Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot connect to Internet after Virus Removal


  • Please log in to reply
15 replies to this topic

#1 blueorchid

blueorchid

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 11 May 2012 - 05:00 AM

My Windows XP Professional system was infected with a virus and now I cannot get onto the internet.

Avast Internet Security stopped a number of suspected malicious URLS and advised to run a Boot Scan to finish the cleanup. The items cleaned up indicated they were infected with “Java: Agent – AJB [EXPL].”

After I ran the Boot Scan, the following error message appeared:

Avast will not be able to protect mail/news (error 10050). Please check that AvastSvc.exe is not blocked by personal firewall.

When I try to get into Windows firewall, receive the following messages:

Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) services? [/i][/i]

When I select “yes”, receive the following message:

Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service.

I ran Malwarebytes and it removed two “Backdoor.IRCBot” items.

I uninstalled and reinstalled Avast twice and still cannot resolve the problem. The webshield in Avast is turned off and I cannot turn it back on.

What should I do?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:52 PM

Posted 11 May 2012 - 07:59 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#3 blueorchid

blueorchid
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 11 May 2012 - 10:15 AM

Here are the reports:


10:40:12.0625 3588 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
10:40:12.0671 3588 ============================================================
10:40:12.0671 3588 Current date / time: 2012/05/11 10:40:12.0671
10:40:12.0671 3588 SystemInfo:
10:40:12.0671 3588
10:40:12.0671 3588 OS Version: 5.1.2600 ServicePack: 3.0
10:40:12.0671 3588 Product type: Workstation
10:40:12.0671 3588 ComputerName: IBM-C36EF5F925A
10:40:12.0671 3588 UserName: Owner
10:40:12.0671 3588 Windows directory: C:\WINDOWS
10:40:12.0671 3588 System windows directory: C:\WINDOWS
10:40:12.0671 3588 Processor architecture: Intel x86
10:40:12.0671 3588 Number of processors: 2
10:40:12.0671 3588 Page size: 0x1000
10:40:12.0671 3588 Boot type: Normal boot
10:40:12.0671 3588 ============================================================
10:40:14.0609 3588 Drive \Device\Harddisk0\DR0 - Size: 0x951240000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:40:14.0609 3588 Drive \Device\Harddisk1\DR3 - Size: 0x1F100000 (0.49 Gb), SectorSize: 0x200, Cylinders: 0x3F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:40:14.0609 3588 ============================================================
10:40:14.0609 3588 \Device\Harddisk0\DR0:
10:40:14.0609 3588 MBR partitions:
10:40:14.0609 3588 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4332663
10:40:14.0609 3588 \Device\Harddisk1\DR3:
10:40:14.0609 3588 MBR partitions:
10:40:14.0609 3588 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0xF87DF
10:40:14.0609 3588 ============================================================
10:40:14.0656 3588 C: <-> \Device\Harddisk0\DR0\Partition0
10:40:14.0656 3588 ============================================================
10:40:14.0656 3588 Initialize success
10:40:14.0656 3588 ============================================================
10:40:30.0562 0780 ============================================================
10:40:30.0562 0780 Scan started
10:40:30.0562 0780 Mode: Manual; TDLFS;
10:40:30.0562 0780 ============================================================
10:40:30.0718 0780 .afd - ok
10:40:30.0875 0780 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
10:40:30.0875 0780 Aavmker4 - ok
10:40:30.0890 0780 Abiosdsk - ok
10:40:30.0921 0780 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
10:40:30.0921 0780 abp480n5 - ok
10:40:30.0937 0780 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
10:40:30.0937 0780 ac97intc - ok
10:40:30.0968 0780 ACPI (ea38c961260f29295c6d03070fa9d0b5) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:40:30.0968 0780 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: ea38c961260f29295c6d03070fa9d0b5, Fake md5: 8fd99680a539792a30e97944fdaecf17
10:40:30.0984 0780 ACPI ( Virus.Win32.Rloader.a ) - infected
10:40:30.0984 0780 ACPI - detected Virus.Win32.Rloader.a (0)
10:40:30.0984 0780 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:40:30.0984 0780 ACPIEC - ok
10:40:31.0093 0780 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:40:31.0109 0780 AdobeFlashPlayerUpdateSvc - ok
10:40:31.0140 0780 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
10:40:31.0140 0780 adpu160m - ok
10:40:31.0171 0780 aeaudio (cde1f62fe63631b932ace2249fb11da0) C:\WINDOWS\system32\drivers\aeaudio.sys
10:40:31.0187 0780 aeaudio - ok
10:40:31.0218 0780 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:40:31.0218 0780 aec - ok
10:40:31.0265 0780 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
10:40:31.0265 0780 agp440 - ok
10:40:31.0281 0780 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
10:40:31.0281 0780 agpCPQ - ok
10:40:31.0312 0780 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
10:40:31.0312 0780 Aha154x - ok
10:40:31.0343 0780 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
10:40:31.0343 0780 aic78u2 - ok
10:40:31.0359 0780 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
10:40:31.0359 0780 aic78xx - ok
10:40:31.0390 0780 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:40:31.0390 0780 Alerter - ok
10:40:31.0421 0780 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:40:31.0421 0780 ALG - ok
10:40:31.0453 0780 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
10:40:31.0453 0780 AliIde - ok
10:40:31.0468 0780 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
10:40:31.0484 0780 alim1541 - ok
10:40:31.0500 0780 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
10:40:31.0500 0780 amdagp - ok
10:40:31.0546 0780 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
10:40:31.0546 0780 amsint - ok
10:40:31.0609 0780 Apple Mobile Device - ok
10:40:31.0656 0780 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
10:40:31.0656 0780 AppMgmt - ok
10:40:31.0687 0780 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
10:40:31.0687 0780 asc - ok
10:40:31.0703 0780 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
10:40:31.0703 0780 asc3350p - ok
10:40:31.0703 0780 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
10:40:31.0703 0780 asc3550 - ok
10:40:31.0812 0780 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:40:31.0812 0780 aspnet_state - ok
10:40:31.0875 0780 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
10:40:31.0875 0780 aswFsBlk - ok
10:40:31.0906 0780 aswFW (80beddcbb4a1417cec0c78a61cac0f66) C:\WINDOWS\system32\drivers\aswFW.sys
10:40:31.0906 0780 aswFW - ok
10:40:31.0921 0780 aswKbd (81e695913fefd4e23360a69c0f151797) C:\WINDOWS\system32\drivers\aswKbd.sys
10:40:31.0921 0780 aswKbd - ok
10:40:31.0937 0780 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
10:40:31.0937 0780 aswMon2 - ok
10:40:31.0953 0780 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\WINDOWS\system32\DRIVERS\aswNdis.sys
10:40:31.0953 0780 aswNdis - ok
10:40:32.0015 0780 aswNdis2 (72c8f79d72b4ff6e1627276ddf4b01c9) C:\WINDOWS\system32\drivers\aswNdis2.sys
10:40:32.0015 0780 aswNdis2 - ok
10:40:32.0031 0780 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
10:40:32.0031 0780 AswRdr - ok
10:40:32.0093 0780 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
10:40:32.0109 0780 aswSnx - ok
10:40:32.0156 0780 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
10:40:32.0171 0780 aswSP - ok
10:40:32.0203 0780 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
10:40:32.0203 0780 aswTdi - ok
10:40:32.0234 0780 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:40:32.0250 0780 AsyncMac - ok
10:40:32.0250 0780 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:40:32.0265 0780 atapi - ok
10:40:32.0265 0780 Atdisk - ok
10:40:32.0281 0780 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:40:32.0281 0780 Atmarpc - ok
10:40:32.0312 0780 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:40:32.0312 0780 AudioSrv - ok
10:40:32.0343 0780 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:40:32.0343 0780 audstub - ok
10:40:32.0500 0780 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:40:32.0500 0780 avast! Antivirus - ok
10:40:32.0546 0780 avast! Firewall (7d465549dfb0eca6601e9609c72cd20a) C:\Program Files\AVAST Software\Avast\afwServ.exe
10:40:32.0546 0780 avast! Firewall - ok
10:40:32.0625 0780 awhost32 (7cf4d19036ba2690e2208379cc56092c) C:\Program Files\Symantec\pcAnywhere\awhost32.exe
10:40:32.0625 0780 awhost32 - ok
10:40:32.0640 0780 awlegacy (abfe3ab22767eeb5e7d91b1b3bb2901c) C:\WINDOWS\System32\Drivers\awlegacy.sys
10:40:32.0640 0780 awlegacy - ok
10:40:32.0656 0780 AW_HOST (71c32536b50136e9e439306a2e9296e2) C:\WINDOWS\system32\drivers\aw_host5.sys
10:40:32.0656 0780 AW_HOST - ok
10:40:32.0703 0780 b57w2k (9948740f9043aca23b8fddf8b9651160) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
10:40:32.0703 0780 b57w2k - ok
10:40:32.0734 0780 Basics Service - ok
10:40:32.0750 0780 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:40:32.0750 0780 Beep - ok
10:40:32.0781 0780 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
10:40:32.0796 0780 BITS - ok
10:40:32.0828 0780 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:40:32.0843 0780 Browser - ok
10:40:32.0890 0780 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
10:40:32.0890 0780 cbidf - ok
10:40:32.0906 0780 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:40:32.0906 0780 cbidf2k - ok
10:40:32.0953 0780 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
10:40:32.0953 0780 cd20xrnt - ok
10:40:32.0953 0780 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:40:32.0968 0780 Cdaudio - ok
10:40:32.0984 0780 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:40:32.0984 0780 Cdfs - ok
10:40:33.0000 0780 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:40:33.0000 0780 Cdrom - ok
10:40:33.0000 0780 Changer - ok
10:40:33.0078 0780 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:40:33.0078 0780 CiSvc - ok
10:40:33.0109 0780 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:40:33.0109 0780 ClipSrv - ok
10:40:33.0203 0780 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:40:33.0203 0780 clr_optimization_v2.0.50727_32 - ok
10:40:33.0234 0780 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
10:40:33.0250 0780 CmdIde - ok
10:40:33.0250 0780 COMSysApp - ok
10:40:33.0296 0780 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
10:40:33.0296 0780 Cpqarray - ok
10:40:33.0328 0780 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:40:33.0328 0780 CryptSvc - ok
10:40:33.0359 0780 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
10:40:33.0359 0780 dac2w2k - ok
10:40:33.0359 0780 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
10:40:33.0375 0780 dac960nt - ok
10:40:33.0406 0780 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:40:33.0421 0780 DcomLaunch - ok
10:40:33.0453 0780 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:40:33.0468 0780 Dhcp - ok
10:40:33.0484 0780 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:40:33.0484 0780 Disk - ok
10:40:33.0484 0780 dmadmin - ok
10:40:33.0531 0780 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:40:33.0531 0780 dmboot - ok
10:40:33.0562 0780 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:40:33.0562 0780 dmio - ok
10:40:33.0593 0780 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:40:33.0593 0780 dmload - ok
10:40:33.0625 0780 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:40:33.0625 0780 dmserver - ok
10:40:33.0640 0780 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:40:33.0640 0780 DMusic - ok
10:40:33.0671 0780 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
10:40:33.0671 0780 Dnscache - ok
10:40:33.0703 0780 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:40:33.0703 0780 Dot3svc - ok
10:40:33.0750 0780 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
10:40:33.0750 0780 dpti2o - ok
10:40:33.0765 0780 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:40:33.0781 0780 drmkaud - ok
10:40:33.0796 0780 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:40:33.0796 0780 E100B - ok
10:40:33.0828 0780 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:40:33.0828 0780 EapHost - ok
10:40:33.0875 0780 EGATHDRV (7f220875288944c9c7856e2bc8613b1f) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
10:40:33.0890 0780 EGATHDRV - ok
10:40:33.0906 0780 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:40:33.0921 0780 ERSvc - ok
10:40:33.0953 0780 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:40:33.0953 0780 Eventlog - ok
10:40:34.0000 0780 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\Es.dll
10:40:34.0000 0780 EventSystem - ok
10:40:34.0031 0780 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:40:34.0031 0780 Fastfat - ok
10:40:34.0062 0780 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:40:34.0078 0780 FastUserSwitchingCompatibility - ok
10:40:34.0093 0780 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:40:34.0093 0780 Fdc - ok
10:40:34.0125 0780 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:40:34.0125 0780 Fips - ok
10:40:34.0234 0780 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:40:34.0250 0780 FLEXnet Licensing Service - ok
10:40:34.0265 0780 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:40:34.0265 0780 Flpydisk - ok
10:40:34.0296 0780 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:40:34.0296 0780 FltMgr - ok
10:40:34.0406 0780 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:40:34.0406 0780 FontCache3.0.0.0 - ok
10:40:34.0437 0780 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:40:34.0437 0780 Fs_Rec - ok
10:40:34.0484 0780 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:40:34.0484 0780 Ftdisk - ok
10:40:34.0515 0780 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
10:40:34.0515 0780 GEARAspiWDM - ok
10:40:34.0546 0780 Gernuwa (fd25177ced6751c14de170d8282ced90) C:\WINDOWS\system32\drivers\Gernuwa.sys
10:40:34.0546 0780 Gernuwa - ok
10:40:34.0578 0780 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:40:34.0593 0780 Gpc - ok
10:40:34.0640 0780 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:40:34.0640 0780 gupdate - ok
10:40:34.0640 0780 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
10:40:34.0656 0780 gupdatem - ok
10:40:34.0687 0780 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:40:34.0687 0780 gusvc - ok
10:40:34.0750 0780 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:40:34.0750 0780 helpsvc - ok
10:40:34.0750 0780 HidServ - ok
10:40:34.0781 0780 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:40:34.0781 0780 HidUsb - ok
10:40:34.0812 0780 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:40:34.0828 0780 hkmsvc - ok
10:40:34.0859 0780 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
10:40:34.0859 0780 hpn - ok
10:40:34.0937 0780 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:40:34.0937 0780 HPZid412 - ok
10:40:34.0984 0780 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:40:34.0984 0780 HPZipr12 - ok
10:40:35.0000 0780 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:40:35.0015 0780 HPZius12 - ok
10:40:35.0046 0780 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:40:35.0046 0780 HTTP - ok
10:40:35.0078 0780 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:40:35.0093 0780 HTTPFilter - ok
10:40:35.0125 0780 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:40:35.0125 0780 i2omgmt - ok
10:40:35.0140 0780 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
10:40:35.0140 0780 i2omp - ok
10:40:35.0156 0780 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:40:35.0156 0780 i8042prt - ok
10:40:35.0218 0780 ialm (0c7b8efc2b1ac4cd62f4e7eafc864b95) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:40:35.0234 0780 ialm - ok
10:40:35.0359 0780 IBM Rapid Restore Ultra Service - ok
10:40:35.0390 0780 ibmfilter (4dc41ab5aa3f96fa7f01587dd9ccf467) C:\WINDOWS\system32\drivers\ibmfilter.sys
10:40:35.0406 0780 ibmfilter - ok
10:40:35.0515 0780 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:40:35.0531 0780 idsvc - ok
10:40:35.0562 0780 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:40:35.0562 0780 Imapi - ok
10:40:35.0593 0780 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
10:40:35.0593 0780 ImapiService - ok
10:40:35.0640 0780 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
10:40:35.0656 0780 ini910u - ok
10:40:35.0671 0780 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
10:40:35.0671 0780 IntelIde - ok
10:40:35.0703 0780 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:40:35.0703 0780 intelppm - ok
10:40:35.0718 0780 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:40:35.0718 0780 ip6fw - ok
10:40:35.0750 0780 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:40:35.0750 0780 IpFilterDriver - ok
10:40:35.0765 0780 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:40:35.0765 0780 IpInIp - ok
10:40:35.0796 0780 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:40:35.0796 0780 IpNat - ok
10:40:35.0953 0780 iPod Service (630d74599070824af3dc63a894adcdfc) C:\Program Files\iPod\bin\iPodService.exe
10:40:35.0968 0780 iPod Service - ok
10:40:35.0984 0780 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:40:35.0984 0780 IPSec - ok
10:40:36.0000 0780 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:40:36.0000 0780 IRENUM - ok
10:40:36.0015 0780 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:40:36.0031 0780 isapnp - ok
10:40:36.0093 0780 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
10:40:36.0093 0780 JavaQuickStarterService - ok
10:40:36.0125 0780 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:40:36.0125 0780 Kbdclass - ok
10:40:36.0140 0780 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:40:36.0156 0780 kmixer - ok
10:40:36.0171 0780 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:40:36.0187 0780 KSecDD - ok
10:40:36.0234 0780 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
10:40:36.0250 0780 lanmanserver - ok
10:40:36.0281 0780 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
10:40:36.0296 0780 lanmanworkstation - ok
10:40:36.0296 0780 lbrtfdc - ok
10:40:36.0328 0780 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:40:36.0343 0780 LmHosts - ok
10:40:36.0375 0780 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
10:40:36.0375 0780 MBAMSwissArmy - ok
10:40:36.0390 0780 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:40:36.0390 0780 Messenger - ok
10:40:36.0437 0780 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys
10:40:36.0437 0780 mfeapfk - ok
10:40:36.0468 0780 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
10:40:36.0484 0780 mfehidk - ok
10:40:36.0515 0780 mfevtp (ad52269897626d614b31e153f5c5d65c) C:\WINDOWS\system32\mfevtps.exe
10:40:36.0531 0780 mfevtp - ok
10:40:36.0531 0780 MidiSyn - ok
10:40:36.0578 0780 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:40:36.0578 0780 mnmdd - ok
10:40:36.0609 0780 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
10:40:36.0625 0780 mnmsrvc - ok
10:40:36.0656 0780 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:40:36.0656 0780 Modem - ok
10:40:36.0671 0780 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:40:36.0671 0780 Mouclass - ok
10:40:36.0718 0780 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:40:36.0718 0780 mouhid - ok
10:40:36.0734 0780 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:40:36.0734 0780 MountMgr - ok
10:40:36.0765 0780 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
10:40:36.0781 0780 mraid35x - ok
10:40:36.0796 0780 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:40:36.0796 0780 MRxDAV - ok
10:40:36.0890 0780 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:40:36.0890 0780 MRxSmb - ok
10:40:37.0062 0780 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
10:40:37.0078 0780 MSDTC - ok
10:40:37.0109 0780 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:40:37.0109 0780 Msfs - ok
10:40:37.0109 0780 MSIServer - ok
10:40:37.0125 0780 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:40:37.0140 0780 MSKSSRV - ok
10:40:37.0156 0780 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:40:37.0156 0780 MSPCLOCK - ok
10:40:37.0171 0780 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:40:37.0171 0780 MSPQM - ok
10:40:37.0203 0780 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:40:37.0203 0780 mssmbios - ok
10:40:37.0265 0780 MSSQLSERVER - ok
10:40:37.0296 0780 MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
10:40:37.0312 0780 MSSQLServerADHelper - ok
10:40:37.0343 0780 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:40:37.0343 0780 Mup - ok
10:40:37.0390 0780 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:40:37.0406 0780 napagent - ok
10:40:37.0437 0780 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:40:37.0437 0780 NDIS - ok
10:40:37.0468 0780 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:40:37.0468 0780 NdisTapi - ok
10:40:37.0484 0780 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:40:37.0484 0780 Ndisuio - ok
10:40:37.0500 0780 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:40:37.0500 0780 NdisWan - ok
10:40:37.0546 0780 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:40:37.0546 0780 NDProxy - ok
10:40:37.0562 0780 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:40:37.0562 0780 NetBIOS - ok
10:40:37.0593 0780 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:40:37.0593 0780 NetBT - ok
10:40:37.0625 0780 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:40:37.0640 0780 NetDDE - ok
10:40:37.0640 0780 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:40:37.0656 0780 NetDDEdsdm - ok
10:40:37.0671 0780 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
10:40:37.0671 0780 Netlogon - ok
10:40:37.0687 0780 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:40:37.0703 0780 Netman - ok
10:40:37.0812 0780 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:40:37.0828 0780 NetTcpPortSharing - ok
10:40:37.0906 0780 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
10:40:37.0906 0780 Nla - ok
10:40:38.0046 0780 nosGetPlusHelper (25d6b2eb0a1fc4ab413afe7ec4793ec1) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
10:40:38.0046 0780 nosGetPlusHelper - ok
10:40:38.0062 0780 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:40:38.0078 0780 Npfs - ok
10:40:38.0109 0780 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:40:38.0109 0780 Ntfs - ok
10:40:38.0140 0780 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
10:40:38.0156 0780 NtLmSsp - ok
10:40:38.0187 0780 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:40:38.0203 0780 NtmsSvc - ok
10:40:38.0234 0780 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:40:38.0234 0780 Null - ok
10:40:38.0343 0780 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:40:38.0406 0780 nv - ok
10:40:38.0500 0780 NWCWorkstation (2c2fd0e6b0180f94c260dd26706aa5f4) C:\WINDOWS\System32\nwwks.dll
10:40:38.0515 0780 NWCWorkstation - ok
10:40:38.0578 0780 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:40:38.0578 0780 NwlnkFlt - ok
10:40:38.0593 0780 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:40:38.0593 0780 NwlnkFwd - ok
10:40:38.0625 0780 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
10:40:38.0625 0780 NwlnkIpx - ok
10:40:38.0640 0780 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
10:40:38.0656 0780 NwlnkNb - ok
10:40:38.0656 0780 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
10:40:38.0656 0780 NwlnkSpx - ok
10:40:38.0687 0780 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
10:40:38.0703 0780 NWRDR - ok
10:40:38.0890 0780 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:40:38.0968 0780 odserv - ok
10:40:39.0000 0780 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:40:39.0015 0780 ose - ok
10:40:39.0031 0780 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:40:39.0046 0780 Parport - ok
10:40:39.0046 0780 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:40:39.0046 0780 PartMgr - ok
10:40:39.0093 0780 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:40:39.0093 0780 ParVdm - ok
10:40:39.0109 0780 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:40:39.0109 0780 PCI - ok
10:40:39.0125 0780 PCIDump - ok
10:40:39.0156 0780 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:40:39.0171 0780 PCIIde - ok
10:40:39.0187 0780 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:40:39.0203 0780 Pcmcia - ok
10:40:39.0203 0780 PDCOMP - ok
10:40:39.0218 0780 PDFRAME - ok
10:40:39.0218 0780 PDRELI - ok
10:40:39.0234 0780 PDRFRAME - ok
10:40:39.0265 0780 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
10:40:39.0281 0780 pelmouse - ok
10:40:39.0281 0780 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
10:40:39.0296 0780 pelusblf - ok
10:40:39.0312 0780 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
10:40:39.0312 0780 perc2 - ok
10:40:39.0328 0780 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
10:40:39.0328 0780 perc2hib - ok
10:40:39.0375 0780 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:40:39.0390 0780 PlugPlay - ok
10:40:39.0421 0780 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\system32\drivers\PMEMNT.SYS
10:40:39.0421 0780 PMEM - ok
10:40:39.0453 0780 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
10:40:39.0453 0780 Pml Driver HPZ12 - ok
10:40:39.0468 0780 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
10:40:39.0484 0780 PolicyAgent - ok
10:40:39.0515 0780 portio (78bdc34b7ec96a7d8b14b2d2d95c388a) C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
10:40:39.0515 0780 portio - ok
10:40:39.0546 0780 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:40:39.0546 0780 PptpMiniport - ok
10:40:39.0578 0780 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
10:40:39.0578 0780 Processor - ok
10:40:39.0578 0780 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:40:39.0593 0780 ProtectedStorage - ok
10:40:39.0625 0780 psadd (70e298e8a9cc0190f1229d10d5c6a44c) C:\WINDOWS\system32\Drivers\psadd.sys
10:40:39.0625 0780 psadd - ok
10:40:39.0656 0780 PsaSrv (2737bb4845c8016386e7680599beb3ea) C:\WINDOWS\system32\PsaSrv.exe
10:40:39.0671 0780 PsaSrv - ok
10:40:39.0718 0780 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:40:39.0718 0780 PSched - ok
10:40:39.0750 0780 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:40:39.0750 0780 Ptilink - ok
10:40:39.0765 0780 PxHelp20 (338a770f9ab04e5b2104d2d6e04cba2c) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
10:40:39.0765 0780 PxHelp20 - ok
10:40:39.0812 0780 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
10:40:39.0828 0780 ql1080 - ok
10:40:39.0843 0780 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
10:40:39.0843 0780 Ql10wnt - ok
10:40:39.0875 0780 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
10:40:39.0875 0780 ql12160 - ok
10:40:39.0890 0780 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
10:40:39.0890 0780 ql1240 - ok
10:40:39.0921 0780 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
10:40:39.0921 0780 ql1280 - ok
10:40:39.0953 0780 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:40:39.0953 0780 RasAcd - ok
10:40:39.0984 0780 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:40:40.0000 0780 RasAuto - ok
10:40:40.0031 0780 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:40:40.0031 0780 Rasl2tp - ok
10:40:40.0078 0780 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:40:40.0093 0780 RasMan - ok
10:40:40.0109 0780 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:40:40.0109 0780 RasPppoe - ok
10:40:40.0125 0780 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:40:40.0125 0780 Raspti - ok
10:40:40.0156 0780 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:40:40.0171 0780 Rdbss - ok
10:40:40.0171 0780 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:40:40.0187 0780 RDPCDD - ok
10:40:40.0203 0780 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:40:40.0203 0780 rdpdr - ok
10:40:40.0250 0780 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
10:40:40.0250 0780 RDPWD - ok
10:40:40.0281 0780 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:40:40.0296 0780 RDSessMgr - ok
10:40:40.0328 0780 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:40:40.0343 0780 redbook - ok
10:40:40.0375 0780 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:40:40.0390 0780 RemoteAccess - ok
10:40:40.0421 0780 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
10:40:40.0437 0780 RemoteRegistry - ok
10:40:40.0484 0780 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
10:40:40.0484 0780 ROOTMODEM - ok
10:40:40.0515 0780 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
10:40:40.0531 0780 RpcLocator - ok
10:40:40.0578 0780 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:40:40.0593 0780 RpcSs - ok
10:40:40.0625 0780 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
10:40:40.0640 0780 RSVP - ok
10:40:40.0671 0780 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:40:40.0671 0780 SamSs - ok
10:40:40.0718 0780 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:40:40.0718 0780 SCardSvr - ok
10:40:40.0765 0780 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:40:40.0781 0780 Schedule - ok
10:40:40.0875 0780 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:40:40.0875 0780 Secdrv - ok
10:40:40.0937 0780 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:40:40.0953 0780 seclogon - ok
10:40:40.0984 0780 senfilt (e3a8d5ef17b540fc42465051a34a04eb) C:\WINDOWS\system32\drivers\senfilt.sys
10:40:41.0000 0780 senfilt - ok
10:40:41.0015 0780 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:40:41.0031 0780 SENS - ok
10:40:41.0046 0780 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:40:41.0046 0780 serenum - ok
10:40:41.0062 0780 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:40:41.0078 0780 Serial - ok
10:40:41.0109 0780 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:40:41.0109 0780 Sfloppy - ok
10:40:41.0140 0780 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
10:40:41.0156 0780 SharedAccess - ok
10:40:41.0187 0780 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:40:41.0203 0780 ShellHWDetection - ok
10:40:41.0203 0780 Simbad - ok
10:40:41.0250 0780 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
10:40:41.0250 0780 sisagp - ok
10:40:41.0296 0780 smwdm (014ab093e6452ea88031bb6e22919bb5) C:\WINDOWS\system32\drivers\smwdm.sys
10:40:41.0312 0780 smwdm - ok
10:40:41.0343 0780 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
10:40:41.0343 0780 Sparrow - ok
10:40:41.0375 0780 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:40:41.0375 0780 splitter - ok
10:40:41.0406 0780 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:40:41.0421 0780 Spooler - ok
10:40:41.0500 0780 SQLSERVERAGENT - ok
10:40:41.0515 0780 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:40:41.0531 0780 sr - ok
10:40:41.0562 0780 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
10:40:41.0578 0780 srservice - ok
10:40:41.0609 0780 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:40:41.0625 0780 Srv - ok
10:40:41.0640 0780 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:40:41.0656 0780 SSDPSRV - ok
10:40:41.0687 0780 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:40:41.0703 0780 stisvc - ok
10:40:41.0734 0780 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:40:41.0734 0780 swenum - ok
10:40:41.0765 0780 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:40:41.0765 0780 swmidi - ok
10:40:41.0781 0780 SwPrv - ok
10:40:41.0812 0780 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
10:40:41.0828 0780 symc810 - ok
10:40:41.0859 0780 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
10:40:41.0859 0780 symc8xx - ok
10:40:41.0953 0780 SymEvent (c9b8f325b2a22cda1bda7b25181b1389) C:\Program Files\Symantec\SYMEVENT.SYS
10:40:41.0953 0780 SymEvent - ok
10:40:41.0984 0780 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
10:40:41.0984 0780 sym_hi - ok
10:40:42.0015 0780 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
10:40:42.0015 0780 sym_u3 - ok
10:40:42.0046 0780 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:40:42.0046 0780 sysaudio - ok
10:40:42.0093 0780 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:40:42.0109 0780 SysmonLog - ok
10:40:42.0140 0780 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:40:42.0156 0780 TapiSrv - ok
10:40:42.0203 0780 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:40:42.0203 0780 Tcpip - ok
10:40:42.0234 0780 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:40:42.0234 0780 TDPIPE - ok
10:40:42.0234 0780 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:40:42.0250 0780 TDTCP - ok
10:40:42.0265 0780 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:40:42.0265 0780 TermDD - ok
10:40:42.0296 0780 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:40:42.0312 0780 TermService - ok
10:40:42.0359 0780 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:40:42.0375 0780 Themes - ok
10:40:42.0406 0780 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
10:40:42.0421 0780 TlntSvr - ok
10:40:42.0453 0780 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
10:40:42.0453 0780 TosIde - ok
10:40:42.0484 0780 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:40:42.0500 0780 TrkWks - ok
10:40:42.0531 0780 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:40:42.0531 0780 Udfs - ok
10:40:42.0546 0780 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
10:40:42.0546 0780 ultra - ok
10:40:42.0578 0780 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:40:42.0593 0780 Update - ok
10:40:42.0625 0780 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:40:42.0640 0780 upnphost - ok
10:40:42.0656 0780 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:40:42.0671 0780 UPS - ok
10:40:42.0718 0780 USBAAPL (df38374e12e73c25b37b6f8a9b8622ef) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:40:42.0718 0780 USBAAPL - ok
10:40:42.0750 0780 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:40:42.0750 0780 usbccgp - ok
10:40:42.0796 0780 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:40:42.0796 0780 usbehci - ok
10:40:42.0843 0780 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:40:42.0843 0780 usbhub - ok
10:40:42.0859 0780 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:40:42.0859 0780 usbprint - ok
10:40:42.0921 0780 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:40:42.0921 0780 usbscan - ok
10:40:42.0937 0780 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:40:42.0937 0780 USBSTOR - ok
10:40:42.0968 0780 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:40:42.0968 0780 usbuhci - ok
10:40:42.0984 0780 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:40:42.0984 0780 VgaSave - ok
10:40:43.0015 0780 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
10:40:43.0031 0780 viaagp - ok
10:40:43.0046 0780 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
10:40:43.0046 0780 ViaIde - ok
10:40:43.0062 0780 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:40:43.0062 0780 VolSnap - ok
10:40:43.0109 0780 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:40:43.0125 0780 VSS - ok
10:40:43.0156 0780 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
10:40:43.0171 0780 W32Time - ok
10:40:43.0187 0780 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:40:43.0187 0780 Wanarp - ok
10:40:43.0203 0780 WDICA - ok
10:40:43.0234 0780 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:40:43.0234 0780 wdmaud - ok
10:40:43.0265 0780 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:40:43.0281 0780 WebClient - ok
10:40:43.0359 0780 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:40:43.0359 0780 winmgmt - ok
10:40:43.0515 0780 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:40:43.0546 0780 wlidsvc - ok
10:40:43.0656 0780 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
10:40:43.0671 0780 WmdmPmSN - ok
10:40:43.0718 0780 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
10:40:43.0734 0780 Wmi - ok
10:40:43.0812 0780 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
10:40:43.0812 0780 WmiApSrv - ok
10:40:44.0000 0780 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
10:40:44.0031 0780 WMPNetworkSvc - ok
10:40:44.0062 0780 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:40:44.0078 0780 wuauserv - ok
10:40:44.0156 0780 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:40:44.0156 0780 WudfPf - ok
10:40:44.0171 0780 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:40:44.0187 0780 WudfRd - ok
10:40:44.0218 0780 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:40:44.0234 0780 WudfSvc - ok
10:40:44.0296 0780 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:40:44.0343 0780 WZCSVC - ok
10:40:44.0375 0780 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:40:44.0421 0780 xmlprov - ok
10:40:44.0531 0780 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:40:44.0546 0780 YahooAUService - ok
10:40:44.0578 0780 MBR (0x1B8) (ceb20769fc83ae7bf20428cf13740a99) \Device\Harddisk0\DR0
10:40:44.0609 0780 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:40:44.0609 0780 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:40:44.0609 0780 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR3
10:40:47.0687 0780 \Device\Harddisk1\DR3 - ok
10:40:47.0687 0780 Boot (0x1200) (37d00b7c6587f750a4fc78239f2a0184) \Device\Harddisk0\DR0\Partition0
10:40:47.0687 0780 \Device\Harddisk0\DR0\Partition0 - ok
10:40:47.0703 0780 Boot (0x1200) (ec3bfb5832523ae764069c62ca5b292d) \Device\Harddisk1\DR3\Partition0
10:40:47.0703 0780 \Device\Harddisk1\DR3\Partition0 - ok
10:40:47.0703 0780 ============================================================
10:40:47.0703 0780 Scan finished
10:40:47.0703 0780 ============================================================
10:40:47.0703 2764 Detected object count: 2
10:40:47.0703 2764 Actual detected object count: 2
10:41:14.0343 2764 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
10:41:24.0562 2764 Backup copy found, using it..
10:41:24.0640 2764 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
10:41:24.0640 2764 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
10:41:24.0640 2764 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:41:24.0640 2764 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
10:41:49.0140 3392 Deinitialize success

Farbar Service Scanner Version: 11-05-2012
Ran by Owner (administrator) on 11-05-2012 at 11:08:07
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswFW(10) aswTdi(8) Gpc(6) IPSec(4) NetBT(5) NwlnkIpx(11) NwlnkNb(12) PSched(7) Tcpip(3)
0x0C000000040000000100000002000000030000000A00000008000000090000000500000006000000070000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:52 PM

Posted 11 May 2012 - 10:22 AM

Before trying registry fixes

Download

http://www.snapfiles.com/get/erunt.html

Install it and backup your registry to C:/Windows/erdnt


Download

afd.reg

wscsvc

Launch them and click YES

Press Windows+R key and type

regedit and click ok

Navigate to this location

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum

Right click on it-PERMISSIONS

Select EVERYONE and check mark FULL CONTROL ,click ok

Download

legacy wscsvc

Launch it,click YES

Go to

http://support.microsoft.com/kb/971058

Run the windows update fixit

Restart the PC . post the new FSS log

good luck

Edited by narenxp, 12 May 2012 - 09:00 AM.


#5 blueorchid

blueorchid
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 11 May 2012 - 11:58 AM

Question - I have to download these to a flash drive and then transfer to the computer that won't connect to the internet. Will they work by doing that?

Thanks.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:52 PM

Posted 11 May 2012 - 12:57 PM

Yes :thumbup2:

#7 blueorchid

blueorchid
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 12 May 2012 - 07:14 AM

The wscsvc link and legacy wscsvc link both take me to www.filedropper.com. There is nothing there to download. You can upload a file or share a personal link. What am I supposed to do here?

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:52 PM

Posted 12 May 2012 - 09:00 AM

Sorry,new links added :thumbup2:

#9 blueorchid

blueorchid
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 16 May 2012 - 09:05 AM

Before I try to run the fixes, I have two more questions.

First Question: Periodically, Avast tells met it has blocked potential malware. I ran a boot scan and it removed a few things but could not remove the following:

C:\Windows|System32|Drivers|acpi.sys
Threat - Win32:RLoader-B
Tried to move to Chest and result - Could not move; file is read only (6009).

I ran TDDSKiller and it didn't find anything. I also ran Malwarebytes and it removed some problems.
Is this item going to cause a problem when running the fixes you outlined?

Second question - I copied over the MicrosoftFixit download. Does this have to connect to the internet to run?
If so, will the steps that are to be done prior to running it allow me to access the internet?

Sorry for all the questions but I want to make sure I do this correctly. Thank you for all your help.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:52 PM

Posted 16 May 2012 - 09:19 AM

C:\Windows|System32|Drivers|acpi.sys
Threat - Win32:RLoader-B


TDSSkiller removed this infection.Go to your C drive,delete the TDSSkiller quarantine folder

Restart the PC and follow the instructions.

Second question - I copied over the MicrosoftFixit download. Does this have to connect to the internet to run?


Yes,lets try to restore internet before running the fixit

Edited by narenxp, 16 May 2012 - 09:20 AM.


#11 blueorchid

blueorchid
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 20 May 2012 - 12:47 PM

I did all the steps indicated and I cannot connect to the internet to run the microsoft fixit program.

What can I try next?

Thanks.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:52 PM

Posted 20 May 2012 - 01:02 PM

Post the new FSS log

#13 blueorchid

blueorchid
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 20 May 2012 - 01:17 PM

UPDATE: I reset the Windows and Avast firewalls and rebooted. I am now on the internet with the problem computer.
Do I still need to run the Microsoft Fixit Program?

Here's the new FSS Log:

Farbar Service Scanner Version: 11-05-2012
Ran by Owner (administrator) on 20-05-2012 at 14:15:37
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswFW(10) aswTdi(8) Gpc(6) IPSec(4) NetBT(5) NwlnkIpx(11) NwlnkNb(12) PSched(7) Tcpip(3)
0x0C000000040000000100000002000000030000000A00000008000000090000000500000006000000070000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:52 PM

Posted 20 May 2012 - 01:33 PM

Not needed,what is your current issue?

#15 blueorchid

blueorchid
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 20 May 2012 - 02:06 PM

I think I am okay now. If I have any further problems, I will let you know.

Thank you very much.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users