 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
10:08:43.0937 0540 wscsvc - ok
10:08:43.0937 0540 WSearch - ok
10:08:44.0000 0540 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:08:44.0000 0540 wuauserv - ok
10:08:44.0062 0540 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:08:44.0078 0540 WudfPf - ok
10:08:44.0093 0540 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:08:44.0109 0540 WudfRd - ok
10:08:44.0125 0540 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:08:44.0171 0540 WudfSvc - ok
10:08:44.0234 0540 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:08:44.0328 0540 WZCSVC - ok
10:08:44.0390 0540 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:08:44.0453 0540 xmlprov - ok
10:08:44.0468 0540 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:08:44.0640 0540 \Device\Harddisk0\DR0 - ok
10:08:44.0640 0540 Boot (0x1200) (a921cf5cc103bfd32ad4544e24213065) \Device\Harddisk0\DR0\Partition0
10:08:44.0640 0540 \Device\Harddisk0\DR0\Partition0 - ok
10:08:44.0640 0540 ============================================================
10:08:44.0640 0540 Scan finished
10:08:44.0640 0540 ============================================================
10:08:44.0671 3244 Detected object count: 0
10:08:44.0671 3244 Actual detected object count: 0
10:08:51.0281 3504 Deinitialize success

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:20 AM

Posted 04 May 2012 - 05:37 PM

Please run OTL next - just a scanner at this point

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:20 AM

Posted 07 May 2012 - 06:47 PM

Hi,

I have not had a reply from you for 4 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#13 Hooligan_Mick

Hooligan_Mick
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 08 May 2012 - 09:28 AM

Sorry I had a ton of other virus related issues yesterday. Running the scan now and will post shortly.

#14 Hooligan_Mick

Hooligan_Mick
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 08 May 2012 - 10:36 AM

Extras.txt


OTL Extras logfile created on: 5/8/2012 11:12:21 AM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.95 Mb Total Physical Memory | 532.11 Mb Available Physical Memory | 52.58% Memory free
2.37 Gb Paging File | 1.84 Gb Available in Paging File | 77.50% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 68.24 Gb Free Space | 91.57% Space Free | Partition Type: NTFS

Computer Name: NEWPC39 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\RealVNC\VNC4\winvnc4.exe" = C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:winvnc4 -- (RealVNC Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{50211994-6C91-4DF4-A9A1-A4883CB1B910}" = NSC Composer Agent Desktop
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7635D07D-B727-496F-94CA-8AC60E0C40CE}" = Microsoft Report Viewer Redistributable 2005
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF784331-9BD1-4C1D-9C12-2D8A91BA87D5}" = NNT Remote Angel
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"CorreLog Syslog Message Service" = CorreLog Syslog Message Service
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROSet" = Intel® Network Connections Drivers
"RealVNC_is1" = VNC Free Edition 4.1.3
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"TeamViewer 7" = TeamViewer 7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/7/2012 8:57:13 PM | Computer Name = NEWPC39 | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The specified
domain either does not exist or could not be contacted. ). Group Policy processing
aborted.

Error - 5/7/2012 10:49:27 PM | Computer Name = NEWPC39 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/7/2012 11:26:36 PM | Computer Name = NEWPC39 | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The specified
domain either does not exist or could not be contacted. ). Group Policy processing
aborted.

Error - 5/8/2012 3:15:48 AM | Computer Name = NEWPC39 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 5/8/2012 3:15:48 AM | Computer Name = NEWPC39 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 5/8/2012 3:15:48 AM | Computer Name = NEWPC39 | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422].

Error - 5/8/2012 3:15:48 AM | Computer Name = NEWPC39 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070422 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 5/8/2012 3:15:48 AM | Computer Name = NEWPC39 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 5/8/2012 3:15:48 AM | Computer Name = NEWPC39 | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer Microsoft Writer
(Bootable State) called routine CVssWriterShim::Subscribe which failed with status
0x8000ffff (converted to 0x800423f4).

Error - 5/8/2012 3:27:34 AM | Computer Name = NEWPC39 | Source = VSS | ID = 12292
Description = Volume Shadow Copy Service error: Error creating the Shadow Copy Provider
COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422].

[ System Events ]
Error - 5/7/2012 2:14:57 PM | Computer Name = NEWPC39 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain PUBINTPA due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 5/7/2012 5:32:28 PM | Computer Name = NEWPC39 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/7/2012 5:35:33 PM | Computer Name = NEWPC39 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/7/2012 10:16:33 PM | Computer Name = NEWPC39 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/8/2012 3:15:48 AM | Computer Name = NEWPC39 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/8/2012 3:15:48 AM | Computer Name = NEWPC39 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SwPrv with
arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

Error - 5/8/2012 3:15:48 AM | Computer Name = NEWPC39 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/8/2012 3:27:34 AM | Computer Name = NEWPC39 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SwPrv with
arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

Error - 5/8/2012 10:56:48 AM | Computer Name = NEWPC39 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain PUBINTPA due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 5/8/2012 10:57:01 AM | Computer Name = NEWPC39 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:20 AM

Posted 08 May 2012 - 05:03 PM

There's another log to go with the extras, OTL.txt. Do you have it?
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users