Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am infected but don't know what to do...


  • Please log in to reply
13 replies to this topic

#1 bagwan

bagwan

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 25 August 2012 - 11:27 PM

Hi,

Windows XP
Zone Alarm ver. 10.0.250.000


Zone Alarm informs me that I have: Trojan.Win32.small.bmrh and, trojan.win32.zapchast.adlg. ZA advises that Malware has been detected that requires advance treatment, I need to close any open documents as windows will auto restart. I click "yes" to allow this to occur. ZA treats the trojans but does not restart the computer. Ten minutes later the same process will occur again and again.... ZA advises that the path for the trojans is c:\RECYCLERS\S-1-5-18\"really long number". I can't seem to find this address.

So far I have: Deleted all Temp files, restarted computer numerous times, googled the virus names and found this forum.

Whilst on this forum I have: Read tutorials about virus removal (tried downloads that were pointed to), searched for trojan names and finally followed: "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help"

When I get to step 6 (although I'm not really sure whether I have emulation software) in the preperation guide I keep getting this message: "404. Thatís an error.
The requested URL /dl/66bc03b5af52c3157fb8cf7f3a8d5850/50399d3e/windows/utilities/system-reporters/d/dds/dds.com was not found on this server. Thatís all we know."

Its the same when I try to download DDS and other downloads that are pointed to throughout the forums.

Any suggestions?

Regards
Bagwan

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 25 August 2012 - 11:28 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 bagwan

bagwan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 25 August 2012 - 11:30 PM

god that was a quick reply.

#4 bagwan

bagwan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 26 August 2012 - 12:24 AM

Hi,

thanks for the reply:

TDSSkiller, could not access website: "404. Thatís an error.
The requested URL /downloads/utils/tdsskiller.exe was not found on this server. Thatís all we know."

Same with ESET online scanner.

I had more luck with aswMBR. Log is as follows:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-26 14:34:44
-----------------------------
14:34:44.718 OS Version: Windows 5.1.2600 Service Pack 3
14:34:44.718 Number of processors: 2 586 0x6B01
14:34:44.718 ComputerName: OWNER-00A23240F UserName: User
14:34:47.859 Initialize success
14:42:34.125 AVAST engine defs: 12082501
14:46:18.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
14:46:18.171 Disk 0 Vendor: ST3160815AS 3.AAD Size: 152627MB BusType: 3
14:46:18.171 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000061
14:46:18.187 Disk 1 Vendor: ST3160815AS 3.AAD Size: 152627MB BusType: 3
14:46:18.218 Disk 0 MBR read successfully
14:46:18.218 Disk 0 MBR scan
14:46:18.312 Disk 0 Windows XP default MBR code
14:46:18.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
14:46:18.390 Disk 0 scanning sectors +312560640
14:46:18.515 Disk 0 scanning C:\WINDOWS\system32\drivers
14:47:06.468 Service scanning
14:47:26.046 Modules scanning
14:47:34.390 Disk 0 trace - called modules:
14:47:34.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys
14:47:34.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x850b9ab8]
14:47:34.921 3 CLASSPNP.SYS[f74a7fd7] -> nt!IofCallDriver -> \Device\00000062[0x85087eb0]
14:47:34.921 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\00000060[0x850b9030]
14:47:36.343 AVAST engine scan C:\WINDOWS
14:48:05.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\My Documents\pauls files\Software\MBR.dat"
14:48:05.156 The log file has been saved successfully to "C:\Documents and Settings\User\My Documents\pauls files\Software\aswMBR.txt"
14:48:07.046 AVAST engine scan C:\WINDOWS\system32
14:52:30.937 AVAST engine scan C:\WINDOWS\system32\drivers
14:53:10.953 AVAST engine scan C:\Documents and Settings\User
14:56:56.203 File: C:\Documents and Settings\User\Application Data\Reriu\niin.exe **INFECTED** Win32:Citadel-T [Trj]
15:09:34.687 AVAST engine scan C:\Documents and Settings\All Users
15:18:03.671 Scan finished successfully
15:18:35.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\My Documents\pauls files\Software\MBR.dat"
15:18:35.937 The log file has been saved successfully to "C:\Documents and Settings\User\My Documents\pauls files\Software\aswMBR.txt"


thanks again

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 26 August 2012 - 12:27 AM

Boot into safemode with networking and download them.

If you cannot download TDSSkiller,copy it to the infected PC using flash drivr

#6 bagwan

bagwan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 26 August 2012 - 01:59 AM

ESET:

C:\Documents and Settings\User\Application Data\Reriu\niin.exe a variant of Win32/Kryptik.AKPR trojan cleaned by deleting - quarantined
Operating memory multiple threats

TDSSKiller:

15:41:48.0140 2020 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:41:48.0843 2020 ============================================================
15:41:48.0843 2020 Current date / time: 2012/08/26 15:41:48.0843
15:41:48.0843 2020 SystemInfo:
15:41:48.0843 2020
15:41:48.0843 2020 OS Version: 5.1.2600 ServicePack: 3.0
15:41:48.0843 2020 Product type: Workstation
15:41:48.0843 2020 ComputerName: OWNER-00A23240F
15:41:48.0843 2020 UserName: User
15:41:48.0843 2020 Windows directory: C:\WINDOWS
15:41:48.0843 2020 System windows directory: C:\WINDOWS
15:41:48.0843 2020 Processor architecture: Intel x86
15:41:48.0843 2020 Number of processors: 2
15:41:48.0843 2020 Page size: 0x1000
15:41:48.0843 2020 Boot type: Safe boot with network
15:41:48.0843 2020 ============================================================
15:41:50.0765 2020 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:41:50.0781 2020 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:41:50.0781 2020 ============================================================
15:41:50.0781 2020 \Device\Harddisk0\DR0:
15:41:50.0781 2020 MBR partitions:
15:41:50.0781 2020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
15:41:50.0781 2020 \Device\Harddisk1\DR1:
15:41:50.0781 2020 MBR partitions:
15:41:50.0781 2020 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
15:41:50.0781 2020 ============================================================
15:41:50.0812 2020 C: <-> \Device\Harddisk0\DR0\Partition1
15:41:50.0859 2020 E: <-> \Device\Harddisk1\DR1\Partition1
15:41:50.0859 2020 ============================================================
15:41:50.0859 2020 Initialize success
15:41:50.0859 2020 ============================================================
15:41:54.0468 1892 ============================================================
15:41:54.0468 1892 Scan started
15:41:54.0468 1892 Mode: Manual;
15:41:54.0468 1892 ============================================================
15:41:55.0187 1892 ================ Scan system memory ========================
15:41:55.0203 1892 System memory - ok
15:41:55.0203 1892 ================ Scan services =============================
15:41:55.0265 1892 Abiosdsk - ok
15:41:55.0281 1892 abp480n5 - ok
15:41:55.0406 1892 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:41:55.0406 1892 ACDaemon - ok
15:41:55.0468 1892 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:41:55.0468 1892 ACPI - ok
15:41:55.0515 1892 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:41:55.0515 1892 ACPIEC - ok
15:41:55.0593 1892 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:41:55.0593 1892 AdobeFlashPlayerUpdateSvc - ok
15:41:55.0609 1892 adpu160m - ok
15:41:55.0640 1892 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:41:55.0656 1892 aec - ok
15:41:55.0703 1892 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:41:55.0703 1892 AFD - ok
15:41:55.0718 1892 Aha154x - ok
15:41:55.0718 1892 aic78u2 - ok
15:41:55.0734 1892 aic78xx - ok
15:41:55.0781 1892 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:41:55.0781 1892 Alerter - ok
15:41:55.0812 1892 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:41:55.0812 1892 ALG - ok
15:41:55.0828 1892 AliIde - ok
15:41:55.0843 1892 amsint - ok
15:41:55.0921 1892 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:41:55.0921 1892 Apple Mobile Device - ok
15:41:55.0921 1892 AppMgmt - ok
15:41:55.0937 1892 asc - ok
15:41:55.0953 1892 asc3350p - ok
15:41:55.0968 1892 asc3550 - ok
15:41:56.0078 1892 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:41:56.0109 1892 aspnet_state - ok
15:41:56.0140 1892 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:41:56.0140 1892 AsyncMac - ok
15:41:56.0156 1892 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:41:56.0156 1892 atapi - ok
15:41:56.0171 1892 Atdisk - ok
15:41:56.0187 1892 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:41:56.0203 1892 Atmarpc - ok
15:41:56.0234 1892 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:41:56.0234 1892 AudioSrv - ok
15:41:56.0281 1892 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:41:56.0281 1892 audstub - ok
15:41:56.0312 1892 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:41:56.0312 1892 Beep - ok
15:41:56.0359 1892 [ 71489FA2C4A238F178E30AE6E4449013 ] bgsvcgen C:\WINDOWS\system32\bgsvcgen.exe
15:41:56.0359 1892 bgsvcgen - ok
15:41:56.0421 1892 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:41:56.0437 1892 Bonjour Service - ok
15:41:56.0468 1892 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
15:41:56.0468 1892 Browser - ok
15:41:56.0515 1892 [ 2FE6D5BE0629F706197B30C0AA05DE30 ] BrPar C:\WINDOWS\System32\drivers\BrPar.sys
15:41:56.0515 1892 BrPar - ok
15:41:56.0562 1892 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:41:56.0562 1892 cbidf2k - ok
15:41:56.0578 1892 cd20xrnt - ok
15:41:56.0609 1892 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:41:56.0609 1892 Cdaudio - ok
15:41:56.0640 1892 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:41:56.0640 1892 Cdfs - ok
15:41:56.0687 1892 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:41:56.0687 1892 Cdrom - ok
15:41:56.0703 1892 Changer - ok
15:41:56.0734 1892 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:41:56.0734 1892 CiSvc - ok
15:41:56.0765 1892 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:41:56.0765 1892 ClipSrv - ok
15:41:56.0796 1892 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:41:56.0859 1892 clr_optimization_v2.0.50727_32 - ok
15:41:56.0859 1892 CmdIde - ok
15:41:56.0875 1892 COMSysApp - ok
15:41:56.0906 1892 Cpqarray - ok
15:41:56.0937 1892 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:41:56.0937 1892 CryptSvc - ok
15:41:56.0953 1892 dac2w2k - ok
15:41:56.0968 1892 dac960nt - ok
15:41:57.0015 1892 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:41:57.0031 1892 DcomLaunch - ok
15:41:57.0078 1892 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:41:57.0078 1892 Dhcp - ok
15:41:57.0093 1892 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:41:57.0093 1892 Disk - ok
15:41:57.0109 1892 dmadmin - ok
15:41:57.0156 1892 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:41:57.0171 1892 dmboot - ok
15:41:57.0203 1892 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:41:57.0203 1892 dmio - ok
15:41:57.0234 1892 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:41:57.0234 1892 dmload - ok
15:41:57.0250 1892 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:41:57.0250 1892 dmserver - ok
15:41:57.0265 1892 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:41:57.0281 1892 DMusic - ok
15:41:57.0312 1892 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:41:57.0312 1892 Dnscache - ok
15:41:57.0343 1892 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:41:57.0359 1892 Dot3svc - ok
15:41:57.0359 1892 dpti2o - ok
15:41:57.0406 1892 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:41:57.0406 1892 drmkaud - ok
15:41:57.0421 1892 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:41:57.0421 1892 EapHost - ok
15:41:57.0453 1892 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:41:57.0453 1892 ERSvc - ok
15:41:57.0500 1892 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:41:57.0531 1892 Eventlog - ok
15:41:57.0562 1892 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
15:41:57.0562 1892 EventSystem - ok
15:41:57.0609 1892 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:41:57.0609 1892 Fastfat - ok
15:41:57.0656 1892 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:41:57.0671 1892 FastUserSwitchingCompatibility - ok
15:41:57.0703 1892 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:41:57.0703 1892 Fdc - ok
15:41:57.0734 1892 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:41:57.0734 1892 Fips - ok
15:41:57.0765 1892 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:41:57.0781 1892 Flpydisk - ok
15:41:57.0796 1892 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:41:57.0796 1892 FltMgr - ok
15:41:57.0875 1892 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:41:57.0875 1892 FontCache3.0.0.0 - ok
15:41:57.0906 1892 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:41:57.0906 1892 Fs_Rec - ok
15:41:57.0906 1892 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:41:57.0921 1892 Ftdisk - ok
15:41:57.0953 1892 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:41:57.0953 1892 GEARAspiWDM - ok
15:41:57.0968 1892 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:41:57.0968 1892 Gpc - ok
15:41:57.0984 1892 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:41:57.0984 1892 HDAudBus - ok
15:41:58.0062 1892 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:41:58.0062 1892 helpsvc - ok
15:41:58.0109 1892 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
15:41:58.0109 1892 HidServ - ok
15:41:58.0156 1892 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:41:58.0156 1892 HidUsb - ok
15:41:58.0203 1892 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:41:58.0203 1892 hkmsvc - ok
15:41:58.0203 1892 hpn - ok
15:41:58.0265 1892 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:41:58.0281 1892 HTTP - ok
15:41:58.0296 1892 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:41:58.0296 1892 HTTPFilter - ok
15:41:58.0312 1892 i2omgmt - ok
15:41:58.0328 1892 i2omp - ok
15:41:58.0343 1892 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:41:58.0343 1892 i8042prt - ok
15:41:58.0421 1892 [ 7D38902D8F29E6EF25CBB81BAA4A9210 ] icsak C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys
15:41:58.0421 1892 icsak - ok
15:41:58.0515 1892 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:41:58.0515 1892 IDriverT - ok
15:41:58.0593 1892 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:41:58.0640 1892 idsvc - ok
15:41:58.0687 1892 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:41:58.0687 1892 Imapi - ok
15:41:58.0734 1892 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:41:58.0734 1892 ImapiService - ok
15:41:58.0750 1892 ini910u - ok
15:41:58.0906 1892 [ 41EF008D7B089CE6F5F2E4A61D5638E6 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:41:59.0015 1892 IntcAzAudAddService - ok
15:41:59.0031 1892 IntelIde - ok
15:41:59.0062 1892 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:41:59.0062 1892 Ip6Fw - ok
15:41:59.0078 1892 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:41:59.0078 1892 IpFilterDriver - ok
15:41:59.0093 1892 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:41:59.0093 1892 IpInIp - ok
15:41:59.0109 1892 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:41:59.0125 1892 IpNat - ok
15:41:59.0156 1892 [ B84A28B3984185EDA8867541AF14CDDB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:41:59.0187 1892 iPod Service - ok
15:41:59.0203 1892 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:41:59.0203 1892 IPSec - ok
15:41:59.0234 1892 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:41:59.0234 1892 IRENUM - ok
15:41:59.0265 1892 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:41:59.0265 1892 isapnp - ok
15:41:59.0296 1892 [ C76357E42FF11A00B3FE0A7B341E3F5F ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
15:41:59.0296 1892 ISWKL - ok
15:41:59.0328 1892 [ 7AAD72B665E984EF644A6812C48B37DF ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
15:41:59.0328 1892 IswSvc - ok
15:41:59.0421 1892 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
15:41:59.0421 1892 JavaQuickStarterService - ok
15:41:59.0437 1892 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:41:59.0437 1892 Kbdclass - ok
15:41:59.0484 1892 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:41:59.0484 1892 kbdhid - ok
15:41:59.0515 1892 [ 94D67D49BD9503BB1D838405D80F2058 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
15:41:59.0531 1892 KL1 - ok
15:41:59.0562 1892 [ 713576569667AC9E0F8556076004A96B ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys
15:41:59.0562 1892 kl2 - ok
15:41:59.0578 1892 [ F934DE04AC53B08457B92DB6E4DEE2E5 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
15:41:59.0593 1892 KLIF - ok
15:41:59.0609 1892 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:41:59.0609 1892 kmixer - ok
15:41:59.0640 1892 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:41:59.0640 1892 KSecDD - ok
15:41:59.0687 1892 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:41:59.0703 1892 lanmanserver - ok
15:41:59.0750 1892 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:41:59.0750 1892 lanmanworkstation - ok
15:41:59.0765 1892 lbrtfdc - ok
15:41:59.0812 1892 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:41:59.0812 1892 LmHosts - ok
15:41:59.0828 1892 MagicTune - ok
15:41:59.0843 1892 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:41:59.0859 1892 Messenger - ok
15:41:59.0890 1892 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:41:59.0890 1892 mnmdd - ok
15:41:59.0921 1892 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:41:59.0921 1892 mnmsrvc - ok
15:41:59.0937 1892 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:41:59.0937 1892 Modem - ok
15:41:59.0968 1892 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:41:59.0968 1892 Mouclass - ok
15:41:59.0984 1892 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:41:59.0984 1892 mouhid - ok
15:42:00.0000 1892 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:42:00.0000 1892 MountMgr - ok
15:42:00.0015 1892 mraid35x - ok
15:42:00.0031 1892 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:42:00.0031 1892 MRxDAV - ok
15:42:00.0062 1892 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:42:00.0078 1892 MRxSmb - ok
15:42:00.0125 1892 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:42:00.0125 1892 MSDTC - ok
15:42:00.0140 1892 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:42:00.0140 1892 Msfs - ok
15:42:00.0140 1892 MSIServer - ok
15:42:00.0187 1892 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:42:00.0187 1892 MSKSSRV - ok
15:42:00.0203 1892 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:42:00.0203 1892 MSPCLOCK - ok
15:42:00.0234 1892 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:42:00.0234 1892 MSPQM - ok
15:42:00.0265 1892 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:42:00.0265 1892 mssmbios - ok
15:42:00.0296 1892 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
15:42:00.0296 1892 MTsensor - ok
15:42:00.0343 1892 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:42:00.0343 1892 Mup - ok
15:42:00.0375 1892 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:42:00.0390 1892 napagent - ok
15:42:00.0406 1892 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:42:00.0406 1892 NDIS - ok
15:42:00.0453 1892 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:42:00.0453 1892 NdisTapi - ok
15:42:00.0484 1892 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:42:00.0484 1892 Ndisuio - ok
15:42:00.0500 1892 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:42:00.0500 1892 NdisWan - ok
15:42:00.0531 1892 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:42:00.0531 1892 NDProxy - ok
15:42:00.0546 1892 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:42:00.0546 1892 NetBIOS - ok
15:42:00.0562 1892 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:42:00.0578 1892 NetBT - ok
15:42:00.0609 1892 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:42:00.0625 1892 NetDDE - ok
15:42:00.0625 1892 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:42:00.0625 1892 NetDDEdsdm - ok
15:42:00.0671 1892 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:42:00.0671 1892 Netlogon - ok
15:42:00.0687 1892 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:42:00.0687 1892 Netman - ok
15:42:00.0734 1892 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:42:00.0734 1892 NetTcpPortSharing - ok
15:42:00.0796 1892 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:42:00.0796 1892 Nla - ok
15:42:00.0812 1892 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:42:00.0812 1892 Npfs - ok
15:42:00.0843 1892 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:42:00.0875 1892 Ntfs - ok
15:42:00.0890 1892 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:42:00.0890 1892 NtLmSsp - ok
15:42:00.0921 1892 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:42:00.0937 1892 NtmsSvc - ok
15:42:00.0968 1892 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:42:00.0968 1892 Null - ok
15:42:01.0093 1892 [ EB2858F920B8135B807B5CCAA3ED73DC ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:42:01.0203 1892 nv - ok
15:42:01.0250 1892 [ EF9941593B2E9B436F64A87DDB570D1A ] nvatabus C:\WINDOWS\system32\drivers\nvatabus.sys
15:42:01.0250 1892 nvatabus - ok
15:42:01.0265 1892 [ D8151977E2A20DF13C3D30146FD4E542 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:42:01.0265 1892 NVENETFD - ok
15:42:01.0281 1892 [ 13A6CCF5F60A55F2ED2658B736D65C8B ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:42:01.0296 1892 nvnetbus - ok
15:42:01.0312 1892 [ EA4017441889A7E66D8A77BD41AC11C0 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
15:42:01.0328 1892 nvraid - ok
15:42:01.0343 1892 [ 36032035FA55F030D55237D5C639A81D ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
15:42:01.0343 1892 NVSvc - ok
15:42:01.0375 1892 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:42:01.0375 1892 NwlnkFlt - ok
15:42:01.0390 1892 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:42:01.0390 1892 NwlnkFwd - ok
15:42:01.0453 1892 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:42:01.0453 1892 ose - ok
15:42:01.0484 1892 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:42:01.0500 1892 Parport - ok
15:42:01.0531 1892 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:42:01.0546 1892 PartMgr - ok
15:42:01.0593 1892 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:42:01.0593 1892 ParVdm - ok
15:42:01.0609 1892 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:42:01.0609 1892 PCI - ok
15:42:01.0609 1892 PCIDump - ok
15:42:01.0640 1892 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:42:01.0640 1892 PCIIde - ok
15:42:01.0656 1892 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:42:01.0656 1892 Pcmcia - ok
15:42:01.0671 1892 PDCOMP - ok
15:42:01.0687 1892 PDFRAME - ok
15:42:01.0687 1892 PDRELI - ok
15:42:01.0703 1892 PDRFRAME - ok
15:42:01.0718 1892 perc2 - ok
15:42:01.0734 1892 perc2hib - ok
15:42:01.0781 1892 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:42:01.0796 1892 PlugPlay - ok
15:42:01.0812 1892 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:42:01.0812 1892 PolicyAgent - ok
15:42:01.0843 1892 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:42:01.0859 1892 PptpMiniport - ok
15:42:01.0859 1892 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
15:42:01.0859 1892 Processor - ok
15:42:01.0875 1892 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:42:01.0875 1892 ProtectedStorage - ok
15:42:01.0890 1892 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:42:01.0890 1892 PSched - ok
15:42:01.0921 1892 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:42:01.0921 1892 Ptilink - ok
15:42:01.0921 1892 ql1080 - ok
15:42:01.0937 1892 Ql10wnt - ok
15:42:01.0953 1892 ql12160 - ok
15:42:01.0968 1892 ql1240 - ok
15:42:01.0984 1892 ql1280 - ok
15:42:02.0000 1892 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:42:02.0000 1892 RasAcd - ok
15:42:02.0046 1892 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:42:02.0046 1892 RasAuto - ok
15:42:02.0078 1892 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:42:02.0078 1892 Rasl2tp - ok
15:42:02.0109 1892 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:42:02.0125 1892 RasMan - ok
15:42:02.0125 1892 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:42:02.0125 1892 RasPppoe - ok
15:42:02.0140 1892 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:42:02.0140 1892 Raspti - ok
15:42:02.0171 1892 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:42:02.0171 1892 Rdbss - ok
15:42:02.0187 1892 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:42:02.0187 1892 RDPCDD - ok
15:42:02.0234 1892 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:42:02.0234 1892 RDPWD - ok
15:42:02.0265 1892 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:42:02.0265 1892 RDSessMgr - ok
15:42:02.0296 1892 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:42:02.0296 1892 redbook - ok
15:42:02.0343 1892 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:42:02.0343 1892 RemoteAccess - ok
15:42:02.0375 1892 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
15:42:02.0375 1892 RpcLocator - ok
15:42:02.0406 1892 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:42:02.0421 1892 RpcSs - ok
15:42:02.0453 1892 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:42:02.0453 1892 RSVP - ok
15:42:02.0500 1892 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:42:02.0500 1892 SamSs - ok
15:42:02.0515 1892 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:42:02.0515 1892 SCardSvr - ok
15:42:02.0546 1892 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:42:02.0562 1892 Schedule - ok
15:42:02.0593 1892 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:42:02.0593 1892 Secdrv - ok
15:42:02.0609 1892 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:42:02.0625 1892 seclogon - ok
15:42:02.0640 1892 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:42:02.0640 1892 SENS - ok
15:42:02.0656 1892 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:42:02.0656 1892 serenum - ok
15:42:02.0671 1892 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:42:02.0687 1892 Serial - ok
15:42:02.0718 1892 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:42:02.0718 1892 Sfloppy - ok
15:42:02.0734 1892 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:42:02.0734 1892 ShellHWDetection - ok
15:42:02.0750 1892 Simbad - ok
15:42:02.0796 1892 [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
15:42:02.0796 1892 Sony SCSI Helper Service - ok
15:42:02.0796 1892 Sparrow - ok
15:42:02.0828 1892 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:42:02.0828 1892 splitter - ok
15:42:02.0875 1892 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:42:02.0875 1892 Spooler - ok
15:42:02.0890 1892 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:42:02.0890 1892 sr - ok
15:42:02.0906 1892 srescan - ok
15:42:02.0953 1892 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:42:02.0953 1892 srservice - ok
15:42:03.0000 1892 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:42:03.0015 1892 Srv - ok
15:42:03.0031 1892 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:42:03.0031 1892 SSDPSRV - ok
15:42:03.0062 1892 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:42:03.0078 1892 stisvc - ok
15:42:03.0109 1892 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:42:03.0109 1892 swenum - ok
15:42:03.0125 1892 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:42:03.0125 1892 swmidi - ok
15:42:03.0140 1892 SwPrv - ok
15:42:03.0156 1892 symc810 - ok
15:42:03.0171 1892 symc8xx - ok
15:42:03.0187 1892 sym_hi - ok
15:42:03.0203 1892 sym_u3 - ok
15:42:03.0234 1892 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:42:03.0234 1892 sysaudio - ok
15:42:03.0281 1892 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:42:03.0296 1892 SysmonLog - ok
15:42:03.0328 1892 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:42:03.0328 1892 TapiSrv - ok
15:42:03.0375 1892 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:42:03.0390 1892 Tcpip - ok
15:42:03.0421 1892 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:42:03.0421 1892 TDPIPE - ok
15:42:03.0437 1892 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:42:03.0437 1892 TDTCP - ok
15:42:03.0468 1892 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:42:03.0468 1892 TermDD - ok
15:42:03.0500 1892 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:42:03.0500 1892 TermService - ok
15:42:03.0531 1892 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:42:03.0531 1892 Themes - ok
15:42:03.0546 1892 TosIde - ok
15:42:03.0578 1892 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:42:03.0593 1892 TrkWks - ok
15:42:03.0625 1892 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:42:03.0625 1892 Udfs - ok
15:42:03.0625 1892 ultra - ok
15:42:03.0687 1892 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:42:03.0687 1892 Update - ok
15:42:03.0734 1892 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:42:03.0750 1892 upnphost - ok
15:42:03.0750 1892 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:42:03.0750 1892 UPS - ok
15:42:03.0812 1892 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:42:03.0812 1892 usbccgp - ok
15:42:03.0828 1892 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:42:03.0828 1892 usbehci - ok
15:42:03.0828 1892 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:42:03.0843 1892 usbhub - ok
15:42:03.0859 1892 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:42:03.0859 1892 usbohci - ok
15:42:03.0890 1892 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:42:03.0890 1892 usbscan - ok
15:42:03.0921 1892 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:42:03.0921 1892 USBSTOR - ok
15:42:03.0968 1892 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:42:03.0968 1892 VgaSave - ok
15:42:03.0968 1892 ViaIde - ok
15:42:04.0000 1892 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:42:04.0000 1892 VolSnap - ok
15:42:04.0046 1892 [ 01FADA5896B3D75DECB2196435060251 ] Vsdatant C:\WINDOWS\system32\vsdatant.sys
15:42:04.0046 1892 Vsdatant - ok
15:42:04.0093 1892 vsmon - ok
15:42:04.0125 1892 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:42:04.0140 1892 VSS - ok
15:42:04.0171 1892 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
15:42:04.0187 1892 W32Time - ok
15:42:04.0218 1892 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:42:04.0218 1892 Wanarp - ok
15:42:04.0218 1892 WDICA - ok
15:42:04.0250 1892 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:42:04.0250 1892 wdmaud - ok
15:42:04.0265 1892 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:42:04.0265 1892 WebClient - ok
15:42:04.0359 1892 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:42:04.0359 1892 winmgmt - ok
15:42:04.0406 1892 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
15:42:04.0406 1892 WmdmPmSN - ok
15:42:04.0453 1892 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:42:04.0453 1892 WmiApSrv - ok
15:42:04.0500 1892 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:42:04.0531 1892 WZCSVC - ok
15:42:04.0546 1892 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:42:04.0562 1892 xmlprov - ok
15:42:04.0562 1892 ================ Scan global ===============================
15:42:04.0593 1892 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:42:04.0625 1892 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:42:04.0640 1892 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:42:04.0656 1892 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:42:04.0671 1892 [Global] - ok
15:42:04.0671 1892 ================ Scan MBR ==================================
15:42:04.0687 1892 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:42:04.0812 1892 \Device\Harddisk0\DR0 - ok
15:42:04.0828 1892 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
15:42:04.0937 1892 \Device\Harddisk1\DR1 - ok
15:42:04.0937 1892 ================ Scan VBR ==================================
15:42:04.0953 1892 [ DA60B7DAA95CF87A62FF26DAE7E567EB ] \Device\Harddisk0\DR0\Partition1
15:42:04.0953 1892 \Device\Harddisk0\DR0\Partition1 - ok
15:42:04.0953 1892 [ DA60B7DAA95CF87A62FF26DAE7E567EB ] \Device\Harddisk1\DR1\Partition1
15:42:04.0953 1892 \Device\Harddisk1\DR1\Partition1 - ok
15:42:04.0953 1892 ============================================================
15:42:04.0953 1892 Scan finished
15:42:04.0953 1892 ============================================================
15:42:04.0984 1836 Detected object count: 0
15:42:04.0984 1836 Actual detected object count: 0
15:43:27.0156 1972 Deinitialize success


Thanks again..

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 26 August 2012 - 07:19 AM

Reboot to normal mode

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#8 bagwan

bagwan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 27 August 2012 - 05:22 AM

Hi again,

Mini toolbox log:

MiniToolBox by Farbar Version: 23-07-2012
Ran by User (administrator) on 27-08-2012 at 19:57:34
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : owner-00a23240f Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : NVIDIA nForce Networking Controller Physical Address. . . . . . . . . : 00-1F-C6-A2-A9-75 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.1 Lease Obtained. . . . . . . . . . : Monday, 27 August 2012 5:57:26 PM Lease Expires . . . . . . . . . . : Tuesday, 28 August 2012 5:57:26 PMServer: dir-600
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.237.99, 74.125.237.100, 74.125.237.101, 74.125.237.102
74.125.237.103, 74.125.237.104, 74.125.237.105, 74.125.237.110, 74.125.237.96
74.125.237.97, 74.125.237.98

Pinging google.com [74.125.237.99] with 32 bytes of data:Reply from 74.125.237.99: bytes=32 time=34ms TTL=54Reply from 74.125.237.99: bytes=32 time=32ms TTL=54Ping statistics for 74.125.237.99: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 32ms, Maximum = 34ms, Average = 33msServer: dir-600
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:Reply from 72.30.38.140: bytes=32 time=892ms TTL=51Reply from 72.30.38.140: bytes=32 time=945ms TTL=51Ping statistics for 72.30.38.140: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 892ms, Maximum = 945ms, Average = 918msServer: dir-600
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Request timed out.Request timed out.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1f c6 a2 a9 75 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.100 192.168.0.100 20
192.168.0.0 255.255.255.0 192.168.0.100 192.168.0.100 20
192.168.0.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.100 192.168.0.100 20
224.0.0.0 240.0.0.0 192.168.0.100 192.168.0.100 20
255.255.255.255 255.255.255.255 192.168.0.100 192.168.0.100 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/26/2012 11:04:41 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/26/2012 11:04:41 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/26/2012 11:04:41 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/26/2012 11:04:41 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/26/2012 11:04:37 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/26/2012 11:04:37 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/26/2012 11:04:37 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/26/2012 11:04:37 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: 404 (HTTP Response Status)

Error: (08/26/2012 11:03:23 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (08/26/2012 11:03:23 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (08/27/2012 05:59:48 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service failed to start due to the following error:
%%1053

Error: (08/27/2012 05:59:48 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the iPod Service service to connect.

Error: (08/27/2012 05:59:47 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/27/2012 05:59:24 PM) (Source: DCOM) (User: OWNER-00A23240F)
Description: DCOM got error "%%1053" attempting to start the service iPod Service with arguments ""
in order to run the server:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (08/27/2012 08:18:32 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
nvraid

Error: (08/27/2012 08:18:32 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/27/2012 08:17:10 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (08/27/2012 05:50:52 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
nvraid

Error: (08/27/2012 05:50:52 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/27/2012 05:49:31 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1


Microsoft Office Sessions:
=========================
Error: (08/26/2012 11:04:41 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/26/2012 11:04:41 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/26/2012 11:04:41 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/26/2012 11:04:41 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/26/2012 11:04:37 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/26/2012 11:04:37 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/26/2012 11:04:37 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/26/2012 11:04:37 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt404 (HTTP Response Status)

Error: (08/26/2012 11:03:23 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (08/26/2012 11:03:23 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.


=========================== Installed Programs ============================

[web:reg] Unit root test (ADF-test) Add In 0.9
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Reader 8.1.4 (Version: 8.1.4)
Amazon Kindle
AmiBroker 5.20 (Version: 5.20)
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations (Version: 2.6.255.207)
Bonjour (Version: 2.0.5.0)
Brother HL-2040 (Version: 1.00)
calibre (Version: 0.8.60)
CCScore (Version: 7.00.0000.0001)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Crystal Reports for .NET Framework 2.0 (x86) (Version: 10.2.0)
Data Converter (Version: 1.00.0000)
DataDirector 2 (Version: 2.0.0)
DataDirector3
DataDirector3 (Version: 3.0)
e-tax 2008
e-tax 2009 (Version: 1.0.0.0)
e-tax 2010 (Version: 1.0.762)
e-tax 2011 (Version: 11.1.704)
ESSBrwr (Version: 7.01.0000.0001)
ESSCDBK (Version: 7.01.0000.0002)
ESScore (Version: 7.01.0000.0012)
ESSgui (Version: 7.01.0000.0002)
ESSini (Version: 7.01.0000.0002)
ESSPCD (Version: 7.01.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 7.01.0000.0001)
fflink (Version: 6.02.1001.0001)
FinePix Studio
FinePixViewer Resource (Version: 1.2)
FinePixViewer Ver.5.3 (Version: 5.3)
FUJIFILM USB Driver
Google Chrome (Version: 21.0.1180.83)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HSQuote V1
Hubb Investor
ImageMixer VCD2 LE for FinePix (Version: 2.5.3)
iTunes (Version: 10.3.1.55)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
kgcbaby (Version: 5.03.0000.0002)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 6.03.0001.0001)
kgcmove (Version: 6.03.0001.0001)
kgcvday (Version: 5.03.0000.0002)
Kodak EasyShare software
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Meta2ASCII Conversion Wizard 1.2
MetaStock 7.01
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money (Version: 10.0.50)
Microsoft Money System Pack (Version: 10.0.80)
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 6 Ultra Edition
netbrdg (Version: 7.01.0000.0001)
NVIDIA Drivers
OANDA fxGame
OANDA FXGame GUI
OfotoXMI (Version: 7.01.0000.0001)
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
PC Tune-Up (Version: 1.1.0.7)
PowerDVD
Quicken 2012 (Version: 21.1.1.22)
QuickTime (Version: 7.69.80.9)
Reader for PC (Version: 1.1.03.11040)
Realtek High Definition Audio Driver (Version: 5.10.0.5377)
Samsung_MonSetup (Version: 1.00.0000)
SFR (Version: 7.01.0000.0003)
SHASTA (Version: 7.01.0000.0001)
skin0001 (Version: 7.01.0000.0003)
SKINXSDK (Version: 7.01.0000.0001)
staticcr (Version: 7.01.0000.0005)
tooltips (Version: 7.01.0000.0001)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC 9.0 Runtime (Version: 1.0.0)
VPRINTOL (Version: 7.01.0000.0001)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
WIRELESS (Version: 7.01.0000.0001)
Yahoo!7 Messenger
Yahoo!7 Toolbar
ZoneAlarm Antivirus (Version: 10.0.250.000)
ZoneAlarm DataLock (Version: 10.0.250.000)
ZoneAlarm Extreme Security (Version: 10.0.250.000)
ZoneAlarm Firewall (Version: 10.0.250.000)
ZoneAlarm Security (Version: 10.0.250.000)

========================= Devices: ================================

Name: ACPI Multiprocessor PC
Description: ACPI Multiprocessor PC
Class Guid: {4D36E966-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: ACPI

Name: AMD Athlon™ 64 X2 Dual Core Processor 4000+
Description: Processor
Class Guid: {50127DC3-0F36-415E-A6CC-4CB3BE910B65}
Manufacturer: (Standard processor types)
Service: Processor

Name: AMD Athlon™ 64 X2 Dual Core Processor 4000+
Description: Processor
Class Guid: {50127DC3-0F36-415E-A6CC-4CB3BE910B65}
Manufacturer: (Standard processor types)
Service: Processor

Name: PCI bus
Description: PCI bus
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: pci

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard ISA bridge
Description: PCI standard ISA bridge
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: isapnp

Name: ISAPNP Read Data Port
Description: ISAPNP Read Data Port
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: System timer
Description: System timer
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: System speaker
Description: System speaker
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4D36E969-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc

Name: Floppy disk drive
Description: Floppy disk drive
Class Guid: {4D36E980-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard floppy disk drives)
Service: flpydisk

Name: Printer Port (LPT1)
Description: Printer Port
Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard port types)
Service: Parport

Name: Printer Port Logical Interface
Description: Printer Port Logical Interface
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: ATK0110 ACPI UTILITY
Description: ATK0110 ACPI UTILITY
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: ATK
Service: MTsensor

Name: High precision event timer
Description: High precision event timer
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Communications Port (COM1)
Description: Communications Port
Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard port types)
Service: Serial

Name: NVIDIA nForce PCI System Management
Description: NVIDIA nForce PCI System Management
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: NVIDIA
Service:

Name: PCI standard RAM Controller
Description: PCI standard RAM Controller
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp

Name: USB Human Interface Device
Description: USB Human Interface Device
Class Guid: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Manufacturer: (Standard system devices)
Service: HidUsb

Name: HID Keyboard Device
Description: HID Keyboard Device
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: kbdhid

Name: USB Human Interface Device
Description: USB Human Interface Device
Class Guid: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Manufacturer: (Standard system devices)
Service: HidUsb

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Manufacturer: Microsoft
Service:

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Manufacturer: (Standard system devices)
Service:

Name: USB Human Interface Device
Description: USB Human Interface Device
Class Guid: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Manufacturer: (Standard system devices)
Service: HidUsb

Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: mouhid

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbehci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: pci

Name: Microsoft UAA Bus Driver for High Definition Audio
Description: Microsoft UAA Bus Driver for High Definition Audio
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: HDAudBus

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: IntcAzAudAddService

Name: Standard Dual Channel PCI IDE Controller
Description: Standard Dual Channel PCI IDE Controller
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: pciide

Name: Primary IDE Channel
Description: Primary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: LITE-ON DVDRW LH-20A1P
Description: CD-ROM Drive
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: Secondary IDE Channel
Description: Secondary IDE Channel
Class Guid: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: NVIDIA Network Bus Enumerator
Description: NVIDIA Network Bus Enumerator
Class Guid: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}
Manufacturer: NVIDIA
Service: nvnetbus

Name: NVIDIA nForce Networking Controller
Description: NVIDIA nForce Networking Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: NVIDIA
Service: NVENETFD

Name: NVIDIA MCP61 Serial ATA Controller
Description: NVIDIA MCP61 Serial ATA Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: NVIDIA Corporation
Service: nvatabus

Name: ST3160815AS
Description: Disk drive
Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: ST3160815AS
Description: Disk drive
Class Guid: {4D36E967-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: pci

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: pci

Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: pci

Name: NVIDIA GeForce 6150SE
Description: NVIDIA GeForce 6150SE
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: NVIDIA
Service: nv

Name: SyncMaster B2230 (Analog)
Description: SyncMaster B2230 (Analog)
Class Guid: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Manufacturer: Samsung
Service:

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: System board
Description: System board
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service:

Name: Volume Manager
Description: Volume Manager
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: ftdisk

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service:

Name: Generic volume
Description: Generic volume
Class Guid: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Manufacturer: Microsoft
Service:

Name: AFD
Description: AFD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AFD

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep

Name: BrPar
Description: BrPar
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BrPar

Name: dmboot
Description: dmboot
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: dmboot

Name: dmload
Description: dmload
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: dmload

Name: Fips
Description: Fips
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Fips

Name: Generic Packet Classifier
Description: Generic Packet Classifier
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Gpc

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP

Name: icsak
Description: icsak
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: icsak

Name: IP Traffic Filter Driver
Description: IP Traffic Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IpFilterDriver

Name: IP Network Address Translator
Description: IP Network Address Translator
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IpNat

Name: IPSEC driver
Description: IPSEC driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IPSec

Name: ZoneAlarm ForceField ISWKL
Description: ZoneAlarm ForceField ISWKL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ISWKL

Name: kl1
Description: kl1
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: kl1

Name: kl2
Description: kl2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: kl2

Name: ksecdd
Description: ksecdd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ksecdd

Name: MagicTune
Description: MagicTune
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MagicTune

Name: mnmdd
Description: mnmdd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mnmdd

Name: mountmgr
Description: mountmgr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mountmgr

Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDIS

Name: Remote Access NDIS TAPI Driver
Description: Remote Access NDIS TAPI Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NdisTapi

Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Ndisuio

Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDProxy

Name: NetBios over Tcpip
Description: NetBios over Tcpip
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NetBT

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null

Name: NVIDIA nForce™ RAID Class Driver
Description: NVIDIA nForce™ RAID Class Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: nvraid

Name: PartMgr
Description: PartMgr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PartMgr

Name: ParVdm
Description: ParVdm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ParVdm

Name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RasAcd

Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPCDD

Name: srescan
Description: srescan
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: srescan

Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Tcpip

Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VgaSave

Name: VolSnap
Description: VolSnap
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VolSnap

Name: vsdatant
Description: vsdatant
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: vsdatant

Name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wanarp

Name: Audio Codecs
Description: Audio Codecs
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Legacy Audio Drivers
Description: Legacy Audio Drivers
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Media Control Devices
Description: Media Control Devices
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Legacy Video Capture Devices
Description: Legacy Video Capture Devices
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: Video Codecs
Description: Video Codecs
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: audstub

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: Rasl2tp

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NdisWan

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: RasPppoe

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PptpMiniport

Name: WAN Miniport (IP) - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched

Name: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched

Name: Direct Parallel
Description: Direct Parallel
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: Raspti

Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: swenum

Name: Microsoft WINMM WDM Audio Compatibility Driver
Description: Microsoft WINMM WDM Audio Compatibility Driver
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: wdmaud

Name: Microsoft Kernel System Audio Device
Description: Microsoft Kernel System Audio Device
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: sysaudio

Name: Microsoft Kernel Wave Audio Mixer
Description: Microsoft Kernel Wave Audio Mixer
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: kmixer

Name: Microcode Update Device
Description: Microcode Update Device
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: update

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard system devices)
Service: mssmbios


========================= Memory info: ===================================

Percentage of memory in use: 61%
Total physical RAM: 895.23 MB
Available physical RAM: 341.69 MB
Total Pagefile: 2865.45 MB
Available Pagefile: 2086.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1964.1 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:149.04 GB) (Free:119.4 GB) NTFS
4 Drive e: () (Fixed) (Total:149.04 GB) (Free:140.47 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-00A23240F

Administrator Guest HelpAssistant
SUPPORT_388945a0 User


**** End of log ****



Log for FSS:

Farbar Service Scanner Version: 06-08-2012
Ran by User (administrator) on 27-08-2012 at 20:02:31
Running from "C:\Documents and Settings\User\Local Settings\Temp\IswTmp\DwlRun"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) kl2(8) NetBT(6) PSched(7) Tcpip(4)
0x080000000800000005000000010000000200000003000000040000000600000007000000


**** End of log ****



Log for ADware Cleaner:


# AdwCleaner v1.801 - Logfile created 08/27/2012 at 20:06:14
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : User - OWNER-00A23240F
# Boot Mode : Normal
# Running from : C:\Documents and Settings\User\My Documents\pauls files\Software\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\ZoneAlarm_Extreme_Security
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ZoneAlarm_Extreme_Security
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2925418
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Smartbar
Key Deleted : HKCU\Software\ZoneAlarm_Extreme_Security
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm_Extreme_Security Toolbar
Key Deleted : HKLM\SOFTWARE\ZoneAlarm_Extreme_Security

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A94E8DC9-07AA-45A7-8AF2-A0375473A5CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCA83D4C-DF77-4005-8EE6-DC8890E3CB94}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D26EA30A-5B5E-4838-A93D-A081AFA2730E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0541C2B-EAD6-4DC9-8BD0-4B9017BED11E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A94E8DC9-07AA-45A7-8AF2-A0375473A5CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCA83D4C-DF77-4005-8EE6-DC8890E3CB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A94E8DC9-07AA-45A7-8AF2-A0375473A5CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A94E8DC9-07AA-45A7-8AF2-A0375473A5CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCA83D4C-DF77-4005-8EE6-DC8890E3CB94}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A94E8DC9-07AA-45A7-8AF2-A0375473A5CD}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A94E8DC9-07AA-45A7-8AF2-A0375473A5CD}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A94E8DC9-07AA-45A7-8AF2-A0375473A5CD}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3130 octets] - [27/08/2012 20:06:14]

########## EOF - C:\AdwCleaner[S1].txt - [3258 octets] ##########




Once again thanks for your help.

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 27 August 2012 - 07:54 AM

Malwarebytes log?

Download

Sharedaccess
BITS
WUAUSERV
wscsvc

Launch them,click YES

Restart the PC and post the new FSS log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#10 bagwan

bagwan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 27 August 2012 - 03:52 PM

Sorry, Malwarebytes Log:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.27.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: OWNER-00A23240F [administrator]

Protection: Enabled

27/08/2012 6:05:00 PM
mbam-log-2012-08-27 (18-05-00).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 353498
Time elapsed: 1 hour(s), 21 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Thanks I will get to the rest later on today.

#11 bagwan

bagwan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 28 August 2012 - 04:42 AM

Hi again,

FSS Log:


Farbar Service Scanner Version: 06-08-2012
Ran by User (administrator) on 28-08-2012 at 19:32:57
Running from "C:\Documents and Settings\User\My Documents\pauls files\Software"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) kl2(8) NetBT(6) PSched(7) Tcpip(4)
0x080000000800000005000000010000000200000003000000040000000600000007000000


**** End of log ****



RKILL log:

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/28/2012 07:38:05 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\WINDOWS\system32\bgsvcgen.exe (PID: 1232) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/28/2012 07:39:13 PM
Execution time: 0 hours(s), 1 minute(s), and 8 seconds(s)


Thanks again...

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 28 August 2012 - 05:36 AM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#13 bagwan

bagwan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 28 August 2012 - 03:49 PM

Hey,

Narenxp, thanks for all your assistance, I was very worried about losing all my data there for a while.

Thanks have a great day.

Cheers
Bagwan

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 28 August 2012 - 03:50 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users