Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Restore infected


  • Please log in to reply
22 replies to this topic

#1 Deep_Thought

Deep_Thought

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:39 AM

Posted 06 October 2012 - 11:39 PM

Hi. I'm having quite a problem here. I'm running Windows XP (yeah, I know...) and my System Restore/System Volume Information is infected with a very persistent virus that just won't go away. When I turn off System Restore, everything seems fine, but when it's turned back on, the virus rears its ugly head again. I'm at a loss for what to do. Even when my AV scanners are saying that no virus is found, I can't update Windows, and I get this error:

The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.

Error number: 0x80244019


Presumably this is the virus defending itself, but I also had trouble copying certain files when I tried to repair the Windows installation to see if that would help me get rid of the virus, but I'm assuming the trouble was caused by it as well.

I've used a number of anti-virus scanners (I know some of them cause conflicts with each other, but I'll usually disable some while using a different one), and I'll post some of what they've found, in order of oldest information first to newest:

Dr. Web CureIt found:

C:\SystemVolumeInformation\_restore{12F5F1F7-A230-428F-9CA2-EC5A19C07EFA}\RP78

and listed the objects as A0020098.exe and A0020099.exe

Rising found the same problem, and also:

NT-OS.cmd

Trojan.Script.BAT.Agent.cu

Doing some searches, it looked like I was infected with something called ScrInjectB. I did some more scans and seemed to have cleaned up the problem, but while running a trial version of Kaspersky, I found more:

Type: phishing URL (events: 2)
Malicious URL Inactive 10/6/2012 8:34:31 PM
Malicious URL Inactive 10/6/2012 8:34:28 PM
Type: vulnerability (events: 2)
http://redirect.kaspersky.com/?hl=en-US&target=securelist&rpe=1&function=advisories&VN=50283 Inactive 10/6/2012 7:07:44 PM
http://redirect.kaspersky.com/?hl=en-US&target=securelist&rpe=1&function=advisories&VN=47447 Inactive 10/6/2012 7:06:04 PM
Type: Trojan program (events: 14)
HEUR:Trojan-Downloader.Win32.Generic Deleted 10/6/2012 7:38:34 PM
HEUR:Trojan-Downloader.Win32.Generic Deleted 10/6/2012 7:38:34 PM
HEUR:Trojan-Downloader.Win32.Generic Deleted 10/6/2012 7:38:18 PM
HEUR:Trojan-Downloader.Win32.Generic Deleted 10/6/2012 7:38:15 PM
HEUR:Trojan-Downloader.Win32.Generic Deleted 10/6/2012 7:38:13 PM
HEUR:Trojan-Downloader.Win32.Generic Deleted 10/6/2012 7:38:10 PM
HEUR:Trojan-Downloader.Win32.Generic Deleted 10/6/2012 7:38:08 PM
HEUR:Trojan-Downloader.Win32.Generic Deleted 10/6/2012 7:38:05 PM
HEUR:Trojan-Downloader.Win32.Generic Deleted 10/6/2012 7:38:02 PM
HEUR:Trojan-Downloader.Win32.Generic Deleted 10/6/2012 7:38:00 PM
HEUR:Trojan-Downloader.Win32.Generic Deleted 10/6/2012 7:37:57 PM
HEUR:Trojan-Downloader.Win32.Generic Deleted 10/6/2012 7:37:53 PM
HEUR:Trojan-Downloader.Win32.Generic Deleted 10/6/2012 7:37:50 PM
HEUR:Trojan-Downloader.Win32.Generic Deleted 10/6/2012 7:37:46 PM


This scan was just recent. I've since turned off System Restore and run another scan, and now everything seems to be fine again on the surface, but I'm still getting the Window's Update error, so I just know the thing is still lurking around somewhere. I've already lost my previous computer to a polymorphic file infector virus, so I'm hoping I'll be able to save this one, or if not, I'd like to know if it's safe to transfer my personal files to a backup drive and just wipe the whole thing. Thanks in advance for your advice.

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:39 AM

Posted 07 October 2012 - 12:13 AM

Hello and Welcome -
You should be OK to turn System Restore back on now that all older points are removed -

All Details on Error number: 0x80244019 seem to point to Update problems only -
See You experience problems when you access the Windows Update
Or Error Code 0x80244019 and an inability to update anything for more details -

Please download MiniToolBox, Save it to your desktop and run it.
Checkmark the following boxes:

•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
List devices (Problem only)
•List Users, Partitions and Memory size.
•List Minidump Files
Click Go and post the result (Result.txt). Please post the text exactly as it appears -
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Thank You -



#3 Deep_Thought

Deep_Thought
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:39 AM

Posted 07 October 2012 - 02:04 AM

Nothing you posted was able to help with my Windows Update problem. I'm still pretty sure it's the virus's fault.

Anyway, here's my MiniToolBox results. FYI, Spider.exe is just Spider Solitaire, which I've been playing a lot of while waiting for my scans to run and such.

Attached Files



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:39 PM

Posted 07 October 2012 - 04:18 AM

.

Edited by narenxp, 07 October 2012 - 05:06 AM.


#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:39 AM

Posted 07 October 2012 - 05:04 AM

Hi D_T -
narenxp is running his standard checks first, but there is more to remove and update than that -

First -
Microsoft Windows XP Professional Service Pack 2 (X86) << Why do you not have SP3 installed ??
Download XP SP3 from Microsoft Updates Here - Click the big Orange Download Tab -

Next Steps -
Java™ 6 Update 35 (Version: 6.0.350) < Current is now Version7 Update7 - See below >>
Go to Control Panel > Click Java Icon > Second Tab is Update - This should update to the Current version and please delete all older versions -

Rising Internet Security (Version: 23.00.72.02) Delete this un-needed Chinese antivirus program -
SpyHunter (Version: 4.10.5.4085) < Another extra antivirus that needs removing -
Spybot - Search & Destroy\TeaTimer.exe < This is also not needed -
You are running Kaspersky PURE 2.0 (Version: 12.0.1.288)

Next -
Go - Start > Run box and Copy Paste this Code into the Run box
CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30
It will boot to checkdisk in 30 seconds - This program takes (on average) 1 hour to run all 5 stages, then it will reboot to Normal mode when finished -

Next -
Download Security Check by Screen317 from HERE or HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please Copy / paste the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.
Next -
Download Adware Cleaner run it as admin if needed - Click the SEARCH button allow it to run and post the log it creates.
AdWare Cleaner
Your computer will reboot once the scan is finished and then produce the log -

#6 Deep_Thought

Deep_Thought
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:39 AM

Posted 07 October 2012 - 08:00 AM

I read the post by the other guy before he removed it, so I ran TDSSKiller and aswMBR and saved their logs, which I'm posting here. I also started ESET scanner, but it was taking too long and I can't work on this much more right now. Anyway, I've used these programs before, and TDSSKiller didn't find anything this time around, as expected, but aswMBR did notice some locked files and I'm not sure if that's cause for concern.

Spyhunter has been removed, I forgot it was still active, as I tried it once recently just to see what it would do. Rising is a program that was recommended to me by a friend and seems to work pretty well, except it can be overprotective sometimes. It's disabled now, though, because it was interfering with other anti-virus programs. The thing is, Rising is usually my main AV program (along with Malwarebytes), Kaspersky is just a trial version. I try different AV programs because I'm not sure which one works the best right now. I also don't see what the problem is with Spybot, as it's proven useful in the past.

I wasn't running Service Pack 3 because I usually have to update again after I repair the Windows installation, and I was having trouble with that. Your link seems to have worked for me, though. I've updated it now.

Java has been updated.

I'll wait to follow the rest of your instructions later and let you know how that goes. I've been working on my computer almost all day for weeks now and it's starting to wear me out.

For some reason, I couldn't find the option to attach files, so I'm just pasting the two logs here.

03:37:51.0703 3760 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
03:37:52.0843 3760 ============================================================
03:37:52.0843 3760 Current date / time: 2012/10/07 03:37:52.0843
03:37:52.0843 3760 SystemInfo:
03:37:52.0843 3760
03:37:52.0843 3760 OS Version: 5.1.2600 ServicePack: 2.0
03:37:52.0843 3760 Product type: Workstation
03:37:52.0875 3760 ComputerName: c0mputer
03:37:52.0906 3760 UserName: Me
03:37:52.0906 3760 Windows directory: C:\WINDOWS
03:37:52.0906 3760 System windows directory: C:\WINDOWS
03:37:52.0906 3760 Processor architecture: Intel x86
03:37:52.0906 3760 Number of processors: 1
03:37:52.0906 3760 Page size: 0x1000
03:37:52.0906 3760 Boot type: Normal boot
03:37:52.0906 3760 ============================================================
03:38:00.0468 3760 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
03:38:00.0593 3760 ============================================================
03:38:00.0593 3760 \Device\Harddisk0\DR0:
03:38:00.0609 3760 MBR partitions:
03:38:00.0625 3760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
03:38:00.0625 3760 ============================================================
03:38:00.0750 3760 C: <-> \Device\Harddisk0\DR0\Partition1
03:38:00.0750 3760 ============================================================
03:38:00.0765 3760 Initialize success
03:38:00.0765 3760 ============================================================
03:38:11.0218 3848 ============================================================
03:38:11.0218 3848 Scan started
03:38:11.0218 3848 Mode: Manual;
03:38:11.0218 3848 ============================================================
03:38:12.0078 3848 ================ Scan system memory ========================
03:38:12.0078 3848 System memory - ok
03:38:12.0078 3848 ================ Scan services =============================
03:38:12.0531 3848 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
03:38:12.0609 3848 Aavmker4 - ok
03:38:12.0625 3848 Abiosdsk - ok
03:38:12.0640 3848 abp480n5 - ok
03:38:12.0687 3848 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:38:12.0843 3848 ACPI - ok
03:38:12.0890 3848 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
03:38:12.0953 3848 ACPIEC - ok
03:38:13.0015 3848 [ 4D426790FB0728FF666608FB74B69C24 ] ADM8211 C:\WINDOWS\system32\DRIVERS\ADM8211.sys
03:38:13.0187 3848 ADM8211 - ok
03:38:13.0203 3848 adpu160m - ok
03:38:13.0296 3848 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
03:38:13.0421 3848 aec - ok
03:38:13.0468 3848 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
03:38:13.0562 3848 AFD - ok
03:38:13.0625 3848 [ 14BA5CA5D11771CE8E8B6CC6830A2436 ] afw C:\WINDOWS\system32\DRIVERS\afw.sys
03:38:13.0734 3848 afw - ok
03:38:13.0796 3848 [ 1F3D61965A9BD278A205D3062176E45C ] afwcore C:\WINDOWS\system32\drivers\afwcore.sys
03:38:13.0937 3848 afwcore - ok
03:38:13.0984 3848 Aha154x - ok
03:38:14.0000 3848 aic78u2 - ok
03:38:14.0031 3848 aic78xx - ok
03:38:14.0078 3848 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
03:38:14.0078 3848 Alerter - ok
03:38:14.0125 3848 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
03:38:14.0140 3848 ALG - ok
03:38:14.0156 3848 AliIde - ok
03:38:14.0218 3848 amsint - ok
03:38:14.0312 3848 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
03:38:14.0312 3848 AppMgmt - ok
03:38:14.0375 3848 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
03:38:14.0515 3848 Arp1394 - ok
03:38:14.0546 3848 asc - ok
03:38:14.0562 3848 asc3350p - ok
03:38:14.0593 3848 asc3550 - ok
03:38:14.0765 3848 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
03:38:14.0796 3848 aspnet_state - ok
03:38:14.0953 3848 [ 722213A5C09B21C0E6E61F4082F0C683 ] ASWFilt C:\WINDOWS\system32\Filt\ASWFilt.dll
03:38:15.0140 3848 ASWFilt - ok
03:38:15.0203 3848 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
03:38:15.0250 3848 aswFsBlk - ok
03:38:15.0281 3848 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
03:38:15.0718 3848 aswMon2 - ok
03:38:15.0796 3848 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
03:38:16.0093 3848 aswSnx - ok
03:38:16.0171 3848 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
03:38:16.0531 3848 aswSP - ok
03:38:16.0593 3848 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:38:16.0828 3848 AsyncMac - ok
03:38:16.0859 3848 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
03:38:16.0875 3848 atapi - ok
03:38:16.0906 3848 Atdisk - ok
03:38:16.0953 3848 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:38:17.0062 3848 Atmarpc - ok
03:38:17.0109 3848 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
03:38:17.0125 3848 AudioSrv - ok
03:38:17.0171 3848 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
03:38:17.0218 3848 audstub - ok
03:38:17.0359 3848 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
03:38:17.0359 3848 avast! Antivirus - ok
03:38:17.0562 3848 [ 3D19081FEDE8E9EF5B4FBB5F88EE4544 ] AVP C:\_Anti-virus 02\Kaspersky\avp.exe
03:38:17.0562 3848 AVP - ok
03:38:17.0656 3848 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
03:38:17.0687 3848 Beep - ok
03:38:17.0765 3848 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
03:38:17.0812 3848 BITS - ok
03:38:17.0890 3848 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
03:38:17.0890 3848 Browser - ok
03:38:18.0031 3848 catchme - ok
03:38:18.0078 3848 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
03:38:18.0125 3848 cbidf2k - ok
03:38:18.0171 3848 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
03:38:18.0265 3848 CCDECODE - ok
03:38:18.0296 3848 cd20xrnt - ok
03:38:18.0343 3848 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
03:38:18.0406 3848 Cdaudio - ok
03:38:18.0484 3848 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
03:38:18.0531 3848 Cdfs - ok
03:38:18.0593 3848 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:38:18.0656 3848 Cdrom - ok
03:38:18.0671 3848 Changer - ok
03:38:18.0703 3848 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
03:38:18.0703 3848 CiSvc - ok
03:38:18.0750 3848 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
03:38:18.0750 3848 ClipSrv - ok
03:38:18.0812 3848 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:38:18.0843 3848 clr_optimization_v2.0.50727_32 - ok
03:38:18.0859 3848 CmdIde - ok
03:38:18.0921 3848 [ EF44C32B1AEF62380426B260BF2C66F1 ] COMMONFX C:\WINDOWS\system32\drivers\COMMONFX.SYS
03:38:19.0000 3848 COMMONFX - ok
03:38:19.0031 3848 [ EF44C32B1AEF62380426B260BF2C66F1 ] COMMONFX.SYS C:\WINDOWS\System32\drivers\COMMONFX.SYS
03:38:19.0046 3848 COMMONFX.SYS - ok
03:38:19.0062 3848 COMSysApp - ok
03:38:19.0109 3848 Cpqarray - ok
03:38:19.0125 3848 cpuz134 - ok
03:38:19.0203 3848 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
03:38:19.0203 3848 Creative Audio Engine Licensing Service - ok
03:38:19.0296 3848 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
03:38:19.0296 3848 CryptSvc - ok
03:38:19.0359 3848 [ 5CBF20674BE8364FEBB6A13451A42F0A ] CSCrySec C:\WINDOWS\system32\DRIVERS\CSCrySec.sys
03:38:19.0406 3848 CSCrySec - ok
03:38:19.0687 3848 [ 6E5B42219F1FE4A3D087D9D501E343D5 ] CSObjectsSrv C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
03:38:19.0750 3848 CSObjectsSrv - ok
03:38:19.0812 3848 [ 2C3F213EDDD231099FB779A45D7680E0 ] CSVirtualDiskDrv C:\WINDOWS\system32\DRIVERS\CSVirtualDiskDrv.sys
03:38:20.0109 3848 CSVirtualDiskDrv - ok
03:38:20.0171 3848 [ 357C534B38019B597F51C8BF7186C118 ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
03:38:20.0328 3848 ctac32k - ok
03:38:20.0421 3848 [ 691F8259A1F9C983356D8DB2CDE8043C ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
03:38:20.0578 3848 ctaud2k - ok
03:38:20.0625 3848 [ 7FC78AA6521EF3D9F16E51EFAB0BF13B ] CTAUDFX C:\WINDOWS\system32\drivers\CTAUDFX.SYS
03:38:20.0828 3848 CTAUDFX - ok
03:38:20.0875 3848 [ 7FC78AA6521EF3D9F16E51EFAB0BF13B ] CTAUDFX.SYS C:\WINDOWS\System32\drivers\CTAUDFX.SYS
03:38:20.0875 3848 CTAUDFX.SYS - ok
03:38:21.0046 3848 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
03:38:21.0062 3848 CTAudSvcService - ok
03:38:21.0125 3848 [ 8545D70B0335A05498F34E7E3F8CA9A2 ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys
03:38:21.0359 3848 ctdvda2k - ok
03:38:21.0437 3848 [ 16F448354067914E7DEAEA709011BD60 ] CTERFXFX C:\WINDOWS\system32\drivers\CTERFXFX.SYS
03:38:21.0640 3848 CTERFXFX - ok
03:38:21.0656 3848 [ 16F448354067914E7DEAEA709011BD60 ] CTERFXFX.SYS C:\WINDOWS\System32\drivers\CTERFXFX.SYS
03:38:21.0671 3848 CTERFXFX.SYS - ok
03:38:21.0718 3848 [ 4D71541283AEA28FB839007BE90B5FC7 ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
03:38:21.0765 3848 ctprxy2k - ok
03:38:21.0843 3848 [ 64C83684661BE137023F5186A612CF34 ] CTSBLFX C:\WINDOWS\system32\drivers\CTSBLFX.SYS
03:38:22.0015 3848 CTSBLFX - ok
03:38:22.0078 3848 [ 64C83684661BE137023F5186A612CF34 ] CTSBLFX.SYS C:\WINDOWS\System32\drivers\CTSBLFX.SYS
03:38:22.0093 3848 CTSBLFX.SYS - ok
03:38:22.0140 3848 [ 632194572EBDE8D461728CF382A7E964 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
03:38:22.0250 3848 ctsfm2k - ok
03:38:22.0265 3848 dac2w2k - ok
03:38:22.0281 3848 dac960nt - ok
03:38:22.0437 3848 [ 5C83A4408604F737717AB96371201680 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
03:38:22.0546 3848 DcomLaunch - ok
03:38:22.0625 3848 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
03:38:22.0625 3848 Dhcp - ok
03:38:22.0671 3848 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
03:38:22.0765 3848 Disk - ok
03:38:22.0781 3848 dmadmin - ok
03:38:22.0968 3848 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
03:38:23.0109 3848 dmboot - ok
03:38:23.0156 3848 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
03:38:23.0281 3848 dmio - ok
03:38:23.0312 3848 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
03:38:23.0359 3848 dmload - ok
03:38:23.0421 3848 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
03:38:23.0437 3848 dmserver - ok
03:38:23.0515 3848 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
03:38:23.0593 3848 DMusic - ok
03:38:23.0640 3848 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
03:38:23.0671 3848 Dnscache - ok
03:38:23.0734 3848 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
03:38:23.0765 3848 Dot3svc - ok
03:38:23.0781 3848 dpti2o - ok
03:38:23.0828 3848 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
03:38:23.0890 3848 drmkaud - ok
03:38:23.0921 3848 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
03:38:23.0953 3848 EapHost - ok
03:38:24.0000 3848 [ BACD9CC06D7A787E529E7EBF56B671AA ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
03:38:24.0062 3848 emupia - ok
03:38:24.0125 3848 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
03:38:24.0125 3848 ERSvc - ok
03:38:24.0203 3848 [ 2407B8164E966755BC6A4242FC9DE31E ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
03:38:24.0250 3848 esgiguard - ok
03:38:24.0328 3848 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
03:38:24.0359 3848 Eventlog - ok
03:38:24.0500 3848 [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem C:\WINDOWS\system32\es.dll
03:38:24.0531 3848 EventSystem - ok
03:38:24.0546 3848 EVUAMC - ok
03:38:24.0625 3848 [ 3EF58F2EAE3AECAB45D682152DB2F67D ] exFat C:\WINDOWS\system32\drivers\exFat.sys
03:38:24.0734 3848 exFat - ok
03:38:24.0828 3848 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
03:38:24.0921 3848 Fastfat - ok
03:38:25.0000 3848 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
03:38:25.0015 3848 FastUserSwitchingCompatibility - ok
03:38:25.0062 3848 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
03:38:25.0171 3848 Fdc - ok
03:38:25.0218 3848 [ 20FE03294AC1429AE88A64C2F754B0D4 ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
03:38:25.0281 3848 FilterService - ok
03:38:25.0359 3848 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
03:38:25.0406 3848 Fips - ok
03:38:25.0453 3848 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
03:38:25.0515 3848 Flpydisk - ok
03:38:25.0562 3848 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
03:38:25.0625 3848 FltMgr - ok
03:38:25.0765 3848 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
03:38:25.0781 3848 FontCache3.0.0.0 - ok
03:38:25.0843 3848 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:38:25.0859 3848 Fs_Rec - ok
03:38:25.0906 3848 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:38:26.0000 3848 Ftdisk - ok
03:38:26.0062 3848 [ 4216CD545E5C30807B560C5DCAA812E6 ] gagp30kx C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
03:38:26.0156 3848 gagp30kx - ok
03:38:26.0203 3848 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:38:26.0250 3848 Gpc - ok
03:38:26.0390 3848 [ 70606233F3ED0E53CB3EA17F846D6A4F ] ha10kx2k C:\WINDOWS\system32\drivers\ha10kx2k.sys
03:38:26.0625 3848 ha10kx2k - ok
03:38:26.0703 3848 [ A0C69AD2A61E576B0207ACDD9626E167 ] hap16v2k C:\WINDOWS\system32\drivers\hap16v2k.sys
03:38:26.0812 3848 hap16v2k - ok
03:38:26.0875 3848 [ 2EE89452C574D259ADA4FC9FC1C07243 ] hap17v2k C:\WINDOWS\system32\drivers\hap17v2k.sys
03:38:26.0968 3848 hap17v2k - ok
03:38:27.0093 3848 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
03:38:27.0093 3848 helpsvc - ok
03:38:27.0156 3848 [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ C:\WINDOWS\System32\hidserv.dll
03:38:27.0171 3848 HidServ - ok
03:38:27.0218 3848 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
03:38:27.0250 3848 hidusb - ok
03:38:27.0312 3848 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
03:38:27.0343 3848 hkmsvc - ok
03:38:27.0359 3848 hpn - ok
03:38:27.0468 3848 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
03:38:27.0593 3848 HTTP - ok
03:38:27.0640 3848 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
03:38:27.0640 3848 HTTPFilter - ok
03:38:27.0671 3848 i2omgmt - ok
03:38:27.0687 3848 i2omp - ok
03:38:27.0718 3848 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
03:38:27.0843 3848 i8042prt - ok
03:38:28.0000 3848 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:38:28.0078 3848 idsvc - ok
03:38:28.0171 3848 [ 74B9FA2AFAF60B7F4E2A952E77B9DC6C ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe
03:38:28.0171 3848 IISADMIN - ok
03:38:28.0218 3848 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
03:38:28.0296 3848 Imapi - ok
03:38:28.0406 3848 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
03:38:28.0453 3848 ImapiService - ok
03:38:28.0500 3848 ini910u - ok
03:38:28.0531 3848 IntelIde - ok
03:38:28.0578 3848 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
03:38:28.0593 3848 Ip6Fw - ok
03:38:28.0640 3848 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:38:28.0703 3848 IpFilterDriver - ok
03:38:28.0734 3848 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:38:28.0812 3848 IpInIp - ok
03:38:28.0859 3848 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:38:28.0984 3848 IpNat - ok
03:38:29.0031 3848 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:38:29.0109 3848 IPSec - ok
03:38:29.0140 3848 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
03:38:29.0218 3848 IRENUM - ok
03:38:29.0265 3848 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:38:29.0343 3848 isapnp - ok
03:38:29.0484 3848 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
03:38:29.0515 3848 JavaQuickStarterService - ok
03:38:29.0531 3848 JQXYTRHTX - ok
03:38:29.0546 3848 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:38:29.0562 3848 Kbdclass - ok
03:38:29.0609 3848 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
03:38:29.0718 3848 kbdhid - ok
03:38:29.0796 3848 [ F992818A90C8D79092EE72328968B141 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
03:38:29.0875 3848 KL1 - ok
03:38:29.0906 3848 [ 7AAD8F20AF01797F0A3C61AB727214E1 ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys
03:38:29.0984 3848 kl2 - ok
03:38:30.0078 3848 [ 2E4FDE35CCB0BF889FD1D003A6E7377B ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
03:38:30.0218 3848 KLIF - ok
03:38:30.0250 3848 [ 96A7EC308A93DA26DFE481308BAAC2A2 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
03:38:30.0296 3848 klim5 - ok
03:38:30.0328 3848 [ 3959530F69E19DA56F1F24F2C89F1E2C ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
03:38:30.0359 3848 klmouflt - ok
03:38:30.0421 3848 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
03:38:30.0562 3848 kmixer - ok
03:38:30.0625 3848 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
03:38:30.0718 3848 KSecDD - ok
03:38:30.0812 3848 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
03:38:30.0828 3848 lanmanserver - ok
03:38:30.0890 3848 [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
03:38:30.0906 3848 lanmanworkstation - ok
03:38:30.0921 3848 lbrtfdc - ok
03:38:31.0015 3848 [ BCDF72DCE41874B3AD9143D537B493B2 ] Linksys_adapter_H C:\WINDOWS\system32\DRIVERS\AE2500xp.sys
03:38:31.0187 3848 Linksys_adapter_H - ok
03:38:31.0234 3848 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
03:38:31.0234 3848 LmHosts - ok
03:38:31.0265 3848 [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
03:38:31.0281 3848 LPDSVC - ok
03:38:31.0328 3848 [ AF280405C10F0D20F37670B7432E5C2F ] lvpopflt C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
03:38:31.0421 3848 lvpopflt - ok
03:38:31.0484 3848 [ 8BE71D7EDB8C7494913722059F760DD0 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
03:38:31.0546 3848 LVPr2Mon - ok
03:38:31.0609 3848 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
03:38:31.0718 3848 LVRS - ok
03:38:32.0078 3848 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
03:38:32.0718 3848 LVUVC - ok
03:38:32.0750 3848 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
03:38:32.0765 3848 Messenger - ok
03:38:32.0828 3848 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
03:38:32.0875 3848 mnmdd - ok
03:38:32.0937 3848 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
03:38:32.0968 3848 mnmsrvc - ok
03:38:33.0015 3848 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
03:38:33.0156 3848 Modem - ok
03:38:33.0187 3848 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:38:33.0234 3848 Mouclass - ok
03:38:33.0281 3848 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
03:38:33.0328 3848 mouhid - ok
03:38:33.0375 3848 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
03:38:33.0437 3848 MountMgr - ok
03:38:33.0515 3848 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
03:38:33.0531 3848 MozillaMaintenance - ok
03:38:33.0625 3848 [ DB07B0088CDFD20C2A22E675120EDE34 ] MQAC C:\WINDOWS\system32\drivers\mqac.sys
03:38:33.0734 3848 MQAC - ok
03:38:33.0750 3848 mraid35x - ok
03:38:33.0828 3848 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:38:34.0218 3848 MRxDAV - ok
03:38:34.0296 3848 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:38:34.0406 3848 MRxSmb - ok
03:38:34.0468 3848 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
03:38:34.0468 3848 MSDTC - ok
03:38:34.0515 3848 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
03:38:34.0593 3848 Msfs - ok
03:38:34.0625 3848 MSIServer - ok
03:38:34.0687 3848 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:38:34.0765 3848 MSKSSRV - ok
03:38:34.0812 3848 [ 72EF444E51025F389C6C232A28B7D736 ] MSMQ C:\WINDOWS\system32\mqsvc.exe
03:38:34.0828 3848 MSMQ - ok
03:38:34.0890 3848 [ 96C102D0B66D7A6AA3EF9B07DF7EE025 ] MSMQTriggers C:\WINDOWS\system32\mqtgsvc.exe
03:38:34.0890 3848 MSMQTriggers - ok
03:38:34.0921 3848 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:38:34.0968 3848 MSPCLOCK - ok
03:38:35.0031 3848 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
03:38:35.0140 3848 MSPQM - ok
03:38:35.0171 3848 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:38:35.0265 3848 mssmbios - ok
03:38:35.0296 3848 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
03:38:35.0390 3848 MSTEE - ok
03:38:35.0453 3848 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
03:38:35.0531 3848 Mup - ok
03:38:35.0546 3848 MVNKNTQXU - ok
03:38:35.0593 3848 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
03:38:35.0687 3848 NABTSFEC - ok
03:38:35.0765 3848 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
03:38:35.0796 3848 napagent - ok
03:38:35.0843 3848 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
03:38:35.0953 3848 NDIS - ok
03:38:35.0984 3848 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
03:38:36.0062 3848 NdisIP - ok
03:38:36.0109 3848 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:38:36.0156 3848 NdisTapi - ok
03:38:36.0171 3848 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:38:36.0250 3848 Ndisuio - ok
03:38:36.0296 3848 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:38:36.0375 3848 NdisWan - ok
03:38:36.0421 3848 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
03:38:36.0546 3848 NDProxy - ok
03:38:36.0609 3848 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
03:38:36.0687 3848 NetBIOS - ok
03:38:36.0718 3848 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
03:38:36.0765 3848 NetBT - ok
03:38:36.0859 3848 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
03:38:36.0875 3848 NetDDE - ok
03:38:36.0906 3848 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
03:38:36.0953 3848 NetDDEdsdm - ok
03:38:36.0984 3848 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
03:38:37.0000 3848 Netlogon - ok
03:38:37.0109 3848 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll
03:38:37.0171 3848 Netman - ok
03:38:37.0296 3848 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:38:37.0328 3848 NetTcpPortSharing - ok
03:38:37.0390 3848 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
03:38:37.0515 3848 NIC1394 - ok
03:38:37.0593 3848 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll
03:38:37.0625 3848 Nla - ok
03:38:37.0640 3848 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
03:38:37.0750 3848 Npfs - ok
03:38:37.0859 3848 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
03:38:38.0109 3848 Ntfs - ok
03:38:38.0156 3848 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
03:38:38.0171 3848 NtLmSsp - ok
03:38:38.0343 3848 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
03:38:38.0515 3848 NtmsSvc - ok
03:38:38.0531 3848 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
03:38:38.0562 3848 Null - ok
03:38:38.0796 3848 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
03:38:39.0109 3848 nv - ok
03:38:39.0156 3848 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:38:39.0203 3848 NwlnkFlt - ok
03:38:39.0250 3848 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:38:39.0281 3848 NwlnkFwd - ok
03:38:39.0343 3848 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
03:38:39.0421 3848 ohci1394 - ok
03:38:39.0515 3848 [ AE896073E1BBF98FEFC2EC52F62C0FBA ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
03:38:39.0671 3848 ossrv - ok
03:38:39.0703 3848 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
03:38:39.0812 3848 Parport - ok
03:38:39.0859 3848 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
03:38:39.0906 3848 PartMgr - ok
03:38:39.0937 3848 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
03:38:40.0031 3848 ParVdm - ok
03:38:40.0078 3848 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
03:38:40.0218 3848 PCI - ok
03:38:40.0234 3848 PCIDump - ok
03:38:40.0296 3848 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
03:38:40.0375 3848 PCIIde - ok
03:38:40.0421 3848 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
03:38:40.0546 3848 Pcmcia - ok
03:38:40.0578 3848 PDCOMP - ok
03:38:40.0640 3848 PDFRAME - ok
03:38:40.0656 3848 PDRELI - ok
03:38:40.0703 3848 PDRFRAME - ok
03:38:40.0734 3848 perc2 - ok
03:38:40.0750 3848 perc2hib - ok
03:38:40.0906 3848 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
03:38:40.0921 3848 PlugPlay - ok
03:38:40.0953 3848 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
03:38:40.0953 3848 PolicyAgent - ok
03:38:40.0984 3848 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:38:41.0078 3848 PptpMiniport - ok
03:38:41.0140 3848 [ 0D97D88720A4087EC93AF7DBB303B30A ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
03:38:41.0234 3848 Processor - ok
03:38:41.0296 3848 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
03:38:41.0296 3848 ProtectedStorage - ok
03:38:41.0328 3848 ProtexisLicensing - ok
03:38:41.0359 3848 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
03:38:41.0453 3848 PSched - ok
03:38:41.0484 3848 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:38:41.0546 3848 Ptilink - ok
03:38:41.0593 3848 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
03:38:41.0703 3848 PxHelp20 - ok
03:38:41.0750 3848 ql1080 - ok
03:38:41.0796 3848 Ql10wnt - ok
03:38:41.0828 3848 ql12160 - ok
03:38:41.0875 3848 ql1240 - ok
03:38:41.0906 3848 ql1280 - ok
03:38:41.0937 3848 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:38:42.0000 3848 RasAcd - ok
03:38:42.0046 3848 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
03:38:42.0062 3848 RasAuto - ok
03:38:42.0093 3848 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:38:42.0156 3848 Rasl2tp - ok
03:38:42.0218 3848 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll
03:38:42.0265 3848 RasMan - ok
03:38:42.0296 3848 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:38:42.0421 3848 RasPppoe - ok
03:38:42.0453 3848 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
03:38:42.0484 3848 Raspti - ok
03:38:42.0562 3848 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:38:42.0656 3848 Rdbss - ok
03:38:42.0687 3848 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:38:42.0734 3848 RDPCDD - ok
03:38:42.0812 3848 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:38:43.0234 3848 rdpdr - ok
03:38:43.0328 3848 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
03:38:43.0437 3848 RDPWD - ok
03:38:43.0578 3848 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
03:38:43.0609 3848 RDSessMgr - ok
03:38:43.0640 3848 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
03:38:43.0750 3848 redbook - ok
03:38:43.0796 3848 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
03:38:43.0812 3848 RemoteAccess - ok
03:38:43.0890 3848 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
03:38:43.0906 3848 RemoteRegistry - ok
03:38:43.0984 3848 [ 12BB7D971D047FDF4CBAA4F3C909E4DB ] RFWARP C:\WINDOWS\system32\DRIVERS\rfwarp.sys
03:38:44.0031 3848 RFWARP - ok
03:38:44.0093 3848 [ 1A4207F8FE50FA478972CC4778E0169F ] RFWNDIS C:\WINDOWS\system32\DRIVERS\rfwndis.sys
03:38:44.0156 3848 RFWNDIS - ok
03:38:44.0171 3848 rfwtdi - ok
03:38:44.0250 3848 [ 35E81B908AE4E97FC7BDF4607C516FF4 ] RMCAST C:\WINDOWS\system32\drivers\RMCast.sys
03:38:44.0328 3848 RMCAST - ok
03:38:44.0406 3848 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
03:38:44.0421 3848 RpcLocator - ok
03:38:44.0578 3848 [ 5C83A4408604F737717AB96371201680 ] RpcSs C:\WINDOWS\System32\rpcss.dll
03:38:44.0593 3848 RpcSs - ok
03:38:44.0593 3848 rsfwdrv - ok
03:38:44.0656 3848 RsRISMon - ok
03:38:44.0765 3848 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
03:38:44.0796 3848 RSVP - ok
03:38:44.0843 3848 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
03:38:44.0859 3848 SamSs - ok
03:38:44.0984 3848 [ E5118CD3FEEDE70318A78D7D7A613DA9 ] SandBox C:\WINDOWS\system32\drivers\SandBox.sys
03:38:45.0328 3848 SandBox - ok
03:38:45.0390 3848 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
03:38:45.0437 3848 SCardSvr - ok
03:38:45.0484 3848 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
03:38:45.0515 3848 Schedule - ok
03:38:45.0625 3848 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:38:45.0703 3848 Secdrv - ok
03:38:45.0750 3848 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
03:38:45.0781 3848 seclogon - ok
03:38:45.0812 3848 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
03:38:45.0843 3848 SENS - ok
03:38:45.0875 3848 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
03:38:45.0984 3848 serenum - ok
03:38:46.0046 3848 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
03:38:46.0156 3848 Serial - ok
03:38:46.0234 3848 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
03:38:46.0343 3848 Sfloppy - ok
03:38:46.0437 3848 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
03:38:46.0500 3848 SharedAccess - ok
03:38:46.0531 3848 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
03:38:46.0546 3848 ShellHWDetection - ok
03:38:46.0671 3848 Simbad - ok
03:38:46.0796 3848 [ 3FBB6EF8B5A71A2FA11F5F461BB73219 ] SISNIC C:\WINDOWS\system32\DRIVERS\sisnic.sys
03:38:46.0859 3848 SISNIC - ok
03:38:46.0937 3848 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
03:38:47.0046 3848 SLIP - ok
03:38:47.0171 3848 [ 74B9FA2AFAF60B7F4E2A952E77B9DC6C ] SMTPSVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
03:38:47.0187 3848 SMTPSVC - ok
03:38:47.0203 3848 [ D923BF27723E28E3C121B77F52DB4BCE ] SNMP C:\WINDOWS\System32\snmp.exe
03:38:47.0250 3848 SNMP - ok
03:38:47.0296 3848 [ 6F591DBEFD11F7697042907B516F1212 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
03:38:47.0343 3848 SNMPTRAP - ok
03:38:47.0359 3848 Sparrow - ok
03:38:47.0468 3848 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
03:38:47.0593 3848 splitter - ok
03:38:47.0718 3848 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe
03:38:47.0750 3848 Spooler - ok
03:38:47.0921 3848 [ 2FE97C829ACCF0ACFC595CF33EA42247 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
03:38:48.0062 3848 SpyHunter 4 Service - ok
03:38:48.0156 3848 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
03:38:48.0312 3848 sr - ok
03:38:48.0375 3848 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
03:38:48.0421 3848 srservice - ok
03:38:48.0453 3848 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
03:38:48.0484 3848 Srv - ok
03:38:48.0562 3848 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
03:38:48.0578 3848 SSDPSRV - ok
03:38:48.0625 3848 [ 7F4FB8D168A19EB7B4B55C73212025F0 ] stdriver C:\WINDOWS\system32\DRIVERS\stdriver32.sys
03:38:48.0921 3848 stdriver - ok
03:38:49.0000 3848 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
03:38:49.0078 3848 stisvc - ok
03:38:49.0125 3848 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
03:38:49.0203 3848 streamip - ok
03:38:49.0234 3848 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
03:38:49.0375 3848 swenum - ok
03:38:49.0437 3848 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
03:38:49.0484 3848 swmidi - ok
03:38:49.0500 3848 SwPrv - ok
03:38:49.0625 3848 symc810 - ok
03:38:49.0640 3848 symc8xx - ok
03:38:49.0687 3848 sym_hi - ok
03:38:49.0703 3848 sym_u3 - ok
03:38:49.0765 3848 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
03:38:49.0812 3848 sysaudio - ok
03:38:49.0890 3848 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
03:38:49.0921 3848 SysmonLog - ok
03:38:50.0000 3848 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
03:38:50.0062 3848 TapiSrv - ok
03:38:50.0171 3848 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:38:50.0234 3848 Tcpip - ok
03:38:50.0250 3848 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
03:38:50.0359 3848 TDPIPE - ok
03:38:50.0406 3848 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
03:38:50.0484 3848 TDTCP - ok
03:38:50.0515 3848 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
03:38:50.0609 3848 TermDD - ok
03:38:50.0640 3848 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
03:38:50.0687 3848 TermService - ok
03:38:50.0718 3848 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
03:38:50.0734 3848 Themes - ok
03:38:50.0796 3848 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
03:38:50.0828 3848 TlntSvr - ok
03:38:50.0843 3848 TosIde - ok
03:38:50.0890 3848 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
03:38:50.0921 3848 TrkWks - ok
03:38:51.0015 3848 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
03:38:51.0093 3848 Udfs - ok
03:38:51.0171 3848 UJRCJLMOTWPF - ok
03:38:51.0203 3848 ultra - ok
03:38:51.0375 3848 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
03:38:51.0453 3848 UMVPFSrv - ok
03:38:51.0500 3848 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
03:38:51.0515 3848 UMWdf - ok
03:38:51.0578 3848 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
03:38:51.0703 3848 Update - ok
03:38:51.0796 3848 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
03:38:51.0828 3848 upnphost - ok
03:38:51.0859 3848 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
03:38:51.0890 3848 UPS - ok
03:38:51.0921 3848 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
03:38:52.0015 3848 usbaudio - ok
03:38:52.0093 3848 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
03:38:52.0171 3848 usbccgp - ok
03:38:52.0234 3848 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:38:52.0296 3848 usbehci - ok
03:38:52.0328 3848 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:38:52.0453 3848 usbhub - ok
03:38:52.0484 3848 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
03:38:52.0562 3848 usbohci - ok
03:38:52.0625 3848 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
03:38:52.0703 3848 usbscan - ok
03:38:52.0750 3848 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:38:52.0859 3848 USBSTOR - ok
03:38:52.0937 3848 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
03:38:53.0093 3848 usbvideo - ok
03:38:53.0171 3848 [ 8DFCD62C767741576BB9CD8DA9854517 ] VBEngNT C:\WINDOWS\system32\drivers\VBEngNT.sys
03:38:53.0265 3848 VBEngNT - ok
03:38:53.0296 3848 [ 9F6F36560ADDF4300E526E83813CAC16 ] VBFilt C:\WINDOWS\system32\Filt\VBFilt.dll
03:38:53.0421 3848 VBFilt - ok
03:38:53.0453 3848 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
03:38:53.0546 3848 VgaSave - ok
03:38:53.0562 3848 ViaIde - ok
03:38:53.0703 3848 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
03:38:53.0843 3848 VolSnap - ok
03:38:53.0968 3848 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
03:38:54.0046 3848 VSS - ok
03:38:54.0187 3848 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
03:38:54.0234 3848 W32Time - ok
03:38:54.0281 3848 [ 74B9FA2AFAF60B7F4E2A952E77B9DC6C ] W3SVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
03:38:54.0281 3848 W3SVC - ok
03:38:54.0312 3848 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:38:54.0437 3848 Wanarp - ok
03:38:54.0453 3848 WDICA - ok
03:38:54.0546 3848 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
03:38:54.0640 3848 wdmaud - ok
03:38:54.0718 3848 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll
03:38:54.0734 3848 WebClient - ok
03:38:54.0890 3848 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
03:38:54.0937 3848 winmgmt - ok
03:38:55.0078 3848 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
03:38:55.0296 3848 WinRM - ok
03:38:55.0421 3848 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
03:38:55.0437 3848 WmdmPmSN - ok
03:38:55.0562 3848 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll
03:38:55.0656 3848 Wmi - ok
03:38:55.0765 3848 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
03:38:55.0796 3848 WmiApSrv - ok
03:38:55.0843 3848 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
03:38:55.0906 3848 WS2IFSL - ok
03:38:55.0937 3848 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
03:38:55.0968 3848 wscsvc - ok
03:38:56.0031 3848 WSearch - ok
03:38:56.0109 3848 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
03:38:56.0187 3848 WSTCODEC - ok
03:38:56.0250 3848 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
03:38:56.0265 3848 wuauserv - ok
03:38:56.0375 3848 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
03:38:56.0468 3848 WZCSVC - ok
03:38:56.0562 3848 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
03:38:56.0625 3848 xmlprov - ok
03:38:56.0703 3848 ================ Scan global ===============================
03:38:56.0750 3848 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
03:38:56.0828 3848 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
03:38:57.0015 3848 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
03:38:57.0078 3848 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
03:38:57.0078 3848 [Global] - ok
03:38:57.0078 3848 ================ Scan MBR ==================================
03:38:57.0093 3848 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
03:39:00.0203 3848 \Device\Harddisk0\DR0 - ok
03:39:00.0203 3848 ================ Scan VBR ==================================
03:39:00.0218 3848 [ B25290BFE0CCFF223CC85666B65938F1 ] \Device\Harddisk0\DR0\Partition1
03:39:00.0218 3848 \Device\Harddisk0\DR0\Partition1 - ok
03:39:00.0218 3848 ============================================================
03:39:00.0218 3848 Scan finished
03:39:00.0218 3848 ============================================================
03:39:00.0296 3336 Detected object count: 0
03:39:00.0296 3336 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-07 03:47:19
-----------------------------
03:47:19.171 OS Version: Windows 5.1.2600 Service Pack 2
03:47:19.171 Number of processors: 1 586 0xC00
03:47:19.187 ComputerName: c0mputer UserName: Me
03:48:03.031 Initialize success
03:48:07.843 AVAST engine defs: 12100700
03:50:56.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-a
03:50:56.546 Disk 0 Vendor: Hitachi_HDS721616PLAT80 P22OA8BA Size: 152627MB BusType: 3
03:50:56.546 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-12
03:50:56.546 Disk 1 Vendor: IOMEGA_ZIP_100 03.H Size: 152627MB BusType: 2
03:50:56.562 Disk 0 MBR read successfully
03:50:56.562 Disk 0 MBR scan
03:50:56.953 Disk 0 Windows XP default MBR code
03:50:56.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
03:50:57.390 Disk 0 scanning sectors +312560640
03:50:57.750 Disk 0 scanning C:\WINDOWS\system32\drivers
03:51:26.656 Service scanning
03:51:35.125 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
03:51:35.218 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
03:51:35.343 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
03:51:35.390 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
03:51:47.671 Modules scanning
03:51:56.218 Disk 0 trace - called modules:
03:51:56.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
03:51:56.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4e0ab8]
03:51:56.265 3 CLASSPNP.SYS[ba10905b] -> nt!IofCallDriver -> \Device\00000088[0x8a4d6f18]
03:51:56.265 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-a[0x8a4b3d98]
03:51:56.953 AVAST engine scan C:\
05:01:22.062 Scan finished successfully
05:07:33.312 Disk 0 MBR has been saved successfully to "C:\_Anti-virus 02\aswMBR\MBR.dat"
05:07:33.390 The log file has been saved successfully to "C:\_Anti-virus 02\aswMBR\aswMBR_log.txt"



#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:39 PM

Posted 07 October 2012 - 09:17 AM

I removed my instructions so that you dont get confused by two set of instructions.Follow the suggestions by noknojon. :thumbup2:

#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:39 AM

Posted 07 October 2012 - 05:28 PM

I try different AV programs because I'm not sure which one works the best right now.

Hi -
Always delete older antivirus prpgrams prior to adding any new ones in case you finish up with 3 or 4 (like now) -
Rising usually is rated as among the lower antivirus programs, and often conflicts with other installed programs.
In China the options are often limited, so that is the only reason that this program gets a fair bit of use -
Spyhunter was an odd one that I needed to check on, but it is still low rated -
I only mentioned Spybot S&D as you have TeaTimer activated and this is showing up in your errors. Also this can make it appear like another active antivirus program.

Select only one Antivirus program and run it for about 3 months unles you have problems with it, but we can usually help, uninstall if you are not happy.
Here is a choice of some free versions. Be sure to only install one. Microsoft Security Essentials (what I currently use) - Avira AntiVir -- avast! -- AVG -
There is a much larger range of free / paid antivirus programs Pinned in the Antivirus area of the forum -

Note that Malwarebytes is not an Antivirus program, but an added extra to support your antivirus program. Please Update it and run a quick scan and post the log back here -
Also Download and Update SuperantiSpyware Free, run a full scan and post the log back here -
Open Notepad and please click on Format and untick (click) Word wrap so the texts are not like quotes.

Once all this is finished we can clear all Restore Points and start from fresh (I do this about once a month) >>>
Go - Start > Programs > Accessories > System Tools > System Restore > On the Left side click System Restore Settings > Tick the box Upper left "Turn Off System Restore" and leave it off for at least 1 hour > Now go back to System Restore Settings and Untick the Box again > Now at the Main System Restore page click "Create a Restore Point" and just name it Newest Point, so this will be the only clean restore point you have left. Any previous infections will not enter through here -
Nothing much has shown in the other logs you posted so far - :)

I hope this is not too nuch in one reply, but I have attempted to answer most of your questions (and a bit more) -

Thanks -

#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:39 AM

Posted 07 October 2012 - 05:42 PM

I have opened the MiniToolBox Report and organised it as it was a bit "jumbled" in the original form.
This is also for other helpers to view any problems you may have -

MiniToolBox by Farbar Version: 23-07-2012
Ran by Me (administrator) on 07-10-2012 at 00:49:50
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP Configuration Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

SiS 900-Based PCI Fast Ethernet Adapter = Local Area Connection (Disconnected)
802.11b Wireless PCI Card = Wireless Network Connection 2 (Disconnected)
Linksys AE2500 = Wireless Network Connection 3 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 3"

set address name="Wireless Network Connection 3" source=dhcp
set dns name="Wireless Network Connection 3" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 3" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration
Host Name . . . . . . . . . . . . : c0mputer
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.actdsltmp
Ethernet adapter Wireless Network Connection 3:
Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : Linksys AE2500 #2
Physical Address. . . . . . . . . : C0-C1-C0-5E-62-44
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1 205.171.3.25
Lease Obtained. . . . . . . . . . : Saturday, October 06, 2012 7:52:44 PM
Lease Expires . . . . . . . . . . : Sunday, October 07, 2012 7:52:44 PM
Server: qwestmodem.domain.actdsltmp
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.224.132, 74.125.224.133, 74.125.224.134, 74.125.224.135
74.125.224.136, 74.125.224.137, 74.125.224.142, 74.125.224.128, 74.125.224.129
74.125.224.130, 74.125.224.131

Pinging google.com [74.125.224.133] with 32 bytes of data:
Reply from 74.125.224.133: bytes=32 time=38ms TTL=57
Reply from 74.125.224.133: bytes=32 time=38ms TTL=57
Ping statistics for 74.125.224.133:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 38ms, Maximum = 38ms, Average = 38ms
Server: qwestmodem.domain.actdsltmp
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=83ms TTL=54
Reply from 72.30.38.140: bytes=32 time=54ms TTL=54
Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 54ms, Maximum = 83ms,
Average = 68ms Server:
qwestmodem.domain.actdsltmp
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms ===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...c0 c1 c0 5e 62 44 ...... Linksys AE2500 #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 25
192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 25
224.0.0.0 240.0.0.0 192.168.0.2 192.168.0.2 25
255.255.255.255 255.255.255.255 192.168.0.2 192.168.0.2 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/06/2012 05:22:23 PM) (Source: Application Error) (User: )
Description: Faulting application teatimer.exe, version 1.6.4.26, faulting module teatimer.exe, version 1.6.4.26, fault address 0x0006e60e.
Processing media-specific event for [teatimer.exe!ws!]

Error: (10/06/2012 05:58:04 AM) (Source: Application Error) (User: )
Description: Faulting application avp.exe, version 12.0.1.288, faulting module avpgui.ppl, version 12.0.1.311, fault address 0x0023755e.
Processing media-specific event for [avp.exe!ws!]

Error: (10/06/2012 04:13:18 AM) (Source: Application Error) (User: )
Description: Faulting application avp.exe, version 12.0.1.288, faulting module avpgui.ppl, version 12.0.1.311, fault address 0x0023755e.
Processing media-specific event for [avp.exe!ws!]

Error: (10/06/2012 04:02:04 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.2180, faulting module user32.dll, version 5.1.2600.2180, fault address 0x00009bda.
Processing media-specific event for [explorer.exe!ws!]

Error: (10/06/2012 04:01:39 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\WINDOWS\system32\spider.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Spider because of this error.

Program: Spider
File: C:\WINDOWS\system32\spider.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data Error value: C0000185 Disk type: 3

Error: (10/06/2012 03:43:35 AM) (Source: WinMgmt) (User: )
Description: Event provider attempted to register query "select * from SnmpNotification" whose target class "SnmpNotification" does not exist. The query will be ignored.

Error: (10/06/2012 03:43:34 AM) (Source: WinMgmt) (User: )
Description: Event provider attempted to register query "select * from SnmpExtendedNotification" whose target class "SnmpExtendedNotification" does not exist.
The query will be ignored.

Error: (10/05/2012 08:17:51 PM) (Source: MsiInstaller) (User: c0mputer)c0mputer
Description: Product: SpyHunter -- Error 1704. An installation for Kaspersky PURE 2.0 is currently suspended. You must undo the changes made by that installation to continue.
Do you want to undo those changes?

Error: (10/05/2012 08:15:30 PM) (Source: MsiInstaller) (User: c0mputer)c0mputer
Description: Product: STOPzilla -- Message 1704. An install for Kaspersky PURE 2.0 is currently suspended. You must undo the changes made by that install to continue. Do you want to undo those changes?

Error: (10/05/2012 07:37:59 PM) (Source: Application Error) (User: )
Description: Faulting application spider.exe, version 5.1.2600.2180, faulting module user32.dll, version 5.1.2600.2180, fault address 0x00009bda.
Processing media-specific event for [spider.exe!ws!]


System errors:
=============
Error: (10/06/2012 07:54:11 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (10/06/2012 07:54:11 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1

Error: (10/06/2012 07:54:10 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (10/06/2012 07:54:10 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (10/06/2012 07:54:09 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (10/06/2012 07:54:09 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (10/06/2012 07:52:41 PM) (Source: 0) (User: )
Description: 1394 Net Adapter

Error: (10/06/2012 07:52:41 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (10/06/2012 07:52:40 PM) (Source: ipnathlp) (User: )
Description: The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or an internal error.
The data is the error code.

Error: (10/06/2012 07:52:33 PM) (Source: Service Control Manager) (User: )
Description: The rsfwdrv service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (10/06/2012 05:22:23 PM) (Source: Application Error)(User: )
Description: teatimer.exe1.6.4.26teatimer.exe1.6.4.260006e60e

Error: (10/06/2012 05:58:04 AM) (Source: Application Error)(User: )
Description: avp.exe12.0.1.288avpgui.ppl12.0.1.3110023755e

Error: (10/06/2012 04:13:18 AM) (Source: Application Error)(User: )
Description: avp.exe12.0.1.288avpgui.ppl12.0.1.3110023755e

Error: (10/06/2012 04:02:04 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.2180user32.dll5.1.2600.218000009bda

Error: (10/06/2012 04:01:39 AM) (Source: Application Error)(User: )
Description: C:\WINDOWS\system32\spider.exeSpiderC00001853

Error: (10/06/2012 03:43:35 AM) (Source: WinMgmt)(User: )
Description: select * from SnmpNotificationSnmpNotification

Error: (10/06/2012 03:43:34 AM) (Source: WinMgmt)(User: )
Description: select * from SnmpExtendedNotificationSnmpExtendedNotification

Error: (10/05/2012 08:17:51 PM) (Source: MsiInstaller)(User: c0mputer)c0mputer
Description: Product: SpyHunter -- Error 1704. An installation for Kaspersky PURE 2.0 is currently suspended. You must undo the changes made by that installation to continue.
Do you want to undo those changes?(NULL)(NULL)(NULL)

Error: (10/05/2012 08:15:30 PM) (Source: MsiInstaller)(User: c0mputer)c0mputer
Description: Product: STOPzilla -- Message 1704. An install for Kaspersky PURE 2.0 is currently suspended. You must undo the changes made by that install to continue.
Do you want to undo those changes?(NULL)(NULL)(NULL)

Error: (10/05/2012 07:37:59 PM) (Source: Application Error)(User: )
Description: spider.exe5.1.2600.2180user32.dll5.1.2600.218000009bda


=========================== Installed Programs ============================

Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
CameraHelperMsi (Version: 13.31.1038.0)
Cleaner 5 EZ
Creative Audio Console (Version: 1.33)
Creative Software AutoUpdate (Version: 1.40)
D-i-v-X AVI Codec Pack Pro 2.4.0
Debut Video Capture Software
DivX Setup (Version: 2.4.0.6)
Doxillion Document Converter
erLT (Version: 1.20.138.34)
ESET Online Scanner v3
Express Burn Disc Burning Software
Express Zip File Compression Software
FlashMute
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 35 (Version: 6.0.350)
Kaspersky PURE 2.0 (Version: 12.0.1.288)
Logitech Vid (Version: 1.70.1044)
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.31.1038.0)
LWS Gallery (Version: 13.31.1038.0)
LWS Help_main (Version: 13.31.1044.0)
LWS Launcher (Version: 13.31.1038.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.31.1038.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Works 6-9 Converter (Version: 9.7.0621)
Mobipocket Reader 6.2 (Version: 6.2.608)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Opera 12.02 (Version: 12.02.1578)
Paint.NET v3.5.10 (Version: 3.60.0)
Pixillion Image Converter
Prism Video File Converter
QuickTime (Version: 7.72.80.56)
RealOne Player
Rising Internet Security (Version: 23.00.72.02)
SpyHunter (Version: 4.10.5.4085)
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49 (Version: v2011.build.49)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VideoPad Video Editor
Visual Pinball (Version: 1.0.0)
WebFldrs XP (Version: 9.50.7523)
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format Runtime
Windows PowerShell™ 1.0 (Version: 1)
Windows Support Tools (Version: 5.1.2600.2180)
WinPatrol (Version: 25.6.2012.1)
WinZip 16.0 (Version: 16.0.9661)

========================= Devices: ================================

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Silicon Integrated Systems Corp.
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HD Webcam C310
Description: HD Webcam C310
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Logitech
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SiS 900-Based PCI Fast Ethernet Adapter
Description: SiS 900-Based PCI Fast Ethernet Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: SiS
Service: SISNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 802.11b Wireless PCI Card
Description: 802.11b Wireless PCI Card
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: PCI Wireless
Service: ADM8211
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 1535.48 MB
Available physical RAM: 945.49 MB
Total Pagefile: 3426.77 MB
Available Pagefile: 2865.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.19 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.04 GB) (Free:136.82 GB) NTFS

========================= Users: ========================================

User accounts for \\c0mputer

Me Administrator ASPNET
User2 Guest HelpAssistant
IUSR_c0mputer IWAM_c0mputer SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================


**** End of log ****



#10 Deep_Thought

Deep_Thought
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:39 AM

Posted 08 October 2012 - 03:51 AM

I ran everything you told me to and have the logs, but the code you gave me for checkdisk didn't work, it just rebooted and started up as normal. System Restore was already turned off. I created a new restore point, although I was hesitant to do so. Also, I was able to update Windows, but there were a few updates that would not install.

Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370)

Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353)

What do I do now?

# AdwCleaner v2.003 - Logfile created 10/07/2012 at 18:40:41
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Me - c0mputer
# Boot Mode : Normal
# Running from : C:\_Anti-virus 02\AdWare Cleaner\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\Me\Application

Data\Mozilla\Firefox\Profiles\hhfwif36.default\searchplugins\aol-web-search.xml
Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\hhfwif36.default\prefs.js

Found : user_pref("aol_toolbar.surf.date", "423");
Found : user_pref("aol_toolbar.surf.lastDate", "13");
Found : user_pref("aol_toolbar.surf.lastMonth", "6");
Found : user_pref("aol_toolbar.surf.lastYear", "2011");
Found : user_pref("aol_toolbar.surf.month", "5669");
Found : user_pref("aol_toolbar.surf.prevMonth", "11820");
Found : user_pref("aol_toolbar.surf.total", "44442");
Found : user_pref("aol_toolbar.surf.week", "1064");
Found : user_pref("aol_toolbar.surf.year", "44350");
Found : user_pref("extensions.addonfox.addit.remoteInstallItems", "{ \"software\": {\"1\": {\"id\": \"1

\",\"[...]
Found : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"20\": {\"id\": \"20\",\"tit[...]

Profile name : default
File : C:\Documents and Settings\User2\Application

Data\Mozilla\Firefox\Profiles\acr11v9x.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Administrator\Application

Data\Mozilla\Firefox\Profiles\55607wp6.default\prefs.js

[OK] File is clean.

-\\ Opera v12.2.1578.0

File : C:\Documents and Settings\Me\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2173 octets] - [07/10/2012 18:40:41]

########## EOF - C:\AdwCleaner[R1].txt - [2233 octets] ##########


Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
avast! Antivirus
Kaspersky PURE 2.0
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
Cleaner 5 EZ
Java 7 Update 7
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.4.402.278
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
Kaspersky avp.exe
WinPatrol winpatrol.exe
Kaspersky avp.exe
SecurityCheck SecurityCheck.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/07/2012 at 08:57 PM

Application Version : 5.6.1008

Core Rules Database Version : 9354
Trace Rules Database Version: 7166

Scan type : Complete Scan
Total Scan Time : 00:37:40

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 532
Memory threats detected : 0
Registry items scanned : 37124
Registry threats detected : 0
File items scanned : 32160
File threats detected : 0



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:39 AM

Posted 08 October 2012 - 06:36 AM

Very Odd -
The diskcheck code has always worked for me ?? I have just run it now - Please use this other method >>
Run a Disk Check on your C: drive in Windows :
•Click Start and open My Computer
•Right-click on C: and select Properties
•Click on the Tools tab
•Under Error-checking click the Check Now... button
•Mark the 2 boxes next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors
•Click on the Start button
•When the message box pops up, click the Schedule disk check button and >> Restart your computer
•Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so
Allow all 5 stages to complete -

Please note this observation from the last scan -
Total Fragmentation on Drive C:: 20% Defragment your hard drive soon!
Go - Start > Programs > Accessories > System Tools > Disk Defragmenter and click Defragment -
Also in System Tools please click on > Disk Cleanup and tick the top 6 boxes > Click OK > and OK -

Re-run AdWare Cleaner, but click on DELETE, it has noted Documents and Settings\All Users\Application Data\InstallMate and will remove it -

KB2656370 - Description of the security update for the .NET Framework 1.1 Service Pack 1 on Windows XP, Windows Server 2003 64-bit Edition, Windows Server 2003 Itanium Edition, Windows Vista, and Windows Server 2008: April 10, 2012 (Note: Not Required)
You now have SP3 so you may need to recheck your updates, and make sure you do not select any Custom Updates to install -
KB2656353 is also listed as an update for 64bit computers, so you do not need this either -

Also please post the MBAM scan result -

Thank You -

Edit - It still shows you have 2 Antivirus programs installed avast! Antivirus - Kaspersky PURE 2.0
You must remove one of these other-wise your system will not ever work correctly -

Edited by noknojon, 08 October 2012 - 06:43 AM.


#12 Deep_Thought

Deep_Thought
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:39 AM

Posted 10 October 2012 - 09:23 PM

Okay, I got everything done. I've disabled Avast for now, but which do you think is better, that or Kaspersky? And the thing I don't like about this AdWare Cleaner is that it didn't even mention something that needed to be deleted. I ran it again and then just hit the delete button this time. Things seem to be looking good, but I thought I got rid of the virus before, so I'm still a little suspicious.

Is there a way to stop these Windows updates from trying to install?

# AdwCleaner v2.003 - Logfile created 10/10/2012 at 20:08:50
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Me - c0mputer
# Boot Mode : Normal
# Running from : C:\_Anti-virus 02\AdWare Cleaner\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\hhfwif36.default\searchplugins\aol-web-search.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\hhfwif36.default\prefs.js

C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\hhfwif36.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.surf.date", "423");
Deleted : user_pref("aol_toolbar.surf.lastDate", "13");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "6");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2011");
Deleted : user_pref("aol_toolbar.surf.month", "5669");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "11820");
Deleted : user_pref("aol_toolbar.surf.total", "44442");
Deleted : user_pref("aol_toolbar.surf.week", "1064");
Deleted : user_pref("aol_toolbar.surf.year", "44350");
Deleted : user_pref("extensions.addonfox.addit.remoteInstallItems", "{ \"software\": {\"1\": {\"id\": \"1\",\"[...]
Deleted : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"20\": {\"id\": \"20\",\"tit[...]

Profile name : default
File : C:\Documents and Settings\User2\Application Data\Mozilla\Firefox\Profiles\acr11v9x.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\55607wp6.default\prefs.js

[OK] File is clean.

-\\ Opera v12.2.1578.0

File : C:\Documents and Settings\Me\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2302 octets] - [07/10/2012 18:40:41]
AdwCleaner[R2].txt - [2362 octets] - [10/10/2012 19:37:46]
AdwCleaner[S1].txt - [2690 octets] - [10/10/2012 20:08:50]

########## EOF - C:\AdwCleaner[S1].txt - [2750 octets] ##########


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.10.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Me :: c0mputer [administrator]

10/10/2012 4:10:59 AM
mbam-log-2012-10-10 (04-10-59).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271456
Time elapsed: 48 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:39 AM

Posted 13 October 2012 - 04:14 AM

Hi -
Had a day or 2 on my laptop and did not get notified of your reply -

Did you perform these operations yet ??
Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! - Important -
Go - Start > Programs > Accessories > System Tools > Disk Defragmenter and click Defragment -
Also in System Tools please click on > Disk Cleanup and tick the top 6 boxes > Click OK > and OK -

I've disabled Avast for now, but which do you think is better, that or Kaspersky? >> avast! is free but you will pay for Kaspersky - Do you wish to pay or use Free antivirus ??
Personally I would use ESETnod32 as a Paid Antivirus or Microsoft Security Essentials as a Free program -

the thing I don't like about this AdWare Cleaner is that it didn't even mention something that needed to be deleted. >> You need to read the scan first -
Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate - From 1st Search scan -
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate - From Delete run -

Run a last scan with SuperantiSpyware and we will see if there are any minor infections left -

Open Microsoft updates > Click More Options > Click second button D/load updates let me chose a time to install > Apply > OK and the message will no longer be there -
Only ever click on Express and Never Custom updates, as Custom are not needed -

If there are still problems with updates after this, repost on XP Forum as a new topic -

There are no other obvious problems / infections showing up any more -

Thank You -

#14 Deep_Thought

Deep_Thought
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:39 AM

Posted 13 October 2012 - 08:35 PM

Okay, that's fine.

Yes, I did all those things. When you say to open Microsoft Updates, I'm not sure what you mean. I can go to Windows Updates, or Add/Remove Programs in the Control Panel, but I haven't been able to find a way to remove it with those.

Here's the SUPERAntiSpyware scan. Looks clean. Maybe one of those things I did earlier finally got rid of the virus for good. I do, however, have a second drive that's unplugged right now that has all my stuff on it. It was infected too and I was trying to clean the drives separately so one wouldn't contaminate the other. I may have to come back if that one still has problems.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/13/2012 at 07:29 PM

Application Version : 5.6.1008

Core Rules Database Version : 9400
Trace Rules Database Version: 7166

Scan type : Complete Scan
Total Scan Time : 01:02:16

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 532
Memory threats detected : 0
Registry items scanned : 37189
Registry threats detected : 0
File items scanned : 35498
File threats detected : 0



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:39 AM

Posted 14 October 2012 - 03:40 PM

You no longer have any infection on your computer, they were trmoved earlier. I have only been trying to find what is blocking updates -

Sorry that I confused the words Microsoft Updates and Windows Updates - Windows Updates is what I meant -

If you still have files on another drive, we will not know if they contain infections unless you place them back on your computer ............
As you are clean now, set a Restore Point so that you can return, just in case one of the files you import is infected -

Only ever use 1 Antivirus, or you will never remove any infections, scan weekly with Updated Malwarebytes and SUPERAntiSpyware and Defrag at least once a month -

I can not find the reason for updates not installing, it may have been due to several installed Antivirus programs, or another reason at the time.
Wait for them to be presented again, and if there is a problem post in the XP Forum, only about Updates not installing, as you have no infections -

Thank You -




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users