Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Neither 'Security Center' or 'System Restore' will start


  • Please log in to reply
39 replies to this topic

#1 GaiaSmith

GaiaSmith

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Far north BumBleep, TX
  • Local time:02:55 AM

Posted 09 September 2012 - 07:32 PM

I'm at my wits end. I've tried nearly everything that I've found both here and at the MS Support sites, and all it's done is make matters worse. Spent holiday weekend doing a repair install, and it was around then that Restore disappeared. Please; somebody help!

TIA
Gaia

Using WIN XP Pro SP3

Edited by GaiaSmith, 09 September 2012 - 07:33 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:55 AM

Posted 09 September 2012 - 07:57 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 GaiaSmith

GaiaSmith
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Far north BumBleep, TX
  • Local time:02:55 AM

Posted 09 September 2012 - 09:03 PM

Will do ASAP. Thank YOU!! Are they run in Safe Mode or not?

Edited by GaiaSmith, 09 September 2012 - 09:10 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:55 AM

Posted 09 September 2012 - 09:29 PM

Run them in normal mode

#5 GaiaSmith

GaiaSmith
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Far north BumBleep, TX
  • Local time:02:55 AM

Posted 10 September 2012 - 01:12 PM

Sorry for the delay--couldn't locate most recent eset log. As I said, I've been chasing this issue for 6 weeks now, and I have logs out the wazzoo. I've still got the originals of TDSS and eset if you'd like them, as well as several others, but I have "repaired" the OS since they were done.

That said, logs as requested:

00:25:30.0671 0156 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
00:25:32.0203 0156 ============================================================
00:25:32.0203 0156 Current date / time: 2012/09/10 00:25:32.0203
00:25:32.0203 0156 SystemInfo:
00:25:32.0203 0156
00:25:32.0203 0156 OS Version: 5.1.2600 ServicePack: 3.0
00:25:32.0203 0156 Product type: Workstation
00:25:32.0203 0156 ComputerName: SR2
00:25:32.0203 0156 UserName: Administrator
00:25:32.0203 0156 Windows directory: C:\WINDOWS
00:25:32.0203 0156 System windows directory: C:\WINDOWS
00:25:32.0203 0156 Processor architecture: Intel x86
00:25:32.0203 0156 Number of processors: 1
00:25:32.0203 0156 Page size: 0x1000
00:25:32.0203 0156 Boot type: Normal boot
00:25:32.0203 0156 ============================================================
00:25:35.0531 0156 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb),
SectorSize: 0x200, Cylinders: 0x142E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0',
Flags 0x00000054
00:25:35.0546 0156 ============================================================
00:25:35.0546 0156 \Device\Harddisk0\DR0:
00:25:35.0578 0156 MBR partitions:
00:25:35.0578 0156 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F,
BlocksNum 0x4A7DCA1
00:25:35.0578 0156 ============================================================
00:25:35.0765 0156 C: <-> \Device\Harddisk0\DR0\Partition1
00:25:35.0765 0156 ============================================================
00:25:35.0765 0156 Initialize success
00:25:35.0765 0156 ============================================================
00:27:55.0046 0540 ============================================================
00:27:55.0046 0540 Scan started
00:27:55.0046 0540 Mode: Manual; TDLFS;
00:27:55.0046 0540 ============================================================
00:27:55.0250 0540 ================ Scan system memory =================
00:27:55.0265 0540 System memory - ok
00:27:55.0265 0540 ================ Scan services ======================
00:27:55.0421 0540 [ C07D5197410AAB28D0D93F943F59656D ] 6to4
C:\WINDOWS\System32\6to4svc.dll
00:27:55.0421 0540 6to4 - ok
00:27:55.0453 0540 Abiosdsk - ok
00:27:55.0468 0540 abp480n5 - ok
00:27:55.0531 0540 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:27:55.0546 0540 ACPI - ok
00:27:55.0593 0540 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
00:27:55.0593 0540 ACPIEC - ok
00:27:55.0609 0540 adpu160m - ok
00:27:55.0656 0540 [ E696E749BEDCDA8B23757B8B5EA93780 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
00:27:55.0656 0540 aeaudio - ok
00:27:55.0718 0540 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
00:27:55.0718 0540 aec - ok
00:27:55.0765 0540 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
00:27:55.0765 0540 AFD - ok
00:27:55.0812 0540 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
00:27:55.0812 0540 agp440 - ok
00:27:55.0828 0540 Aha154x - ok
00:27:55.0843 0540 aic78u2 - ok
00:27:55.0859 0540 aic78xx - ok
00:27:55.0906 0540 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter
C:\WINDOWS\system32\alrsvc.dll
00:27:55.0906 0540 Alerter - ok
00:27:55.0953 0540 [ 8C515081584A38AA007909CD02020B3D ] ALG
C:\WINDOWS\System32\alg.exe
00:27:55.0953 0540 ALG - ok
00:27:55.0968 0540 AliIde - ok
00:27:55.0984 0540 amsint - ok
00:27:56.0031 0540 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
00:27:56.0046 0540 AppMgmt - ok
00:27:56.0062 0540 asc - ok
00:27:56.0078 0540 asc3350p - ok
00:27:56.0093 0540 asc3550 - ok
00:27:56.0250 0540 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:27:56.0296 0540 aspnet_state - ok
00:27:56.0328 0540 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:27:56.0328 0540 AsyncMac - ok
00:27:56.0375 0540 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
00:27:56.0375 0540 atapi - ok
00:27:56.0390 0540 Atdisk - ok
00:27:56.0453 0540 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:27:56.0453 0540 Atmarpc - ok
00:27:56.0500 0540 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
00:27:56.0500 0540 AudioSrv - ok
00:27:56.0546 0540 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
00:27:56.0546 0540 audstub - ok
00:27:56.0593 0540 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
00:27:56.0593 0540 Beep - ok
00:27:56.0687 0540 [ 574738F61FCA2935F5265DC4E5691314 ] BITS
C:\WINDOWS\system32\qmgr.dll
00:27:56.0734 0540 BITS - ok
00:27:56.0781 0540 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
00:27:56.0796 0540 Browser - ok
00:27:56.0828 0540 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
00:27:56.0843 0540 cbidf2k - ok
00:27:56.0859 0540 cd20xrnt - ok
00:27:56.0890 0540 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
00:27:56.0890 0540 Cdaudio - ok
00:27:56.0937 0540 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
00:27:56.0953 0540 Cdfs - ok
00:27:57.0000 0540 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:27:57.0000 0540 Cdrom - ok
00:27:57.0046 0540 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
00:27:57.0046 0540 cercsr6 - ok
00:27:57.0093 0540 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc
C:\WINDOWS\system32\cisvc.exe
00:27:57.0093 0540 cisvc - ok
00:27:57.0140 0540 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv
C:\WINDOWS\system32\clipsrv.exe
00:27:57.0140 0540 ClipSrv - ok
00:27:57.0156 0540 CmdIde - ok
00:27:57.0171 0540 COMSysApp - ok
00:27:57.0203 0540 Cpqarray - ok
00:27:57.0234 0540 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
00:27:57.0234 0540 CryptSvc - ok
00:27:57.0265 0540 dac2w2k - ok
00:27:57.0281 0540 dac960nt - ok
00:27:57.0328 0540 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch
C:\WINDOWS\system32\rpcss.dll
00:27:57.0359 0540 DcomLaunch - ok
00:27:57.0406 0540 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
00:27:57.0406 0540 Dhcp - ok
00:27:57.0468 0540 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
00:27:57.0468 0540 Disk - ok
00:27:57.0484 0540 dmadmin - ok
00:27:57.0593 0540 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
00:27:57.0640 0540 dmboot - ok
00:27:57.0703 0540 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
00:27:57.0703 0540 dmio - ok
00:27:57.0734 0540 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
00:27:57.0734 0540 dmload - ok
00:27:57.0765 0540 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
00:27:57.0781 0540 dmserver - ok
00:27:57.0812 0540 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
00:27:57.0812 0540 DMusic - ok
00:27:57.0859 0540 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
00:27:57.0859 0540 Dnscache - ok
00:27:57.0906 0540 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc
C:\WINDOWS\System32\dot3svc.dll
00:27:57.0906 0540 Dot3svc - ok
00:27:57.0921 0540 dpti2o - ok
00:27:57.0968 0540 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
00:27:57.0968 0540 drmkaud - ok
00:27:58.0015 0540 [ AC9CF17EE2AE003C98EB4F5336C38058 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:27:58.0015 0540 E100B - ok
00:27:58.0062 0540 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost
C:\WINDOWS\System32\eapsvc.dll
00:27:58.0062 0540 EapHost - ok
00:27:58.0250 0540 [ 19DEC13182CCE1A3BE243F8830F89276 ] ECRXCDFOWL C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ECRXCDFOWL.exe
00:27:58.0281 0540 ECRXCDFOWL - ok
00:27:58.0328 0540 [ AFF9BC3DA54AA48BF212443F769699C7 ] epstw2k C:\WINDOWS\system32\DRIVERS\epstw2k.sys
00:27:58.0328 0540 epstw2k - ok
00:27:58.0375 0540 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc
C:\WINDOWS\System32\ersvc.dll
00:27:58.0375 0540 ERSvc - ok
00:27:58.0421 0540 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
00:27:58.0421 0540 Eventlog - ok
00:27:58.0468 0540 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem
C:\WINDOWS\system32\es.dll
00:27:58.0484 0540 EventSystem - ok
00:27:58.0546 0540 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
00:27:58.0546 0540 Fastfat - ok
00:27:58.0593 0540 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:27:58.0609 0540 FastUserSwitchingCompatibility - ok
00:27:58.0656 0540 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
00:27:58.0656 0540 Fdc - ok
00:27:58.0718 0540 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
00:27:58.0718 0540 Fips - ok
00:27:58.0765 0540 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:27:58.0765 0540 Flpydisk - ok
00:27:58.0828 0540 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
00:27:58.0828 0540 FltMgr - ok
00:27:58.0921 0540 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:27:58.0921 0540 FontCache3.0.0.0 - ok
00:27:58.0968 0540 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:27:58.0968 0540 Fs_Rec - ok
00:27:58.0984 0540 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:27:58.0984 0540 Ftdisk - ok
00:27:59.0015 0540 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:27:59.0015 0540 Gpc - ok
00:27:59.0125 0540 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate
C:\Program Files\Google\Update\GoogleUpdate.exe
00:27:59.0125 0540 gupdate - ok
00:27:59.0140 0540 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem
C:\Program Files\Google\Update\GoogleUpdate.exe
00:27:59.0140 0540 gupdatem - ok
00:27:59.0218 0540 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:27:59.0218 0540 helpsvc - ok
00:27:59.0250 0540 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
00:27:59.0265 0540 HidServ - ok
00:27:59.0296 0540 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:27:59.0296 0540 HidUsb - ok
00:27:59.0343 0540 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc
C:\WINDOWS\System32\kmsvc.dll
00:27:59.0359 0540 hkmsvc - ok
00:27:59.0375 0540 hpn - ok
00:27:59.0421 0540 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
00:27:59.0437 0540 HTTP - ok
00:27:59.0484 0540 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter
C:\WINDOWS\System32\w3ssl.dll
00:27:59.0484 0540 HTTPFilter - ok
00:27:59.0500 0540 i2omp - ok
00:27:59.0546 0540 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:27:59.0546 0540 i8042prt - ok
00:27:59.0625 0540 [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
00:27:59.0656 0540 ialm - ok
00:27:59.0765 0540 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:27:59.0781 0540 idsvc - ok
00:27:59.0828 0540 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
00:27:59.0828 0540 Imapi - ok
00:27:59.0875 0540 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
00:27:59.0890 0540 ImapiService - ok
00:27:59.0906 0540 ini910u - ok
00:27:59.0953 0540 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
00:27:59.0953 0540 IntelIde - ok
00:28:00.0015 0540 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:28:00.0015 0540 intelppm - ok
00:28:00.0031 0540 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
00:28:00.0031 0540 Ip6Fw - ok
00:28:00.0078 0540 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:28:00.0078 0540 IpFilterDriver - ok
00:28:00.0109 0540 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:28:00.0109 0540 IpInIp - ok
00:28:00.0171 0540 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:28:00.0171 0540 IpNat - ok
00:28:00.0218 0540 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:28:00.0218 0540 IPSec - ok
00:28:00.0265 0540 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
00:28:00.0265 0540 IRENUM - ok
00:28:00.0328 0540 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:28:00.0343 0540 isapnp - ok
00:28:00.0390 0540 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:28:00.0390 0540 Kbdclass - ok
00:28:00.0421 0540 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:28:00.0421 0540 kbdhid - ok
00:28:00.0484 0540 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
00:28:00.0484 0540 kmixer - ok
00:28:00.0546 0540 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
00:28:00.0546 0540 KSecDD - ok
00:28:00.0578 0540 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
00:28:00.0578 0540 lanmanserver - ok
00:28:00.0625 0540 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:28:00.0640 0540 lanmanworkstation - ok
00:28:00.0687 0540 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
00:28:00.0687 0540 LmHosts - ok
00:28:00.0796 0540 [ 11F714F85530A2BD134074DC30E99FCA ] MDM
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
00:28:00.0796 0540 MDM - ok
00:28:00.0859 0540 [ 195741AEE20369980796B557358CD774 ] mdmxsdk C:\WINDOWS\system32\drivers\mdmxsdk.sys
00:28:00.0859 0540 mdmxsdk - ok
00:28:00.0890 0540 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
00:28:00.0890 0540 Messenger - ok
00:28:00.0953 0540 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
00:28:00.0953 0540 mnmdd - ok
00:28:01.0000 0540 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
00:28:01.0015 0540 mnmsrvc - ok
00:28:01.0046 0540 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
00:28:01.0046 0540 Modem - ok
00:28:01.0109 0540 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
00:28:01.0109 0540 MODEMCSA - ok
00:28:01.0156 0540 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:28:01.0156 0540 Mouclass - ok
00:28:01.0203 0540 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:28:01.0218 0540 mouhid - ok
00:28:01.0234 0540 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
00:28:01.0234 0540 MountMgr - ok
00:28:01.0296 0540 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance
C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:28:01.0296 0540 MozillaMaintenance - ok
00:28:01.0359 0540 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
00:28:01.0375 0540 MpFilter - ok
00:28:01.0500 0540 [ A69630D039C38018689190234F866D77 ] MpKsl04342108
c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2AD2A5D6-FC9D-46F6-85E3-3E2476704C05}\MpKsl04342108.sys
00:28:01.0500 0540 MpKsl04342108 - ok
00:28:01.0515 0540 mraid35x - ok
00:28:01.0593 0540 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:28:01.0609 0540 MRxDAV - ok
00:28:01.0656 0540 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:28:01.0671 0540 MRxSmb - ok
00:28:01.0734 0540 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC
C:\WINDOWS\system32\msdtc.exe
00:28:01.0734 0540 MSDTC - ok
00:28:01.0796 0540 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
00:28:01.0796 0540 Msfs - ok
00:28:01.0812 0540 MSIServer - ok
00:28:01.0843 0540 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:28:01.0843 0540 MSKSSRV - ok
00:28:01.0921 0540 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc
c:\Program Files\Microsoft Security Client\MsMpEng.exe
00:28:01.0921 0540 MsMpSvc - ok
00:28:01.0968 0540 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:28:01.0968 0540 MSPCLOCK - ok
00:28:02.0015 0540 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
00:28:02.0015 0540 MSPQM - ok
00:28:02.0062 0540 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:28:02.0062 0540 mssmbios - ok
00:28:02.0109 0540 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
00:28:02.0109 0540 Mup - ok
00:28:02.0156 0540 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
00:28:02.0171 0540 napagent - ok
00:28:02.0218 0540 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
00:28:02.0218 0540 NDIS - ok
00:28:02.0265 0540 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:28:02.0265 0540 NdisTapi - ok
00:28:02.0296 0540 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:28:02.0296 0540 Ndisuio - ok
00:28:02.0328 0540 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:28:02.0328 0540 NdisWan - ok
00:28:02.0406 0540 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
00:28:02.0406 0540 NDProxy - ok
00:28:02.0453 0540 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
00:28:02.0453 0540 NetBIOS - ok
00:28:02.0500 0540 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
00:28:02.0515 0540 NetBT - ok
00:28:02.0562 0540 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
00:28:02.0578 0540 NetDDE - ok
00:28:02.0593 0540 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
00:28:02.0593 0540 NetDDEdsdm - ok
00:28:02.0640 0540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon
C:\WINDOWS\system32\lsass.exe
00:28:02.0640 0540 Netlogon - ok
00:28:02.0687 0540 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
00:28:02.0718 0540 Netman - ok
00:28:02.0750 0540 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:28:02.0750 0540 NetTcpPortSharing - ok
00:28:02.0796 0540 [ 943337D786A56729263071623BBB9DE5 ] Nla
C:\WINDOWS\System32\mswsock.dll
00:28:02.0828 0540 Nla - ok
00:28:02.0890 0540 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
00:28:02.0890 0540 Npfs - ok
00:28:02.0953 0540 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
00:28:02.0968 0540 Ntfs - ok
00:28:03.0000 0540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp
C:\WINDOWS\system32\lsass.exe
00:28:03.0000 0540 NtLmSsp - ok
00:28:03.0093 0540 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
00:28:03.0140 0540 NtmsSvc - ok
00:28:03.0156 0540 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
00:28:03.0171 0540 Null - ok
00:28:03.0265 0540 [ 1685A86CE8DC5A70D307DCA625FB50E7 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:28:03.0296 0540 nv - ok
00:28:03.0375 0540 [ 697A09635E30D3722E1124EC33FACE15 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
00:28:03.0375 0540 NVSvc - ok
00:28:03.0437 0540 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:28:03.0437 0540 NwlnkFlt - ok
00:28:03.0468 0540 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:28:03.0468 0540 NwlnkFwd - ok
00:28:03.0531 0540 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
00:28:03.0531 0540 Parport - ok
00:28:03.0578 0540 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
00:28:03.0578 0540 PartMgr - ok
00:28:03.0640 0540 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
00:28:03.0640 0540 ParVdm - ok
00:28:03.0656 0540 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
00:28:03.0656 0540 PCI - ok
00:28:03.0687 0540 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
00:28:03.0687 0540 PCIIde - ok
00:28:03.0750 0540 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
00:28:03.0750 0540 Pcmcia - ok
00:28:03.0765 0540 perc2 - ok
00:28:03.0781 0540 perc2hib - ok
00:28:03.0843 0540 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
00:28:03.0859 0540 PlugPlay - ok
00:28:03.0890 0540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent
C:\WINDOWS\system32\lsass.exe
00:28:03.0890 0540 PolicyAgent - ok
00:28:03.0937 0540 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:28:03.0953 0540 PptpMiniport - ok
00:28:04.0000 0540 [ 0C0D173C2A6F790BAEE8D4CC48A1EF59 ] prcmondrv C:\WINDOWS\system32\drivers\prcmondrv1041.sys
00:28:04.0000 0540 prcmondrv - ok
00:28:04.0015 0540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:28:04.0015 0540 ProtectedStorage - ok
00:28:04.0031 0540 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
00:28:04.0031 0540 PSched - ok
00:28:04.0078 0540 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
00:28:04.0078 0540 PSI - ok
00:28:04.0109 0540 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:28:04.0109 0540 Ptilink - ok
00:28:04.0125 0540 ql1080 - ok
00:28:04.0140 0540 Ql10wnt - ok
00:28:04.0156 0540 ql12160 - ok
00:28:04.0171 0540 ql1240 - ok
00:28:04.0187 0540 ql1280 - ok
00:28:04.0234 0540 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:28:04.0234 0540 RasAcd - ok
00:28:04.0296 0540 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
00:28:04.0296 0540 RasAuto - ok
00:28:04.0343 0540 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:28:04.0343 0540 Rasl2tp - ok
00:28:04.0421 0540 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
00:28:04.0437 0540 RasMan - ok
00:28:04.0484 0540 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:28:04.0484 0540 RasPppoe - ok
00:28:04.0531 0540 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
00:28:04.0531 0540 Raspti - ok
00:28:04.0593 0540 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:28:04.0593 0540 Rdbss - ok
00:28:04.0625 0540 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:28:04.0625 0540 RDPCDD - ok
00:28:04.0687 0540 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:28:04.0703 0540 rdpdr - ok
00:28:04.0750 0540 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
00:28:04.0750 0540 RDPWD - ok
00:28:04.0796 0540 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
00:28:04.0812 0540 RDSessMgr - ok
00:28:04.0875 0540 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
00:28:04.0875 0540 redbook - ok
00:28:04.0921 0540 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
00:28:04.0921 0540 RemoteAccess - ok
00:28:04.0984 0540 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
00:28:04.0984 0540 RemoteRegistry - ok
00:28:05.0046 0540 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
00:28:05.0046 0540 RpcLocator - ok
00:28:05.0078 0540 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs
C:\WINDOWS\system32\rpcss.dll
00:28:05.0093 0540 RpcSs - ok
00:28:05.0125 0540 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP
C:\WINDOWS\system32\rsvp.exe
00:28:05.0125 0540 RSVP - ok
00:28:05.0187 0540 [ AEBF31765A926746DD7946FA14C52297 ] RT80x86 C:\WINDOWS\system32\DRIVERS\RT2860.sys
00:28:05.0203 0540 RT80x86 - ok
00:28:05.0234 0540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs
C:\WINDOWS\system32\lsass.exe
00:28:05.0234 0540 SamSs - ok
00:28:05.0296 0540 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
00:28:05.0296 0540 SCardSvr - ok
00:28:05.0359 0540 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
00:28:05.0375 0540 Schedule - ok
00:28:05.0421 0540 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:28:05.0421 0540 Secdrv - ok
00:28:05.0453 0540 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
00:28:05.0453 0540 seclogon - ok
00:28:05.0640 0540 [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent
C:\Program Files\Secunia\PSI\PSIA.exe
00:28:05.0765 0540 Secunia PSI Agent - ok
00:28:05.0843 0540 [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent
C:\Program Files\Secunia\PSI\sua.exe
00:28:05.0875 0540 Secunia Update Agent - ok
00:28:05.0921 0540 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS
C:\WINDOWS\system32\sens.dll
00:28:05.0937 0540 SENS - ok
00:28:05.0984 0540 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
00:28:05.0984 0540 Serenum - ok
00:28:06.0031 0540 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
00:28:06.0031 0540 Serial - ok
00:28:06.0109 0540 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
00:28:06.0109 0540 Sfloppy - ok
00:28:06.0171 0540 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
00:28:06.0187 0540 SharedAccess - ok
00:28:06.0218 0540 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:28:06.0234 0540 ShellHWDetection - ok
00:28:06.0250 0540 Simbad - ok
00:28:06.0312 0540 [ FA3368A7039F5ABAA4B933703AC34763 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
00:28:06.0343 0540 smwdm - ok
00:28:06.0406 0540 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX
Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
00:28:06.0406 0540 SoundMAX Agent Service (default) - ok
00:28:06.0406 0540 Sparrow - ok
00:28:06.0437 0540 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
00:28:06.0437 0540 splitter - ok
00:28:06.0468 0540 [ 60784F891563FB1B767F70117FC2428F ] Spooler
C:\WINDOWS\system32\spoolsv.exe
00:28:06.0484 0540 Spooler - ok
00:28:06.0515 0540 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
00:28:06.0515 0540 sr - ok
00:28:06.0578 0540 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice
C:\WINDOWS\system32\srsvc.dll
00:28:06.0593 0540 srservice - ok
00:28:06.0656 0540 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
00:28:06.0671 0540 Srv - ok
00:28:06.0734 0540 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
00:28:06.0734 0540 SSDPSRV - ok
00:28:06.0781 0540 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
00:28:06.0781 0540 StillCam - ok
00:28:06.0859 0540 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc
C:\WINDOWS\system32\wiaservc.dll
00:28:06.0875 0540 stisvc - ok
00:28:06.0921 0540 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
00:28:06.0921 0540 swenum - ok
00:28:06.0968 0540 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
00:28:06.0984 0540 swmidi - ok
00:28:07.0000 0540 SwPrv - ok
00:28:07.0015 0540 symc810 - ok
00:28:07.0031 0540 symc8xx - ok
00:28:07.0046 0540 sym_hi - ok
00:28:07.0062 0540 sym_u3 - ok
00:28:07.0109 0540 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
00:28:07.0109 0540 sysaudio - ok
00:28:07.0156 0540 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
00:28:07.0171 0540 SysmonLog - ok
00:28:07.0234 0540 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv
C:\WINDOWS\System32\tapisrv.dll
00:28:07.0250 0540 TapiSrv - ok
00:28:07.0281 0540 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:28:07.0296 0540 Tcpip - ok
00:28:07.0343 0540 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
00:28:07.0375 0540 Tcpip6 - ok
00:28:07.0406 0540 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
00:28:07.0406 0540 TDPIPE - ok
00:28:07.0453 0540 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
00:28:07.0453 0540 TDTCP - ok
00:28:07.0484 0540 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
00:28:07.0484 0540 TermDD - ok
00:28:07.0578 0540 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
00:28:07.0593 0540 TermService - ok
00:28:07.0625 0540 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes
C:\WINDOWS\System32\shsvcs.dll
00:28:07.0625 0540 Themes - ok
00:28:07.0687 0540 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr
C:\WINDOWS\system32\tlntsvr.exe
00:28:07.0687 0540 TlntSvr - ok
00:28:07.0703 0540 TosIde - ok
00:28:07.0765 0540 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks
C:\WINDOWS\system32\trkwks.dll
00:28:07.0765 0540 TrkWks - ok
00:28:07.0812 0540 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
00:28:07.0828 0540 tunmp - ok
00:28:07.0875 0540 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
00:28:07.0890 0540 Udfs - ok
00:28:07.0906 0540 ultra - ok
00:28:07.0953 0540 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
00:28:07.0968 0540 Update - ok
00:28:08.0031 0540 [ 325FB38C323C63C7F57885B4DFB1B91E ] UPHClean
C:\Program Files\UPHClean\uphclean.exe
00:28:08.0046 0540 UPHClean - ok
00:28:08.0109 0540 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
00:28:08.0125 0540 upnphost - ok
00:28:08.0156 0540 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS
C:\WINDOWS\System32\ups.exe
00:28:08.0156 0540 UPS - ok
00:28:08.0203 0540 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:28:08.0203 0540 usbccgp - ok
00:28:08.0250 0540 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:28:08.0250 0540 usbehci - ok
00:28:08.0312 0540 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:28:08.0312 0540 usbhub - ok
00:28:08.0359 0540 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:28:08.0359 0540 usbscan - ok
00:28:08.0406 0540 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:28:08.0406 0540 USBSTOR - ok
00:28:08.0437 0540 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:28:08.0437 0540 usbuhci - ok
00:28:08.0500 0540 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
00:28:08.0500 0540 VgaSave - ok
00:28:08.0515 0540 ViaIde - ok
00:28:08.0562 0540 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
00:28:08.0562 0540 VolSnap - ok
00:28:08.0656 0540 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS
C:\WINDOWS\System32\vssvc.exe
00:28:08.0687 0540 VSS - ok
00:28:08.0734 0540 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
00:28:08.0750 0540 W32Time - ok
00:28:08.0796 0540 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:28:08.0796 0540 Wanarp - ok
00:28:08.0843 0540 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
00:28:08.0859 0540 wdmaud - ok
00:28:08.0906 0540 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
00:28:08.0921 0540 WebClient - ok
00:28:09.0015 0540 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
00:28:09.0015 0540 winmgmt - ok
00:28:09.0093 0540 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
00:28:09.0156 0540 WinRM - ok
00:28:09.0218 0540 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
00:28:09.0234 0540 WmdmPmSN - ok
00:28:09.0296 0540 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
00:28:09.0328 0540 Wmi - ok
00:28:09.0406 0540 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:28:09.0406 0540 WmiApSrv - ok
00:28:09.0468 0540 WPFFontCache_v0400 - ok
00:28:09.0531 0540 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc
C:\WINDOWS\system32\wscsvc.dll
00:28:09.0531 0540 wscsvc - ok
00:28:09.0578 0540 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
00:28:09.0593 0540 wuauserv - ok
00:28:09.0640 0540 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:28:09.0640 0540 WudfPf - ok
00:28:09.0671 0540 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:28:09.0671 0540 WudfRd - ok
00:28:09.0703 0540 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
00:28:09.0718 0540 WudfSvc - ok
00:28:09.0781 0540 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
00:28:09.0796 0540 WZCSVC - ok
00:28:09.0843 0540 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
00:28:09.0843 0540 xmlprov - ok
00:28:09.0875 0540 ================ Scan global ===============================
00:28:09.0906 0540 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
00:28:09.0953 0540 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
00:28:09.0984 0540 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
00:28:10.0015 0540 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
00:28:10.0015 0540 [Global] - ok
00:28:10.0031 0540 ================ Scan MBR ==================================
00:28:10.0031 0540 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
00:28:10.0281 0540 \Device\Harddisk0\DR0 - ok
00:28:10.0281 0540 ================ Scan VBR ==================================
00:28:10.0296 0540 [ C87E4F899CECBBB49D2F46E3B57D4945 ] \Device\Harddisk0\DR0\Partition1
00:28:10.0296 0540 \Device\Harddisk0\DR0\Partition1 - ok
00:28:10.0296 0540 ============================================================
00:28:10.0296 0540 Scan finished
00:28:10.0296 0540 ============================================================
00:28:10.0328 1304 Detected object count: 0
00:28:10.0328 1304 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-09 23:51:58
-----------------------------
23:51:58.609 OS Version: Windows 5.1.2600 Service Pack 3
23:51:58.609 Number of processors: 1 586 0x207
23:51:58.625 ComputerName: SR2 UserName:
23:51:59.156 Initialize success
23:56:20.390 AVAST engine defs: 12090901
23:59:40.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:59:40.750 Disk 0 Vendor: WDC_WD400BB-75JHA0 05.01C05 Size: 38146MB BusType: 3
23:59:40.765 Disk 0 MBR read successfully
23:59:40.781 Disk 0 MBR scan
23:59:41.265 Disk 0 Windows XP default MBR code
23:59:41.281 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38139 MB offset 63
23:59:41.390 Disk 0 scanning sectors +78109920
23:59:41.640 Disk 0 scanning C:\WINDOWS\system32\drivers
00:00:56.062 Service scanning
00:01:43.359 Service MpKsl04342108 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2AD2A5D6-FC9D-46F6-85E3-3E2476704C05}\MpKsl04342108.sys **LOCKED** 32
00:02:09.171 Modules scanning
00:02:21.687 Disk 0 trace - called modules:
00:02:21.718 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
00:02:21.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82269ab8]
00:02:21.718 3 CLASSPNP.SYS[f8575fd7] -> nt!IofCallDriver -> \Device\00000058[0x823afa90]
00:02:21.718 5 ACPI.sys[f84ec620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8224d5f8]
00:02:22.484 AVAST engine scan C:\WINDOWS
00:02:48.937 AVAST engine scan C:\WINDOWS\system32
00:11:51.828 AVAST engine scan C:\WINDOWS\system32\drivers
00:12:25.265 AVAST engine scan C:\Documents and Settings\Administrator
00:17:33.875 AVAST engine scan C:\Documents and Settings\All Users
00:19:35.140 Scan finished successfully
00:24:44.890 Disk 0 MBR has been saved successfully to "C:\Cooties\Results\MBR.dat"
00:24:44.937 The log file has been saved successfully to "C:\Cooties\Results\aswMBR.txt"


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c8b59bc44da9bf45ba1c8be986fff018
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-24 01:16:30
# local_time=2012-08-23 08:16:30 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 42 92 0 12881149 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=55461
# found=2
# cleaned=2
# scan_time=4178
C:\Program Files\360amigofreesetup\360amigofreesetup.exe a variant of Win32/360Amigo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{6C35EF81-B6C9-4AE7-80CF-09CE277D67C6}\RP773\A0124156.exe a variant of Win32/360Amigo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c8b59bc44da9bf45ba1c8be986fff018
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-03 10:22:42
# local_time=2012-09-03 05:22:42 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 42 92 0 13822543 0 0
# compatibility_mode=8192 67108863 100 0 855511 855511 0 0
# scanned=50023
# found=3
# cleaned=3
# scan_time=2786
C:\System Volume Information\_restore{6C35EF81-B6C9-4AE7-80CF-09CE277D67C6}\RP779\A0124634.exe a variant of Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{6C35EF81-B6C9-4AE7-80CF-09CE277D67C6}\RP781\A0125077.msi Win32/Bundled.Toolbar.Ask application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{6C35EF81-B6C9-4AE7-80CF-09CE277D67C6}\RP783\A0125160.msi Win32/Bundled.Toolbar.Ask application (deleted - quarantined) 00000000000000000000000000000000 C
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c8b59bc44da9bf45ba1c8be986fff018
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-10 06:30:20
# local_time=2012-09-10 01:30:20 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 42 93 0 14370514 0 0
# compatibility_mode=8192 67108863 100 0 1403482 1403482 0 0
# scanned=53449
# found=0
# cleaned=0
# scan_time=2471



BTW--I began my posting after having read this one: My link Shall I just skip ahead & follow those steps? Seems his AND my problems began around the same time...


Edited by GaiaSmith, 10 September 2012 - 01:37 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:55 AM

Posted 10 September 2012 - 09:22 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#7 GaiaSmith

GaiaSmith
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Far north BumBleep, TX
  • Local time:02:55 AM

Posted 12 September 2012 - 04:03 AM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.11.08
Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18702
Administrator :: SR2 [administrator]
9/11/2012 6:21:17 PM
mbam-log-2012-09-11 (19-19-57).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 229554
Time elapsed: 58 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Window Title (Worm.AutoIT) -> Data: Internet Exploiter -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Data: ncpa.cpl -> No action taken.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|StartMenuLogOff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\SERVICES\COMSYSAPP|Type (Hijack.Comsysapp) -> Bad: (272) Good: (16) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

SECOND RUN SHOWED NO ERRORS


MINITOOLBOX BY FARBAR Version: 23-07-2012
Ran by Administrator (administrator) on 11-09-2012 at 20:56:00
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
*******************************************************************
Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.

IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.

FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts content: =================================
127.0.0.1 localhost

IP Configuration: ================================
Intel® PRO/100 VM Network Connection = Local Area Connection (Connected)
# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip
# Interface IP Configuration for "Local Area Connection"
set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=static addr=208.67.222.222 register=PRIMARY
add dns name="Local Area Connection" addr=208.67.220.220 index=2
set wins name="Local Area Connection" source=dhcp
popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : SR2 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® PRO/100 VM Network Connection Physical Address. . . . . . . . . : 00-0B-CD-65-48-6F Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 173.243.247.206 Subnet Mask . . . . . . . . . . . : 255.255.255.128 IP Address. . . . . . . . . . . . : fe80::20b:cdff:fe65:486f%4 Default Gateway . . . . . . . . . : 173.243.247.129 DHCP Server . . . . . . . . . . . : 98.158.32.57 DNS Servers . . . . . . . . . . . : 208.67.222.222 208.67.220.220 fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 Lease Obtained. . . . . . . . . . : Tuesday, September 11, 2012 7:24:39 PM Lease Expires . . . . . . . . . . : Wednesday, September 12, 2012 7:24:39 AMTunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5 Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : DisabledServer: resolver1.opendns.com
Address: 208.67.222.222

Name: google.com
Addresses: 74.125.227.14, 74.125.227.6, 74.125.227.5, 74.125.227.0
74.125.227.9, 74.125.227.7, 74.125.227.2, 74.125.227.1, 74.125.227.4
74.125.227.3, 74.125.227.8

Pinging google.com [74.125.227.7] with 32 bytes of data:Reply from 74.125.227.7: bytes=32 time=31ms TTL=51Reply from 74.125.227.7: bytes=32 time=45ms TTL=51Ping statistics for 74.125.227.7: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 31ms, Maximum = 45ms, Average = 38msServer: resolver1.opendns.com
Address: 208.67.222.222

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:Reply from 72.30.38.140: bytes=32 time=893ms TTL=50Reply from 72.30.38.140: bytes=32 time=848ms TTL=50Ping statistics for 72.30.38.140: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 848ms, Maximum = 893ms, Average = 870msServer: resolver1.opendns.com
Address: 208.67.222.222

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Request timed out.Request timed out.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0b cd 65 48 6f ...... Intel® PRO/100 VM Network Connection
==================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 173.243.247.129 173.243.247.206 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
173.243.247.128 255.255.255.128 173.243.247.206 173.243.247.206 20
173.243.247.206 255.255.255.255 127.0.0.1 127.0.0.1 20
173.243.255.255 255.255.255.255 173.243.247.206 173.243.247.206 20
224.0.0.0 240.0.0.0 173.243.247.206 173.243.247.206 20
255.255.255.255 255.255.255.255 173.243.247.206 173.243.247.206 1
Default Gateway: 173.243.247.129
============================
Persistent Routes:
None

Winsock entries ====================
Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

Event log errors:
=============
Application errors:
=============
System errors:
=============
Error: (09/11/2012 07:26:20 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service failed to start due to the following error:
%%1290

Error: (09/11/2012 07:26:20 PM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%5

Error: (09/11/2012 07:24:41 PM) (Source: SRService) (User: )
Description: The System Restore initialization process failed.

Error: (09/11/2012 07:24:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/11/2012 06:31:16 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.135.903.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/11/2012 06:31:16 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/11/2012 06:31:16 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (09/11/2012 06:20:59 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Cdrom
Fips
intelppm
IPSec
MpFilter
MRxSmb
NetBIOS
NetBT
prcmondrv
RasAcd
Rdbss
Tcpip
Tcpip6

Error: (09/11/2012 06:20:59 PM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%5

Error: (09/11/2012 06:20:59 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================

Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
Advanced Renamer (Version: 3.24)
Auslogics Duplicate File Finder (Version: version 2.2)
Auslogics Task Manager (Version: version 2.2)
Bubble Puzzle '97
CCleaner (Version: 3.22)
Defraggler (Version: 2.10)
eCleaner 2.02
ERUNT 1.1j
ESET Online Scanner v3
File Type Assistant
Flower Power 2.00.0403 (Version: 2.00.0403)
Free File Viewer 2011
Glary Utilities 2.48.0.1568 (Version: 2.48.0.1568)
Google Earth Plug-in (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.111)
Intel® Extreme Graphics Driver
Intel® Network Connections 13.1.33.0 (Version: 13.1.33.0)
IrfanView (remove only) (Version: 4.32)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.0.7.1)
JavaFX 2.1.1 (Version: 2.1.1)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft XML Parser (Version: 8.70.1104.04)
MozBackup 1.5.1
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
Mozilla Thunderbird 12.0.1 (x86 en-US) (Version: 12.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Notepad2 (Notepad Replacement) (Version: 4.2.25 )
NVIDIA Drivers
NVIDIA Windows 2000/XP Display Drivers
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenDNS Updater 2.2.1 (Version: 2.2.1)
OpenOffice.org 3.4 (Version: 3.4.9590)
Pale Moon 12.3 (x86 en-US) (Version: 12.3)
Pale Moon 15.0 (x86 en-US) (Version: 15.0)
PDF-XChange Lite 4 (Version: 4.0.201.0)
PhotoScape
Secunia PSI (3.0.0.3001) (Version: 3.0.0.3001)
SoundMAX (Version: 5.12.01.3620)
swMSM (Version: 12.0.0.1)
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
User Profile Hive Cleanup Service (Version: 1.6.36)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows PowerShell™ 1.0 (Version: 1)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol (Version: 25.0.2012.5)
Wise Disk Cleaner 7.61
Wise Registry Cleaner 7.43

========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 511.48 MB
Available physical RAM: 231.54 MB
Total Pagefile: 1281.97 MB
Available Pagefile: 1077.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.93 MB

========================= Partitions: ====================================

2 Drive c: (Local Disk) (Fixed) (Total:37.25 GB) (Free:26.75 GB) NTFS

========================= Users: ====================================

User accounts for \\

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0


**** End of log ****



FARBAR Service Scanner Version: 06-08-2012
Ran by Administrator (administrator) on 11-09-2012 at 22:15:08
Running from "C:\Cooties\Done"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) Tcpip6(10)
0x0C00000005000000010000000200000003000000040000000800000009000000060000000A000000070000000B0000000C000000
IpSec Tag value is correct.

**** End of log ****



# ADWCLEANER[R1}- Logfile created 09/11/2012 at 22:19:04
# Updated 09/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - SR2
# Boot Mode : Normal
# Running from : C:\Cooties\Done\7th_adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zfi12j20.default\searchplugins\Askcom.xml
File Found : C:\WINDOWS\Uninstall.exe
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate

***** [Registry] *****

Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://isearch.glarysoft.com/?src=iehome

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zfi12j20.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1332 octets] - [11/09/2012 22:19:04]

########## EOF - C:\AdwCleaner[R1].txt - [1392 octets] ##########



# ADWCLEANER [S1]v2.001 - Logfile created 09/11/2012 at 22:21:23
# Updated 09/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - SR2
# Boot Mode : Normal
# Running from : C:\Cooties\Done\7th_adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zfi12j20.default\searchplugins\Askcom.xml
File Deleted : C:\WINDOWS\Uninstall.exe
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate

***** [Registry] *****

Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://isearch.glarysoft.com/?src=iehome --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zfi12j20.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1461 octets] - [11/09/2012 22:19:04]
AdwCleaner[S1].txt - [1719 octets] - [11/09/2012 22:21:23]

########## EOF - C:\AdwCleaner[S1].txt - [1779 octets] ##########

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:55 AM

Posted 12 September 2012 - 04:10 AM

Press Windows+R key and type

services.msc and click ok

Right click on

Security center
System restore

start them.Do you receive any errors?

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#9 GaiaSmith

GaiaSmith
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Far north BumBleep, TX
  • Local time:02:55 AM

Posted 12 September 2012 - 06:29 PM

Yep. Same old errors as always:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 9/12/2012
Time: 6:11:24 PM
User: N/A
Computer: SR2
Description:
The Security Center service failed to start due to the following error:
%%1290


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 9/12/2012
Time: 6:15:30 PM
User: N/A
Computer: SR2
Description:
The System Restore Service service terminated with the following error:
Access is denied.
=========================================

Rkill 2.3.12 by Lawrence Abrams (Grinler)


Program started at: 09/12/2012 06:21:10 PM in x86

mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the

Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* System Restore Service (srservice) is not Running.
Startup Type set to: Automatic

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/12/2012 06:21:22 PM
Execution time: 0 hours(s), 0 minute(s), and 12
seconds(s)

I am losing my freakin' mind!!! :crazy:

Edited by GaiaSmith, 12 September 2012 - 06:30 PM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:55 AM

Posted 12 September 2012 - 10:08 PM

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#11 GaiaSmith

GaiaSmith
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Far north BumBleep, TX
  • Local time:02:55 AM

Posted 12 September 2012 - 10:23 PM

I did as you said, using Notepad 2, and it's all in code. Is that right? Then I opened it in Notepad, and it's still in code, but a different one. What now?

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:55 AM

Posted 12 September 2012 - 10:26 PM

Copy the contents and paste it here

What happens when you launch SYSTEM RESTORE option?

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:55 AM

Posted 12 September 2012 - 11:35 PM

Download

System look

Launch it and copy this script
:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc /s

Click on LOOK,post the generated log

#14 GaiaSmith

GaiaSmith
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Far north BumBleep, TX
  • Local time:02:55 AM

Posted 13 September 2012 - 12:12 AM

Copy the contents and paste it here

What happens when you launch SYSTEM RESTORE option?


A box pops open that says, "System Restore is not able to protect your computer. Please restart & run Sys Restore again."


Now I'm off to do the next thing on the list.

#15 GaiaSmith

GaiaSmith
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Far north BumBleep, TX
  • Local time:02:55 AM

Posted 13 September 2012 - 12:16 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 00:15 on 13/09/2012 by Administrator
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
"Type"= 0x0000000120 (288)
"Start"= 0x0000000002 (2)
"ErrorControl"= 0x0000000001 (1)
"ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs"
"DisplayName"="Security Center"
"DependOnService"="RpcSs winmgmt"
"ObjectName"="LocalSystem"
"Description"="Monitors system security settings and configurations."
"FailureActions"=80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 53

00 65 00 01 00 00 00 60 ea 00 00 01 00 00 00 60 ea 00 00 00 00 00 00

60 ea 00 00 (REG_BINARY)
"ServiceSidType"= 0x0000000001 (1)
"RequiredPrivileges"="SeChangeNotifyPrivilege SeImpersonatePrivilege"
"DelayedAutoStart"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Paramete

rs]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
"ServiceDllUnloadOnStop"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security

]
"Security"=01 00 14 80 90 00 00 00 9c 00 00 00 14 00 00 00 30 00 00

00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00

00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 fd 01 02 00 01

01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00

00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8d 01 02 00 01 01 00

00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00

00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01

01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Enum]
"0"="Root\LEGACY_WSCSVC\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)


-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users