Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe taking up CPU's, still have virus?


  • Please log in to reply
9 replies to this topic

#1 nikoonah

nikoonah

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 14 August 2012 - 08:47 AM

I have used the site many times for reference but now have been unable to fix my issue. At the beginning of Aug I noticed things were running slowly and my internet usage was doubling. Ran Microsoft Security Essentials, found some sirefef viruses, MAB was clean and Super AntiSpyware was clean. Went on vaca, came back and am still having issues. Have ran scans and removed identified items. Yesterday Microsoft Security Essentials has found Sirefef.ao, Sirefef.AN, Sirefef, Sirefef.AG, Sirefef,AZ and rouge:JS/FakePAV. Removed all of them, MAB found 3 issues and deleted them, Super AntiSpyware came back clean.

Still having issues, even after the removal of all identified issues svchost.exe still creeps up to over 1,000,000 if process not ended, internet usage stays up until the process is ended. Also having issues with MSE, something keeps disabling it. Have uninstalled/reinstalled almost every other day since Thursday. First it will advise "Security Essentials couldn't check for virus and spyware definition updates. Check your internet or network connection. Click Help for more information about this problem. Error code: 0x80070424 Error Description: Security Essentials couldn't instal the definition updates. Please try again". Later it will advise MSE isn't installed and I will be forced to uninstall/reinstall/rescan and will either remove viruses again or it comes back clean.

Also unable to access/run Windows Firewall due to the error "Due to an unidentified problem, Windows cannot display Windows Firewall configuration", all attempts to launch have failed. Have ran a Windows update and all updates except 12 will install, unable to determine reason for installation failure. Help!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:44 PM

Posted 14 August 2012 - 08:57 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 nikoonah

nikoonah
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 15 August 2012 - 05:25 AM

The issue with the svchost.exe seems to have been fixed! I am still unable to run Windows Firewall or update MSE though. Here are the logs

12:51:23.0187 3380 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
12:51:23.0890 3380 ============================================================
12:51:23.0890 3380 Current date / time: 2012/08/14 12:51:23.0890
12:51:23.0890 3380 SystemInfo:
12:51:23.0890 3380
12:51:23.0890 3380 OS Version: 5.1.2600 ServicePack: 3.0
12:51:23.0890 3380 Product type: Workstation
12:51:23.0890 3380 ComputerName: 12115G1-D630
12:51:23.0890 3380 UserName: jdietzel
12:51:23.0890 3380 Windows directory: C:\WINDOWS
12:51:23.0890 3380 System windows directory: C:\WINDOWS
12:51:23.0890 3380 Processor architecture: Intel x86
12:51:23.0890 3380 Number of processors: 2
12:51:23.0890 3380 Page size: 0x1000
12:51:23.0890 3380 Boot type: Normal boot
12:51:23.0890 3380 ============================================================
12:51:24.0203 3380 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:51:24.0203 3380 ============================================================
12:51:24.0203 3380 \Device\Harddisk0\DR0:
12:51:24.0203 3380 MBR partitions:
12:51:24.0203 3380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F10C, BlocksNum 0x94DF3B5
12:51:24.0203 3380 ============================================================
12:51:24.0250 3380 C: <-> \Device\Harddisk0\DR0\Partition1
12:51:24.0250 3380 ============================================================
12:51:24.0250 3380 Initialize success
12:51:24.0250 3380 ============================================================
12:51:40.0531 2812 ============================================================
12:51:40.0531 2812 Scan started
12:51:40.0531 2812 Mode: Manual; TDLFS;
12:51:40.0531 2812 ============================================================
12:51:42.0171 2812 ================ Scan services =============================
12:51:42.0390 2812 [ 2a8681aea24003040ca7d677be9f1702 ] 61865022 C:\WINDOWS\system32\drivers\64676749.sys
12:51:42.0406 2812 Abiosdsk - ok
12:51:42.0406 2812 abp480n5 - ok
12:51:42.0468 2812 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:51:42.0468 2812 ACPI - ok
12:51:42.0531 2812 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:51:42.0531 2812 ACPIEC - ok
12:51:42.0531 2812 adpu160m - ok
12:51:42.0593 2812 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:51:42.0593 2812 aec - ok
12:51:42.0640 2812 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:51:42.0656 2812 AFD - ok
12:51:42.0656 2812 Aha154x - ok
12:51:42.0671 2812 aic78u2 - ok
12:51:42.0671 2812 aic78xx - ok
12:51:42.0921 2812 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:51:42.0921 2812 Alerter - ok
12:51:43.0000 2812 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe
12:51:43.0000 2812 ALG - ok
12:51:43.0015 2812 AliIde - ok
12:51:43.0031 2812 amsint - ok
12:51:43.0078 2812 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:51:43.0078 2812 AppMgmt - ok
12:51:43.0078 2812 [ b5b8a80875c1dededa8b02765642c32f ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:51:43.0078 2812 Arp1394 - ok
12:51:43.0093 2812 asc - ok
12:51:43.0093 2812 asc3350p - ok
12:51:43.0093 2812 asc3550 - ok
12:51:43.0234 2812 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:51:43.0234 2812 aspnet_state - ok
12:51:43.0281 2812 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:51:43.0281 2812 AsyncMac - ok
12:51:43.0343 2812 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:51:43.0343 2812 atapi - ok
12:51:43.0359 2812 Atdisk - ok
12:51:43.0390 2812 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:51:43.0390 2812 Atmarpc - ok
12:51:43.0437 2812 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:51:43.0437 2812 AudioSrv - ok
12:51:43.0531 2812 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:51:43.0531 2812 audstub - ok
12:51:43.0625 2812 [ f96038aa1ec4013a93d2420fc689d1e9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
12:51:43.0625 2812 b57w2k - ok
12:51:43.0750 2812 [ e9ea635b8432d68f0005b3f6cebab837 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
12:51:43.0750 2812 BCM43XX - ok
12:51:43.0843 2812 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:51:43.0843 2812 Beep - ok
12:51:43.0937 2812 [ a06ce3399d16db864f55faeb1f1927a9 ] Browser C:\WINDOWS\System32\browser.dll
12:51:43.0937 2812 Browser - ok
12:51:44.0281 2812 catchme - ok
12:51:44.0343 2812 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:51:44.0343 2812 cbidf2k - ok
12:51:44.0343 2812 cd20xrnt - ok
12:51:44.0390 2812 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:51:44.0390 2812 Cdaudio - ok
12:51:44.0468 2812 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:51:44.0468 2812 Cdfs - ok
12:51:44.0562 2812 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:51:44.0562 2812 Cdrom - ok
12:51:44.0562 2812 cerc6 - ok
12:51:44.0562 2812 Changer - ok
12:51:44.0625 2812 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:51:44.0625 2812 CiSvc - ok
12:51:44.0640 2812 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:51:44.0640 2812 ClipSrv - ok
12:51:44.0671 2812 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:51:44.0671 2812 clr_optimization_v2.0.50727_32 - ok
12:51:44.0734 2812 [ 0f6c187d38d98f8df904589a5f94d411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:51:44.0734 2812 CmBatt - ok
12:51:44.0750 2812 CmdIde - ok
12:51:44.0812 2812 [ 6e4c9f21f0fae8940661144f41b13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:51:44.0812 2812 Compbatt - ok
12:51:44.0812 2812 COMSysApp - ok
12:51:44.0828 2812 Cpqarray - ok
12:51:44.0906 2812 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:51:44.0921 2812 CryptSvc - ok
12:51:45.0000 2812 [ cb6ff7012bb5d59d7c12350db795ce1f ] ctxusbm C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
12:51:45.0000 2812 ctxusbm - ok
12:51:45.0000 2812 dac2w2k - ok
12:51:45.0015 2812 dac960nt - ok
12:51:45.0109 2812 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:51:45.0109 2812 DcomLaunch - ok
12:51:45.0187 2812 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:51:45.0187 2812 Dhcp - ok
12:51:45.0187 2812 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:51:45.0187 2812 Disk - ok
12:51:45.0187 2812 dmadmin - ok
12:51:45.0265 2812 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:51:45.0265 2812 dmboot - ok
12:51:45.0312 2812 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:51:45.0312 2812 dmio - ok
12:51:45.0343 2812 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:51:45.0343 2812 dmload - ok
12:51:45.0359 2812 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:51:45.0359 2812 dmserver - ok
12:51:45.0453 2812 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:51:45.0453 2812 DMusic - ok
12:51:45.0546 2812 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:51:45.0546 2812 Dnscache - ok
12:51:45.0593 2812 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:51:45.0593 2812 Dot3svc - ok
12:51:45.0593 2812 dpti2o - ok
12:51:45.0671 2812 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:51:45.0671 2812 drmkaud - ok
12:51:45.0703 2812 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:51:45.0703 2812 EapHost - ok
12:51:45.0781 2812 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:51:45.0781 2812 ERSvc - ok
12:51:45.0859 2812 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:51:45.0875 2812 Eventlog - ok
12:51:46.0046 2812 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll
12:51:46.0062 2812 EventSystem - ok
12:51:46.0125 2812 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:51:46.0125 2812 Fastfat - ok
12:51:46.0171 2812 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:51:46.0171 2812 FastUserSwitchingCompatibility - ok
12:51:46.0187 2812 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:51:46.0187 2812 Fdc - ok
12:51:46.0203 2812 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:51:46.0218 2812 Fips - ok
12:51:46.0234 2812 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:51:46.0234 2812 Flpydisk - ok
12:51:46.0328 2812 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:51:46.0328 2812 FltMgr - ok
12:51:46.0421 2812 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:51:46.0421 2812 FontCache3.0.0.0 - ok
12:51:46.0484 2812 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:51:46.0484 2812 Fs_Rec - ok
12:51:46.0484 2812 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:51:46.0500 2812 Ftdisk - ok
12:51:46.0750 2812 [ e47267b417ed771455c162bf817d6aff ] Galileo SSL Tunnel C:\Program Files\Galileo\SSL\SSLClientService.exe
12:51:46.0750 2812 Galileo SSL Tunnel - ok
12:51:46.0765 2812 gksgaupu - ok
12:51:47.0031 2812 [ 5cc2b1d06ac1962af5fbbcf88d781dd8 ] GoToAssist C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
12:51:47.0031 2812 GoToAssist - ok
12:51:47.0218 2812 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:51:47.0218 2812 Gpc - ok
12:51:47.0312 2812 [ c0bdab85f3e8b2138c513255e2bcc4d8 ] guardian2 C:\WINDOWS\system32\Drivers\oz776.sys
12:51:47.0312 2812 guardian2 - ok
12:51:47.0437 2812 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:51:47.0437 2812 HDAudBus - ok
12:51:47.0671 2812 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:51:47.0671 2812 helpsvc - ok
12:51:47.0765 2812 [ deb04da35cc871b6d309b77e1443c796 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:51:47.0765 2812 HidServ - ok
12:51:47.0796 2812 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:51:47.0796 2812 HidUsb - ok
12:51:47.0906 2812 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:51:47.0906 2812 hkmsvc - ok
12:51:47.0906 2812 hpn - ok
12:51:48.0515 2812 [ 0a3c6aa4a9fc38c20ba4eac2c3351c05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:51:48.0531 2812 hpqcxs08 - ok
12:51:48.0640 2812 [ df446ba625cc441617843e87798ce048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:51:48.0640 2812 hpqddsvc - ok
12:51:48.0750 2812 [ d03d10f7ded688fecf50f8fbf1ea9b8a ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:51:48.0750 2812 HPZid412 - ok
12:51:48.0828 2812 [ 89f41658929393487b6b7d13c8528ce3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:51:48.0828 2812 HPZipr12 - ok
12:51:48.0921 2812 [ abcb05ccdbf03000354b9553820e39f8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:51:48.0921 2812 HPZius12 - ok
12:51:49.0062 2812 [ 290cdbb05903742ea06b7203c5a662f5 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
12:51:49.0062 2812 HSFHWAZL - ok
12:51:49.0796 2812 [ 7ab812355f98858b9ecdd46e6fcc221f ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
12:51:49.0796 2812 HSF_DPV - ok
12:51:49.0953 2812 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:51:49.0953 2812 HTTP - ok
12:51:50.0031 2812 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:51:50.0031 2812 HTTPFilter - ok
12:51:50.0031 2812 i2omgmt - ok
12:51:50.0031 2812 i2omp - ok
12:51:50.0156 2812 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:51:50.0156 2812 i8042prt - ok
12:51:50.0468 2812 [ 200cca76cd0e0f7eec78fa56c29b4d67 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:51:50.0515 2812 ialm - ok
12:51:50.0687 2812 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:51:50.0703 2812 idsvc - ok
12:51:50.0718 2812 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:51:50.0718 2812 Imapi - ok
12:51:50.0796 2812 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:51:50.0796 2812 ImapiService - ok
12:51:50.0812 2812 ini910u - ok
12:51:50.0812 2812 IntelIde - ok
12:51:50.0921 2812 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:51:50.0921 2812 intelppm - ok
12:51:50.0953 2812 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:51:50.0953 2812 Ip6Fw - ok
12:51:51.0015 2812 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:51:51.0015 2812 IpFilterDriver - ok
12:51:51.0031 2812 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:51:51.0031 2812 IpInIp - ok
12:51:51.0062 2812 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:51:51.0062 2812 IpNat - ok
12:51:51.0140 2812 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:51:51.0140 2812 IPSec - ok
12:51:51.0203 2812 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:51:51.0203 2812 IRENUM - ok
12:51:51.0281 2812 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:51:51.0281 2812 isapnp - ok
12:51:51.0625 2812 [ 0a5709543986843d37a92290b7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:51:51.0640 2812 JavaQuickStarterService - ok
12:51:51.0718 2812 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:51:51.0718 2812 Kbdclass - ok
12:51:51.0796 2812 [ 9ef487a186dea361aa06913a75b3fa99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:51:51.0796 2812 kbdhid - ok
12:51:51.0828 2812 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:51:51.0828 2812 kmixer - ok
12:51:51.0921 2812 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:51:51.0937 2812 KSecDD - ok
12:51:52.0000 2812 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
12:51:52.0000 2812 LanmanServer - ok
12:51:52.0015 2812 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:51:52.0031 2812 lanmanworkstation - ok
12:51:52.0062 2812 Lavasoft Kernexplorer - ok
12:51:52.0078 2812 [ b7c19ec8b0dd7efa58ad41ffeb8b8cda ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
12:51:52.0078 2812 Lbd - ok
12:51:52.0078 2812 lbrtfdc - ok
12:51:52.0140 2812 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:51:52.0140 2812 LmHosts - ok
12:51:52.0234 2812 [ 0cea2d0d3fa284b85ed5b68365114f76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:51:52.0234 2812 mdmxsdk - ok
12:51:52.0281 2812 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:51:52.0281 2812 Messenger - ok
12:51:52.0359 2812 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:51:52.0375 2812 mnmdd - ok
12:51:52.0437 2812 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:51:52.0437 2812 mnmsrvc - ok
12:51:52.0468 2812 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:51:52.0468 2812 Modem - ok
12:51:52.0562 2812 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:51:52.0562 2812 Mouclass - ok
12:51:52.0578 2812 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:51:52.0578 2812 mouhid - ok
12:51:52.0671 2812 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:51:52.0671 2812 MountMgr - ok
12:51:52.0734 2812 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:51:52.0734 2812 MozillaMaintenance - ok
12:51:52.0812 2812 [ d993bea500e7382dc4e760bf4f35efcb ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:51:52.0812 2812 MpFilter - ok
12:51:53.0187 2812 [ a69630d039c38018689190234f866d77 ] MpKslf6b052b8 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B959241B-067B-4ED5-8073-141853C81EB2}\MpKslf6b052b8.sys
12:51:53.0187 2812 MpKslf6b052b8 - ok
12:51:53.0187 2812 mraid35x - ok
12:51:53.0218 2812 MREMP50 - ok
12:51:53.0234 2812 MREMPR5 - ok
12:51:53.0234 2812 MRENDIS5 - ok
12:51:53.0250 2812 MRESP50 - ok
12:51:53.0296 2812 [ e3f17e1ea5256709d4e97ef0da04b3c9 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:51:53.0296 2812 MRxDAV - ok
12:51:53.0375 2812 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:51:53.0375 2812 MRxSmb - ok
12:51:53.0437 2812 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:51:53.0453 2812 MSDTC - ok
12:51:53.0484 2812 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:51:53.0484 2812 Msfs - ok
12:51:53.0500 2812 MSIServer - ok
12:51:53.0546 2812 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:51:53.0546 2812 MSKSSRV - ok
12:51:53.0609 2812 [ 24516bf4e12a46cb67302e2cdcb8cddf ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:51:53.0609 2812 MsMpSvc - ok
12:51:53.0640 2812 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:51:53.0640 2812 MSPCLOCK - ok
12:51:53.0656 2812 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:51:53.0656 2812 MSPQM - ok
12:51:53.0718 2812 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:51:53.0718 2812 mssmbios - ok
12:51:53.0875 2812 MSSQL$SQLEXPRESS - ok
12:51:53.0906 2812 [ 1d89eb4e2a99cabd4e81225f4f4c4b25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
12:51:53.0906 2812 MSSQLServerADHelper - ok
12:51:53.0968 2812 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:51:53.0968 2812 Mup - ok
12:51:54.0046 2812 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:51:54.0062 2812 napagent - ok
12:51:54.0140 2812 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:51:54.0156 2812 NDIS - ok
12:51:54.0203 2812 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:51:54.0203 2812 NdisTapi - ok
12:51:54.0296 2812 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:51:54.0296 2812 Ndisuio - ok
12:51:54.0312 2812 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:51:54.0312 2812 NdisWan - ok
12:51:54.0375 2812 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:51:54.0375 2812 NDProxy - ok
12:51:54.0453 2812 [ 51c6d8bfbd4ea5b62a1ba7f4469250d3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
12:51:54.0453 2812 Net Driver HPZ12 - ok
12:51:54.0468 2812 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:51:54.0468 2812 NetBIOS - ok
12:51:54.0500 2812 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:51:54.0500 2812 NetBT - ok
12:51:54.0562 2812 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe
12:51:54.0562 2812 NetDDE - ok
12:51:54.0578 2812 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:51:54.0578 2812 NetDDEdsdm - ok
12:51:54.0640 2812 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:51:54.0687 2812 Netlogon - ok
12:51:54.0750 2812 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll
12:51:54.0765 2812 Netman - ok
12:51:54.0828 2812 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:51:54.0828 2812 NetTcpPortSharing - ok
12:51:54.0953 2812 [ e9e47cfb2d461fa0fc75b7a74c6383ea ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:51:54.0953 2812 NIC1394 - ok
12:51:54.0984 2812 [ 943337d786a56729263071623bbb9de5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:51:55.0000 2812 Nla - ok
12:51:55.0000 2812 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:51:55.0000 2812 Npfs - ok
12:51:55.0031 2812 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:51:55.0046 2812 Ntfs - ok
12:51:55.0046 2812 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:51:55.0046 2812 NtLmSsp - ok
12:51:55.0187 2812 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:51:55.0203 2812 NtmsSvc - ok
12:51:55.0250 2812 [ cf7e041663119e09d2e118521ada9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
12:51:55.0250 2812 NuidFltr - ok
12:51:55.0296 2812 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
12:51:55.0296 2812 Null - ok
12:51:55.0671 2812 [ 93213c7ec08e01e37a935bf144e75df6 ] NWADI C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
12:51:55.0671 2812 NWADI - ok
12:51:55.0968 2812 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:51:55.0984 2812 NwlnkFlt - ok
12:51:56.0046 2812 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:51:56.0046 2812 NwlnkFwd - ok
12:51:56.0093 2812 [ 224131778c92aee8c13afac5fbff19ca ] NWUSBCDFIL C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys
12:51:56.0109 2812 NWUSBCDFIL - ok
12:51:56.0312 2812 [ b7112f30d7eff4b5052eba879f46228f ] NWUSBModem C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
12:51:56.0312 2812 NWUSBModem - ok
12:51:56.0734 2812 [ b7112f30d7eff4b5052eba879f46228f ] NWUSBPort C:\WINDOWS\system32\DRIVERS\nwusbser.sys
12:51:56.0750 2812 NWUSBPort - ok
12:51:57.0218 2812 [ b7112f30d7eff4b5052eba879f46228f ] NWUSBPort2 C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
12:51:57.0218 2812 NWUSBPort2 - ok
12:51:58.0265 2812 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:51:58.0281 2812 odserv - ok
12:51:58.0281 2812 oejfxfhq - ok
12:51:58.0328 2812 [ ca33832df41afb202ee7aeb05145922f ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:51:58.0328 2812 ohci1394 - ok
12:51:58.0390 2812 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:51:58.0390 2812 ose - ok
12:51:58.0437 2812 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:51:58.0437 2812 Parport - ok
12:51:58.0453 2812 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:51:58.0453 2812 PartMgr - ok
12:51:58.0500 2812 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:51:58.0500 2812 ParVdm - ok
12:51:58.0578 2812 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:51:58.0578 2812 PCI - ok
12:51:58.0593 2812 PCIDump - ok
12:51:58.0656 2812 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:51:58.0656 2812 PCIIde - ok
12:51:58.0750 2812 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:51:58.0750 2812 Pcmcia - ok
12:51:58.0750 2812 PDCOMP - ok
12:51:58.0750 2812 PDFRAME - ok
12:51:58.0750 2812 PDRELI - ok
12:51:58.0765 2812 PDRFRAME - ok
12:51:58.0765 2812 perc2 - ok
12:51:58.0765 2812 perc2hib - ok
12:51:58.0828 2812 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:51:58.0828 2812 PlugPlay - ok
12:51:58.0921 2812 [ 79834aa2fbf9fe81eebb229024f6f7fc ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
12:51:58.0921 2812 Pml Driver HPZ12 - ok
12:51:58.0984 2812 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:51:58.0984 2812 PolicyAgent - ok
12:51:59.0062 2812 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:51:59.0062 2812 PptpMiniport - ok
12:51:59.0093 2812 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:51:59.0093 2812 ProtectedStorage - ok
12:51:59.0140 2812 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:51:59.0140 2812 PSched - ok
12:51:59.0218 2812 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:51:59.0218 2812 Ptilink - ok
12:51:59.0218 2812 ql1080 - ok
12:51:59.0218 2812 Ql10wnt - ok
12:51:59.0218 2812 ql12160 - ok
12:51:59.0234 2812 ql1240 - ok
12:51:59.0234 2812 ql1280 - ok
12:51:59.0296 2812 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:51:59.0296 2812 RasAcd - ok
12:51:59.0375 2812 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:51:59.0375 2812 RasAuto - ok
12:51:59.0406 2812 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:51:59.0406 2812 Rasl2tp - ok
12:51:59.0500 2812 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:51:59.0500 2812 RasMan - ok
12:51:59.0500 2812 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:51:59.0500 2812 RasPppoe - ok
12:51:59.0515 2812 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:51:59.0515 2812 Raspti - ok
12:51:59.0609 2812 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:51:59.0625 2812 Rdbss - ok
12:51:59.0687 2812 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:51:59.0687 2812 RDPCDD - ok
12:51:59.0859 2812 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:51:59.0859 2812 rdpdr - ok
12:51:59.0968 2812 [ 5b3055daa788bd688594d2f5981f2a83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:51:59.0968 2812 RDPWD - ok
12:52:00.0031 2812 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:52:00.0046 2812 RDSessMgr - ok
12:52:00.0093 2812 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:52:00.0093 2812 redbook - ok
12:52:00.0171 2812 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:52:00.0171 2812 RemoteAccess - ok
12:52:00.0250 2812 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:52:00.0250 2812 RemoteRegistry - ok
12:52:00.0312 2812 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\system32\locator.exe
12:52:00.0328 2812 RpcLocator - ok
12:52:00.0828 2812 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:52:00.0828 2812 RpcSs - ok
12:52:01.0000 2812 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:52:01.0000 2812 RSVP - ok
12:52:01.0046 2812 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:52:01.0046 2812 SamSs - ok
12:52:01.0171 2812 [ a3281aec37e0720a2bc28034c2df2a56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:52:01.0171 2812 SASDIFSV - ok
12:52:01.0187 2812 [ 61db0d0756a99506207fd724e3692b25 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:52:01.0187 2812 SASKUTIL - ok
12:52:01.0281 2812 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:52:01.0281 2812 SCardSvr - ok
12:52:01.0375 2812 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:52:01.0375 2812 Schedule - ok
12:52:01.0421 2812 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:52:01.0421 2812 Secdrv - ok
12:52:01.0484 2812 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:52:01.0484 2812 seclogon - ok
12:52:01.0578 2812 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll
12:52:01.0578 2812 SENS - ok
12:52:01.0609 2812 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:52:01.0609 2812 serenum - ok
12:52:01.0640 2812 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:52:01.0640 2812 Serial - ok
12:52:02.0125 2812 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:52:02.0125 2812 Sfloppy - ok
12:52:02.0656 2812 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:52:02.0656 2812 ShellHWDetection - ok
12:52:02.0671 2812 Simbad - ok
12:52:03.0046 2812 [ f07af60b152221472fbdb2fecec4896d ] SkypeUpdate C:\Documents and Settings\jdietzel\Local Settings\Application Data\Skype\Updater\Updater.exe
12:52:03.0046 2812 SkypeUpdate - ok
12:52:03.0062 2812 Sparrow - ok
12:52:03.0156 2812 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:52:03.0156 2812 splitter - ok
12:52:03.0218 2812 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:52:03.0218 2812 Spooler - ok
12:52:03.0250 2812 [ 86ebd8b1f23e743aad21f4d5b4d40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:52:03.0265 2812 SQLBrowser - ok
12:52:03.0343 2812 [ d89083c4eb02daca8f944b0e05e57f9d ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:52:03.0343 2812 SQLWriter - ok
12:52:03.0421 2812 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:52:03.0421 2812 sr - ok
12:52:03.0437 2812 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\system32\srsvc.dll
12:52:03.0437 2812 srservice - ok
12:52:03.0531 2812 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:52:03.0531 2812 Srv - ok
12:52:03.0593 2812 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:52:03.0609 2812 SSDPSRV - ok
12:52:03.0828 2812 [ 6f855b5625a47f3ac731a262fdc379a6 ] STacSV C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
12:52:03.0828 2812 STacSV - ok
12:52:03.0953 2812 [ 951801dfb54d86f611f0af47825476f9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
12:52:03.0953 2812 STHDA - ok
12:52:04.0156 2812 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:52:04.0156 2812 stisvc - ok
12:52:04.0171 2812 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:52:04.0171 2812 swenum - ok
12:52:04.0187 2812 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:52:04.0187 2812 swmidi - ok
12:52:04.0187 2812 SwPrv - ok
12:52:04.0187 2812 symc810 - ok
12:52:04.0187 2812 symc8xx - ok
12:52:04.0187 2812 sym_hi - ok
12:52:04.0187 2812 sym_u3 - ok
12:52:04.0203 2812 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:52:04.0203 2812 sysaudio - ok
12:52:04.0234 2812 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:52:04.0250 2812 SysmonLog - ok
12:52:04.0265 2812 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:52:04.0265 2812 TapiSrv - ok
12:52:04.0343 2812 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:52:04.0343 2812 Tcpip - ok
12:52:04.0390 2812 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:52:04.0390 2812 TDPIPE - ok
12:52:04.0406 2812 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:52:04.0406 2812 TDTCP - ok
12:52:04.0453 2812 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:52:04.0453 2812 TermDD - ok
12:52:04.0468 2812 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll
12:52:04.0484 2812 TermService - ok
12:52:04.0500 2812 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll
12:52:04.0515 2812 Themes - ok
12:52:04.0562 2812 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:52:04.0562 2812 TlntSvr - ok
12:52:04.0562 2812 TosIde - ok
12:52:04.0625 2812 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:52:04.0625 2812 TrkWks - ok
12:52:04.0687 2812 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:52:04.0687 2812 Udfs - ok
12:52:04.0687 2812 ultra - ok
12:52:04.0765 2812 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:52:04.0781 2812 Update - ok
12:52:04.0828 2812 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:52:04.0828 2812 upnphost - ok
12:52:04.0859 2812 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe
12:52:04.0859 2812 UPS - ok
12:52:04.0906 2812 [ e919708db44ed8543a7c017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
12:52:04.0906 2812 usbaudio - ok
12:52:04.0968 2812 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:52:04.0968 2812 usbccgp - ok
12:52:05.0062 2812 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:52:05.0062 2812 usbehci - ok
12:52:05.0078 2812 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:52:05.0078 2812 usbhub - ok
12:52:05.0187 2812 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:52:05.0187 2812 usbprint - ok
12:52:05.0265 2812 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:52:05.0265 2812 usbscan - ok
12:52:05.0312 2812 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:52:05.0312 2812 USBSTOR - ok
12:52:05.0343 2812 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:52:05.0359 2812 usbuhci - ok
12:52:05.0359 2812 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:52:05.0359 2812 VgaSave - ok
12:52:05.0375 2812 ViaIde - ok
12:52:05.0390 2812 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:52:05.0390 2812 VolSnap - ok
12:52:05.0453 2812 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe
12:52:05.0468 2812 VSS - ok
12:52:05.0562 2812 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time C:\WINDOWS\system32\w32time.dll
12:52:05.0562 2812 W32Time - ok
12:52:05.0578 2812 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:52:05.0578 2812 Wanarp - ok
12:52:05.0671 2812 [ fd47474bd21794508af449d9d91af6e6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:52:05.0671 2812 Wdf01000 - ok
12:52:05.0687 2812 WDICA - ok
12:52:05.0750 2812 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:52:05.0765 2812 wdmaud - ok
12:52:05.0796 2812 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:52:05.0796 2812 WebClient - ok
12:52:05.0859 2812 [ a8596cf86d445269a42ecc08b7066a4c ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:52:05.0859 2812 winachsf - ok
12:52:06.0046 2812 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:52:06.0062 2812 winmgmt - ok
12:52:06.0078 2812 wltrysvc - ok
12:52:06.0125 2812 [ 051b1bdecd6dee18c771b5d5ec7f044d ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:52:06.0125 2812 WmdmPmSN - ok
12:52:06.0281 2812 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:52:06.0296 2812 Wmi - ok
12:52:06.0312 2812 [ c42584fd66ce9e17403aebca199f7bdb ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:52:06.0312 2812 WmiAcpi - ok
12:52:06.0359 2812 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:52:06.0359 2812 WmiApSrv - ok
12:52:06.0515 2812 [ 6bab4dc65515a098505f8b3d01fb6fe5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:52:06.0531 2812 WMPNetworkSvc - ok
12:52:06.0593 2812 [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:52:06.0593 2812 WS2IFSL - ok
12:52:06.0656 2812 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:52:06.0656 2812 WudfPf - ok
12:52:06.0703 2812 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:52:06.0703 2812 WudfRd - ok
12:52:06.0734 2812 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:52:06.0734 2812 WudfSvc - ok
12:52:06.0828 2812 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:52:06.0843 2812 WZCSVC - ok
12:52:06.0906 2812 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:52:06.0906 2812 xmlprov - ok
12:52:06.0921 2812 ================ Scan global ===============================
12:52:07.0046 2812 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll
12:52:07.0109 2812 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
12:52:07.0156 2812 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
12:52:07.0171 2812 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:52:07.0171 2812 [Global] - ok
12:52:07.0187 2812 ================ Scan MBR ==================================
12:52:07.0234 2812 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:52:07.0687 2812 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:52:07.0687 2812 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:52:07.0687 2812 ================ Scan VBR ==================================
12:52:07.0750 2812 Boot (0x1200) (2c41ce36e5e65c2099400dd79dbf8070) \Device\Harddisk0\DR0\Partition1
12:52:07.0750 2812 \Device\Harddisk0\DR0\Partition1 - ok
12:52:07.0750 2812 ============================================================
12:52:07.0750 2812 Scan finished
12:52:07.0750 2812 ============================================================
12:52:07.0781 1640 Detected object count: 1
12:52:07.0781 1640 Actual detected object count: 1
12:52:20.0796 1640 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
12:52:20.0828 1640 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
12:52:20.0906 1640 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
12:52:20.0906 1640 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:52:21.0031 1640 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:52:21.0093 1640 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:52:22.0078 1640 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:52:22.0093 1640 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
12:52:22.0093 1640 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
12:52:22.0093 1640 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
12:52:22.0093 1640 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:52:22.0109 1640 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:52:22.0234 1640 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
12:52:22.0296 1640 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
12:52:22.0578 1640 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
12:52:22.0640 1640 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
12:52:29.0750 3204 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-14 12:53:28
-----------------------------
12:53:28.218 OS Version: Windows 5.1.2600 Service Pack 3
12:53:28.218 Number of processors: 2 586 0x1706
12:53:28.218 ComputerName: 12115G1-D630 UserName: jdietzel
12:53:30.296 Initialize success
14:10:18.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
14:10:19.000 Disk 0 Vendor: ST980811AS 3.CDE Size: 76319MB BusType: 3
14:10:19.000 Device \Driver\atapi -> DriverStartIo 8a1d82e2
14:10:19.093 Disk 0 MBR read successfully
14:10:19.093 Disk 0 MBR scan
14:10:19.093 Disk 0 Windows XP default MBR code
14:10:19.109 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 94 MB offset 63
14:10:19.171 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76222 MB offset 192780
14:10:19.187 Disk 0 scanning sectors +156296385
14:10:19.890 Disk 0 scanning C:\WINDOWS\system32\drivers
14:12:35.015 Service scanning
14:13:54.171 Service MpKslf6b052b8 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B959241B-067B-4ED5-8073-141853C81EB2}\MpKslf6b052b8.sys **LOCKED** 32
14:15:27.671 Modules scanning
14:16:15.562 Disk 0 trace - called modules:
14:16:15.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89855888]<<
14:16:15.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6d1ab8]
14:16:15.562 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> [0x89edcb70]
14:16:15.562 \Driver\atapi[0x8a53a030] -> IRP_MJ_CREATE -> 0x8a1d84b1
14:16:15.562 Scan finished successfully
14:21:04.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jdietzel\Desktop\MBR.dat"
14:21:04.593 The log file has been saved successfully to "C:\Documents and Settings\jdietzel\Desktop\aswMBR.txt"



C:\TDSSKiller_Quarantine\14.08.2012_12.44.49\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\14.08.2012_12.44.49\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\14.08.2012_12.44.49\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\14.08.2012_12.44.49\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\14.08.2012_12.51.23\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\14.08.2012_12.51.23\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\14.08.2012_12.51.23\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\14.08.2012_12.51.23\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:44 PM

Posted 15 August 2012 - 05:28 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Create a restore point before trying this

Download

adware cleaner

Launch it click on Delete

post the generated log

#5 nikoonah

nikoonah
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 15 August 2012 - 08:19 AM

Adware cleaner scan will be ran tonight, MAB full search came back clean with no issues found. Here are the other two logs:

MiniToolBox by Farbar Version: 23-07-2012
Ran by jdietzel (administrator) on 15-08-2012 at 09:15:30
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Dell Wireless 1395 WLAN Mini-Card = Wireless Network Connection (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : 12115G1-D630

Primary Dns Suffix . . . . . . . : corp.ciswired.com

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : corp.ciswired.com

westell.com

ciswired.com



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-1C-23-48-C8-1C



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : westell.com

Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-16-44-BD-C2-EE

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.18

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Wednesday, August 15, 2012 6:30:52 AM

Lease Expires . . . . . . . . . . : Thursday, August 16, 2012 6:30:52 AM

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.67, 74.125.225.68, 74.125.225.69, 74.125.225.70
74.125.225.71, 74.125.225.72, 74.125.225.73, 74.125.225.78, 74.125.225.64
74.125.225.65, 74.125.225.66



Pinging google.com [74.125.225.66] with 32 bytes of data:



Reply from 74.125.225.66: bytes=32 time=38ms TTL=56

Reply from 74.125.225.66: bytes=32 time=41ms TTL=56



Ping statistics for 74.125.225.66:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 38ms, Maximum = 41ms, Average = 39ms

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=188ms TTL=51

Reply from 98.139.183.24: bytes=32 time=146ms TTL=51



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 146ms, Maximum = 188ms, Average = 167ms

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1c 23 48 c8 1c ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x3 ...00 16 44 bd c2 ee ...... Dell Wireless 1395 WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.18 25
69.171.227.71 255.255.255.255 192.168.1.1 192.168.1.18 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.18 192.168.1.18 25
192.168.1.18 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.18 192.168.1.18 25
224.0.0.0 240.0.0.0 192.168.1.18 192.168.1.18 25
255.255.255.255 255.255.255.255 192.168.1.18 2 1
255.255.255.255 255.255.255.255 192.168.1.18 192.168.1.18 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/15/2012 06:30:02 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for CORP\jdietzel failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (08/15/2012 06:28:51 AM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (08/15/2012 06:28:42 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (08/15/2012 06:28:42 AM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (08/15/2012 06:24:53 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (08/14/2012 11:10:17 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for CORP\jdietzel failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (08/14/2012 11:09:05 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (08/14/2012 03:11:29 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for CORP\jdietzel failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (08/14/2012 03:09:59 PM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (08/14/2012 03:09:09 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.


System errors:
=============
Error: (08/15/2012 08:15:58 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 119 minutes.
NtpClient has no source of accurate time.

Error: (08/15/2012 07:15:59 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.

Error: (08/15/2012 06:45:57 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Error: (08/15/2012 06:39:05 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.1962.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/15/2012 06:30:55 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (08/15/2012 06:30:31 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (08/15/2012 06:29:56 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/15/2012 06:28:42 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain CORP due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (08/15/2012 06:24:51 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.1962.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/14/2012 10:55:57 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 479 minutes.
NtpClient has no source of accurate time.


Microsoft Office Sessions:
=========================
Error: (06/15/2012 05:13:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 634185 seconds with 4680 seconds of active time. This session ended with a crash.

Error: (09/13/2011 03:59:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 626344 seconds with 2580 seconds of active time. This session ended with a crash.

Error: (07/01/2011 10:31:20 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 665214 seconds with 6600 seconds of active time. This session ended with a crash.

Error: (04/23/2011 11:49:58 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 234843 seconds with 2880 seconds of active time. This session ended with a crash.

Error: (03/18/2011 05:51:36 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 993194 seconds with 16260 seconds of active time. This session ended with a crash.

Error: (12/23/2010 08:09:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 106613 seconds with 1680 seconds of active time. This session ended with a crash.

Error: (11/15/2009 09:59:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 283177 seconds with 3180 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 1.0.0)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe Acrobat 6.0 Professional (Version: 006.000.000)
Adobe AIR (Version: 2.0.4.13090)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX (Version: 10.3.183.10)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
BitMeter
Broadcom Gigabit Integrated Controller (Version: 10.15.08)
BufferChm (Version: 100.0.170.000)
Citrix online plug-in - web (Version: 11.2.0.31560)
Citrix online plug-in (DV) (Version: 11.2.0.31560)
Citrix online plug-in (HDX) (Version: 11.2.0.31560)
Citrix online plug-in (USB) (Version: 11.2.0.31560)
Citrix online plug-in (Web) (Version: 11.2.0.31560)
Conexant HDA D330 MDC V.92 Modem
Copy (Version: 100.0.170.000)
Dell Resource CD (Version: 1.00.0000)
Dell Wireless WLAN Card (Version: 4.170.25.12)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 100.0.190.000)
DeviceManagementQFolder (Version: 1.00.0000)
DJ_AIO_03_F4200_ProductContext (Version: 100.0.215.000)
DJ_AIO_03_F4200_Software (Version: 100.0.206.000)
DJ_AIO_03_F4200_Software_Min (Version: 100.0.213.000)
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
F4200 (Version: 100.0.206.000)
F4200_Help (Version: 100.0.206.000)
Fonality HUD 3.5
Galileo SSL (Version: 01.00.0014.00)
GO! Res (Version: Install v.17)
Google Chrome (Version: 21.0.1180.79)
GoToAssist Corporate (Version: 9.0.0.570)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
GPBaseService (Version: 100.0.187.000)
GPBaseService2 (Version: 130.0.371.000)
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Solution Center 13.0 (Version: 13.0)
HPProductAssistant (Version: 130.0.371.000)
Intel® Graphics Media Accelerator Driver
iQCX Client 0.1.0.74 (Version: 0.1.0.74)
iQCX Composer 4.0.2.052 (Version: 4.0.2.052)
J2SE Runtime Environment 5.0 Update 11 (Version: 1.5.0.110)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.191)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Viewer 2003 (English) (Version: 11.0.3709.5614)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Backward compatibility (Version: 8.05.1054)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00)
Microsoft SQL Server Management Studio Express (Version: 9.00.3042.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mobile Broadband Generic Drivers (Version: 2.03.03.002.17)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 14.0.1468.721)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OZ776 SCR Driver V1.1.4.202 (Version: 1.1.4.202)
PDF-XChange 2.5 Driver Install (Version: 2.xx)
QuickTime (Version: 7.71.80.42)
ResQCX Workstation Configuration
ResQCX xp Setup
RightNow (Version: 8.3.0.123)
Sabre VPN
Scan (Version: 10.0.0.0)
Segoe UI (Version: 14.0.4327.805)
SigmaTel Audio (Version: 5.10.5210.0)
Skype™ 5.10 (Version: 5.10.116)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 100.0.175.000)
SUPERAntiSpyware (Version: 4.53.1000)
Toolbox (Version: 100.0.170.000)
TrayApp (Version: 100.0.170.000)
UnloadSupport (Version: 10.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2264107) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Verizon High Speed Internet
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual FoxPro ODBC Driver (Version: 1.0.0)
WebEx
WebEx Meeting Manager for Mozilla Firefox/Netscape Navigator (Version: 7.5.3)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 100.0.170.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 2037.9 MB
Available physical RAM: 1176.17 MB
Total Pagefile: 3930.72 MB
Available Pagefile: 3075.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.98 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.44 GB) (Free:30.7 GB) NTFS

========================= Users: ========================================

User accounts for \\12115G1-D630

Administrator ASPNET CIS
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****



Farbar Service Scanner Version: 06-08-2012
Ran by jdietzel (administrator) on 15-08-2012 at 09:17:35
Running from "C:\Documents and Settings\jdietzel\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:44 PM

Posted 15 August 2012 - 08:35 AM

Download

Sharedaccess
wscsvc
bits
wuauserv

Launch them,click YES

Restart the PC

post the new FSS log and adware cleaner log together

#7 nikoonah

nikoonah
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 15 August 2012 - 04:47 PM

Farbar Service Scanner Version: 06-08-2012
Ran by jdietzel (administrator) on 15-08-2012 at 17:45:47
Running from "C:\Documents and Settings\jdietzel\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****


# AdwCleaner v1.801 - Logfile created 08/15/2012 at 17:39:48
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : jdietzel - 12115G1-D630
# Boot Mode : Normal
# Running from : C:\Documents and Settings\jdietzel\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\jdietzel\Application Data\Mozilla\Firefox\Profiles\gywn1l1t.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.79

File : C:\Documents and Settings\jdietzel\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1948 octets] - [15/08/2012 17:39:48]

########## EOF - C:\AdwCleaner[S1].txt - [2076 octets] ##########

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:44 PM

Posted 15 August 2012 - 07:35 PM

Any current issues?

#9 nikoonah

nikoonah
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:44 PM

Posted 16 August 2012 - 05:29 AM

It seems like everything is working correctly now. Thanks so much!!

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:44 PM

Posted 16 August 2012 - 05:41 AM

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users