Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help with File_Recovery Removal


  • Please log in to reply
14 replies to this topic

#1 toadboy

toadboy

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 04 September 2012 - 03:00 PM

so I get home from being gone all weekend. computer pops up with the hdd thing and then tries to get me to scan so i immediately shut computer off knowing it cant be good.

I open in safe mode and came straight here followed what I could of the removal logs. Malwarebyte's is 7 days out of date but did find and took care of 32 issues after i got rkill and ran it but still wasn't able to upbate Malwarebytes. Also still see an icon on desktop called File_Recovery so I know it didnt get everything.

so posted up to see what the next step would be to do.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 AM

Posted 04 September 2012 - 03:01 PM

Boot into safemode with networking


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 toadboy

toadboy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 04 September 2012 - 06:55 PM

ESET took care of the threat that TDSS found that I didn't delete. I ran it real quick before I posted these logs. Also the File_Recovery thing that was on desktop is gone. Here are the 3 logs:

16:04:20.0000 1564 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:04:20.0593 1564 ============================================================
16:04:20.0593 1564 Current date / time: 2012/09/04 16:04:20.0593
16:04:20.0593 1564 SystemInfo:
16:04:20.0593 1564
16:04:20.0593 1564 OS Version: 5.1.2600 ServicePack: 3.0
16:04:20.0593 1564 Product type: Workstation
16:04:20.0593 1564 ComputerName: VALUED-2D4281A3
16:04:20.0593 1564 UserName: Valued Customer
16:04:20.0593 1564 Windows directory: C:\WINDOWS
16:04:20.0593 1564 System windows directory: C:\WINDOWS
16:04:20.0593 1564 Processor architecture: Intel x86
16:04:20.0593 1564 Number of processors: 2
16:04:20.0593 1564 Page size: 0x1000
16:04:20.0593 1564 Boot type: Safe boot with network
16:04:20.0593 1564 ============================================================
16:04:20.0921 1564 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:04:20.0921 1564 ============================================================
16:04:20.0921 1564 \Device\Harddisk0\DR0:
16:04:20.0921 1564 MBR partitions:
16:04:20.0921 1564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
16:04:20.0921 1564 ============================================================
16:04:20.0968 1564 C: <-> \Device\Harddisk0\DR0\Partition1
16:04:20.0968 1564 ============================================================
16:04:20.0968 1564 Initialize success
16:04:20.0968 1564 ============================================================
16:04:57.0609 2936 ============================================================
16:04:57.0609 2936 Scan started
16:04:57.0609 2936 Mode: Manual; TDLFS;
16:04:57.0609 2936 ============================================================
16:04:58.0000 2936 ================ Scan system memory ========================
16:04:58.0000 2936 System memory - ok
16:04:58.0000 2936 ================ Scan services =============================
16:04:58.0078 2936 96411734 - ok
16:04:58.0078 2936 Abiosdsk - ok
16:04:58.0093 2936 abp480n5 - ok
16:04:58.0156 2936 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:04:58.0156 2936 ACPI - ok
16:04:58.0187 2936 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:04:58.0187 2936 ACPIEC - ok
16:04:58.0265 2936 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:04:58.0281 2936 AdobeFlashPlayerUpdateSvc - ok
16:04:58.0281 2936 adpu160m - ok
16:04:58.0328 2936 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:04:58.0328 2936 aec - ok
16:04:58.0390 2936 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:04:58.0390 2936 AFD - ok
16:04:58.0390 2936 Aha154x - ok
16:04:58.0406 2936 aic78u2 - ok
16:04:58.0421 2936 aic78xx - ok
16:04:58.0453 2936 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:04:58.0453 2936 Alerter - ok
16:04:58.0484 2936 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:04:58.0484 2936 ALG - ok
16:04:58.0500 2936 AliIde - ok
16:04:58.0546 2936 [ 0A4D13B388C814560BD69C3A496ECFA8 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
16:04:58.0546 2936 AmdK8 - ok
16:04:58.0546 2936 amsint - ok
16:04:58.0671 2936 [ 7B4BEB577C5D0171F9B66F390EC29284 ] apf001 C:\Program Files\softnyx\GunboundWC\apf001.sys
16:04:58.0671 2936 apf001 - ok
16:04:58.0718 2936 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:04:58.0718 2936 AppMgmt - ok
16:04:58.0734 2936 asc - ok
16:04:58.0734 2936 asc3350p - ok
16:04:58.0750 2936 asc3550 - ok
16:04:58.0859 2936 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:04:58.0859 2936 aspnet_state - ok
16:04:58.0875 2936 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:04:58.0875 2936 AsyncMac - ok
16:04:58.0906 2936 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:04:58.0906 2936 atapi - ok
16:04:58.0921 2936 Atdisk - ok
16:04:58.0937 2936 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:04:58.0937 2936 Atmarpc - ok
16:04:58.0953 2936 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:04:58.0953 2936 AudioSrv - ok
16:04:59.0000 2936 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:04:59.0000 2936 audstub - ok
16:04:59.0156 2936 [ 3A457C2F798CAD79CD30224E723E01FB ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
16:04:59.0156 2936 AVG Security Toolbar Service - ok
16:04:59.0218 2936 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwdx C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
16:04:59.0218 2936 Avgfwdx - ok
16:04:59.0218 2936 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
16:04:59.0234 2936 Avgfwfd - ok
16:04:59.0359 2936 [ 3F246752BC1309F71A737C6A90DD5295 ] avgfws C:\Program Files\AVG\AVG2012\avgfws.exe
16:04:59.0406 2936 avgfws - ok
16:04:59.0562 2936 [ BA60FD7A64B9759A14C0FBA4A9ED4C7B ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
16:04:59.0640 2936 AVGIDSAgent - ok
16:04:59.0703 2936 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
16:04:59.0703 2936 AVGIDSDriver - ok
16:04:59.0703 2936 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
16:04:59.0703 2936 AVGIDSFilter - ok
16:04:59.0718 2936 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
16:04:59.0718 2936 AVGIDSHX - ok
16:04:59.0734 2936 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
16:04:59.0734 2936 AVGIDSShim - ok
16:04:59.0765 2936 [ DDA6A2A18841E4C9172BB85958B8D948 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:04:59.0765 2936 Avgldx86 - ok
16:04:59.0781 2936 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:04:59.0781 2936 Avgmfx86 - ok
16:04:59.0781 2936 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:04:59.0781 2936 Avgrkx86 - ok
16:04:59.0859 2936 [ 1263F2554ACE925C237A40B4C568D815 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:04:59.0859 2936 Avgtdix - ok
16:04:59.0906 2936 [ 6F76908F065C3C151C4BFCA7DFD86979 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
16:04:59.0906 2936 avgtp - ok
16:04:59.0953 2936 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
16:04:59.0953 2936 avgwd - ok
16:05:00.0046 2936 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
16:05:00.0046 2936 BBSvc - ok
16:05:00.0078 2936 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
16:05:00.0078 2936 BBUpdate - ok
16:05:00.0140 2936 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:05:00.0140 2936 Beep - ok
16:05:00.0187 2936 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:05:00.0187 2936 Browser - ok
16:05:00.0203 2936 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:05:00.0218 2936 cbidf2k - ok
16:05:00.0234 2936 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:05:00.0234 2936 CCDECODE - ok
16:05:00.0250 2936 cd20xrnt - ok
16:05:00.0265 2936 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:05:00.0265 2936 Cdaudio - ok
16:05:00.0312 2936 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:05:00.0312 2936 Cdfs - ok
16:05:00.0359 2936 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:05:00.0359 2936 Cdrom - ok
16:05:00.0375 2936 Changer - ok
16:05:00.0406 2936 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:05:00.0406 2936 CiSvc - ok
16:05:00.0437 2936 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:05:00.0437 2936 ClipSrv - ok
16:05:00.0531 2936 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:05:00.0562 2936 clr_optimization_v2.0.50727_32 - ok
16:05:00.0593 2936 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:05:00.0640 2936 clr_optimization_v4.0.30319_32 - ok
16:05:00.0640 2936 CmdIde - ok
16:05:00.0656 2936 COMSysApp - ok
16:05:00.0671 2936 Cpqarray - ok
16:05:00.0734 2936 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:05:00.0734 2936 CryptSvc - ok
16:05:00.0734 2936 dac2w2k - ok
16:05:00.0750 2936 dac960nt - ok
16:05:00.0812 2936 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:05:00.0828 2936 DcomLaunch - ok
16:05:00.0875 2936 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:05:00.0875 2936 Dhcp - ok
16:05:00.0921 2936 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:05:00.0921 2936 Disk - ok
16:05:00.0937 2936 dmadmin - ok
16:05:01.0000 2936 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:05:01.0000 2936 dmboot - ok
16:05:01.0015 2936 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:05:01.0015 2936 dmio - ok
16:05:01.0015 2936 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:05:01.0015 2936 dmload - ok
16:05:01.0046 2936 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:05:01.0046 2936 dmserver - ok
16:05:01.0078 2936 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:05:01.0078 2936 DMusic - ok
16:05:01.0093 2936 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:05:01.0109 2936 Dnscache - ok
16:05:01.0140 2936 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:05:01.0140 2936 Dot3svc - ok
16:05:01.0140 2936 dpti2o - ok
16:05:01.0187 2936 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:05:01.0187 2936 drmkaud - ok
16:05:01.0218 2936 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:05:01.0218 2936 EapHost - ok
16:05:01.0250 2936 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:05:01.0250 2936 ERSvc - ok
16:05:01.0296 2936 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:05:01.0296 2936 Eventlog - ok
16:05:01.0359 2936 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:05:01.0359 2936 EventSystem - ok
16:05:01.0375 2936 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:05:01.0375 2936 Fastfat - ok
16:05:01.0421 2936 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:05:01.0437 2936 FastUserSwitchingCompatibility - ok
16:05:01.0453 2936 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
16:05:01.0453 2936 Fdc - ok
16:05:01.0468 2936 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:05:01.0468 2936 Fips - ok
16:05:01.0468 2936 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:05:01.0468 2936 Flpydisk - ok
16:05:01.0500 2936 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:05:01.0500 2936 FltMgr - ok
16:05:01.0593 2936 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:05:01.0593 2936 FontCache3.0.0.0 - ok
16:05:01.0593 2936 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:05:01.0593 2936 Fs_Rec - ok
16:05:01.0640 2936 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:05:01.0656 2936 Ftdisk - ok
16:05:01.0687 2936 [ 54789F9BA0D59072CDD4E7C200E122C4 ] gdrv C:\WINDOWS\gdrv.sys
16:05:01.0687 2936 gdrv - ok
16:05:01.0765 2936 [ 5F73AFE65EAADDD8EECF51AE770997C3 ] GoToAssist Express Customer C:\Program Files\Citrix\GoToAssist Express Customer\170\g2ax_service.exe
16:05:01.0765 2936 GoToAssist Express Customer - ok
16:05:01.0812 2936 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:05:01.0812 2936 Gpc - ok
16:05:01.0859 2936 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:05:01.0859 2936 gupdate - ok
16:05:01.0875 2936 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:05:01.0875 2936 gupdatem - ok
16:05:01.0875 2936 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:05:01.0890 2936 HDAudBus - ok
16:05:01.0968 2936 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:05:01.0968 2936 helpsvc - ok
16:05:02.0000 2936 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:05:02.0000 2936 HidServ - ok
16:05:02.0015 2936 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:05:02.0015 2936 hidusb - ok
16:05:02.0046 2936 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:05:02.0046 2936 hkmsvc - ok
16:05:02.0062 2936 hpn - ok
16:05:02.0140 2936 [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:05:02.0140 2936 hpqcxs08 - ok
16:05:02.0140 2936 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:05:02.0140 2936 hpqddsvc - ok
16:05:02.0171 2936 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:05:02.0171 2936 HPZid412 - ok
16:05:02.0171 2936 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:05:02.0171 2936 HPZipr12 - ok
16:05:02.0187 2936 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:05:02.0187 2936 HPZius12 - ok
16:05:02.0218 2936 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:05:02.0234 2936 HTTP - ok
16:05:02.0265 2936 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:05:02.0265 2936 HTTPFilter - ok
16:05:02.0281 2936 i2omgmt - ok
16:05:02.0281 2936 i2omp - ok
16:05:02.0328 2936 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:05:02.0328 2936 i8042prt - ok
16:05:02.0421 2936 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:05:02.0421 2936 idsvc - ok
16:05:02.0453 2936 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:05:02.0453 2936 Imapi - ok
16:05:02.0500 2936 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:05:02.0500 2936 ImapiService - ok
16:05:02.0500 2936 ini910u - ok
16:05:02.0625 2936 [ C4006AF18682FCA0D8A011A0A21070F8 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:05:02.0718 2936 IntcAzAudAddService - ok
16:05:02.0718 2936 IntelIde - ok
16:05:02.0750 2936 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:05:02.0750 2936 Ip6Fw - ok
16:05:02.0796 2936 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:05:02.0796 2936 IpFilterDriver - ok
16:05:02.0796 2936 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:05:02.0796 2936 IpInIp - ok
16:05:02.0843 2936 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:05:02.0843 2936 IpNat - ok
16:05:02.0843 2936 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:05:02.0843 2936 IPSec - ok
16:05:02.0875 2936 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:05:02.0875 2936 IRENUM - ok
16:05:02.0921 2936 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:05:02.0921 2936 isapnp - ok
16:05:03.0000 2936 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
16:05:03.0015 2936 JavaQuickStarterService - ok
16:05:03.0031 2936 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:05:03.0031 2936 Kbdclass - ok
16:05:03.0031 2936 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:05:03.0031 2936 kbdhid - ok
16:05:03.0046 2936 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:05:03.0046 2936 kmixer - ok
16:05:03.0062 2936 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:05:03.0062 2936 KSecDD - ok
16:05:03.0093 2936 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:05:03.0093 2936 lanmanserver - ok
16:05:03.0140 2936 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:05:03.0156 2936 lanmanworkstation - ok
16:05:03.0156 2936 lbrtfdc - ok
16:05:03.0171 2936 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:05:03.0171 2936 LmHosts - ok
16:05:03.0203 2936 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:05:03.0203 2936 Messenger - ok
16:05:03.0218 2936 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:05:03.0218 2936 mnmdd - ok
16:05:03.0250 2936 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:05:03.0250 2936 mnmsrvc - ok
16:05:03.0265 2936 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:05:03.0265 2936 Modem - ok
16:05:03.0296 2936 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:05:03.0296 2936 Mouclass - ok
16:05:03.0296 2936 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:05:03.0296 2936 mouhid - ok
16:05:03.0312 2936 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:05:03.0312 2936 MountMgr - ok
16:05:03.0312 2936 mraid35x - ok
16:05:03.0312 2936 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:05:03.0312 2936 MRxDAV - ok
16:05:03.0343 2936 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:05:03.0359 2936 MRxSmb - ok
16:05:03.0421 2936 [ 641199534871783DD74138FE0BCFDAE7 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
16:05:03.0421 2936 MSCamSvc - ok
16:05:03.0453 2936 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:05:03.0453 2936 MSDTC - ok
16:05:03.0453 2936 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:05:03.0453 2936 Msfs - ok
16:05:03.0453 2936 MSIServer - ok
16:05:03.0484 2936 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:05:03.0484 2936 MSKSSRV - ok
16:05:03.0515 2936 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:05:03.0515 2936 MSPCLOCK - ok
16:05:03.0531 2936 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:05:03.0531 2936 MSPQM - ok
16:05:03.0546 2936 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:05:03.0546 2936 mssmbios - ok
16:05:03.0750 2936 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
16:05:03.0750 2936 MSTEE - ok
16:05:03.0906 2936 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:05:03.0906 2936 Mup - ok
16:05:04.0109 2936 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:05:04.0109 2936 NABTSFEC - ok
16:05:04.0312 2936 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:05:04.0312 2936 napagent - ok
16:05:04.0312 2936 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:05:04.0312 2936 NDIS - ok
16:05:04.0343 2936 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:05:04.0343 2936 NdisIP - ok
16:05:04.0375 2936 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:05:04.0375 2936 NdisTapi - ok
16:05:04.0390 2936 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:05:04.0390 2936 Ndisuio - ok
16:05:04.0390 2936 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:05:04.0390 2936 NdisWan - ok
16:05:04.0437 2936 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:05:04.0437 2936 NDProxy - ok
16:05:04.0500 2936 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
16:05:04.0500 2936 Net Driver HPZ12 - ok
16:05:04.0546 2936 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:05:04.0546 2936 NetBIOS - ok
16:05:04.0562 2936 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:05:04.0562 2936 NetBT - ok
16:05:04.0593 2936 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:05:04.0593 2936 NetDDE - ok
16:05:04.0593 2936 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:05:04.0609 2936 NetDDEdsdm - ok
16:05:04.0640 2936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:05:04.0640 2936 Netlogon - ok
16:05:04.0656 2936 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:05:04.0656 2936 Netman - ok
16:05:04.0703 2936 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:05:04.0703 2936 NetTcpPortSharing - ok
16:05:04.0750 2936 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:05:04.0765 2936 Nla - ok
16:05:04.0781 2936 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:05:04.0796 2936 Npfs - ok
16:05:04.0796 2936 npggsvc - ok
16:05:04.0796 2936 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:05:04.0812 2936 Ntfs - ok
16:05:04.0812 2936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:05:04.0812 2936 NtLmSsp - ok
16:05:04.0828 2936 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:05:04.0843 2936 NtmsSvc - ok
16:05:04.0875 2936 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:05:04.0875 2936 Null - ok
16:05:05.0156 2936 [ 062C16F3364C7706713282163586988E ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:05:05.0375 2936 nv - ok
16:05:05.0625 2936 [ EF9941593B2E9B436F64A87DDB570D1A ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
16:05:05.0625 2936 nvata - ok
16:05:05.0671 2936 [ 7D275ECDA4628318912F6C945D5CF963 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
16:05:05.0671 2936 NVENETFD - ok
16:05:06.0015 2936 [ B64AACEFAD2BE5BFF5353FE681253C67 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
16:05:06.0015 2936 nvnetbus - ok
16:05:06.0062 2936 [ B2F5AC506C9B1103827B62BA18A2C514 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
16:05:06.0062 2936 NVSvc - ok
16:05:06.0203 2936 [ 844A25C9E3076EDEF2B12E0BEDED755D ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:05:06.0250 2936 nvUpdatusService - ok
16:05:06.0281 2936 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:05:06.0281 2936 NwlnkFlt - ok
16:05:06.0281 2936 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:05:06.0281 2936 NwlnkFwd - ok
16:05:06.0421 2936 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:05:06.0437 2936 odserv - ok
16:05:06.0453 2936 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:05:06.0453 2936 ose - ok
16:05:06.0500 2936 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:05:06.0500 2936 Parport - ok
16:05:06.0515 2936 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:05:06.0515 2936 PartMgr - ok
16:05:06.0562 2936 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:05:06.0562 2936 ParVdm - ok
16:05:06.0578 2936 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:05:06.0578 2936 PCI - ok
16:05:06.0593 2936 PCIDump - ok
16:05:06.0593 2936 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:05:06.0593 2936 PCIIde - ok
16:05:06.0609 2936 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:05:06.0609 2936 Pcmcia - ok
16:05:06.0609 2936 PDCOMP - ok
16:05:06.0625 2936 PDFRAME - ok
16:05:06.0625 2936 PDRELI - ok
16:05:06.0625 2936 PDRFRAME - ok
16:05:06.0640 2936 perc2 - ok
16:05:06.0640 2936 perc2hib - ok
16:05:06.0671 2936 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:05:06.0671 2936 PlugPlay - ok
16:05:06.0718 2936 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
16:05:06.0718 2936 Pml Driver HPZ12 - ok
16:05:06.0734 2936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:05:06.0734 2936 PolicyAgent - ok
16:05:06.0750 2936 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:05:06.0750 2936 PptpMiniport - ok
16:05:06.0750 2936 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
16:05:06.0765 2936 Processor - ok
16:05:06.0765 2936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:05:06.0765 2936 ProtectedStorage - ok
16:05:06.0765 2936 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:05:06.0765 2936 PSched - ok
16:05:06.0796 2936 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
16:05:06.0796 2936 PSI - ok
16:05:06.0812 2936 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:05:06.0812 2936 Ptilink - ok
16:05:06.0812 2936 ql1080 - ok
16:05:06.0812 2936 Ql10wnt - ok
16:05:06.0828 2936 ql12160 - ok
16:05:06.0828 2936 ql1240 - ok
16:05:06.0828 2936 ql1280 - ok
16:05:06.0875 2936 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:05:06.0875 2936 RasAcd - ok
16:05:06.0906 2936 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:05:06.0906 2936 RasAuto - ok
16:05:06.0921 2936 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:05:06.0921 2936 Rasl2tp - ok
16:05:06.0984 2936 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:05:06.0984 2936 RasMan - ok
16:05:06.0984 2936 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:05:06.0984 2936 RasPppoe - ok
16:05:07.0000 2936 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:05:07.0000 2936 Raspti - ok
16:05:07.0046 2936 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:05:07.0046 2936 Rdbss - ok
16:05:07.0046 2936 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:05:07.0046 2936 RDPCDD - ok
16:05:07.0078 2936 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:05:07.0078 2936 rdpdr - ok
16:05:07.0125 2936 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:05:07.0125 2936 RDPWD - ok
16:05:07.0140 2936 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:05:07.0140 2936 RDSessMgr - ok
16:05:07.0171 2936 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:05:07.0171 2936 redbook - ok
16:05:07.0203 2936 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:05:07.0203 2936 RemoteAccess - ok
16:05:07.0218 2936 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:05:07.0218 2936 RemoteRegistry - ok
16:05:07.0250 2936 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:05:07.0250 2936 RpcLocator - ok
16:05:07.0281 2936 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
16:05:07.0296 2936 RpcSs - ok
16:05:07.0343 2936 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:05:07.0359 2936 RSVP - ok
16:05:07.0359 2936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:05:07.0359 2936 SamSs - ok
16:05:07.0390 2936 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:05:07.0390 2936 SCardSvr - ok
16:05:07.0421 2936 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:05:07.0421 2936 Schedule - ok
16:05:07.0468 2936 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:05:07.0468 2936 Secdrv - ok
16:05:07.0484 2936 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:05:07.0484 2936 seclogon - ok
16:05:07.0593 2936 [ 1CE8490E8919EF5C72275952C202E749 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
16:05:07.0609 2936 Secunia PSI Agent - ok
16:05:07.0671 2936 [ 9337C7C45392A32CAC5E59DDAC0D0342 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
16:05:07.0671 2936 Secunia Update Agent - ok
16:05:07.0687 2936 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:05:07.0687 2936 SENS - ok
16:05:07.0687 2936 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:05:07.0687 2936 serenum - ok
16:05:07.0703 2936 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:05:07.0703 2936 Serial - ok
16:05:07.0765 2936 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:05:07.0765 2936 Sfloppy - ok
16:05:07.0781 2936 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:05:07.0781 2936 ShellHWDetection - ok
16:05:07.0781 2936 Simbad - ok
16:05:07.0843 2936 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:05:07.0843 2936 SkypeUpdate - ok
16:05:07.0890 2936 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:05:07.0890 2936 SLIP - ok
16:05:07.0890 2936 Sparrow - ok
16:05:07.0921 2936 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:05:07.0921 2936 splitter - ok
16:05:07.0968 2936 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:05:07.0968 2936 Spooler - ok
16:05:08.0015 2936 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:05:08.0015 2936 sr - ok
16:05:08.0031 2936 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:05:08.0031 2936 srservice - ok
16:05:08.0093 2936 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:05:08.0093 2936 Srv - ok
16:05:08.0109 2936 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:05:08.0109 2936 SSDPSRV - ok
16:05:08.0140 2936 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:05:08.0140 2936 stisvc - ok
16:05:08.0156 2936 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:05:08.0171 2936 streamip - ok
16:05:08.0187 2936 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:05:08.0187 2936 swenum - ok
16:05:08.0203 2936 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:05:08.0203 2936 swmidi - ok
16:05:08.0203 2936 SwPrv - ok
16:05:08.0203 2936 symc810 - ok
16:05:08.0218 2936 symc8xx - ok
16:05:08.0218 2936 sym_hi - ok
16:05:08.0218 2936 sym_u3 - ok
16:05:08.0265 2936 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:05:08.0265 2936 sysaudio - ok
16:05:08.0281 2936 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:05:08.0281 2936 SysmonLog - ok
16:05:08.0312 2936 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:05:08.0328 2936 TapiSrv - ok
16:05:08.0343 2936 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:05:08.0359 2936 Tcpip - ok
16:05:08.0375 2936 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:05:08.0375 2936 TDPIPE - ok
16:05:08.0390 2936 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:05:08.0390 2936 TDTCP - ok
16:05:08.0421 2936 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:05:08.0421 2936 TermDD - ok
16:05:08.0437 2936 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:05:08.0437 2936 TermService - ok
16:05:08.0453 2936 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:05:08.0453 2936 Themes - ok
16:05:08.0500 2936 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:05:08.0500 2936 TlntSvr - ok
16:05:08.0500 2936 TosIde - ok
16:05:08.0515 2936 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:05:08.0515 2936 TrkWks - ok
16:05:08.0546 2936 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:05:08.0546 2936 Udfs - ok
16:05:08.0546 2936 ultra - ok
16:05:08.0546 2936 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:05:08.0562 2936 Update - ok
16:05:08.0578 2936 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:05:08.0578 2936 upnphost - ok
16:05:08.0609 2936 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:05:08.0609 2936 UPS - ok
16:05:08.0640 2936 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
16:05:08.0640 2936 usbaudio - ok
16:05:08.0703 2936 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:05:08.0703 2936 usbccgp - ok
16:05:08.0703 2936 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:05:08.0703 2936 usbehci - ok
16:05:08.0718 2936 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:05:08.0718 2936 usbhub - ok
16:05:08.0718 2936 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:05:08.0718 2936 usbohci - ok
16:05:08.0750 2936 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:05:08.0750 2936 usbprint - ok
16:05:08.0750 2936 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:05:08.0750 2936 usbscan - ok
16:05:08.0781 2936 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:05:08.0781 2936 USBSTOR - ok
16:05:08.0796 2936 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:05:08.0796 2936 VgaSave - ok
16:05:08.0796 2936 ViaIde - ok
16:05:08.0796 2936 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:05:08.0796 2936 VolSnap - ok
16:05:08.0828 2936 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:05:08.0828 2936 VSS - ok
16:05:08.0890 2936 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
16:05:08.0890 2936 vToolbarUpdater12.2.6 - ok
16:05:08.0953 2936 [ 13ACFED0E6ADCA97440169DFD127EBCF ] VX3000 C:\WINDOWS\system32\DRIVERS\VX3000.sys
16:05:09.0000 2936 VX3000 - ok
16:05:09.0015 2936 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
16:05:09.0015 2936 W32Time - ok
16:05:09.0031 2936 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:05:09.0031 2936 Wanarp - ok
16:05:09.0031 2936 WDICA - ok
16:05:09.0093 2936 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:05:09.0093 2936 wdmaud - ok
16:05:09.0140 2936 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:05:09.0140 2936 WebClient - ok
16:05:09.0234 2936 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:05:09.0234 2936 winmgmt - ok
16:05:09.0281 2936 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:05:09.0281 2936 WmdmPmSN - ok
16:05:09.0328 2936 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:05:09.0328 2936 Wmi - ok
16:05:09.0359 2936 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:05:09.0359 2936 WmiApSrv - ok
16:05:09.0421 2936 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:05:09.0437 2936 WMPNetworkSvc - ok
16:05:09.0500 2936 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:05:09.0500 2936 WPFFontCache_v0400 - ok
16:05:09.0531 2936 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:05:09.0531 2936 WSTCODEC - ok
16:05:09.0562 2936 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:05:09.0562 2936 WudfPf - ok
16:05:09.0578 2936 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:05:09.0578 2936 WudfRd - ok
16:05:09.0578 2936 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:05:09.0578 2936 WudfSvc - ok
16:05:09.0625 2936 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:05:09.0625 2936 WZCSVC - ok
16:05:09.0671 2936 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:05:09.0671 2936 xmlprov - ok
16:05:09.0750 2936 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:05:09.0750 2936 YahooAUService - ok
16:05:09.0765 2936 ================ Scan global ===============================
16:05:09.0796 2936 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:05:09.0859 2936 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:05:09.0859 2936 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:05:09.0875 2936 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:05:09.0875 2936 [Global] - ok
16:05:09.0875 2936 ================ Scan MBR ==================================
16:05:09.0906 2936 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:05:10.0046 2936 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:05:10.0046 2936 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:05:10.0046 2936 ================ Scan VBR ==================================
16:05:10.0046 2936 [ F72E4970C1D384520ADC9BD628FAF324 ] \Device\Harddisk0\DR0\Partition1
16:05:10.0046 2936 \Device\Harddisk0\DR0\Partition1 - ok
16:05:10.0046 2936 ============================================================
16:05:10.0046 2936 Scan finished
16:05:10.0046 2936 ============================================================
16:05:10.0062 1304 Detected object count: 1
16:05:10.0062 1304 Actual detected object count: 1
16:05:42.0031 1304 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:05:42.0031 1304 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-04 15:42:18
-----------------------------
15:42:18.375 OS Version: Windows 5.1.2600 Service Pack 3
15:42:18.375 Number of processors: 2 586 0x6B02
15:42:18.375 ComputerName: VALUED-2D4281A3 UserName: Valued Customer
15:42:21.890 Initialize success
15:53:39.187 AVAST engine defs: 12090400
15:54:42.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
15:54:42.765 Disk 0 Vendor: ST3500418AS CC34 Size: 476938MB BusType: 3
15:54:42.796 Disk 0 MBR read successfully
15:54:42.796 Disk 0 MBR scan
15:54:42.843 Disk 0 Windows XP default MBR code
15:54:42.875 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
15:54:42.875 Disk 0 scanning sectors +976768065
15:54:42.937 Disk 0 scanning C:\WINDOWS\system32\drivers
15:54:54.734 Service scanning
15:55:14.812 Modules scanning
15:55:19.265 Disk 0 trace - called modules:
15:55:19.265
15:55:23.015 AVAST engine scan C:\WINDOWS
15:55:41.046 AVAST engine scan C:\WINDOWS\system32
15:57:50.687 File: C:\WINDOWS\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:59:18.281 AVAST engine scan C:\WINDOWS\system32\drivers
15:59:46.343 AVAST engine scan C:\Documents and Settings\Valued Customer
16:03:54.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Valued Customer\Desktop\MBR.dat"
16:03:54.515 The log file has been saved successfully to "C:\Documents and Settings\Valued Customer\Desktop\aswMBR.txt"



C:\Documents and Settings\All Users\Application Data\faFjEoiWJrf.exe a variant of Win32/Kryptik.ALHY trojan cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\uky24ExJXJYaoa.exe a variant of Win32/Kryptik.ALHY trojan cleaned by deleting - quarantined
C:\Documents and Settings\Valued Customer\Desktop\gg4\pT Profile Converter.exe Win32/Packed.Autoit.E.Gen application cleaned by deleting - quarantined
C:\Documents and Settings\Valued Customer\Desktop\gg4\pvpTool_v2.3.2.exe a variant of Win32/Packed.MoleboxUltra.A application deleted - quarantined
C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\34\28a08862-5e1a081d a variant of Win32/Kryptik.ALHY trojan cleaned by deleting - quarantined
C:\Program Files\DoylesRoom Casino\casino.dll a variant of Win32/CasOnline application cleaned by deleting - quarantined
C:\System Volume Information\_restore{11762FAB-5B85-41C5-8F0E-9DDBBEBD204D}\RP783\A0098588.ini a variant of Win32/Sirefef.EZ trojan deleted - quarantined
C:\System Volume Information\_restore{11762FAB-5B85-41C5-8F0E-9DDBBEBD204D}\RP783\A0100587.ini a variant of Win32/Sirefef.EZ trojan deleted - quarantined
C:\System Volume Information\_restore{11762FAB-5B85-41C5-8F0E-9DDBBEBD204D}\RP783\A0100593.ini a variant of Win32/Sirefef.EZ trojan deleted - quarantined
C:\System Volume Information\_restore{11762FAB-5B85-41C5-8F0E-9DDBBEBD204D}\RP783\A0100597.exe a variant of Win32/Kryptik.ALID trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{11762FAB-5B85-41C5-8F0E-9DDBBEBD204D}\RP783\A0100605.exe a variant of Win32/CasOnline application cleaned by deleting - quarantined
C:\System Volume Information\_restore{11762FAB-5B85-41C5-8F0E-9DDBBEBD204D}\RP783\A0100623.ini a variant of Win32/Sirefef.EZ trojan deleted - quarantined
C:\System Volume Information\_restore{11762FAB-5B85-41C5-8F0E-9DDBBEBD204D}\RP783\A0100626.exe a variant of Win32/Kryptik.ALHY trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{11762FAB-5B85-41C5-8F0E-9DDBBEBD204D}\RP783\A0100652.exe a variant of Win32/Kryptik.ALHY trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{11762FAB-5B85-41C5-8F0E-9DDBBEBD204D}\RP783\A0100653.exe Win32/Packed.Autoit.E.Gen application cleaned by deleting - quarantined
C:\System Volume Information\_restore{11762FAB-5B85-41C5-8F0E-9DDBBEBD204D}\RP783\A0100654.exe a variant of Win32/Packed.MoleboxUltra.A application deleted - quarantined
C:\System Volume Information\_restore{11762FAB-5B85-41C5-8F0E-9DDBBEBD204D}\RP783\A0100655.dll a variant of Win32/CasOnline application cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.FD trojan

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 AM

Posted 04 September 2012 - 07:04 PM

16:05:42.0031 1304 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Run TDSSkiller and delete this infection

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 toadboy

toadboy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 04 September 2012 - 09:31 PM

Malwarebytes took a bit to scan but got a clean scan. Also I seen in the adwarecleaner file alot of avg stuff it deleted could that be where I got my rootkit from?

here are the results:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Valued Customer (administrator) on 04-09-2012 at 22:14:09
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce 10/100 Mbps Ethernet = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : valued-2d4281a3

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : netgear.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : netgear.com

Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet

Physical Address. . . . . . . . . : 00-24-1D-0D-E1-15

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.254.36

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.254.254

DHCP Server . . . . . . . . . . . : 192.168.254.254

DNS Servers . . . . . . . . . . . : 192.168.254.254

Lease Obtained. . . . . . . . . . : Tuesday, September 04, 2012 9:12:43 PM

Lease Expires . . . . . . . . . . : Wednesday, September 05, 2012 9:12:43 PM

Server: dslrouter.netgear.com
Address: 192.168.254.254

Name: google.com
Addresses: 74.125.225.1, 74.125.225.2, 74.125.225.3, 74.125.225.4
74.125.225.5, 74.125.225.6, 74.125.225.7, 74.125.225.8, 74.125.225.9
74.125.225.14, 74.125.225.0



Pinging google.com [74.125.225.0] with 32 bytes of data:



Reply from 74.125.225.0: bytes=32 time=139ms TTL=55

Reply from 74.125.225.0: bytes=32 time=141ms TTL=55



Ping statistics for 74.125.225.0:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 139ms, Maximum = 141ms, Average = 140ms

Server: dslrouter.netgear.com
Address: 192.168.254.254

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=164ms TTL=52

Reply from 98.138.253.109: bytes=32 time=159ms TTL=52



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 159ms, Maximum = 164ms, Average = 161ms

Server: dslrouter.netgear.com
Address: 192.168.254.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 24 1d 0d e1 15 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.254.254 192.168.254.36 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.254.0 255.255.255.0 192.168.254.36 192.168.254.36 20
192.168.254.36 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.254.255 255.255.255.255 192.168.254.36 192.168.254.36 20
224.0.0.0 240.0.0.0 192.168.254.36 192.168.254.36 20
255.255.255.255 255.255.255.255 192.168.254.36 192.168.254.36 1
Default Gateway: 192.168.254.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/04/2012 01:51:32 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (08/31/2012 11:02:12 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/31/2012 10:06:14 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (08/31/2012 10:06:14 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (08/31/2012 10:06:06 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (08/31/2012 10:06:06 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (08/31/2012 10:06:06 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (08/31/2012 10:06:05 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (08/31/2012 10:06:05 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (08/31/2012 10:05:58 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


System errors:
=============
Error: (09/04/2012 09:15:05 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (09/04/2012 09:14:40 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213660 (0xE001CA1C).

Error: (09/04/2012 09:14:40 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/04/2012 09:14:40 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (09/04/2012 09:14:40 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured
password due to the following error:
%%1330

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (09/04/2012 09:14:40 PM) (Source: Service Control Manager) (User: )
Description: The HID Input Service service terminated with the following error:
%%126

Error: (09/04/2012 09:14:40 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgfws service.

Error: (09/04/2012 09:11:46 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/04/2012 08:14:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/04/2012 08:14:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AmdK8
Avgldx86
Avgmfx86
Fips


Microsoft Office Sessions:
=========================
Error: (09/15/2009 09:33:18 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 31 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

2007 Microsoft Office system (Version: 12.0.6612.1000)
32 Bit HP CIO Components Installer (Version: 2.1.5)
Absolute Poker
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AIM 7
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.2180)
AVG 2012 (Version: 12.0.2433)
AVG 2012 (Version: 2012.0.2180)
BetOnline Poker 8.2 (Version: 8.2.9.201208131500)
Bing Bar (Version: 7.0.850.0)
BufferChm (Version: 100.0.170.000)
CarbonPoker (Version: 5.0)
Copy (Version: 100.0.170.000)
Counter-Strike: Source
Critical Update for Windows Media Player 11 (KB959772)
Curse Client (Version: 4.0.1.260)
CustomerResearchQFolder (Version: 1.00.0000)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 110.0.180.000)
DeviceManagementQFolder (Version: 1.00.0000)
Diablo II
DJ_AIO_03_F2200_ProductContext (Version: 100.0.215.000)
DJ_AIO_03_F2200_Software (Version: 100.0.206.000)
DJ_AIO_03_F2200_Software_Min (Version: 100.0.239.000)
Download Updater (AOL LLC)
Doyles Room
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
F2200 (Version: 100.0.206.000)
F2200_Help (Version: 100.0.206.000)
Fraps
Full Tilt Poker (Version: 4.18.2.WIN.FullTilt.COM)
Google Earth Plug-in (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.115)
GoToAssist Express Customer 1.2.0.170
GoToMeeting 4.0.0.320
GPBaseService (Version: 100.0.187.000)
Guild Wars
GunboundWC
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 10.0 (Version: 10.0)
HP Update (Version: 5.002.006.003)
HPProductAssistant (Version: 100.0.170.000)
HPSSupply (Version: 100.0.170.000)
ijji Auto Installer (Version: 1.00.0000)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 14.0.8117.416)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarketResearch (Version: 100.0.170.000)
MATLAB® Compiler Runtime 7.14 (Version: 7.14)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam (Version: 1.40.164.0)
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft SharedView (Version: 8.0.3730.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows XP Video Decoder Checkup Utility
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Mumble 1.2.3 (Version: 1.2.3)
NVIDIA Control Panel 296.10 (Version: 296.10)
NVIDIA Drivers
NVIDIA Graphics Driver 296.10 (Version: 296.10)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA nView 136.18 (Version: 136.18)
NVIDIA nView Desktop Manager (Version: 6.14.10.13594)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PokerStars
PokerStars.net
PSSWCORE (Version: 2.02.0000)
QuickTime (Version: 7.72.80.56)
Realtek High Definition Audio Driver (Version: 5.10.0.5449)
RuneScape Launcher 1.2 (Version: 1.2.0)
Scan (Version: 10.1.0.0)
Secunia PSI (2.0.0.1003)
Segoe UI (Version: 14.0.4327.805)
Shop for HP Supplies (Version: 10.0)
Skype™ 5.10 (Version: 5.10.116)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 100.0.175.000)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Star Wars: The Old Republic (Version: 1.00)
Status (Version: 110.0.180.000)
Steam (Version: 1.0.0.0)
SwiftKit
System Requirements Lab
System Requirements Lab CYRI (Version: 4.5.1.0)
Toolbox (Version: 100.0.170.000)
TortoiseSVN 1.7.6.22632 (32 bit) (Version: 1.7.22632)
TrayApp (Version: 110.0.180.000)
UB
Unity Web Player (Version: )
UnloadSupport (Version: 10.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Veetle TV (Version: 0.9.19)
Ventrilo Client (Version: 3.0.5)
VideoToolkit01 (Version: 100.0.128.000)
VLC media player 2.0.2 (Version: 2.0.2)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 100.0.170.000)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) (Version: 05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows PowerShell™ 1.0 (Version: 2)
Windows PowerShell™ 1.0 MUI pack (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPalace (Version: 10.0.0)
World of Warcraft (Version: 4.3.3.15354)
Xfire (remove only)
Yahoo! Messenger
Yahoo! Software Update

========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 1983.48 MB
Available physical RAM: 1285.89 MB
Total Pagefile: 4804.81 MB
Available Pagefile: 4217.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.09 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.76 GB) (Free:378.49 GB) NTFS
2 Drive d: (Expansion) (CDROM) (Total:0.53 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\VALUED-2D4281A3

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 UpdatusUser
Valued Customer


**** End of log ****



Farbar Service Scanner Version: 06-08-2012
Ran by Valued Customer (administrator) on 04-09-2012 at 22:15:28
Running from "C:\Documents and Settings\Valued Customer\Local Settings\Temporary Internet Files\Content.IE5\LGASLFIR"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgfwfd(10) Avgtdix(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000090000000A000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****



# AdwCleaner v2.000 - Logfile created 09/04/2012 at 22:18:51
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Valued Customer - VALUED-2D4281A3
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Valued Customer\Local Settings\Temporary Internet Files\Content.IE5\RWD9O7CB\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Valued Customer\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={B4D997C6-70E0-46A6-ACC0-FE4F0F74CE9C}&mid=610b4318bf7b8e37cc57188cc52b25bb-38d04580a1cb6e75f83cfded1c6184d1fb8f1bc3&lang=en&ds=AVG&pr=pr&d=2012-05-14 20:10:47&v=12.2.5.32&sap=nt --> hxxp://www.google.com

*************************

AdwCleaner[S1].txt - [6972 octets] - [04/09/2012 22:18:51]

########## EOF - C:\AdwCleaner[S1].txt - [7032 octets] ##########

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 AM

Posted 04 September 2012 - 09:40 PM

ESET took care of the threat that TDSS found that I didn't delete. I ran it real quick before I posted these logs. Also the File_Recovery thing that was on desktop is gone. Here are the 3 logs:


What did you ignore in TDSSkiller?

Download

Sharedaccess
wscsvc
BITS
wuauserv

Launch them,click YES

Restart the PC

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#7 toadboy

toadboy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 04 September 2012 - 09:42 PM

I had forgotten to change parameters on TDSS, I had changed it and deleted it earlier like u told me to. I'll get the rest of these ran and get the rkill log posted

#8 toadboy

toadboy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 04 September 2012 - 09:50 PM

here is the rkill log:

Rkill 2.3.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/04/2012 10:48:33 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html

Checking Windows Service Integrity:

* Background Intelligent Transfer Service (BITS) is not Running.
Startup Type set to: Manual

* HidServ => %SystemRoot%\System32\hidserv.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/04/2012 10:49:04 PM
Execution time: 0 hours(s), 0 minute(s), and 31 seconds(s)

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 AM

Posted 04 September 2012 - 09:54 PM

Download

http://www.bleepingcomputer.com/download/unhide/

Run it,this tool should UNHIDE your files


Press Windows+R key and type

%temp% and click ok

You should find a folder called SMTMP

Copy the contents of each folder to respective location

%Temp%\smtmp\1:

Windows XP: C:\Documents and Settings\All Users\Start Menu

%Temp%\smtmp\2\:

Windows XP: C:\Documents and Settings\<your login name here>\Application Data\Microsoft\Internet Explorer\Quick Launch\


%Temp%\smtmp\4\:

Windows XP: C:\Documents and Settings\All Users\Desktop

Let me know if you have any current issues before we wrap up

Edited by narenxp, 04 September 2012 - 09:55 PM.


#10 toadboy

toadboy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 04 September 2012 - 10:12 PM

folder 2 was empty and there was no folder 4. as far as I can tell everything seems to be working properly. before I used avg free but it's not free anymore so if u can suggest a good free av that might prevent this in the future that'd be great. I was gone for the weekend cause I turned 30 last sat and then came home to have to do all this. prefer not to have to again before I get to pro at it lol.

EDIT: I already run Secunia PSI since I got a rootkit 2 years ago from java/flash player being out of date. I try to stay on top of them being up to date now.

Edited by toadboy, 04 September 2012 - 10:16 PM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 AM

Posted 04 September 2012 - 10:16 PM

Microsoft security essentials + malwarebytes should be good.

Also have a look at here

http://www.bleepingcomputer.com/forums/topic407147.html

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#12 toadboy

toadboy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 04 September 2012 - 10:57 PM

thx alot I really do appreciate it. hopefully no more issues lol.

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 AM

Posted 04 September 2012 - 11:09 PM

You're welcome :)

#14 toadboy

toadboy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 05 September 2012 - 12:22 AM

I did have one other question. Since I might've caught it quickly to u think all my files are safe that was on my computer or should i change my pw's on account i use on various things?

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:01 AM

Posted 05 September 2012 - 08:07 AM

Yes,go ahead and change the passwords :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users