Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware?


  • This topic is locked This topic is locked
15 replies to this topic

#1 TravelinMan

TravelinMan

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 24 May 2012 - 02:23 AM

Mod Edit: Split from http://www.bleepingcomputer.com/forums/topic350859.html/page__p__2709140#entry2709140 - Hamluis.

Hi there... help.. I'm drowning... I have been trying to solve my problem for over 10 days.. and can only run in "safemode"...

Thread #1 explains my problem almost to the "t". The difference is that sometimes my error message says 0x0000000 referenced mem at 0x0000000 mem could not be read, terminate or debug, etc.

I use malwarebytes, and superantispyware both free versions and have ran them both numerous times. I also used Avast Free and it had a boot search or root search that I ran ...

That scan turned up this but could not erradicate it; movavi video converter 6 msi.data1.cab z video converter.exe is win32: Trojan.gen

I selected to quarentine it but it did not, then delete, but that failed, all 5 or 6 options and it would not process it, so I tried to search for it outside of the antivirus prog. and my windows search failed... so I downloaded copernic desktop search, but it cannot find the cab file...

Can you help me? Thanks.

Edited by hamluis, 24 May 2012 - 09:21 AM.
Moved from XP to Am I Infected, PM sent new OP - Hamluis.


BC AdBot (Login to Remove)

 


#2 TravelinMan

TravelinMan
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 24 May 2012 - 09:32 AM

My computer starts up, I can log in. But when I do, sometimes svchost.exe crashes. This has been happening every day for the last 11 or 12 days. The computer locks up, and I have to turn the computer off. When the computer is turned back on, I can log in successfully only in "safe mode", and resume using the computer.

There are usually three popups that appear during this time. One is the popup informing that svchost.exe has crashed. The box reads "svchost.exe - application error". "The instruction at "0x7c9100e8" referenced memory at "0x00000010" The memory could not be "read"." and sometimes these numbers are all zero's.

"Click on OK to terminate the program. Click on CANCEL to debug the program."

Okay freezes up the computer, and cancel closes the window and allows startup to resume, but there is no sound.

I use Avast Free version, Malwarebytes, and Superantispyware. I have run scans numerous times with all. I recently scanned with Avast in a pre-boot mode and it found a Trojan.gen but could not process it... when trying to search it manually my windows search would not function???

Until now, I still have not been able to erradicate the Trojan. Can you help me? Thanks...

I use HP Pavilion DV9000, with Windows XP Professional. I am somewhat computer savy, and I have never been disabled by a virus attack until now :woot:

Mod Edit: Merged topics - Hamluis.

Edited by hamluis, 24 May 2012 - 10:09 AM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:33 AM

Posted 24 May 2012 - 03:29 PM

Hello, Lets runthese and view the logs.

Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.



Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 TravelinMan

TravelinMan
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 24 May 2012 - 10:15 PM

Thanks Boopme... I ran the TDSSKiller and it turned up zero... but note that before you responded, I ran an online scanner called ESET and it found 7 and processed them... I had not done a reboot yet when I ran this TDSKiller... I will now run the Malwarebytes as you suggested and post the report too... thanks... :busy:

22:01:20.0750 1960 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
22:01:21.0625 1960 ============================================================
22:01:21.0625 1960 Current date / time: 2012/05/24 22:01:21.0625
22:01:21.0625 1960 SystemInfo:
22:01:21.0625 1960
22:01:21.0625 1960 OS Version: 5.1.2600 ServicePack: 3.0
22:01:21.0625 1960 Product type: Workstation
22:01:21.0625 1960 ComputerName: HP
22:01:21.0625 1960 UserName: Bob
22:01:21.0625 1960 Windows directory: C:\WINDOWS
22:01:21.0625 1960 System windows directory: C:\WINDOWS
22:01:21.0625 1960 Processor architecture: Intel x86
22:01:21.0625 1960 Number of processors: 2
22:01:21.0625 1960 Page size: 0x1000
22:01:21.0625 1960 Boot type: Safe boot with network
22:01:21.0625 1960 ============================================================
22:01:27.0437 1960 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:01:27.0468 1960 Drive \Device\Harddisk1\DR3 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:01:27.0468 1960 ============================================================
22:01:27.0468 1960 \Device\Harddisk0\DR0:
22:01:27.0515 1960 MBR partitions:
22:01:27.0515 1960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11249AF0
22:01:27.0515 1960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x11249B2F, BlocksNum 0x17CEF92
22:01:27.0515 1960 \Device\Harddisk1\DR3:
22:01:27.0515 1960 MBR partitions:
22:01:27.0515 1960 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
22:01:27.0515 1960 ============================================================
22:01:27.0531 1960 C: <-> \Device\Harddisk0\DR0\Partition0
22:01:27.0578 1960 D: <-> \Device\Harddisk0\DR0\Partition1
22:01:27.0609 1960 F: <-> \Device\Harddisk1\DR3\Partition0
22:01:27.0625 1960 ============================================================
22:01:27.0625 1960 Initialize success
22:01:27.0625 1960 ============================================================
22:02:19.0812 0684 ============================================================
22:02:19.0812 0684 Scan started
22:02:19.0812 0684 Mode: Manual; TDLFS;
22:02:19.0812 0684 ============================================================
22:02:21.0468 0684 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:02:21.0468 0684 !SASCORE - ok
22:02:21.0625 0684 6to4 (c07d5197410aab28d0d93f943f59656d) C:\WINDOWS\System32\6to4svc.dll
22:02:21.0625 0684 6to4 - ok
22:02:21.0671 0684 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:02:21.0671 0684 Aavmker4 - ok
22:02:21.0687 0684 Abiosdsk - ok
22:02:21.0687 0684 abp480n5 - ok
22:02:21.0750 0684 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:02:21.0750 0684 ACPI - ok
22:02:21.0796 0684 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:02:21.0796 0684 ACPIEC - ok
22:02:21.0875 0684 ADOBE LM SERVICE (5ddc0a8d2cd60bda593ddaf45821ce08) C:\PROGRAM FILES\COMMON FILES\ADOBE SYSTEMS SHARED\SERVICE\ADOBELMSVC.EXE
22:02:21.0875 0684 ADOBE LM SERVICE - ok
22:02:22.0031 0684 AdobeActiveFileMonitor9.0 (1474f121c3df1232d3e7239c03691ee6) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
22:02:22.0031 0684 AdobeActiveFileMonitor9.0 - ok
22:02:22.0046 0684 adpu160m - ok
22:02:22.0078 0684 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:02:22.0078 0684 aec - ok
22:02:22.0140 0684 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:02:22.0140 0684 AFD - ok
22:02:22.0156 0684 Aha154x - ok
22:02:22.0171 0684 aic78u2 - ok
22:02:22.0187 0684 aic78xx - ok
22:02:22.0234 0684 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:02:22.0234 0684 Alerter - ok
22:02:22.0250 0684 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:02:22.0250 0684 ALG - ok
22:02:22.0265 0684 AliIde - ok
22:02:22.0296 0684 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
22:02:22.0296 0684 AmdK8 - ok
22:02:22.0312 0684 amsint - ok
22:02:22.0375 0684 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:02:22.0375 0684 AppMgmt - ok
22:02:22.0500 0684 AR5416 (1b578a6c2a4648e00ad0dcf3ed7d945a) C:\WINDOWS\system32\DRIVERS\athw.sys
22:02:22.0562 0684 AR5416 - ok
22:02:22.0687 0684 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:02:22.0687 0684 Arp1394 - ok
22:02:22.0687 0684 asc - ok
22:02:22.0703 0684 asc3350p - ok
22:02:22.0718 0684 asc3550 - ok
22:02:22.0843 0684 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:02:22.0875 0684 aspnet_state - ok
22:02:22.0906 0684 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:02:22.0906 0684 aswFsBlk - ok
22:02:22.0953 0684 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
22:02:22.0953 0684 aswMon2 - ok
22:02:22.0984 0684 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
22:02:22.0984 0684 aswRdr - ok
22:02:23.0031 0684 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
22:02:23.0062 0684 aswSnx - ok
22:02:23.0093 0684 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
22:02:23.0109 0684 aswSP - ok
22:02:23.0140 0684 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
22:02:23.0140 0684 aswTdi - ok
22:02:23.0156 0684 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:02:23.0156 0684 AsyncMac - ok
22:02:23.0218 0684 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:02:23.0218 0684 atapi - ok
22:02:23.0218 0684 Atdisk - ok
22:02:23.0250 0684 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:02:23.0250 0684 Atmarpc - ok
22:02:23.0296 0684 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:02:23.0296 0684 AudioSrv - ok
22:02:23.0328 0684 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:02:23.0328 0684 audstub - ok
22:02:23.0406 0684 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:02:23.0406 0684 avast! Antivirus - ok
22:02:23.0437 0684 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:02:23.0453 0684 Beep - ok
22:02:23.0515 0684 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:02:23.0562 0684 BITS - ok
22:02:23.0593 0684 bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
22:02:23.0625 0684 bridge - ok
22:02:23.0625 0684 bridgemp (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
22:02:23.0625 0684 bridgemp - ok
22:02:23.0671 0684 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:02:23.0671 0684 Browser - ok
22:02:23.0671 0684 catchme - ok
22:02:23.0703 0684 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:02:23.0703 0684 cbidf2k - ok
22:02:23.0828 0684 cbvd (0040cfb684100611419b2d8295b0b362) C:\WINDOWS\system32\DRIVERS\cbvd.sys
22:02:23.0843 0684 cbvd - ok
22:02:23.0843 0684 cd20xrnt - ok
22:02:23.0890 0684 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:02:23.0890 0684 Cdaudio - ok
22:02:23.0906 0684 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:02:23.0906 0684 Cdfs - ok
22:02:23.0937 0684 cdrbsvsd (80ac946628de5deab071474e30d7a071) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
22:02:23.0937 0684 cdrbsvsd - ok
22:02:23.0953 0684 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:02:23.0953 0684 Cdrom - ok
22:02:23.0968 0684 Changer - ok
22:02:24.0015 0684 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:02:24.0015 0684 cisvc - ok
22:02:24.0062 0684 clbstor (3f6fd6ab34364d5ae54ee2e011123f4c) C:\WINDOWS\system32\drivers\clbstor.sys
22:02:24.0062 0684 clbstor - ok
22:02:24.0078 0684 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:02:24.0093 0684 ClipSrv - ok
22:02:24.0203 0684 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:02:24.0234 0684 clr_optimization_v2.0.50727_32 - ok
22:02:24.0265 0684 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:02:24.0265 0684 CmBatt - ok
22:02:24.0281 0684 CmdIde - ok
22:02:24.0359 0684 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
22:02:24.0375 0684 Com4QLBEx - ok
22:02:24.0390 0684 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:02:24.0390 0684 Compbatt - ok
22:02:24.0406 0684 COMSysApp - ok
22:02:24.0859 0684 COSService.exe (a58cc8bed7dc949867418f8c32c02360) C:\Program Files\COMODO\COMMON\COSService.exe
22:02:25.0046 0684 COSService.exe - ok
22:02:25.0156 0684 Cpqarray - ok
22:02:25.0343 0684 CrossLoopService (10e45f8bee717a9a2085d2948b531e67) C:\Documents and Settings\Bob\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
22:02:25.0375 0684 CrossLoopService - ok
22:02:25.0406 0684 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:02:25.0406 0684 CryptSvc - ok
22:02:25.0421 0684 dac2w2k - ok
22:02:25.0421 0684 dac960nt - ok
22:02:25.0500 0684 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:02:25.0500 0684 DcomLaunch - ok
22:02:25.0531 0684 dgderdrv (f4c7c13d736515ed5263d0019a9713b7) C:\WINDOWS\system32\drivers\dgderdrv.sys
22:02:25.0546 0684 dgderdrv - ok
22:02:25.0593 0684 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:02:25.0609 0684 Dhcp - ok
22:02:25.0625 0684 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:02:25.0625 0684 Disk - ok
22:02:25.0640 0684 dmadmin - ok
22:02:25.0703 0684 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:02:25.0734 0684 dmboot - ok
22:02:25.0750 0684 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:02:25.0750 0684 dmio - ok
22:02:25.0781 0684 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:02:25.0781 0684 dmload - ok
22:02:25.0828 0684 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:02:25.0828 0684 dmserver - ok
22:02:25.0859 0684 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:02:25.0859 0684 DMusic - ok
22:02:25.0906 0684 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:02:25.0906 0684 Dnscache - ok
22:02:25.0968 0684 dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:02:25.0968 0684 dot3svc - ok
22:02:25.0968 0684 dpti2o - ok
22:02:26.0000 0684 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:02:26.0000 0684 drmkaud - ok
22:02:26.0062 0684 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
22:02:26.0062 0684 dvd43llh - ok
22:02:26.0062 0684 e0e9d137 - ok
22:02:26.0109 0684 eaphost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:02:26.0109 0684 eaphost - ok
22:02:26.0125 0684 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:02:26.0125 0684 ERSvc - ok
22:02:26.0171 0684 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:02:26.0187 0684 Eventlog - ok
22:02:26.0218 0684 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:02:26.0234 0684 EventSystem - ok
22:02:26.0250 0684 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:02:26.0250 0684 Fastfat - ok
22:02:26.0296 0684 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:02:26.0296 0684 FastUserSwitchingCompatibility - ok
22:02:26.0343 0684 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:02:26.0343 0684 Fdc - ok
22:02:26.0359 0684 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:02:26.0359 0684 Fips - ok
22:02:26.0390 0684 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:02:26.0390 0684 Flpydisk - ok
22:02:26.0406 0684 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:02:26.0421 0684 FltMgr - ok
22:02:26.0531 0684 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:02:26.0531 0684 FontCache3.0.0.0 - ok
22:02:26.0578 0684 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
22:02:26.0578 0684 fssfltr - ok
22:02:26.0734 0684 fsssvc (9b1622ebeb31b3411b13382ffcb8737d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
22:02:26.0812 0684 fsssvc - ok
22:02:26.0828 0684 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:02:26.0828 0684 Fs_Rec - ok
22:02:26.0859 0684 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:02:26.0875 0684 Ftdisk - ok
22:02:26.0921 0684 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
22:02:26.0921 0684 GEARAspiWDM - ok
22:02:26.0968 0684 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:02:26.0968 0684 Gpc - ok
22:02:27.0078 0684 gupdate1c951e5929dad5c (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
22:02:27.0078 0684 gupdate1c951e5929dad5c - ok
22:02:27.0093 0684 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
22:02:27.0093 0684 gupdatem - ok
22:02:27.0187 0684 HdAudAddService (6cd3629f8352c79bfcfb805d18b1d7a6) C:\WINDOWS\system32\drivers\CHDAud.sys
22:02:27.0218 0684 HdAudAddService - ok
22:02:27.0265 0684 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:02:27.0265 0684 HDAudBus - ok
22:02:27.0515 0684 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:02:27.0515 0684 helpsvc - ok
22:02:27.0640 0684 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:02:27.0671 0684 HidServ - ok
22:02:27.0734 0684 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:02:27.0750 0684 hidusb - ok
22:02:27.0921 0684 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:02:27.0921 0684 hkmsvc - ok
22:02:27.0937 0684 hpn - ok
22:02:28.0031 0684 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
22:02:28.0078 0684 HpqKbFiltr - ok
22:02:28.0125 0684 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\WINDOWS\system32\DRIVERS\HpqRemHid.sys
22:02:28.0125 0684 HpqRemHid - ok
22:02:28.0687 0684 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
22:02:28.0781 0684 hpqwmiex - ok
22:02:28.0953 0684 HSFHWAZL (26ceec543888331c46de98111524bbcb) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:02:28.0953 0684 HSFHWAZL - ok
22:02:30.0843 0684 HSF_DPV (e472e0cb4e716cc34c0e045f2c196221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:02:30.0984 0684 HSF_DPV - ok
22:02:31.0140 0684 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:02:31.0140 0684 HTTP - ok
22:02:31.0187 0684 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:02:31.0203 0684 HTTPFilter - ok
22:02:31.0218 0684 i2omgmt - ok
22:02:31.0234 0684 i2omp - ok
22:02:31.0281 0684 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:02:31.0281 0684 i8042prt - ok
22:02:31.0421 0684 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:02:31.0468 0684 idsvc - ok
22:02:31.0515 0684 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:02:31.0515 0684 Imapi - ok
22:02:31.0562 0684 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:02:31.0562 0684 ImapiService - ok
22:02:31.0578 0684 ini910u - ok
22:02:31.0593 0684 IntelIde - ok
22:02:31.0625 0684 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:02:31.0625 0684 Ip6Fw - ok
22:02:31.0640 0684 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:02:31.0640 0684 IpFilterDriver - ok
22:02:31.0656 0684 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:02:31.0656 0684 IpInIp - ok
22:02:31.0687 0684 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:02:31.0687 0684 IpNat - ok
22:02:31.0812 0684 iPod Service (0ca8c2e721617aa2f923a8151c96fb33) C:\Program Files\iPod\bin\iPodService.exe
22:02:31.0843 0684 iPod Service - ok
22:02:31.0875 0684 Iprip (f08d74ec300b8ba60ca953c58a24d19e) C:\WINDOWS\System32\iprip.dll
22:02:31.0906 0684 Iprip - ok
22:02:31.0921 0684 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:02:31.0937 0684 IPSec - ok
22:02:31.0953 0684 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:02:31.0953 0684 IRENUM - ok
22:02:32.0000 0684 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:02:32.0000 0684 isapnp - ok
22:02:32.0156 0684 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
22:02:32.0156 0684 JavaQuickStarterService - ok
22:02:32.0203 0684 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:02:32.0203 0684 Kbdclass - ok
22:02:32.0234 0684 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:02:32.0234 0684 kbdhid - ok
22:02:32.0265 0684 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:02:32.0265 0684 kmixer - ok
22:02:32.0281 0684 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:02:32.0281 0684 KSecDD - ok
22:02:32.0343 0684 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:02:32.0343 0684 lanmanserver - ok
22:02:32.0375 0684 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:02:32.0375 0684 lanmanworkstation - ok
22:02:32.0390 0684 Lbd - ok
22:02:32.0406 0684 lbrtfdc - ok
22:02:32.0500 0684 LightScribeService (6e7b4e75e8a226edc8a9a8b1c3510f9b) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:02:32.0515 0684 LightScribeService - ok
22:02:32.0562 0684 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:02:32.0562 0684 LmHosts - ok
22:02:32.0578 0684 lpdsvc (32933b07fc16d9f778bee12545fa1b1a) C:\WINDOWS\system32\tcpsvcs.exe
22:02:32.0593 0684 lpdsvc - ok
22:02:32.0703 0684 mcods (21456f3051cbefd1f2d60d8b9ab9c6ee) C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
22:02:32.0718 0684 mcods - ok
22:02:32.0828 0684 mcproxy (8cf3da0be6094c34d7c4a85493e60547) c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
22:02:32.0828 0684 mcproxy - ok
22:02:32.0859 0684 mcshield (33734abfa52ec8d096a1254d645e9b4f) C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
22:02:32.0859 0684 mcshield - ok
22:02:32.0921 0684 mcsysmon (fd47df2bcc3544df65b01ad6b6062430) C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
22:02:32.0953 0684 mcsysmon - ok
22:02:33.0078 0684 mdm (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
22:02:33.0078 0684 mdm - ok
22:02:33.0203 0684 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:02:33.0203 0684 mdmxsdk - ok
22:02:33.0250 0684 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:02:33.0250 0684 Messenger - ok
22:02:33.0296 0684 mfeavfk (c97cbfd71c1c215150a3b3e55f77a7a3) C:\WINDOWS\system32\drivers\mfeavfk.sys
22:02:33.0312 0684 mfeavfk - ok
22:02:33.0328 0684 mfebopk (5447338b83a1a2354fb2fea7604387fd) C:\WINDOWS\system32\drivers\mfebopk.sys
22:02:33.0328 0684 mfebopk - ok
22:02:33.0359 0684 mfehidk (6c9a6ed60b8fc3baf72fe1b1d096445b) C:\WINDOWS\system32\drivers\mfehidk.sys
22:02:33.0359 0684 mfehidk - ok
22:02:33.0359 0684 mferkdk (a551154b51d6a93fccf70fc4e8eaf4bd) C:\WINDOWS\system32\drivers\mferkdk.sys
22:02:33.0375 0684 mferkdk - ok
22:02:33.0390 0684 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\WINDOWS\system32\drivers\mfesmfk.sys
22:02:33.0390 0684 mfesmfk - ok
22:02:33.0406 0684 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:02:33.0406 0684 mnmdd - ok
22:02:33.0453 0684 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:02:33.0468 0684 mnmsrvc - ok
22:02:33.0500 0684 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:02:33.0500 0684 Modem - ok
22:02:33.0562 0684 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:02:33.0562 0684 Mouclass - ok
22:02:33.0578 0684 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:02:33.0593 0684 mouhid - ok
22:02:33.0609 0684 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:02:33.0609 0684 MountMgr - ok
22:02:33.0671 0684 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:02:33.0671 0684 MozillaMaintenance - ok
22:02:33.0734 0684 mpfp (e454f42ae5524d695d76eab5d363b8ac) C:\WINDOWS\system32\Drivers\Mpfp.sys
22:02:33.0734 0684 mpfp - ok
22:02:33.0875 0684 mpfservice (346f30f1ff73553aa466f4ae7948da00) C:\Program Files\McAfee\MPF\MPFSrv.exe
22:02:33.0875 0684 mpfservice - ok
22:02:33.0890 0684 mraid35x - ok
22:02:33.0921 0684 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:02:33.0921 0684 MRxDAV - ok
22:02:33.0984 0684 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:02:34.0015 0684 MRxSmb - ok
22:02:34.0046 0684 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:02:34.0046 0684 MSDTC - ok
22:02:34.0109 0684 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:02:34.0109 0684 Msfs - ok
22:02:34.0109 0684 MSIServer - ok
22:02:34.0140 0684 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:02:34.0140 0684 MSKSSRV - ok
22:02:34.0156 0684 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:02:34.0156 0684 MSPCLOCK - ok
22:02:34.0171 0684 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:02:34.0171 0684 MSPQM - ok
22:02:34.0234 0684 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:02:34.0234 0684 mssmbios - ok
22:02:34.0250 0684 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:02:34.0250 0684 MSTEE - ok
22:02:34.0296 0684 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:02:34.0296 0684 Mup - ok
22:02:34.0328 0684 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:02:34.0328 0684 NABTSFEC - ok
22:02:34.0390 0684 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:02:34.0453 0684 napagent - ok
22:02:34.0484 0684 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:02:34.0484 0684 NDIS - ok
22:02:34.0515 0684 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:02:34.0515 0684 NdisIP - ok
22:02:34.0546 0684 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:02:34.0562 0684 NdisTapi - ok
22:02:34.0578 0684 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:02:34.0578 0684 Ndisuio - ok
22:02:34.0625 0684 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:02:34.0625 0684 NdisWan - ok
22:02:34.0671 0684 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:02:34.0671 0684 NDProxy - ok
22:02:34.0703 0684 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:02:34.0703 0684 NetBIOS - ok
22:02:34.0718 0684 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:02:34.0718 0684 NetBT - ok
22:02:34.0781 0684 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:02:34.0781 0684 NetDDE - ok
22:02:34.0796 0684 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:02:34.0796 0684 NetDDEdsdm - ok
22:02:34.0812 0684 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:02:34.0812 0684 Netlogon - ok
22:02:34.0843 0684 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:02:34.0859 0684 Netman - ok
22:02:34.0968 0684 nettcpportsharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:02:34.0968 0684 nettcpportsharing - ok
22:02:35.0000 0684 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:02:35.0000 0684 NIC1394 - ok
22:02:35.0062 0684 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:02:35.0062 0684 Nla - ok
22:02:35.0078 0684 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
22:02:35.0078 0684 nm - ok
22:02:35.0109 0684 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:02:35.0109 0684 Npfs - ok
22:02:35.0156 0684 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:02:35.0171 0684 Ntfs - ok
22:02:35.0187 0684 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:02:35.0187 0684 NtLmSsp - ok
22:02:35.0234 0684 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:02:35.0265 0684 NtmsSvc - ok
22:02:35.0281 0684 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:02:35.0281 0684 Null - ok
22:02:35.0671 0684 nv (71d5ae11bf1a595d987be8ea36365e83) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:02:35.0921 0684 nv - ok
22:02:36.0046 0684 nvenetfd (26ceec543888331c46de98111524bbcb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
22:02:36.0046 0684 nvenetfd - ok
22:02:36.0062 0684 nvnetbus (26ceec543888331c46de98111524bbcb) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
22:02:36.0078 0684 nvnetbus - ok
22:02:36.0109 0684 nvsmu (03dbb885deae94f06c06ec06acdb8b47) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
22:02:36.0109 0684 nvsmu - ok
22:02:36.0125 0684 NVSvc (5e8878f15555ef4dd41ab2908249e843) C:\WINDOWS\system32\nvsvc32.exe
22:02:36.0125 0684 NVSvc - ok
22:02:36.0187 0684 NWCWorkstation (2c2fd0e6b0180f94c260dd26706aa5f4) C:\WINDOWS\System32\nwwks.dll
22:02:36.0187 0684 NWCWorkstation - ok
22:02:36.0218 0684 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:02:36.0218 0684 NwlnkFlt - ok
22:02:36.0250 0684 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:02:36.0250 0684 NwlnkFwd - ok
22:02:36.0281 0684 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
22:02:36.0281 0684 NwlnkIpx - ok
22:02:36.0328 0684 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
22:02:36.0328 0684 NwlnkNb - ok
22:02:36.0343 0684 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
22:02:36.0343 0684 NwlnkSpx - ok
22:02:36.0375 0684 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
22:02:36.0375 0684 NWRDR - ok
22:02:36.0406 0684 NwSapAgent (4b83fcbbe72af5f99d109798653e8b78) C:\WINDOWS\System32\ipxsap.dll
22:02:36.0406 0684 NwSapAgent - ok
22:02:36.0671 0684 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:02:36.0687 0684 odserv - ok
22:02:36.0718 0684 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:02:36.0718 0684 ohci1394 - ok
22:02:36.0781 0684 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:02:36.0781 0684 ose - ok
22:02:36.0859 0684 p2pgasvc (937a02981f11b2ce96b1d493c95aed2b) C:\WINDOWS\system32\p2pgasvc.dll
22:02:36.0875 0684 p2pgasvc - ok
22:02:36.0906 0684 p2pimsvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
22:02:36.0937 0684 p2pimsvc - ok
22:02:36.0953 0684 p2psvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
22:02:36.0953 0684 p2psvc - ok
22:02:36.0968 0684 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:02:36.0984 0684 Parport - ok
22:02:37.0015 0684 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:02:37.0015 0684 PartMgr - ok
22:02:37.0046 0684 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:02:37.0046 0684 ParVdm - ok
22:02:37.0078 0684 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:02:37.0078 0684 PCI - ok
22:02:37.0093 0684 PCIDump - ok
22:02:37.0125 0684 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:02:37.0125 0684 PCIIde - ok
22:02:37.0140 0684 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:02:37.0156 0684 Pcmcia - ok
22:02:37.0171 0684 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
22:02:37.0187 0684 pcouffin - ok
22:02:37.0187 0684 PDCOMP - ok
22:02:37.0203 0684 PDFRAME - ok
22:02:37.0218 0684 PDRELI - ok
22:02:37.0234 0684 PDRFRAME - ok
22:02:37.0234 0684 perc2 - ok
22:02:37.0250 0684 perc2hib - ok
22:02:37.0328 0684 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:02:37.0343 0684 PlugPlay - ok
22:02:37.0343 0684 PNRPSvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll
22:02:37.0359 0684 PNRPSvc - ok
22:02:37.0390 0684 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:02:37.0390 0684 PolicyAgent - ok
22:02:37.0421 0684 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:02:37.0421 0684 PptpMiniport - ok
22:02:37.0437 0684 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:02:37.0437 0684 Processor - ok
22:02:37.0453 0684 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:02:37.0453 0684 ProtectedStorage - ok
22:02:37.0484 0684 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:02:37.0484 0684 PSched - ok
22:02:37.0500 0684 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:02:37.0500 0684 Ptilink - ok
22:02:37.0562 0684 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:02:37.0562 0684 PxHelp20 - ok
22:02:37.0562 0684 ql1080 - ok
22:02:37.0578 0684 Ql10wnt - ok
22:02:37.0593 0684 ql12160 - ok
22:02:37.0609 0684 ql1240 - ok
22:02:37.0625 0684 ql1280 - ok
22:02:37.0656 0684 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:02:37.0656 0684 RasAcd - ok
22:02:37.0703 0684 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:02:37.0703 0684 RasAuto - ok
22:02:37.0718 0684 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:02:37.0734 0684 Rasl2tp - ok
22:02:37.0765 0684 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:02:37.0781 0684 RasMan - ok
22:02:37.0796 0684 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:02:37.0796 0684 RasPppoe - ok
22:02:37.0828 0684 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:02:37.0828 0684 Raspti - ok
22:02:37.0859 0684 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:02:37.0859 0684 Rdbss - ok
22:02:37.0875 0684 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:02:37.0875 0684 RDPCDD - ok
22:02:37.0906 0684 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:02:37.0921 0684 rdpdr - ok
22:02:37.0968 0684 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:02:37.0984 0684 RDPWD - ok
22:02:38.0015 0684 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:02:38.0015 0684 RDSessMgr - ok
22:02:38.0062 0684 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:02:38.0062 0684 redbook - ok
22:02:38.0109 0684 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:02:38.0109 0684 RemoteAccess - ok
22:02:38.0125 0684 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:02:38.0140 0684 RemoteRegistry - ok
22:02:38.0250 0684 reparse (7cddeee8c2cfea2cc26b1236ca43168f) C:\WINDOWS\system32\DRIVERS\cbreparse.sys
22:02:38.0250 0684 reparse - ok
22:02:38.0421 0684 richvideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
22:02:38.0421 0684 richvideo - ok
22:02:38.0468 0684 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
22:02:38.0468 0684 rimmptsk - ok
22:02:38.0500 0684 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
22:02:38.0500 0684 rimsptsk - ok
22:02:38.0531 0684 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
22:02:38.0531 0684 rismxdp - ok
22:02:38.0578 0684 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:02:38.0578 0684 RpcLocator - ok
22:02:38.0656 0684 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:02:38.0656 0684 RpcSs - ok
22:02:38.0703 0684 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:02:38.0718 0684 RSVP - ok
22:02:38.0750 0684 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:02:38.0750 0684 SamSs - ok
22:02:38.0843 0684 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:02:38.0843 0684 SASDIFSV - ok
22:02:38.0875 0684 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:02:38.0875 0684 SASKUTIL - ok
22:02:38.0921 0684 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
22:02:38.0921 0684 sbp2port - ok
22:02:38.0953 0684 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:02:38.0953 0684 SCardSvr - ok
22:02:38.0984 0684 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:02:39.0015 0684 sdbus - ok
22:02:39.0046 0684 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:02:39.0046 0684 Secdrv - ok
22:02:39.0093 0684 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:02:39.0093 0684 seclogon - ok
22:02:39.0109 0684 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:02:39.0109 0684 SENS - ok
22:02:39.0156 0684 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:02:39.0156 0684 Serial - ok
22:02:39.0203 0684 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
22:02:39.0203 0684 sffdisk - ok
22:02:39.0218 0684 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
22:02:39.0218 0684 sffp_sd - ok
22:02:39.0250 0684 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:02:39.0250 0684 Sfloppy - ok
22:02:39.0296 0684 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:02:39.0312 0684 SharedAccess - ok
22:02:39.0359 0684 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:02:39.0359 0684 ShellHWDetection - ok
22:02:39.0359 0684 Simbad - ok
22:02:39.0390 0684 SimpTcp (32933b07fc16d9f778bee12545fa1b1a) C:\WINDOWS\system32\tcpsvcs.exe
22:02:39.0390 0684 SimpTcp - ok
22:02:39.0406 0684 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:02:39.0406 0684 SLIP - ok
22:02:39.0468 0684 SmartDefragDriver (14bb60a4f1c5291217a05d5728c403e6) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
22:02:39.0468 0684 SmartDefragDriver - ok
22:02:39.0500 0684 SndTAudio (766cab542e1f424c008430ed7443b324) C:\WINDOWS\system32\drivers\SndTAudio.sys
22:02:39.0500 0684 SndTAudio - ok
22:02:39.0546 0684 SndTVideo (aeeb3435ba55fbaa00eb518f29e0c246) C:\WINDOWS\system32\DRIVERS\SndTVideo.sys
22:02:39.0546 0684 SndTVideo - ok
22:02:39.0593 0684 snmp (60c377be6b3cc83f6a8584934b181d2e) C:\WINDOWS\System32\snmp.exe
22:02:39.0593 0684 snmp - ok
22:02:39.0640 0684 snmptrap (80a050795a107a76c2b1cd4cfbe010e6) C:\WINDOWS\System32\snmptrap.exe
22:02:39.0640 0684 snmptrap - ok
22:02:39.0656 0684 Sparrow - ok
22:02:39.0671 0684 SPLITCAM - ok
22:02:39.0687 0684 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:02:39.0703 0684 splitter - ok
22:02:39.0750 0684 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:02:39.0750 0684 Spooler - ok
22:02:39.0781 0684 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:02:39.0781 0684 sr - ok
22:02:39.0828 0684 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:02:39.0843 0684 srservice - ok
22:02:39.0890 0684 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:02:39.0906 0684 Srv - ok
22:02:39.0953 0684 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
22:02:39.0953 0684 ssadbus - ok
22:02:39.0984 0684 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
22:02:39.0984 0684 ssadmdfl - ok
22:02:40.0000 0684 ssadmdm (9afaa23421622c392b55508fa9613949) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
22:02:40.0000 0684 ssadmdm - ok
22:02:40.0031 0684 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:02:40.0031 0684 SSDPSRV - ok
22:02:40.0031 0684 StarOpen - ok
22:02:40.0093 0684 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:02:40.0125 0684 stisvc - ok
22:02:40.0171 0684 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:02:40.0171 0684 streamip - ok
22:02:40.0187 0684 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:02:40.0187 0684 swenum - ok
22:02:40.0218 0684 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:02:40.0218 0684 swmidi - ok
22:02:40.0218 0684 SwPrv - ok
22:02:40.0250 0684 symc810 - ok
22:02:40.0250 0684 symc8xx - ok
22:02:40.0265 0684 sym_hi - ok
22:02:40.0281 0684 sym_u3 - ok
22:02:40.0328 0684 SynasUSB (418bd80a7fefaa3fcbd3dcfc021cb294) C:\WINDOWS\system32\drivers\SynasUSB.sys
22:02:40.0328 0684 SynasUSB - ok
22:02:40.0750 0684 SynchronizationService.exe (54122fc5bfcc4a2cfabec9b7700e9032) C:\Program Files\COMODO\COMMON\SynchronizationService.exe
22:02:40.0968 0684 SynchronizationService.exe - ok
22:02:41.0125 0684 syntp (926e0bb4cac05d9a0c3b59dc16fe2f1c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:02:41.0140 0684 syntp - ok
22:02:41.0187 0684 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:02:41.0187 0684 sysaudio - ok
22:02:41.0234 0684 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:02:41.0234 0684 SysmonLog - ok
22:02:41.0296 0684 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:02:41.0296 0684 TapiSrv - ok
22:02:41.0359 0684 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:02:41.0375 0684 Tcpip - ok
22:02:41.0421 0684 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
22:02:41.0421 0684 Tcpip6 - ok
22:02:41.0453 0684 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:02:41.0453 0684 TDPIPE - ok
22:02:41.0484 0684 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:02:41.0484 0684 TDTCP - ok
22:02:41.0500 0684 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:02:41.0500 0684 TermDD - ok
22:02:41.0531 0684 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:02:41.0531 0684 TermService - ok
22:02:41.0578 0684 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:02:41.0578 0684 Themes - ok
22:02:41.0640 0684 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
22:02:41.0640 0684 TlntSvr - ok
22:02:41.0656 0684 TosIde - ok
22:02:41.0671 0684 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:02:41.0671 0684 TrkWks - ok
22:02:41.0734 0684 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
22:02:41.0734 0684 tunmp - ok
22:02:41.0921 0684 tvnserver (7694dca064d0b7e0d1a6972bb9c71b39) C:\Documents and Settings\Bob\Local Settings\Application Data\CrossLoop\tvnserver.exe
22:02:41.0953 0684 tvnserver - ok
22:02:42.0000 0684 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:02:42.0000 0684 Udfs - ok
22:02:42.0031 0684 UIUSys - ok
22:02:42.0031 0684 ultra - ok
22:02:42.0078 0684 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:02:42.0093 0684 Update - ok
22:02:42.0140 0684 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:02:42.0156 0684 upnphost - ok
22:02:42.0171 0684 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:02:42.0171 0684 UPS - ok
22:02:42.0171 0684 usbaapl - ok
22:02:42.0203 0684 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:02:42.0203 0684 usbccgp - ok
22:02:42.0250 0684 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:02:42.0250 0684 usbehci - ok
22:02:42.0281 0684 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:02:42.0281 0684 usbhub - ok
22:02:42.0296 0684 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:02:42.0296 0684 usbohci - ok
22:02:42.0328 0684 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:02:42.0328 0684 usbprint - ok
22:02:42.0343 0684 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:02:42.0343 0684 usbscan - ok
22:02:42.0359 0684 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:02:42.0359 0684 USBSTOR - ok
22:02:42.0390 0684 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
22:02:42.0390 0684 usbvideo - ok
22:02:42.0406 0684 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
22:02:42.0406 0684 usb_rndisx - ok
22:02:42.0406 0684 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:02:42.0406 0684 VgaSave - ok
22:02:42.0421 0684 ViaIde - ok
22:02:42.0468 0684 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:02:42.0468 0684 VolSnap - ok
22:02:42.0500 0684 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:02:42.0515 0684 VSS - ok
22:02:42.0562 0684 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:02:42.0562 0684 W32Time - ok
22:02:42.0578 0684 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:02:42.0578 0684 Wanarp - ok
22:02:42.0609 0684 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
22:02:42.0609 0684 wceusbsh - ok
22:02:42.0671 0684 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:02:42.0671 0684 Wdf01000 - ok
22:02:42.0687 0684 WDICA - ok
22:02:42.0718 0684 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:02:42.0718 0684 wdmaud - ok
22:02:42.0781 0684 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:02:42.0781 0684 WebClient - ok
22:02:42.0843 0684 winachsf (0e666ac2766f2fd860cc03f405a2ace1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:02:42.0906 0684 winachsf - ok
22:02:42.0984 0684 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:02:42.0984 0684 winmgmt - ok
22:02:43.0046 0684 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:02:43.0046 0684 WmdmPmSN - ok
22:02:43.0125 0684 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:02:43.0140 0684 Wmi - ok
22:02:43.0218 0684 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:02:43.0218 0684 WmiAcpi - ok
22:02:43.0250 0684 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:02:43.0250 0684 WmiApSrv - ok
22:02:43.0281 0684 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:02:43.0281 0684 WS2IFSL - ok
22:02:43.0328 0684 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:02:43.0328 0684 wscsvc - ok
22:02:43.0328 0684 WSearch - ok
22:02:43.0406 0684 WSIMD (0091d78c5f8fde0cdf2b214823de6e48) C:\WINDOWS\system32\DRIVERS\wsimd.sys
22:02:43.0406 0684 WSIMD - ok
22:02:43.0421 0684 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:02:43.0421 0684 WSTCODEC - ok
22:02:43.0453 0684 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:02:43.0484 0684 wuauserv - ok
22:02:43.0515 0684 wudfpf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:02:43.0515 0684 wudfpf - ok
22:02:43.0546 0684 wudfrd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:02:43.0546 0684 wudfrd - ok
22:02:43.0593 0684 wudfsvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:02:43.0593 0684 wudfsvc - ok
22:02:43.0656 0684 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:02:43.0687 0684 WZCSVC - ok
22:02:43.0718 0684 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:02:43.0718 0684 xmlprov - ok
22:02:43.0781 0684 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:02:44.0250 0684 \Device\Harddisk0\DR0 - ok
22:02:44.0265 0684 Boot (0x1200) (f47aaf55a8e1819b78ac43ffc839aaf5) \Device\Harddisk0\DR0\Partition0
22:02:44.0265 0684 \Device\Harddisk0\DR0\Partition0 - ok
22:02:44.0296 0684 Boot (0x1200) (40b9d2cf8f6a6ffd4c3117b398d26baa) \Device\Harddisk0\DR0\Partition1
22:02:44.0296 0684 \Device\Harddisk0\DR0\Partition1 - ok
22:02:44.0312 0684 ============================================================
22:02:44.0312 0684 Scan finished
22:02:44.0312 0684 ============================================================
22:02:44.0343 1620 Detected object count: 0
22:02:44.0343 1620 Actual detected object count: 0

#5 TravelinMan

TravelinMan
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 24 May 2012 - 11:29 PM

MBAM - I ran it initially in "normal" mode, but it froze up before I could open the log and cut n paste it... I rebooted in safemode network, re-ran MBAM scan, and here is the result...

I will now do the third item you suggested.... thanks... :clapping:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.25.01

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.5730.13
Bob :: HP [administrator]

5/24/2012 11:11:08 He's Coming
mbam-log-2012-05-24 (23-11-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209164
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Topckit (PUP.Topckit) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files\Topckit (PUP.Topckit) -> Quarantined and deleted successfully.

Files Detected: 1
C:\Documents and Settings\Bob\My Documents\Downloads\SvchostFixWizard.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

#6 TravelinMan

TravelinMan
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 24 May 2012 - 11:39 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by Bob (administrator) on 24-05-2012 at 23:32:57
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Nerwork
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR5007 802.11b/g WiFi Adapter = Wireless Network Connection 3 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 3"

set address name="Wireless Network Connection 3" source=dhcp
set dns name="Wireless Network Connection 3" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : hp

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Wireless Network Connection 3:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter

Physical Address. . . . . . . . . : 00-1F-3A-33-A3-6A

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.75

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : ?

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

?

?

?

NetBIOS over Tcpip. . . . . . . . : Disabled

Lease Obtained. . . . . . . . . . : Thursday, May 24, 2012 11:21:02 He's Coming

Lease Expires . . . . . . . . . . : Friday, May 25, 2012 11:21:02 He's Coming



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : ?

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.227.101, 74.125.227.102, 74.125.227.103, 74.125.227.104
74.125.227.105, 74.125.227.110, 74.125.227.96, 74.125.227.97, 74.125.227.98
74.125.227.99, 74.125.227.100



Pinging google.com [74.125.227.32] with 32 bytes of data:



Reply from 74.125.227.32: bytes=32 time=36ms TTL=50

Reply from 74.125.227.32: bytes=32 time=37ms TTL=50



Ping statistics for 74.125.227.32:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 36ms, Maximum = 37ms, Average = 36ms

Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=89ms TTL=48

Reply from 72.30.38.140: bytes=32 time=88ms TTL=48



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 88ms, Maximum = 89ms, Average = 88ms

Server: homeportal
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1f 3a 33 a3 6a ...... Atheros AR5006X Wireless Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.75 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.75 192.168.1.75 25
192.168.1.75 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.75 192.168.1.75 25
224.0.0.0 240.0.0.0 192.168.1.75 192.168.1.75 25
255.255.255.255 255.255.255.255 192.168.1.75 192.168.1.75 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/24/2012 11:24:16 PM) (Source: Outlook) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error: (05/24/2012 11:24:16 PM) (Source: Outlook) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x8007043c.

Error: (05/24/2012 11:24:11 PM) (Source: Outlook) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error: (05/24/2012 11:24:11 PM) (Source: Outlook) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x8007043c.

Error: (05/24/2012 10:24:16 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (svchost.exe!ld!)

Error: (05/24/2012 10:23:27 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (svchost.exe!ld!)

Error: (05/24/2012 10:22:16 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (svchost.exe!ld!)

Error: (05/24/2012 10:20:56 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (svchost.exe!ld!)

Error: (05/24/2012 10:20:29 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: The McShield scanning service cannot find any configuration in the registry

Error: (05/22/2012 06:54:24 AM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]


System errors:
=============
Error: (05/24/2012 11:25:18 PM) (Source: DCOM) (User: Bob)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/24/2012 11:25:18 PM) (Source: DCOM) (User: Bob)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/24/2012 11:25:18 PM) (Source: DCOM) (User: Bob)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/24/2012 11:25:18 PM) (Source: DCOM) (User: Bob)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/24/2012 11:25:18 PM) (Source: DCOM) (User: Bob)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/24/2012 11:25:18 PM) (Source: DCOM) (User: Bob)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/24/2012 11:25:18 PM) (Source: DCOM) (User: Bob)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/24/2012 11:25:18 PM) (Source: DCOM) (User: Bob)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/24/2012 11:25:18 PM) (Source: DCOM) (User: Bob)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (05/24/2012 11:25:18 PM) (Source: DCOM) (User: Bob)
Description: DCOM got error "%%1084" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (04/27/2012 01:54:48 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1990 seconds with 1680 seconds of active time. This session ended with a crash.

Error: (01/15/2012 00:46:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4670 seconds with 360 seconds of active time. This session ended with a crash.

Error: (07/04/2011 03:18:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/25/2010 01:03:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10227 seconds with 480 seconds of active time. This session ended with a crash.

Error: (11/20/2010 10:54:56 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 69 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/20/2010 02:07:33 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 32721 seconds with 180 seconds of active time. This session ended with a crash.

Error: (09/23/2010 03:20:51 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4858 seconds with 540 seconds of active time. This session ended with a crash.

Error: (07/13/2010 01:24:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/07/2010 06:49:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 528 seconds with 120 seconds of active time. This session ended with a crash.

Error: (06/05/2010 00:55:48 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 9.20
Adobe AIR (Version: 2.7.1.19610)
Adobe Community Help (Version: 3.5.23)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Flash Player ActiveX (Version: 9.0.124.0)
Adobe Photoshop CS (Version: CS)
Adobe Photoshop.com Inspiration Browser (Version: 3.07)
Adobe Premiere Elements 9 (Version: 9.0)
Adobe Premiere Elements 9 (Version: 9.0.1)
Adobe Premiere Elements 9 Content (Version: 9.0)
Adobe Premiere Elements 9 HD Content 1 (Version: 9.0)
Adobe Premiere Elements 9 HD Content 2 (Version: 9.0)
Adobe Premiere Elements 9 HD Content 3 (Version: 9.0)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 9.0)
Audacity 1.2.6
avast! Free Antivirus (Version: 7.0.1426.0)
AVS DVD Player version 2.4
AVS Update Manager 1.0
AVS Video Recorder 2.4
Broadcom 802.11 Wireless LAN Adapter (Version: 4.170.77.3)
CA Yahoo! Anti-Spy (remove only)
CCleaner (Version: 3.18)
Choice Guard (Version: 1.2.87.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant HD Audio (Version: 3.43.0.0)
Constant Contact QuickImport - Outlook (Version: 1.0)
Copernic Desktop Search - Home
Corel Graphics Suite 11 (Version: 11)
CrossLoop 2.80 (Version: 2.80)
CutePDF Writer 2.5
DiskCheckup v3.0.1006 (Version: 3.0.1006)
Dropbox (Version: 1.2.52)
DVD Shrink 3.2
DVD43 v4.6.0
Elements 9 Organizer (Version: 9.0)
Elements STI Installer (Version: 1.0)
EPSON Printer Software
ESET Online Scanner v3
Facebook Plug-In
Foxit Reader 5.1 (Version: 5.1.4.104)
Foxit Toolbar (Version: 4.1.0.5)
Funambol Windows Sync Client 10.0.1 (Version: 10.0.1)
Glary Utilities 2.18.0.786 (Version: 2.18.0.786)
Google Chrome (Version: 19.0.1084.46)
Google Gears (Version: 0.5.3600)
Google Talk Plugin (Version: 2.6.1.5251)
Google Update Helper (Version: 1.3.21.111)
HDAUDIO Soft Data Fax Modem with SmartCP
HP Product Detection (Version: 4.0.0011)
HP Quick Launch Buttons 6.40 H2 (Version: 6.40 H2)
HP Update (Version: 5.003.001.001)
IrfanView (remove only)
iTunes (Version: 10.1.0.56)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 31 (Version: 6.0.310)
JetClean (Version: 1.0.0)
jZip
LADSPA_plugins-win-0.4.15
LAME v3.98.2 for Audacity
LightScribe System Software (Version: 1.18.19.1)
LightScribe Template Designs - 9 to 5 Pack 1 (Version: 1.15.0.0)
LightScribe Template Designs - Hobby Pack 1 (Version: 1.15.0.0)
LightScribe Template Designs - Life Events Pack 1 (Version: 1.17.146.0)
LightScribe Template Designs - Memories (Version: 1.18.18.0)
LightScribe Template Designs - Seasonal Pack 1 (Version: 1.15.0.0)
LightScribe Template Designs - Straight Text (Version: 1.18.18.3)
LightScribe Template Designs - Tribal Pack 1 (Version: 1.15.0.0)
LightScribe Template Labeler (Version: 1.18.15.1)
MailWasher Free 6.5.4
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Converter Pack (Version: 11.0.0.0)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 12.0.6414.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
MWSnap 3 (Version: 3.0.0.74)
Nero 6 Ultra Edition
NVIDIA Drivers
QuickTime (Version: 7.68.75.0)
Revo Uninstaller 1.91 (Version: 1.91)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2300.0)
Segoe UI (Version: 14.0.4327.805)
Skype™ 5.0 (Version: 5.0.152)
Slice Audio File Splitter
Smart Defrag 2 (Version: 2.3)
SmartSound Quicktracks for Premiere Elements 9.0 (Version: 3.12.3090)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Start Magic 2.0
SUPERAntiSpyware (Version: 5.0.1142)
Switch Sound File Converter
Synaptics Pointing Device Driver (Version: 11.0.7.0)
Syncrosoft License Control
TreeSize Free V2.4 (Version: 2.4)
TweetDeck (Version: 0.34.2)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Office 2007 (KB946691)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
User Manager (Version: 2.2.0)
VBA (2627.01) (Version: 6.03.00.9188)
Vimeo Uploader (Version: 0.9.5)
Vimeo Uploader (Version: 0.9.5.2)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual C++ CRT 9.0 (Version: 1.0.0.0)
VLC media player 1.1.11 (Version: 1.1.11)
WebFldrs XP (Version: 9.50.7523)
Win7Keys 1.0 (Version: 1.0)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) (Version: 05/27/2006 1.3.2.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Live Essentials (Version: 14.0.8064.0206)
Windows Live Essentials (Version: 14.0.8064.206)
Windows Live Family Safety (Version: 14.0.8064.206)
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8064.0206)
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinUtilities 9.96 Free Edition
WinZip (Version: 9.0 SR-1 (6224))
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 18%
Total physical RAM: 1982.85 MB
Available physical RAM: 1624.47 MB
Total Pagefile: 3878.2 MB
Available Pagefile: 3702.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.21 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:137.14 GB) (Free:9.63 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.9 GB) (Free:2.03 GB) NTFS

========================= Users: ========================================

User accounts for \\HP

Administrator aspnet Bob
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:33 AM

Posted 25 May 2012 - 06:48 PM

Ok, sorry it took so long to get back. How is it running now?
can you post the ESET scan?
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start >> Run dialog box from the Start Menu on the desktop.



Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u4-windows-i586.exe (or jre-7u4-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 TravelinMan

TravelinMan
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 25 May 2012 - 08:42 PM

Thanks... I will do the Java dance... here is the ESET log... I really appreciate your help sir... so far I can't operate in regular mode... my svchost crashes several times and freezes up my whole system...

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ccf476ef90c04c4080bd326643775d64
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-24 09:02:57
# local_time=2012-05-24 04:02:57 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16777086 33 96 113511720 151671057 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=318276
# found=7
# cleaned=7
# scan_time=7822
C:\Documents and Settings\Bob\My Documents\Downloads\svchost fix wizard setup.exe Win32/Soft32Downloader application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Bob\My Documents\Downloads\Topckit_Install.exe a variant of Win32/Adware.Topckit application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Topckit\Topckit_2012.exe a variant of Win32/Adware.Topckit application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\VxbaKnnn.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\VxbaKnnn.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\xgmbxlbh.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\Bobs HP My Docs\Downloads\SoftonicDownloader_for_winflip.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:33 AM

Posted 25 May 2012 - 08:53 PM

How long ago was ComboFix run?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 TravelinMan

TravelinMan
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 25 May 2012 - 10:31 PM

To be honest... I can't remember about the Combofix... I believe it may have been yesterday or the day before... I have been running lots of scans.. and the only ones I have documented is the ones above.... shall I run it again... ???

I am at least in normal mode at the moment and all seems to be well... I have had svchost.exe error issues in the past.... but I believe this boot up, didn't have any svchost.exe crashes... I will reboot and try again... My Firewall is not enabled... and I shut off automatic updates ... shall I enable those two???

#11 TravelinMan

TravelinMan
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 26 May 2012 - 09:56 AM

I just want to say thanks to Boopme for the help... I have my computer back!!! :clapping: I struggled with this issue for over 2 weeks.. Thanks again for your serving... :thumbsup:

Bob

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:33 AM

Posted 28 May 2012 - 11:16 PM

You're welcome!!
If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 TravelinMan

TravelinMan
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 30 May 2012 - 12:37 PM

I didn't read your post until it was too late... I am back to square one... I reran everything again except for reinstalling Java 7... so sad.. it was operating perfect... now it is hung again in normal mode, cant execute programs, and has the same error messages about svchost.exe... etc.... :o

as soon as I can get it back to running smoothly I will do the restore point option thanks... Bob

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:33 AM

Posted 30 May 2012 - 03:42 PM

We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 TravelinMan

TravelinMan
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 04 June 2012 - 05:50 PM

thanks so much.. I did exactly what you recommended... I so appreciate your time and wisdom on this.... Travelin Man!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users