Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lost all programs


  • Please log in to reply
9 replies to this topic

#1 Shawnee2

Shawnee2

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 08 June 2012 - 06:01 PM

I have a sony laptop that is running windows XP. I have AVG Interent security 2012. My problem is that AVG has recently been blocking several exploit threats. Then one day when I started up the computer again, I lost all my desktop short cuts and I have no programs listed under the start menu. All I can see is the Internet Explorer shortcut and under the start menu is the Vaio support center. I can run items on the internet and occasionally see some of my fravorites show up but not everytime it is started. I have tried to restore the C: drive using the recovery module but I get an error message saying the drive is not available. If it recognize the drive and starts the restore process, the computer just restarts and does not go through the recovery. I am open to reformatting but I do not have any recovery discs to reload windows.

What do I need to do?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:00 PM

Posted 08 June 2012 - 06:19 PM

Press Windows+R key and type

%temp% and click ok

If you have a folder called SMTMP ,copy it to a safe location

Download

UNHIDE

Run it,this should restore your hidden files

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Edited by narenxp, 08 June 2012 - 06:19 PM.


#3 Shawnee2

Shawnee2
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 08 June 2012 - 09:35 PM

21:27:55.0781 5836 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:27:57.0781 5836 ============================================================
21:27:57.0781 5836 Current date / time: 2012/06/08 21:27:57.0781
21:27:57.0781 5836 SystemInfo:
21:27:57.0781 5836
21:27:57.0781 5836 OS Version: 5.1.2600 ServicePack: 3.0
21:27:57.0781 5836 Product type: Workstation
21:27:57.0781 5836 ComputerName: 078A6A7107074FC
21:27:57.0781 5836 UserName: JD
21:27:57.0781 5836 Windows directory: C:\WINDOWS
21:27:57.0781 5836 System windows directory: C:\WINDOWS
21:27:57.0781 5836 Processor architecture: Intel x86
21:27:57.0781 5836 Number of processors: 1
21:27:57.0781 5836 Page size: 0x1000
21:27:57.0781 5836 Boot type: Normal boot
21:27:57.0781 5836 ============================================================
21:28:08.0109 5836 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:28:08.0109 5836 ============================================================
21:28:08.0109 5836 \Device\Harddisk0\DR0:
21:28:08.0109 5836 MBR partitions:
21:28:08.0109 5836 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC02F10, BlocksNum 0x890B5B1
21:28:08.0109 5836 ============================================================
21:28:08.0156 5836 C: <-> \Device\Harddisk0\DR0\Partition0
21:28:08.0156 5836 ============================================================
21:28:08.0156 5836 Initialize success
21:28:08.0156 5836 ============================================================
21:28:35.0296 5264 ============================================================
21:28:35.0296 5264 Scan started
21:28:35.0296 5264 Mode: Manual; TDLFS;
21:28:35.0296 5264 ============================================================
21:28:37.0796 5264 Abiosdsk - ok
21:28:37.0796 5264 abp480n5 - ok
21:28:38.0062 5264 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:28:38.0078 5264 ACPI - ok
21:28:38.0109 5264 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:28:38.0109 5264 ACPIEC - ok
21:28:38.0125 5264 adpu160m - ok
21:28:38.0281 5264 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:28:38.0296 5264 aec - ok
21:28:38.0375 5264 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:28:38.0375 5264 AegisP - ok
21:28:38.0562 5264 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:28:38.0578 5264 AFD - ok
21:28:38.0578 5264 Aha154x - ok
21:28:38.0593 5264 aic78u2 - ok
21:28:38.0593 5264 aic78xx - ok
21:28:38.0640 5264 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:28:38.0656 5264 Alerter - ok
21:28:38.0718 5264 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:28:38.0718 5264 ALG - ok
21:28:38.0734 5264 AliIde - ok
21:28:38.0734 5264 amsint - ok
21:28:38.0953 5264 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
21:28:39.0000 5264 ApfiltrService - ok
21:28:39.0015 5264 AppMgmt - ok
21:28:39.0125 5264 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:28:39.0125 5264 Arp1394 - ok
21:28:39.0125 5264 asc - ok
21:28:39.0140 5264 asc3350p - ok
21:28:39.0140 5264 asc3550 - ok
21:28:39.0781 5264 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:28:40.0500 5264 aspnet_state - ok
21:28:40.0515 5264 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:28:40.0515 5264 AsyncMac - ok
21:28:40.0640 5264 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:28:40.0640 5264 atapi - ok
21:28:40.0656 5264 Atdisk - ok
21:28:40.0750 5264 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:28:40.0781 5264 Atmarpc - ok
21:28:40.0890 5264 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:28:40.0890 5264 AudioSrv - ok
21:28:40.0953 5264 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:28:40.0953 5264 audstub - ok
21:28:40.0968 5264 Avgfwdx (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
21:28:40.0968 5264 Avgfwdx - ok
21:28:40.0968 5264 Avgfwfd (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
21:28:40.0968 5264 Avgfwfd - ok
21:28:43.0437 5264 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files\AVG\AVG2012\avgfws.exe
21:28:44.0437 5264 avgfws - ok
21:28:48.0250 5264 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
21:28:49.0281 5264 AVGIDSAgent - ok
21:28:50.0218 5264 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
21:28:50.0218 5264 AVGIDSDriver - ok
21:28:50.0265 5264 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
21:28:50.0265 5264 AVGIDSEH - ok
21:28:50.0296 5264 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
21:28:50.0296 5264 AVGIDSFilter - ok
21:28:50.0390 5264 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
21:28:50.0390 5264 AVGIDSShim - ok
21:28:50.0515 5264 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:28:50.0531 5264 Avgldx86 - ok
21:28:50.0546 5264 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:28:50.0546 5264 Avgmfx86 - ok
21:28:50.0578 5264 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:28:50.0578 5264 Avgrkx86 - ok
21:28:50.0843 5264 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:28:50.0890 5264 Avgtdix - ok
21:28:51.0187 5264 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
21:28:51.0203 5264 avgwd - ok
21:28:51.0234 5264 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:28:51.0234 5264 Beep - ok
21:28:51.0625 5264 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:28:51.0687 5264 BITS - ok
21:28:52.0000 5264 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:28:52.0000 5264 Browser - ok
21:28:52.0062 5264 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:28:52.0062 5264 cbidf2k - ok
21:28:52.0078 5264 cd20xrnt - ok
21:28:52.0156 5264 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:28:52.0156 5264 Cdaudio - ok
21:28:52.0281 5264 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:28:52.0281 5264 Cdfs - ok
21:28:52.0390 5264 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:28:52.0390 5264 Cdrom - ok
21:28:52.0390 5264 Changer - ok
21:28:52.0468 5264 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:28:52.0484 5264 CiSvc - ok
21:28:52.0515 5264 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:28:52.0515 5264 ClipSrv - ok
21:28:52.0984 5264 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:28:53.0000 5264 clr_optimization_v2.0.50727_32 - ok
21:28:53.0218 5264 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:28:53.0265 5264 clr_optimization_v4.0.30319_32 - ok
21:28:53.0328 5264 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:28:53.0343 5264 CmBatt - ok
21:28:53.0343 5264 CmdIde - ok
21:28:53.0406 5264 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:28:53.0437 5264 Compbatt - ok
21:28:53.0437 5264 COMSysApp - ok
21:28:53.0453 5264 Cpqarray - ok
21:28:53.0531 5264 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:28:53.0531 5264 CryptSvc - ok
21:28:53.0546 5264 dac2w2k - ok
21:28:53.0546 5264 dac960nt - ok
21:28:54.0234 5264 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:28:54.0234 5264 DcomLaunch - ok
21:28:54.0359 5264 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:28:54.0359 5264 Dhcp - ok
21:28:54.0390 5264 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:28:54.0390 5264 Disk - ok
21:28:54.0390 5264 dmadmin - ok
21:28:55.0328 5264 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:28:55.0406 5264 dmboot - ok
21:28:55.0437 5264 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
21:28:55.0453 5264 DMICall - ok
21:28:55.0531 5264 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:28:55.0546 5264 dmio - ok
21:28:55.0625 5264 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:28:55.0625 5264 dmload - ok
21:28:55.0859 5264 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:28:55.0859 5264 dmserver - ok
21:28:55.0921 5264 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:28:55.0937 5264 DMusic - ok
21:28:56.0000 5264 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:28:56.0000 5264 Dnscache - ok
21:28:56.0156 5264 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:28:56.0171 5264 Dot3svc - ok
21:28:56.0171 5264 dpti2o - ok
21:28:56.0203 5264 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:28:56.0203 5264 drmkaud - ok
21:28:56.0328 5264 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:28:56.0328 5264 E100B - ok
21:28:56.0375 5264 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:28:56.0390 5264 EapHost - ok
21:28:56.0468 5264 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:28:56.0468 5264 ERSvc - ok
21:28:56.0500 5264 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:28:56.0531 5264 Eventlog - ok
21:28:56.0812 5264 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:28:56.0828 5264 EventSystem - ok
21:28:57.0046 5264 EvtEng (4a2a65b466ef6b4d999ad3ce2bef827d) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
21:28:57.0046 5264 EvtEng - ok
21:28:57.0171 5264 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:28:57.0218 5264 Fastfat - ok
21:28:57.0437 5264 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:28:57.0437 5264 FastUserSwitchingCompatibility - ok
21:28:57.0453 5264 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:28:57.0453 5264 Fdc - ok
21:28:57.0546 5264 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:28:57.0546 5264 Fips - ok
21:28:57.0562 5264 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:28:57.0562 5264 Flpydisk - ok
21:28:57.0890 5264 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:28:57.0906 5264 FltMgr - ok
21:28:58.0140 5264 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:28:58.0140 5264 FontCache3.0.0.0 - ok
21:28:58.0203 5264 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:28:58.0203 5264 Fs_Rec - ok
21:28:58.0390 5264 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:28:58.0406 5264 Ftdisk - ok
21:28:58.0453 5264 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:28:58.0468 5264 Gpc - ok
21:28:59.0234 5264 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:28:59.0250 5264 HDAudBus - ok
21:28:59.0312 5264 helpsvc - ok
21:28:59.0312 5264 HidServ - ok
21:28:59.0343 5264 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:28:59.0343 5264 HidUsb - ok
21:28:59.0484 5264 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:28:59.0484 5264 hkmsvc - ok
21:28:59.0484 5264 hpn - ok
21:28:59.0578 5264 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:28:59.0640 5264 HSFHWAZL - ok
21:29:00.0156 5264 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:29:00.0421 5264 HSF_DPV - ok
21:29:00.0562 5264 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:29:00.0609 5264 HTTP - ok
21:29:00.0718 5264 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:29:00.0734 5264 HTTPFilter - ok
21:29:00.0734 5264 i2omgmt - ok
21:29:00.0750 5264 i2omp - ok
21:29:00.0812 5264 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:29:00.0843 5264 i8042prt - ok
21:29:01.0515 5264 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:29:02.0218 5264 ialm - ok
21:29:02.0984 5264 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:29:04.0250 5264 IDriverT - ok
21:29:05.0265 5264 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:29:05.0640 5264 idsvc - ok
21:29:05.0890 5264 Image Converter video recording monitor for VAIO Entertainment (a16dedf58c40d8236578f0fbb520ea6d) C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
21:29:11.0781 5264 Image Converter video recording monitor for VAIO Entertainment - ok
21:29:12.0375 5264 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:29:12.0375 5264 Imapi - ok
21:29:12.0546 5264 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:29:12.0546 5264 ImapiService - ok
21:29:12.0562 5264 ini910u - ok
21:29:17.0375 5264 IntcAzAudAddService (5f2657f8781376892035976cf8122a2d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:29:18.0765 5264 IntcAzAudAddService - ok
21:29:19.0328 5264 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:29:19.0328 5264 IntelIde - ok
21:29:19.0390 5264 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:29:19.0406 5264 intelppm - ok
21:29:19.0484 5264 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:29:19.0484 5264 Ip6Fw - ok
21:29:19.0562 5264 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:29:19.0562 5264 IpFilterDriver - ok
21:29:19.0609 5264 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:29:19.0609 5264 IpInIp - ok
21:29:19.0890 5264 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:29:19.0890 5264 IpNat - ok
21:29:19.0937 5264 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:29:19.0937 5264 IPSec - ok
21:29:20.0031 5264 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:29:20.0031 5264 IRENUM - ok
21:29:20.0171 5264 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:29:20.0171 5264 isapnp - ok
21:29:20.0265 5264 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:29:20.0265 5264 Kbdclass - ok
21:29:20.0656 5264 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:29:20.0703 5264 kmixer - ok
21:29:20.0796 5264 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:29:20.0796 5264 KSecDD - ok
21:29:21.0031 5264 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:29:21.0031 5264 lanmanserver - ok
21:29:21.0187 5264 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:29:21.0187 5264 lanmanworkstation - ok
21:29:21.0203 5264 lbrtfdc - ok
21:29:21.0437 5264 LEX_AS_NIC_SERVICE_YNOS (3d769924a07c00f5bb4b890f3934cd1e) C:\WINDOWS\system32\DRIVERS\ExpasAG.sys
21:29:21.0578 5264 LEX_AS_NIC_SERVICE_YNOS - ok
21:29:21.0765 5264 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:29:21.0781 5264 LmHosts - ok
21:29:21.0921 5264 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:29:21.0921 5264 mdmxsdk - ok
21:29:22.0109 5264 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:29:22.0171 5264 Messenger - ok
21:29:22.0250 5264 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:29:22.0265 5264 mnmdd - ok
21:29:22.0375 5264 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:29:22.0390 5264 mnmsrvc - ok
21:29:22.0468 5264 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:29:22.0468 5264 Modem - ok
21:29:22.0562 5264 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:29:22.0562 5264 Mouclass - ok
21:29:22.0625 5264 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:29:22.0625 5264 mouhid - ok
21:29:22.0718 5264 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:29:22.0718 5264 MountMgr - ok
21:29:22.0734 5264 mraid35x - ok
21:29:22.0890 5264 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:29:22.0937 5264 MRxDAV - ok
21:29:23.0593 5264 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:29:23.0843 5264 MRxSmb - ok
21:29:24.0296 5264 MSCSPTISRV (b490bd0678cb6a4890a86020ed106c75) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
21:29:24.0750 5264 MSCSPTISRV - ok
21:29:24.0796 5264 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:29:24.0796 5264 MSDTC - ok
21:29:24.0906 5264 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:29:24.0906 5264 Msfs - ok
21:29:24.0921 5264 MSIServer - ok
21:29:25.0062 5264 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:29:25.0078 5264 MSKSSRV - ok
21:29:25.0140 5264 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:29:25.0140 5264 MSPCLOCK - ok
21:29:25.0187 5264 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:29:25.0218 5264 MSPQM - ok
21:29:25.0328 5264 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:29:25.0343 5264 mssmbios - ok
21:29:25.0437 5264 MSSQL$VAIO_VEDB - ok
21:29:25.0562 5264 MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
21:29:26.0265 5264 MSSQLServerADHelper - ok
21:29:26.0453 5264 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:29:26.0531 5264 Mup - ok
21:29:26.0828 5264 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:29:26.0984 5264 napagent - ok
21:29:27.0296 5264 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:29:27.0375 5264 NDIS - ok
21:29:27.0484 5264 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:29:27.0484 5264 NdisTapi - ok
21:29:27.0625 5264 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:29:27.0625 5264 Ndisuio - ok
21:29:27.0796 5264 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:29:27.0875 5264 NdisWan - ok
21:29:28.0437 5264 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:29:28.0437 5264 NDProxy - ok
21:29:28.0515 5264 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:29:28.0515 5264 NetBIOS - ok
21:29:28.0703 5264 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:29:28.0703 5264 NetBT - ok
21:29:28.0812 5264 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:29:28.0828 5264 NetDDE - ok
21:29:28.0828 5264 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:29:28.0828 5264 NetDDEdsdm - ok
21:29:28.0906 5264 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:29:28.0906 5264 Netlogon - ok
21:29:29.0375 5264 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:29:29.0390 5264 Netman - ok
21:29:29.0718 5264 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:29:29.0781 5264 NetTcpPortSharing - ok
21:29:29.0875 5264 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:29:29.0875 5264 NIC1394 - ok
21:29:30.0296 5264 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:29:30.0593 5264 Nla - ok
21:29:30.0687 5264 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:29:30.0687 5264 Npfs - ok
21:29:31.0218 5264 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:29:31.0437 5264 Ntfs - ok
21:29:31.0453 5264 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:29:31.0453 5264 NtLmSsp - ok
21:29:31.0718 5264 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:29:31.0765 5264 NtmsSvc - ok
21:29:31.0812 5264 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:29:31.0859 5264 Null - ok
21:29:31.0937 5264 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:29:31.0937 5264 NwlnkFlt - ok
21:29:32.0015 5264 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:29:32.0031 5264 NwlnkFwd - ok
21:29:32.0093 5264 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:29:32.0093 5264 ohci1394 - ok
21:29:32.0421 5264 PACSPTISVR (dcacc2fc7dc0a3d7a60beb81fa233822) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
21:29:32.0937 5264 PACSPTISVR - ok
21:29:33.0078 5264 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:29:33.0140 5264 Parport - ok
21:29:33.0234 5264 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:29:33.0234 5264 PartMgr - ok
21:29:33.0281 5264 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:29:33.0296 5264 ParVdm - ok
21:29:33.0328 5264 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:29:33.0343 5264 PCI - ok
21:29:33.0343 5264 PCIDump - ok
21:29:33.0375 5264 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:29:33.0375 5264 PCIIde - ok
21:29:33.0453 5264 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:29:33.0453 5264 Pcmcia - ok
21:29:33.0453 5264 PDCOMP - ok
21:29:33.0468 5264 PDFRAME - ok
21:29:33.0468 5264 PDRELI - ok
21:29:33.0484 5264 PDRFRAME - ok
21:29:33.0484 5264 perc2 - ok
21:29:33.0500 5264 perc2hib - ok
21:29:33.0625 5264 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:29:33.0625 5264 PlugPlay - ok
21:29:33.0640 5264 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:29:33.0640 5264 PolicyAgent - ok
21:29:34.0031 5264 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:29:34.0031 5264 PptpMiniport - ok
21:29:34.0046 5264 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:29:34.0046 5264 ProtectedStorage - ok
21:29:34.0109 5264 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:29:34.0109 5264 PSched - ok
21:29:34.0156 5264 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:29:34.0171 5264 Ptilink - ok
21:29:34.0281 5264 PxHelp20 (1ffd5f718638fbea6c1eaad3349d479e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:29:34.0796 5264 PxHelp20 - ok
21:29:34.0796 5264 ql1080 - ok
21:29:34.0812 5264 Ql10wnt - ok
21:29:34.0812 5264 ql12160 - ok
21:29:34.0828 5264 ql1240 - ok
21:29:34.0828 5264 ql1280 - ok
21:29:34.0921 5264 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:29:34.0953 5264 RasAcd - ok
21:29:35.0187 5264 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:29:35.0187 5264 RasAuto - ok
21:29:35.0250 5264 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:29:35.0250 5264 Rasl2tp - ok
21:29:35.0687 5264 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:29:35.0703 5264 RasMan - ok
21:29:35.0750 5264 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:29:35.0765 5264 RasPppoe - ok
21:29:35.0937 5264 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:29:35.0937 5264 Raspti - ok
21:29:36.0281 5264 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:29:36.0296 5264 Rdbss - ok
21:29:36.0359 5264 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:29:36.0359 5264 RDPCDD - ok
21:29:36.0562 5264 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:29:36.0578 5264 RDPWD - ok
21:29:36.0656 5264 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:29:36.0656 5264 RDSessMgr - ok
21:29:36.0765 5264 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:29:36.0781 5264 redbook - ok
21:29:37.0125 5264 RegSrvc (2d14ed3ef8a7506174936d865528edc7) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
21:29:37.0140 5264 RegSrvc - ok
21:29:37.0281 5264 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:29:37.0281 5264 RemoteAccess - ok
21:29:37.0359 5264 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:29:37.0359 5264 RpcLocator - ok
21:29:38.0156 5264 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
21:29:38.0156 5264 RpcSs - ok
21:29:38.0218 5264 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:29:38.0250 5264 RSVP - ok
21:29:38.0609 5264 S24EventMonitor (1c0284983b44e2714bceddf84e1845e9) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
21:29:38.0703 5264 S24EventMonitor - ok
21:29:38.0750 5264 s24trans (123f270a7f89c1a826ff8a1ae7dc41e5) C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:29:38.0750 5264 s24trans - ok
21:29:38.0812 5264 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:29:38.0812 5264 SamSs - ok
21:29:39.0015 5264 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:29:39.0078 5264 SCardSvr - ok
21:29:39.0328 5264 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:29:39.0328 5264 Schedule - ok
21:29:39.0421 5264 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:29:39.0421 5264 Secdrv - ok
21:29:39.0468 5264 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:29:39.0515 5264 seclogon - ok
21:29:39.0578 5264 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
21:29:39.0578 5264 SENS - ok
21:29:39.0703 5264 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:29:39.0703 5264 Serial - ok
21:29:39.0796 5264 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
21:29:39.0796 5264 Sfloppy - ok
21:29:40.0640 5264 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:29:40.0812 5264 SharedAccess - ok
21:29:40.0890 5264 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:29:40.0890 5264 ShellHWDetection - ok
21:29:40.0906 5264 Simbad - ok
21:29:41.0000 5264 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
21:29:41.0031 5264 SNC - ok
21:29:41.0031 5264 Sparrow - ok
21:29:41.0109 5264 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:29:41.0125 5264 splitter - ok
21:29:41.0187 5264 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:29:41.0218 5264 Spooler - ok
21:29:41.0468 5264 SPTISRV (1b7447278005e38e464b34a7e841d628) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
21:29:42.0343 5264 SPTISRV - ok
21:29:42.0421 5264 SQLAgent$VAIO_VEDB - ok
21:29:42.0515 5264 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:29:42.0531 5264 sr - ok
21:29:42.0750 5264 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:29:42.0750 5264 srservice - ok
21:29:43.0250 5264 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:29:43.0343 5264 Srv - ok
21:29:43.0515 5264 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:29:43.0515 5264 SSDPSRV - ok
21:29:43.0796 5264 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:29:44.0000 5264 stisvc - ok
21:29:44.0187 5264 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:29:44.0187 5264 swenum - ok
21:29:44.0281 5264 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:29:44.0281 5264 swmidi - ok
21:29:44.0296 5264 SwPrv - ok
21:29:44.0296 5264 symc810 - ok
21:29:44.0312 5264 symc8xx - ok
21:29:44.0312 5264 sym_hi - ok
21:29:44.0328 5264 sym_u3 - ok
21:29:44.0406 5264 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:29:44.0406 5264 sysaudio - ok
21:29:44.0500 5264 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:29:44.0515 5264 SysmonLog - ok
21:29:44.0765 5264 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:29:44.0828 5264 TapiSrv - ok
21:29:45.0484 5264 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:29:45.0718 5264 Tcpip - ok
21:29:45.0796 5264 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:29:45.0796 5264 TDPIPE - ok
21:29:45.0875 5264 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:29:45.0875 5264 TDTCP - ok
21:29:46.0062 5264 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:29:46.0062 5264 TermDD - ok
21:29:46.0812 5264 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:29:46.0812 5264 TermService - ok
21:29:47.0125 5264 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:29:47.0125 5264 Themes - ok
21:29:47.0265 5264 tifmsony (72aaa3343af62e02ae37001eea5c9a0e) C:\WINDOWS\system32\drivers\tifmsony.sys
21:29:47.0312 5264 tifmsony - ok
21:29:47.0328 5264 TosIde - ok
21:29:47.0609 5264 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:29:47.0625 5264 TrkWks - ok
21:29:47.0828 5264 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:29:47.0859 5264 Udfs - ok
21:29:47.0875 5264 ultra - ok
21:29:48.0546 5264 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:29:48.0609 5264 Update - ok
21:29:48.0781 5264 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:29:48.0781 5264 upnphost - ok
21:29:48.0843 5264 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:29:48.0843 5264 UPS - ok
21:29:48.0937 5264 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:29:48.0953 5264 usbehci - ok
21:29:49.0109 5264 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:29:49.0109 5264 usbhub - ok
21:29:49.0156 5264 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:29:49.0156 5264 usbstor - ok
21:29:49.0203 5264 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:29:49.0218 5264 usbuhci - ok
21:29:49.0703 5264 VAIO Entertainment TV Device Arbitration Service (fb1a8f8cbd361fc1f0d144d5018c97f3) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
21:29:50.0734 5264 VAIO Entertainment TV Device Arbitration Service - ok
21:29:51.0078 5264 VAIO Event Service (2b0eac2b6e5f1c5e007dabae101028b0) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
21:29:51.0109 5264 VAIO Event Service - ok
21:29:53.0203 5264 VAIOMediaPlatform-IntegratedServer-AppServer (8a851ee335a459440b69a44c1cd50bdb) C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
21:29:54.0937 5264 VAIOMediaPlatform-IntegratedServer-AppServer - ok
21:29:55.0625 5264 VAIOMediaPlatform-IntegratedServer-HTTP (b74a27540b0b7fe393a882b94b0d2188) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
21:29:56.0281 5264 VAIOMediaPlatform-IntegratedServer-HTTP - ok
21:29:56.0890 5264 VAIOMediaPlatform-IntegratedServer-UPnP (4914b65dccf68cb95c2d1303c7264c8c) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
21:29:57.0578 5264 VAIOMediaPlatform-IntegratedServer-UPnP - ok
21:29:57.0750 5264 Vcsw - ok
21:29:59.0218 5264 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:29:59.0218 5264 VgaSave - ok
21:29:59.0218 5264 ViaIde - ok
21:29:59.0593 5264 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:29:59.0593 5264 VolSnap - ok
21:29:59.0890 5264 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:29:59.0890 5264 VSS - ok
21:30:00.0703 5264 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
21:30:00.0984 5264 vToolbarUpdater10.2.0 - ok
21:30:01.0281 5264 VzCdbSvc (0bd64ccea7b4bf25ca2fb9bf1444dfd9) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
21:30:01.0296 5264 VzCdbSvc - ok
21:30:01.0500 5264 VzFw (e81e8c7dc7ebc6cede156eaad5ef9c8e) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
21:30:01.0515 5264 VzFw - ok
21:30:05.0015 5264 w29n51 (7a4a198462fe786ee3ce80721a16f5a9) C:\WINDOWS\system32\DRIVERS\w29n51.sys
21:30:06.0546 5264 w29n51 - ok
21:30:07.0609 5264 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:30:07.0625 5264 W32Time - ok
21:30:07.0875 5264 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:30:07.0921 5264 Wanarp - ok
21:30:07.0921 5264 WDICA - ok
21:30:08.0109 5264 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:30:08.0125 5264 wdmaud - ok
21:30:08.0187 5264 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:30:08.0187 5264 WebClient - ok
21:30:08.0734 5264 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:30:08.0921 5264 winachsf - ok
21:30:09.0609 5264 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:30:09.0609 5264 winmgmt - ok
21:30:10.0562 5264 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
21:30:10.0593 5264 WinRM - ok
21:30:10.0656 5264 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:30:10.0703 5264 WmdmPmSN - ok
21:30:10.0828 5264 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:30:10.0828 5264 WmiApSrv - ok
21:30:11.0953 5264 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:30:12.0453 5264 WMPNetworkSvc - ok
21:30:13.0640 5264 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:30:13.0953 5264 WPFFontCache_v0400 - ok
21:30:14.0906 5264 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:30:14.0921 5264 wscsvc - ok
21:30:14.0921 5264 WSearch - ok
21:30:15.0078 5264 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:30:15.0093 5264 wuauserv - ok
21:30:15.0468 5264 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:30:15.0546 5264 WudfPf - ok
21:30:15.0578 5264 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:30:15.0593 5264 WudfRd - ok
21:30:15.0718 5264 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:30:15.0718 5264 WudfSvc - ok
21:30:16.0109 5264 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:30:16.0125 5264 WZCSVC - ok
21:30:16.0218 5264 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:30:16.0218 5264 xmlprov - ok
21:30:16.0265 5264 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
21:30:16.0296 5264 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:30:16.0296 5264 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:30:16.0765 5264 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:30:16.0765 5264 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:30:16.0781 5264 Boot (0x1200) (9e1d686f6e00c8ecedc0b73ef12f45b3) \Device\Harddisk0\DR0\Partition0
21:30:16.0812 5264 \Device\Harddisk0\DR0\Partition0 - ok
21:30:16.0828 5264 ============================================================
21:30:16.0828 5264 Scan finished
21:30:16.0828 5264 ============================================================
21:30:16.0828 5256 Detected object count: 2
21:30:16.0828 5256 Actual detected object count: 2
21:31:07.0125 5256 \Device\Harddisk0\DR0\# - copied to quarantine
21:31:07.0125 5256 \Device\Harddisk0\DR0 - copied to quarantine
21:31:07.0593 5256 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
21:31:07.0796 5256 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:31:07.0812 5256 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
21:31:07.0937 5256 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
21:31:08.0250 5256 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
21:31:08.0250 5256 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
21:31:08.0250 5256 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
21:31:08.0250 5256 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
21:31:08.0265 5256 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
21:31:08.0265 5256 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
21:31:08.0562 5256 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:31:08.0562 5256 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
21:31:08.0671 5256 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:31:08.0687 5256 \Device\Harddisk0\DR0 - ok
21:31:08.0734 5256 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:31:08.0734 5256 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:31:08.0734 5256 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:32:09.0875 5728 Deinitialize success


From the Eset scan

C:\WINDOWS\Temp\jar_cache34397.tmp a variant of Java/Exploit.CVE-2012-0507.AN trojan deleted - quarantined

AVG found a few items during the scan and I deleted these as well.

Resident Shield detection
"Infection";"Object";"Result";"Detection time";"Object Type";"Process"
"Trojan horse BackDoor.Generic14.CBGR";"c:\TDSSKiller_Quarantine\08.06.2012_21.27.57\mbr0000\tdlfs0000\tsk0009.dta";"Moved to Virus Vault";"6/8/2012, 10:06:38 PM";"file";"C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe"

"Trojan horse Hider.NNV";"c:\TDSSKiller_Quarantine\08.06.2012_21.27.57\mbr0000\tdlfs0000\tsk0008.dta";"Moved to Virus Vault";"6/8/2012, 10:06:38 PM";"file";"C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe"

"Trojan horse Hider.PHA";"c:\TDSSKiller_Quarantine\08.06.2012_21.27.57\mbr0000\tdlfs0000\tsk0004.dta";"Moved to Virus Vault";"6/8/2012, 10:06:37 PM";"file";"C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe"

"Trojan horse BackDoor.Generic15.AJXY";"c:\TDSSKiller_Quarantine\08.06.2012_21.27.57\mbr0000\tdlfs0000\tsk0003.dta";"Moved to Virus Vault";"6/8/2012, 10:06:37 PM";"file";"C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe"

"Trojan horse Agent3.BFWJ";"c:\TDSSKiller_Quarantine\08.06.2012_21.27.57\mbr0000\tdlfs0000\tsk0002.dta";"Moved to Virus Vault";"6/8/2012, 10:06:36 PM";"file";"C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe"

"Trojan horse TDSS.L";"c:\TDSSKiller_Quarantine\08.06.2012_21.27.57\mbr0000\tdlfs0000\tsk0001.dta";"Moved to Virus Vault";"6/8/2012, 10:06:36 PM";"file";"C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe"

"Trojan horse Generic28.BDLQ";"c:\WINDOWS\Temp\k8h0pp.exe";"Moved to Virus Vault";"6/8/2012, 9:38:48 PM";"file";"C:\WINDOWS\system32\regsvr32.exe"

Edited by Shawnee2, 08 June 2012 - 09:44 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:00 PM

Posted 09 June 2012 - 02:20 AM

Do you have the SMTMP folder?

Did you restore the hidden files?


Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here


Download

MiniToolBox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 Shawnee2

Shawnee2
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 10 June 2012 - 06:29 PM

I did not see the SMTMP folder. I have all the items back on the start menu and shortcuts on the desktop. I do not have any information under the start menu program items when you look at each individual item(ie. I can not lauch a program from the listing).

Attached are the logs requested. Running malewarebytes the first time registered one infection. Running the second time ran clean.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-10 18:58:12
-----------------------------
18:58:12.078 OS Version: Windows 5.1.2600 Service Pack 3
18:58:12.078 Number of processors: 1 586 0xD08
18:58:12.078 ComputerName: 078A6A7107074FC UserName: JD
18:58:14.734 Initialize success
19:02:38.343 AVAST engine defs: 12061001
19:02:58.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
19:02:58.437 Disk 0 Vendor: FUJITSU_MHV2080AT_PL 000000A0 Size: 76319MB BusType: 3
19:02:58.437 Disk 1 \Device\Harddisk1\DR3 -> \Device\0000007d
19:02:58.437 Disk 1 Vendor: ( Size: 76319MB BusType: 0
19:02:58.468 Disk 0 MBR read successfully
19:02:58.468 Disk 0 MBR scan
19:02:58.593 Disk 0 Windows XP default MBR code
19:02:58.593 Disk 0 Partition 1 00 12 Compaq diag NTFS 6149 MB offset 63
19:02:58.656 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 70166 MB offset 12594960
19:02:58.656 Disk 0 scanning sectors +156296385
19:02:58.765 Disk 0 scanning C:\WINDOWS\system32\drivers
19:03:59.875 Service scanning
19:04:45.109 Modules scanning
19:04:52.203 Disk 0 trace - called modules:
19:04:52.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:04:52.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f90ab8]
19:04:52.250 3 CLASSPNP.SYS[f766cfd7] -> nt!IofCallDriver -> \Device\00000075[0x86f479e8]
19:04:52.250 5 ACPI.sys[f74d3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86f47d98]
19:04:52.593 AVAST engine scan C:\WINDOWS
19:05:11.593 AVAST engine scan C:\WINDOWS\system32
19:11:45.203 AVAST engine scan C:\WINDOWS\system32\drivers
19:12:06.296 AVAST engine scan C:\Documents and Settings\JD
19:12:35.437 AVAST engine scan C:\Documents and Settings\All Users
19:13:42.765 Scan finished successfully
19:19:45.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\JD\Desktop\MBR.dat"
19:19:45.718 The log file has been saved successfully to "C:\Documents and Settings\JD\Desktop\aswMBR.txt"


MiniToolBox by Farbar Version: 09-06-2012
Ran by JD (administrator) on 10-06-2012 at 19:21:44
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/Wireless 2200BG Network Connection = Wireless Network Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Intel® PRO/100 VE Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : 078A6A7107074FC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : carolina.rr.com



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : carolina.rr.com

Description . . . . . . . . . . . : Intel® PRO/Wireless 2200BG Network Connection

Physical Address. . . . . . . . . : 00-16-6F-82-BB-FB

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.113

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

192.168.1.1

Lease Obtained. . . . . . . . . . : Sunday, June 10, 2012 5:43:33 PM

Lease Expires . . . . . . . . . . : Monday, June 11, 2012 5:43:33 PM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-A9-2F-37-CE

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 173.194.37.65, 173.194.37.66, 173.194.37.67, 173.194.37.68
173.194.37.69, 173.194.37.70, 173.194.37.71, 173.194.37.72, 173.194.37.73
173.194.37.78, 173.194.37.64



Pinging google.com [74.125.137.138] with 32 bytes of data:



Reply from 74.125.137.138: bytes=32 time=30ms TTL=47

Reply from 74.125.137.138: bytes=32 time=30ms TTL=47



Ping statistics for 74.125.137.138:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 30ms, Maximum = 30ms, Average = 30ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=77ms TTL=50

Reply from 98.139.183.24: bytes=32 time=142ms TTL=51



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 77ms, Maximum = 142ms, Average = 109ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 6f 82 bb fb ...... Intel® PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
0x3 ...00 13 a9 2f 37 ce ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.113 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.113 192.168.1.113 25
192.168.1.113 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.113 192.168.1.113 25
224.0.0.0 240.0.0.0 192.168.1.113 192.168.1.113 25
255.255.255.255 255.255.255.255 192.168.1.113 3 1
255.255.255.255 255.255.255.255 192.168.1.113 192.168.1.113 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/28/2012 09:21:29 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index cannot be read. (0xc0041800)

Error: (05/28/2012 09:21:29 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index cannot be read. (0xc0041800)

Error: (05/28/2012 09:21:29 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index cannot be read. (0xc0041800)

Error: (05/28/2012 09:21:29 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application, SystemIndex Catalog

Details:
0xc0041801 (0xc0041801)

Error: (05/28/2012 09:09:11 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\JD\RECENT\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (06/10/2012 05:44:32 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde

Error: (06/10/2012 05:44:01 PM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (06/09/2012 10:03:08 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (06/09/2012 10:03:02 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (06/09/2012 10:02:56 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (06/09/2012 09:32:28 PM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (06/08/2012 10:54:44 PM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (06/08/2012 09:34:02 PM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (06/08/2012 09:23:47 PM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (06/08/2012 06:11:33 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
%%0


Microsoft Office Sessions:
=========================
Error: (05/28/2012 09:21:29 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
The content index cannot be read. (0xc0041800)

Error: (05/28/2012 09:21:29 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index cannot be read. (0xc0041800)

Error: (05/28/2012 09:21:29 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index cannot be read. (0xc0041800)
Search.TripoliIndexer

Error: (05/28/2012 09:21:29 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
0xc0041801 (0xc0041801)

Error: (05/28/2012 09:09:11 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\JD\RECENT\DESKTOP.INI


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Reader X (10.1.3) (Version: 10.1.3)
ALDLView v0.0-1
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2433)
AVG 2012 (Version: 2012.0.1913)
AVG PC Tuneup (Version: 10.0.0.27)
CCleaner (Version: 3.18)
Click to DVD 2.0.03 Menu Data (Version: 2.0.03)
Click to DVD 2.5.20 (Version: 2.5.20)
DVgate Plus
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Image Converter 2 Plus (Version: 2.2.04)
Intel® Graphics Media Accelerator Driver for Mobile (Version: 6.14.10.4363)
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD for VAIO (Version: 5.0-B11.739)
ISScript (Version: 3.00.185)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
LAN-Express AS IEEE 802.11 Wireless LAN
Macromedia Flash Player 8 (Version: 8.0.22.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
mCore (Version: 1.40.0000)
mDriver (Version: 1.40.0000)
Memory Stick Formatter
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Data Access Components KB870669
Microsoft SQL Server Desktop Engine (VAIO_VEDB) (Version: 8.00.761)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
mMHouse (Version: 1.40.0000)
mPfMgr (Version: 1.40.0000)
mProSafe (Version: 9.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
mWlsSafe (Version: 9.00.0000)
mXML (Version: 1.40.0000)
Office 2003 Trial Assistant (Version: 1.0.0)
OpenMG Secure Module 4.4.00 (Version: 4.4.00.11241)
Realtek High Definition Audio Driver (Version: 1.92)
Roxio DigitalMedia Audio (Version: 2.0.4)
Roxio DigitalMedia Copy (Version: 2.0.4)
Roxio DigitalMedia Data (Version: 2.0.4)
Setting Utility Series
Sony Certificate PCH
Sony MP4 Shared Library (Version: 2.0)
Sony Utilities DLL
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
VAIO Breeze Wallpaper
VAIO Central (Version: 1.1.02.071205)
VAIO Entertainment Platform (Version: 1.3.30.11290)
VAIO Event Service (Version: 2.2.00.06130)
VAIO Light Flo Wallpaper
VAIO Media 5.0 (Version: 5.0.10)
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0 (Version: 5.0.10)
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management (Version: 1.7.01.10190)
VAIO Registration (Version: 16.1.0)
VAIO Security Center (Version: 2.01.0222)
VAIO Support Central (Version: 1.1.0.051121)
VAIO Update 2
VAIO Wireless LAN Setup Utility
VAIOSurveySA (Version: 4.02)
WebFldrs XP (Version: 9.50.7523)
WinALDL
Windows Backup Utility (Version: 5.1)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 1014.42 MB
Available physical RAM: 467.25 MB
Total Pagefile: 2441.27 MB
Available Pagefile: 1831.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.05 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:68.52 GB) (Free:52.72 GB) NTFS

========================= Users: ========================================

User accounts for \\078A6A7107074FC

Administrator ASPNET Guest
HelpAssistant JD SUPPORT_388945a0


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:00 PM

Posted 10 June 2012 - 09:14 PM

Download recuva

http://www.filehippo.com/download_recuva/

Install it and when you get the recuva screen

Click Cancel on the wizard.
Click on Options... >> Actions Tab. Check "Restore folder structure."
Run a regular scan on the system drive.

When complete, use the filter box in the upper right corner and type

SMTMP

Select all the files and recover them to a desktop(Click YES if it warns ).Browse through the folder.
Let me know if if you can find the SMTMP folder

Good luck

#7 Shawnee2

Shawnee2
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 11 June 2012 - 07:57 PM

I could not find the smtmp file. The scan found 38,000 files but no smtmp.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:00 PM

Posted 11 June 2012 - 08:36 PM

Try to do a system restore to previous week

http://support.microsoft.com/kb/306084

See if that restores the startmenu programs

#9 Shawnee2

Shawnee2
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:09:00 PM

Posted 12 June 2012 - 06:35 PM

Tried three different system restore dates and received a error message stating could not restore system to selected date. I was getting this same response before the system was cleaned.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:00 PM

Posted 12 June 2012 - 09:19 PM

I think we cannot restore startmenu programs

Use this

http://download.bleepingcomputer.com/grinler/fakehdd/winxp-pro-32bit-sm-reset.exe

This should restore default startmenu items

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

Edited by narenxp, 12 June 2012 - 09:20 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users