Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security Center Service Disappeared Along with Firewall


  • Please log in to reply
33 replies to this topic

#1 Barbarino

Barbarino

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:54 PM

Posted 24 October 2012 - 06:43 PM

Windows Security Center Service Disappeared Along with Firewall

Hello All, this is my first visit to this site.

I'm a computer dummy, please be patient and talk to me like I'm 5 years old.

I have a Windows XP Professional-SP3 (not the 64bit) with Microsoft Office 2003, Dell Optiplex GX270.

When I wanted to update a security program, I noticed the Firewall was not on, and further checking revealed that the Windows Security Center Service had been removed altogether.

Perusing the internet I learned that an infection can cause this so I tried to troubleshoot.
I ran a full Malwarebytes scan in regular and safe modes which turned up nothing. I ran Spybot and AvastAntivirus and SpywareBlaster in regular mode and they showed nothing either.

I ran the Microsoft Safety Scanner 1.0.3001.0 today and it removed Win32/Sirefef!cfg
I ran the TrendMicro HiJack this and got a log, which I can't make heads or tails of, I can post it if you like.

I then came to this website and saw that many of you experts have said that it isn't wise to have too many anti-virus products, so I removed Spybot and SpywareBlaster. What I now have is Malwarebytes and Avast AntiVirus.

But no Firewall and no Windows Security Center.

So two questions-
1.Is my computer still infected? and once that is fixed,
2.How to get the Windows Security center back into my computer?
I looked on the Microsoft Community forum for the answer, and I didn't even understand the instructions.

Thank you in advance for your kind assistance and patience.

Edited by Barbarino, 24 October 2012 - 07:09 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:54 PM

Posted 24 October 2012 - 07:14 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Barbarino

Barbarino
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:54 PM

Posted 24 October 2012 - 07:24 PM

Okay, I'll get started right now.
If I can't find the LOG file in the C drive, I'll come back here to ask how, but I'll give it a try myself.
Click start, my computer, C drive, and then look around?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:54 PM

Posted 24 October 2012 - 07:58 PM

Yes

#5 Barbarino

Barbarino
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:54 PM

Posted 24 October 2012 - 08:38 PM

For the ESET online scanner, should I check the box that lets the program remove any found threat?

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:54 PM

Posted 24 October 2012 - 09:07 PM

Yes

#7 Barbarino

Barbarino
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:54 PM

Posted 24 October 2012 - 10:59 PM

OK, here are the three scans you advised, in the order in which they were performed.

17:38:00.0562 3268 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
17:38:00.0890 3268 ============================================================
17:38:00.0890 3268 Current date / time: 2012/10/24 17:38:00.0890
17:38:00.0890 3268 SystemInfo:
17:38:00.0890 3268
17:38:00.0890 3268 OS Version: 5.1.2600 ServicePack: 3.0
17:38:00.0890 3268 Product type: Workstation
17:38:00.0890 3268 ComputerName: BARBARA-6D961D8
17:38:00.0890 3268 UserName: Administrator
17:38:00.0890 3268 Windows directory: C:\WINDOWS
17:38:00.0890 3268 System windows directory: C:\WINDOWS
17:38:00.0890 3268 Processor architecture: Intel x86
17:38:00.0890 3268 Number of processors: 1
17:38:00.0890 3268 Page size: 0x1000
17:38:00.0890 3268 Boot type: Normal boot
17:38:00.0890 3268 ============================================================
17:38:04.0359 3268 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:38:04.0453 3268 ============================================================
17:38:04.0453 3268 \Device\Harddisk0\DR0:
17:38:04.0484 3268 MBR partitions:
17:38:04.0484 3268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x94DF3B5
17:38:04.0484 3268 ============================================================
17:38:04.0562 3268 C: <-> \Device\Harddisk0\DR0\Partition1
17:38:04.0562 3268 ============================================================
17:38:04.0562 3268 Initialize success
17:38:04.0562 3268 ============================================================
17:39:06.0062 2828 ============================================================
17:39:06.0062 2828 Scan started
17:39:06.0062 2828 Mode: Manual; TDLFS;
17:39:06.0062 2828 ============================================================
17:39:07.0421 2828 ================ Scan system memory ========================
17:39:07.0421 2828 System memory - ok
17:39:07.0437 2828 ================ Scan services =============================
17:39:07.0593 2828 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
17:39:07.0593 2828 Aavmker4 - ok
17:39:07.0609 2828 Abiosdsk - ok
17:39:07.0625 2828 abp480n5 - ok
17:39:07.0718 2828 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:39:07.0718 2828 ACDaemon - ok
17:39:07.0781 2828 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:39:07.0796 2828 ACPI - ok
17:39:07.0859 2828 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:39:07.0859 2828 ACPIEC - ok
17:39:07.0953 2828 [ 459AC130C6AB892B1CD5D7544626EFC5 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:39:07.0968 2828 AdobeFlashPlayerUpdateSvc - ok
17:39:07.0984 2828 adpu160m - ok
17:39:08.0031 2828 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
17:39:08.0031 2828 aeaudio - ok
17:39:08.0078 2828 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:39:08.0093 2828 aec - ok
17:39:08.0140 2828 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:39:08.0156 2828 AFD - ok
17:39:08.0156 2828 Aha154x - ok
17:39:08.0171 2828 aic78u2 - ok
17:39:08.0187 2828 aic78xx - ok
17:39:08.0234 2828 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:39:08.0234 2828 Alerter - ok
17:39:08.0265 2828 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:39:08.0281 2828 ALG - ok
17:39:08.0281 2828 AliIde - ok
17:39:08.0296 2828 amsint - ok
17:39:08.0406 2828 [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:39:08.0406 2828 Apple Mobile Device - ok
17:39:08.0453 2828 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:39:08.0453 2828 AppMgmt - ok
17:39:08.0468 2828 asc - ok
17:39:08.0484 2828 asc3350p - ok
17:39:08.0500 2828 asc3550 - ok
17:39:08.0609 2828 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:39:08.0718 2828 aspnet_state - ok
17:39:08.0765 2828 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:39:08.0765 2828 aswFsBlk - ok
17:39:08.0781 2828 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
17:39:08.0796 2828 aswMon2 - ok
17:39:08.0812 2828 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
17:39:08.0828 2828 aswRdr - ok
17:39:08.0906 2828 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
17:39:08.0968 2828 aswSnx - ok
17:39:09.0046 2828 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
17:39:09.0078 2828 aswSP - ok
17:39:09.0093 2828 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
17:39:09.0093 2828 aswTdi - ok
17:39:09.0156 2828 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:39:09.0156 2828 AsyncMac - ok
17:39:09.0218 2828 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:39:09.0218 2828 atapi - ok
17:39:09.0234 2828 Atdisk - ok
17:39:09.0265 2828 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:39:09.0265 2828 Atmarpc - ok
17:39:09.0328 2828 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:39:09.0328 2828 AudioSrv - ok
17:39:09.0375 2828 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:39:09.0421 2828 audstub - ok
17:39:09.0531 2828 [ 0FCFBD0EDAA188B3D652DDCE6D16D866 ] Automatic LiveUpdate Scheduler C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
17:39:09.0531 2828 Automatic LiveUpdate Scheduler - ok
17:39:09.0656 2828 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
17:39:09.0656 2828 avast! Antivirus - ok
17:39:09.0718 2828 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:39:09.0718 2828 Beep - ok
17:39:09.0796 2828 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:39:09.0859 2828 BITS - ok
17:39:09.0984 2828 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:39:10.0000 2828 Bonjour Service - ok
17:39:10.0062 2828 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:39:10.0062 2828 Browser - ok
17:39:10.0109 2828 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:39:10.0125 2828 cbidf2k - ok
17:39:10.0125 2828 cd20xrnt - ok
17:39:10.0187 2828 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:39:10.0187 2828 Cdaudio - ok
17:39:10.0250 2828 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:39:10.0250 2828 Cdfs - ok
17:39:10.0312 2828 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:39:10.0312 2828 Cdrom - ok
17:39:10.0343 2828 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
17:39:10.0359 2828 cercsr6 - ok
17:39:10.0359 2828 Changer - ok
17:39:10.0406 2828 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:39:10.0406 2828 CiSvc - ok
17:39:10.0453 2828 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:39:10.0453 2828 ClipSrv - ok
17:39:10.0500 2828 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:39:10.0656 2828 clr_optimization_v2.0.50727_32 - ok
17:39:10.0718 2828 CLTNetCnService - ok
17:39:10.0734 2828 CmdIde - ok
17:39:10.0781 2828 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:39:10.0781 2828 Compbatt - ok
17:39:10.0796 2828 COMSysApp - ok
17:39:10.0828 2828 Cpqarray - ok
17:39:10.0843 2828 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:39:10.0843 2828 CryptSvc - ok
17:39:10.0859 2828 dac2w2k - ok
17:39:10.0875 2828 dac960nt - ok
17:39:10.0937 2828 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:39:10.0968 2828 DcomLaunch - ok
17:39:11.0031 2828 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:39:11.0031 2828 Dhcp - ok
17:39:11.0062 2828 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:39:11.0062 2828 Disk - ok
17:39:11.0078 2828 dmadmin - ok
17:39:11.0171 2828 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:39:11.0234 2828 dmboot - ok
17:39:11.0281 2828 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:39:11.0281 2828 dmio - ok
17:39:11.0343 2828 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:39:11.0343 2828 dmload - ok
17:39:11.0406 2828 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:39:11.0406 2828 dmserver - ok
17:39:11.0421 2828 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:39:11.0437 2828 DMusic - ok
17:39:11.0484 2828 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:39:11.0484 2828 Dnscache - ok
17:39:11.0531 2828 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:39:11.0531 2828 Dot3svc - ok
17:39:11.0546 2828 dpti2o - ok
17:39:11.0593 2828 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:39:11.0593 2828 drmkaud - ok
17:39:11.0656 2828 [ A8B3EC8EE13CBE14F067C72110155A1B ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys
17:39:11.0656 2828 E1000 - ok
17:39:11.0703 2828 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:39:11.0718 2828 EapHost - ok
17:39:11.0765 2828 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:39:11.0765 2828 ERSvc - ok
17:39:11.0812 2828 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:39:11.0828 2828 Eventlog - ok
17:39:11.0906 2828 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:39:11.0921 2828 EventSystem - ok
17:39:11.0984 2828 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:39:11.0984 2828 Fastfat - ok
17:39:12.0046 2828 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:39:12.0062 2828 FastUserSwitchingCompatibility - ok
17:39:12.0093 2828 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:39:12.0093 2828 Fdc - ok
17:39:12.0156 2828 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:39:12.0156 2828 Fips - ok
17:39:12.0171 2828 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:39:12.0187 2828 Flpydisk - ok
17:39:12.0250 2828 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:39:12.0250 2828 FltMgr - ok
17:39:12.0328 2828 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:39:12.0328 2828 FontCache3.0.0.0 - ok
17:39:12.0359 2828 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:39:12.0359 2828 Fs_Rec - ok
17:39:12.0390 2828 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:39:12.0390 2828 Ftdisk - ok
17:39:12.0437 2828 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:39:12.0437 2828 GEARAspiWDM - ok
17:39:12.0515 2828 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
17:39:12.0531 2828 GoToAssist - ok
17:39:12.0578 2828 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:39:12.0578 2828 Gpc - ok
17:39:12.0687 2828 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:39:12.0687 2828 gupdate - ok
17:39:12.0703 2828 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:39:12.0703 2828 gupdatem - ok
17:39:12.0796 2828 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:39:12.0812 2828 helpsvc - ok
17:39:12.0828 2828 [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
17:39:12.0828 2828 HidBatt - ok
17:39:12.0890 2828 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:39:12.0890 2828 HidServ - ok
17:39:12.0953 2828 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:39:12.0953 2828 hidusb - ok
17:39:13.0000 2828 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:39:13.0000 2828 hkmsvc - ok
17:39:13.0015 2828 hpn - ok
17:39:13.0078 2828 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
17:39:13.0093 2828 HSFHWBS2 - ok
17:39:13.0203 2828 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
17:39:13.0234 2828 HSF_DP - ok
17:39:13.0296 2828 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:39:13.0312 2828 HTTP - ok
17:39:13.0359 2828 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:39:13.0390 2828 HTTPFilter - ok
17:39:13.0406 2828 i2omgmt - ok
17:39:13.0421 2828 i2omp - ok
17:39:13.0453 2828 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
17:39:13.0453 2828 i8042prt - ok
17:39:13.0531 2828 [ 3CA41CDB9C912AED354B0C7ABE4A4654 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:39:13.0562 2828 ialm - ok
17:39:13.0687 2828 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:39:13.0687 2828 IDriverT - ok
17:39:13.0796 2828 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:39:13.0828 2828 idsvc - ok
17:39:13.0859 2828 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:39:13.0875 2828 Imapi - ok
17:39:13.0921 2828 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:39:13.0921 2828 ImapiService - ok
17:39:13.0953 2828 ini910u - ok
17:39:14.0015 2828 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
17:39:14.0015 2828 IntelIde - ok
17:39:14.0062 2828 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:39:14.0078 2828 intelppm - ok
17:39:14.0093 2828 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:39:14.0093 2828 Ip6Fw - ok
17:39:14.0156 2828 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:39:14.0156 2828 IpFilterDriver - ok
17:39:14.0171 2828 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:39:14.0187 2828 IpInIp - ok
17:39:14.0234 2828 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:39:14.0234 2828 IpNat - ok
17:39:14.0312 2828 [ DCB3796E0169419618C72F0CE34C68ED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:39:14.0359 2828 iPod Service - ok
17:39:14.0390 2828 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:39:14.0390 2828 IPSec - ok
17:39:14.0437 2828 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:39:14.0437 2828 IRENUM - ok
17:39:14.0500 2828 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:39:14.0500 2828 isapnp - ok
17:39:14.0656 2828 [ 39133291CB607BDD87CFC565A4A1E7A5 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
17:39:14.0656 2828 JavaQuickStarterService - ok
17:39:14.0687 2828 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:39:14.0687 2828 Kbdclass - ok
17:39:14.0750 2828 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:39:14.0750 2828 kbdhid - ok
17:39:14.0781 2828 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:39:14.0781 2828 kmixer - ok
17:39:14.0843 2828 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:39:14.0843 2828 KSecDD - ok
17:39:14.0906 2828 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:39:14.0921 2828 lanmanserver - ok
17:39:14.0953 2828 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:39:14.0968 2828 lanmanworkstation - ok
17:39:15.0031 2828 Lavasoft Kernexplorer - ok
17:39:15.0078 2828 [ 336ABE8721CBC3110F1C6426DA633417 ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:39:15.0093 2828 Lbd - ok
17:39:15.0093 2828 lbrtfdc - ok
17:39:15.0234 2828 [ FB3A35318CA7F6A10FA3C3826A69AFFE ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
17:39:15.0328 2828 LiveUpdate - ok
17:39:15.0390 2828 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:39:15.0390 2828 LmHosts - ok
17:39:15.0515 2828 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
17:39:15.0515 2828 MatSvc - ok
17:39:15.0578 2828 [ 7FFD29FAFCDE7AAF89B689B6E156D5B0 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
17:39:15.0593 2828 mbamchameleon - ok
17:39:15.0671 2828 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:39:15.0703 2828 MDM - ok
17:39:15.0718 2828 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:39:15.0734 2828 mdmxsdk - ok
17:39:15.0765 2828 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:39:15.0781 2828 Messenger - ok
17:39:15.0828 2828 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:39:15.0828 2828 mnmdd - ok
17:39:15.0875 2828 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:39:15.0875 2828 mnmsrvc - ok
17:39:15.0921 2828 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:39:15.0937 2828 Modem - ok
17:39:15.0984 2828 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:39:15.0984 2828 MODEMCSA - ok
17:39:16.0015 2828 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:39:16.0031 2828 Mouclass - ok
17:39:16.0078 2828 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:39:16.0078 2828 mouhid - ok
17:39:16.0109 2828 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:39:16.0109 2828 MountMgr - ok
17:39:16.0125 2828 mraid35x - ok
17:39:16.0171 2828 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:39:16.0203 2828 MRxDAV - ok
17:39:16.0281 2828 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:39:16.0328 2828 MRxSmb - ok
17:39:16.0375 2828 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:39:16.0390 2828 MSDTC - ok
17:39:16.0421 2828 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:39:16.0421 2828 Msfs - ok
17:39:16.0437 2828 MSIServer - ok
17:39:16.0468 2828 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:39:16.0468 2828 MSKSSRV - ok
17:39:16.0500 2828 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:39:16.0515 2828 MSPCLOCK - ok
17:39:16.0531 2828 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:39:16.0531 2828 MSPQM - ok
17:39:16.0578 2828 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:39:16.0578 2828 mssmbios - ok
17:39:16.0640 2828 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:39:16.0640 2828 Mup - ok
17:39:16.0703 2828 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:39:16.0718 2828 napagent - ok
17:39:16.0765 2828 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:39:16.0781 2828 NDIS - ok
17:39:16.0812 2828 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:39:16.0812 2828 NdisTapi - ok
17:39:16.0875 2828 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:39:16.0875 2828 Ndisuio - ok
17:39:16.0906 2828 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:39:16.0906 2828 NdisWan - ok
17:39:16.0953 2828 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:39:16.0968 2828 NDProxy - ok
17:39:16.0984 2828 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:39:16.0984 2828 NetBIOS - ok
17:39:17.0031 2828 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:39:17.0031 2828 NetBT - ok
17:39:17.0078 2828 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:39:17.0093 2828 NetDDE - ok
17:39:17.0093 2828 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:39:17.0109 2828 NetDDEdsdm - ok
17:39:17.0156 2828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:39:17.0156 2828 Netlogon - ok
17:39:17.0187 2828 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:39:17.0203 2828 Netman - ok
17:39:17.0250 2828 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:39:17.0250 2828 NetTcpPortSharing - ok
17:39:17.0296 2828 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:39:17.0312 2828 Nla - ok
17:39:17.0375 2828 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:39:17.0375 2828 Npfs - ok
17:39:17.0421 2828 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:39:17.0437 2828 Ntfs - ok
17:39:17.0468 2828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:39:17.0468 2828 NtLmSsp - ok
17:39:17.0546 2828 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:39:17.0562 2828 NtmsSvc - ok
17:39:17.0609 2828 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:39:17.0609 2828 Null - ok
17:39:17.0656 2828 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:39:17.0656 2828 NwlnkFlt - ok
17:39:17.0671 2828 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:39:17.0687 2828 NwlnkFwd - ok
17:39:17.0718 2828 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
17:39:17.0718 2828 OMCI - ok
17:39:17.0781 2828 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:39:17.0828 2828 ose - ok
17:39:17.0890 2828 [ 240C0D4049A833B16B63B636ACF01672 ] PalmUSBD C:\WINDOWS\system32\drivers\PalmUSBD.sys
17:39:17.0890 2828 PalmUSBD - ok
17:39:17.0937 2828 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:39:17.0953 2828 Parport - ok
17:39:17.0968 2828 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:39:17.0968 2828 PartMgr - ok
17:39:18.0000 2828 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:39:18.0000 2828 ParVdm - ok
17:39:18.0046 2828 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:39:18.0046 2828 PCI - ok
17:39:18.0062 2828 PCIDump - ok
17:39:18.0109 2828 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:39:18.0125 2828 PCIIde - ok
17:39:18.0171 2828 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:39:18.0187 2828 Pcmcia - ok
17:39:18.0187 2828 PDCOMP - ok
17:39:18.0203 2828 PDFRAME - ok
17:39:18.0218 2828 PDRELI - ok
17:39:18.0234 2828 PDRFRAME - ok
17:39:18.0250 2828 perc2 - ok
17:39:18.0265 2828 perc2hib - ok
17:39:18.0312 2828 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:39:18.0328 2828 PlugPlay - ok
17:39:18.0343 2828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:39:18.0359 2828 PolicyAgent - ok
17:39:18.0375 2828 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:39:18.0375 2828 PptpMiniport - ok
17:39:18.0390 2828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:39:18.0390 2828 ProtectedStorage - ok
17:39:18.0421 2828 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:39:18.0421 2828 PSched - ok
17:39:18.0484 2828 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:39:18.0484 2828 Ptilink - ok
17:39:18.0593 2828 [ F6EA2DCE39F1ACCB2C6C38D61FC79075 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
17:39:18.0593 2828 QBCFMonitorService - ok
17:39:18.0656 2828 [ BAB30D2799754F6EA22F0B9076311793 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
17:39:18.0671 2828 QBFCService - ok
17:39:18.0671 2828 ql1080 - ok
17:39:18.0687 2828 Ql10wnt - ok
17:39:18.0703 2828 ql12160 - ok
17:39:18.0718 2828 ql1240 - ok
17:39:18.0718 2828 ql1280 - ok
17:39:18.0781 2828 QuickBooksDB18 - ok
17:39:18.0796 2828 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:39:18.0812 2828 RasAcd - ok
17:39:18.0859 2828 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:39:18.0875 2828 RasAuto - ok
17:39:18.0906 2828 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:39:18.0906 2828 Rasl2tp - ok
17:39:18.0968 2828 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:39:18.0968 2828 RasMan - ok
17:39:19.0000 2828 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:39:19.0000 2828 RasPppoe - ok
17:39:19.0015 2828 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:39:19.0015 2828 Raspti - ok
17:39:19.0046 2828 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:39:19.0046 2828 Rdbss - ok
17:39:19.0078 2828 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:39:19.0078 2828 RDPCDD - ok
17:39:19.0140 2828 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:39:19.0156 2828 rdpdr - ok
17:39:19.0218 2828 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:39:19.0218 2828 RDPWD - ok
17:39:19.0281 2828 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:39:19.0296 2828 RDSessMgr - ok
17:39:19.0328 2828 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:39:19.0343 2828 redbook - ok
17:39:19.0375 2828 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:39:19.0390 2828 RemoteAccess - ok
17:39:19.0437 2828 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:39:19.0453 2828 RemoteRegistry - ok
17:39:19.0500 2828 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:39:19.0500 2828 RpcLocator - ok
17:39:19.0562 2828 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:39:19.0578 2828 RpcSs - ok
17:39:19.0640 2828 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:39:19.0656 2828 RSVP - ok
17:39:19.0687 2828 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:39:19.0687 2828 SamSs - ok
17:39:19.0734 2828 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:39:19.0750 2828 SCardSvr - ok
17:39:19.0796 2828 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:39:19.0812 2828 Schedule - ok
17:39:19.0890 2828 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:39:19.0906 2828 Secdrv - ok
17:39:19.0921 2828 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:39:19.0937 2828 seclogon - ok
17:39:19.0968 2828 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:39:19.0984 2828 SENS - ok
17:39:20.0015 2828 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:39:20.0031 2828 serenum - ok
17:39:20.0046 2828 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:39:20.0046 2828 Serial - ok
17:39:20.0109 2828 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:39:20.0109 2828 Sfloppy - ok
17:39:20.0171 2828 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:39:20.0187 2828 ShellHWDetection - ok
17:39:20.0203 2828 Simbad - ok
17:39:20.0453 2828 [ 5018A9DB5EB62E3EDB3110F82F556285 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
17:39:20.0484 2828 smwdm - ok
17:39:20.0500 2828 Sparrow - ok
17:39:20.0562 2828 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:39:20.0562 2828 splitter - ok
17:39:20.0625 2828 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:39:20.0625 2828 Spooler - ok
17:39:20.0640 2828 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:39:20.0656 2828 sr - ok
17:39:20.0718 2828 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:39:20.0734 2828 srservice - ok
17:39:20.0781 2828 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:39:20.0796 2828 Srv - ok
17:39:20.0859 2828 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:39:20.0875 2828 SSDPSRV - ok
17:39:20.0937 2828 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:39:20.0984 2828 stisvc - ok
17:39:21.0046 2828 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:39:21.0046 2828 swenum - ok
17:39:21.0093 2828 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:39:21.0093 2828 swmidi - ok
17:39:21.0109 2828 SwPrv - ok
17:39:21.0125 2828 symc810 - ok
17:39:21.0140 2828 symc8xx - ok
17:39:21.0156 2828 sym_hi - ok
17:39:21.0171 2828 sym_u3 - ok
17:39:21.0203 2828 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:39:21.0203 2828 sysaudio - ok
17:39:21.0250 2828 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:39:21.0265 2828 SysmonLog - ok
17:39:21.0312 2828 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:39:21.0328 2828 TapiSrv - ok
17:39:21.0406 2828 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:39:21.0421 2828 Tcpip - ok
17:39:21.0484 2828 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:39:21.0484 2828 TDPIPE - ok
17:39:21.0515 2828 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:39:21.0515 2828 TDTCP - ok
17:39:21.0531 2828 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:39:21.0531 2828 TermDD - ok
17:39:21.0593 2828 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:39:21.0625 2828 TermService - ok
17:39:21.0640 2828 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:39:21.0656 2828 Themes - ok
17:39:21.0703 2828 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:39:21.0718 2828 TlntSvr - ok
17:39:21.0734 2828 TosIde - ok
17:39:21.0781 2828 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:39:21.0781 2828 TrkWks - ok
17:39:21.0859 2828 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:39:21.0859 2828 Udfs - ok
17:39:21.0875 2828 ultra - ok
17:39:21.0953 2828 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:39:22.0000 2828 Update - ok
17:39:22.0062 2828 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:39:22.0078 2828 upnphost - ok
17:39:22.0125 2828 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:39:22.0140 2828 UPS - ok
17:39:22.0187 2828 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:39:22.0187 2828 usbccgp - ok
17:39:22.0250 2828 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:39:22.0250 2828 usbehci - ok
17:39:22.0281 2828 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:39:22.0281 2828 usbhub - ok
17:39:22.0296 2828 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:39:22.0296 2828 usbprint - ok
17:39:22.0359 2828 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:39:22.0375 2828 usbscan - ok
17:39:22.0390 2828 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:39:22.0390 2828 USBSTOR - ok
17:39:22.0453 2828 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:39:22.0468 2828 usbuhci - ok
17:39:22.0484 2828 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:39:22.0484 2828 VgaSave - ok
17:39:22.0500 2828 ViaIde - ok
17:39:22.0515 2828 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:39:22.0515 2828 VolSnap - ok
17:39:22.0578 2828 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:39:22.0593 2828 VSS - ok
17:39:22.0640 2828 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
17:39:22.0656 2828 W32Time - ok
17:39:22.0687 2828 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:39:22.0687 2828 Wanarp - ok
17:39:22.0703 2828 WDICA - ok
17:39:22.0734 2828 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:39:22.0734 2828 wdmaud - ok
17:39:22.0750 2828 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:39:22.0765 2828 WebClient - ok
17:39:22.0843 2828 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:39:22.0875 2828 winachsf - ok
17:39:23.0000 2828 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:39:23.0000 2828 winmgmt - ok
17:39:23.0078 2828 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:39:23.0078 2828 WmdmPmSN - ok
17:39:23.0140 2828 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:39:23.0187 2828 Wmi - ok
17:39:23.0250 2828 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:39:23.0250 2828 WmiApSrv - ok
17:39:23.0343 2828 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:39:23.0375 2828 WMPNetworkSvc - ok
17:39:23.0437 2828 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:39:23.0468 2828 wuauserv - ok
17:39:23.0515 2828 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:39:23.0531 2828 WudfPf - ok
17:39:23.0578 2828 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:39:23.0578 2828 WudfRd - ok
17:39:23.0625 2828 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:39:23.0640 2828 WudfSvc - ok
17:39:23.0718 2828 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:39:23.0734 2828 WZCSVC - ok
17:39:23.0781 2828 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:39:23.0796 2828 xmlprov - ok
17:39:23.0859 2828 [ FD1F4E9CF06C71C8D73A24ACF18D8296 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
17:39:23.0875 2828 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
17:39:23.0921 2828 [ D4D7331D33D1FA73E588E5CE0D90A4C1 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
17:39:23.0937 2828 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
17:39:23.0937 2828 ================ Scan global ===============================
17:39:24.0000 2828 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:39:24.0062 2828 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:39:24.0125 2828 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:39:24.0140 2828 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:39:24.0156 2828 [Global] - ok
17:39:24.0156 2828 ================ Scan MBR ==================================
17:39:24.0171 2828 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:39:24.0484 2828 \Device\Harddisk0\DR0 - ok
17:39:24.0500 2828 ================ Scan VBR ==================================
17:39:24.0531 2828 [ 7B0749FD7774BCD573237D63793EA1D7 ] \Device\Harddisk0\DR0\Partition1
17:39:24.0531 2828 \Device\Harddisk0\DR0\Partition1 - ok
17:39:24.0531 2828 ============================================================
17:39:24.0531 2828 Scan finished
17:39:24.0531 2828 ============================================================
17:39:24.0562 3148 Detected object count: 0
17:39:24.0562 3148 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-24 17:46:09
-----------------------------
17:46:09.500 OS Version: Windows 5.1.2600 Service Pack 3
17:46:09.500 Number of processors: 1 586 0x209
17:46:09.500 ComputerName: BARBARA-6D961D8 UserName: Administrator
17:46:10.515 Initialize success
17:46:16.468 AVAST engine defs: 12102500
17:47:01.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:47:01.812 Disk 0 Vendor: WDC_WD800BB-75FRA0 77.07W77 Size: 76293MB BusType: 3
17:47:01.843 Disk 0 MBR read successfully
17:47:01.843 Disk 0 MBR scan
17:47:01.937 Disk 0 Windows XP default MBR code
17:47:01.937 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 62 MB offset 63
17:47:01.968 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76222 MB offset 128520
17:47:01.984 Disk 0 scanning sectors +156232125
17:47:02.093 Disk 0 scanning C:\WINDOWS\system32\drivers
17:47:23.265 Service scanning
17:47:45.625 Modules scanning
17:48:00.906 Disk 0 trace - called modules:
17:48:00.953 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
17:48:01.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82366ab8]
17:48:01.500 3 CLASSPNP.SYS[f8578fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x823d1d98]
17:48:01.828 AVAST engine scan C:\WINDOWS
17:48:24.734 AVAST engine scan C:\WINDOWS\system32
17:51:09.859 AVAST engine scan C:\WINDOWS\system32\drivers
17:51:24.625 AVAST engine scan C:\Documents and Settings\Administrator
17:56:18.093 AVAST engine scan C:\Documents and Settings\All Users
17:57:15.093 Scan finished successfully
17:59:47.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
17:59:47.453 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"



ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=63d4aed5f9985e41bbd4d5048b89770d
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2012-10-25 02:36:35
# local_time=2012-10-24 07:36:35 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 86939361 86939361 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=85039
# found=1
# cleaned=0
# scan_time=5084
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\50\703905f2-4350d295 a variant of Java/Agent.BP trojan CA1D5F2955B44F48602C91854A07D1B7 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=63d4aed5f9985e41bbd4d5048b89770d
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-25 03:00:29
# local_time=2012-10-24 08:00:29 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 86944623 86944623 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=32008
# found=1
# cleaned=1
# scan_time=1254
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\50\703905f2-4350d295 a variant of Java/Agent.BP trojan (deleted - quarantined) 00000000000000000000000000000000 C


Do you want me to post Trend Hijackthis also?

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:54 PM

Posted 24 October 2012 - 11:15 PM

Not needed

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#9 Barbarino

Barbarino
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:54 PM

Posted 24 October 2012 - 11:25 PM

Ok, thank you, will do.
I have malwarebytes already and ran it before I came on this website, but I can certainly run it again and post the results. The malwarebytes takes a few hours, so it will be a while before all this is done.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:54 PM

Posted 24 October 2012 - 11:27 PM

Ok,make sure to update it and run the scan.

#11 Barbarino

Barbarino
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:54 PM

Posted 24 October 2012 - 11:31 PM

OK

#12 Barbarino

Barbarino
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:54 PM

Posted 25 October 2012 - 06:31 PM

Okay, here goes the second set of log reports.

Malwarebytes log

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.25.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: BARBARA-6D961D8 [administrator]

10/24/2012 9:58:56 PM
mbam-log-2012-10-24 (21-58-56).txt

Scan type: Full scan (A:\|C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 347723
Time elapsed: 2 hour(s), 36 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MiniToolBoxLog

MiniToolBox by Farbar Version: 23-07-2012
Ran by Administrator (administrator) on 25-10-2012 at 15:00:12
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15256 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® PRO/1000 MT Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : barbara-6d961d8

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : socal.rr.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : socal.rr.com

Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connection

Physical Address. . . . . . . . . : 00-0F-1F-D4-E9-DF

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 76.171.23.227

Subnet Mask . . . . . . . . . . . : 255.255.248.0

Default Gateway . . . . . . . . . : 76.171.16.1

DHCP Server . . . . . . . . . . . : 76.85.238.62

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Thursday, October 25, 2012 2:47:09 PM

Lease Expires . . . . . . . . . . : Friday, October 26, 2012 2:47:03 AM

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.224.228, 74.125.224.229, 74.125.224.230, 74.125.224.231
74.125.224.232, 74.125.224.233, 74.125.224.238, 74.125.224.224, 74.125.224.225
74.125.224.226, 74.125.224.227



Pinging google.com [74.125.224.169] with 32 bytes of data:



Reply from 74.125.224.169: bytes=32 time=14ms TTL=55

Reply from 74.125.224.169: bytes=32 time=15ms TTL=55



Ping statistics for 74.125.224.169:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 14ms, Maximum = 15ms, Average = 14ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=55ms TTL=50

Reply from 98.138.253.109: bytes=32 time=84ms TTL=49



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 55ms, Maximum = 84ms, Average = 69ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0f 1f d4 e9 df ...... Intel® PRO/1000 MT Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 76.171.16.1 76.171.23.227 20
76.171.16.0 255.255.248.0 76.171.23.227 76.171.23.227 20
76.171.23.227 255.255.255.255 127.0.0.1 127.0.0.1 20
76.255.255.255 255.255.255.255 76.171.23.227 76.171.23.227 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 76.171.23.227 76.171.23.227 20
224.0.0.0 240.0.0.0 76.171.23.227 76.171.23.227 20
255.255.255.255 255.255.255.255 76.171.23.227 76.171.23.227 1
Default Gateway: 76.171.16.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/22/2012 01:19:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2015

Error: (10/22/2012 01:19:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2015

Error: (10/22/2012 01:19:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/21/2012 07:18:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5434969

Error: (10/21/2012 07:18:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5434969

Error: (10/21/2012 07:18:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/21/2012 07:18:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5418906

Error: (10/21/2012 07:18:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5418906

Error: (10/21/2012 07:18:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/19/2012 06:42:48 PM) (Source: Application Hang) (User: )
Description: Fault bucket 734562961.


System errors:
=============
Error: (10/25/2012 02:47:50 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

Error: (10/25/2012 07:49:53 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 76.171.23.227 on the
Network Card with network address 000F1FD4E9DF.

Error: (10/24/2012 11:08:13 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {03E0E6C2-363B-11D3-B536-00902771A435} did not register with DCOM within the required timeout.

Error: (10/24/2012 07:17:20 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 76.171.23.227 on the
Network Card with network address 000F1FD4E9DF.

Error: (10/23/2012 08:36:22 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

Error: (10/23/2012 11:21:01 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

Error: (10/23/2012 11:20:20 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 76.171.23.227 on the
Network Card with network address 000F1FD4E9DF.

Error: (10/22/2012 01:42:48 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 76.171.23.227 on the
Network Card with network address 000F1FD4E9DF.

Error: (10/22/2012 11:56:14 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

Error: (10/22/2012 11:55:36 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 76.171.23.227 on the
Network Card with network address 000F1FD4E9DF.


Microsoft Office Sessions:
=========================
Error: (10/22/2012 01:19:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2015

Error: (10/22/2012 01:19:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2015

Error: (10/22/2012 01:19:31 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/21/2012 07:18:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5434969

Error: (10/21/2012 07:18:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5434969

Error: (10/21/2012 07:18:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/21/2012 07:18:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5418906

Error: (10/21/2012 07:18:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5418906

Error: (10/21/2012 07:18:25 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/19/2012 06:42:48 PM) (Source: Application Hang)(User: )
Description: 734562961


=========================== Installed Programs ============================

Acrobat.com (Version: 2.3.0)
Acrobat.com (Version: 2.3.0.0)
Addit (Version: 1.00.000)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.233)
Adobe Photoshop.com Uploader (Version: 0.13.0)
Adobe Photoshop.com Uploader (Version: 0.13.0.661440)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player (Version: 11)
Amazon Kindle
Apple Application Support (Version: 1.3.2)
Apple Mobile Device Support (Version: 3.2.0.47)
Apple Software Update (Version: 2.1.1.116)
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations (Version: 2.8.255.384)
avast! Free Antivirus (Version: 7.0.1466.0)
Bonjour (Version: 2.0.2.0)
CCScore (Version: 8.02.0000.0001)
CNET TechTracker (Version: 2.1.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows (Version: 5.0.0.0)
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Printer Software Uninstall
Dell ResourceCD
Documents To Go (Version: 11.000.501)
Epocrates Essentials
ESET Online Scanner v3
ESSBrwr (Version: 8.02.0000.0001)
ESSCDBK (Version: 8.03.0000.0001)
ESScore (Version: 8.03.0000.0001)
ESSgui (Version: 8.03.0000.0001)
ESSini (Version: 8.02.0000.0001)
ESSPCD (Version: 8.02.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 8.00.0000.0001)
FastStone Image Viewer 4.6 (Version: 4.6)
Google Update Helper (Version: 1.3.21.123)
GoToAssist 8.0.0.514
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
iTunes (Version: 10.0.0.68)
Java DB 10.4.2.1 (Version: 10.4.2.1)
Java™ 6 Update 17 (Version: 6.0.170)
JavaFX™ 1.2 SDK (Version: 1.2.0)
Kodak EasyShare software
KODAK Share Button App (Version: 4.03.0000.0000)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Small Business Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Move Media Player
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
netbrdg (Version: 7.01.0000.0001)
OfotoXMI (Version: 8.03.0000.0001)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Palm Desktop by ACCESS (Version: 6.4.0.0)
PowerDVD
PrintProjects (Version: 1.0.0.8812)
QuickBooks Pro 2008 (Version: 18.0.4010.606)
QuickTime (Version: 7.68.75.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Rewards Multiply 2.02
RoboForm 7-6-6 (All Users) (Version: 7-6-6)
SFR (Version: 8.01.0000.0001)
SHASTA (Version: 7.01.0000.0001)
skin0001 (Version: 8.02.0000.0001)
SKINXSDK (Version: 8.02.0000.0001)
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
staticcr (Version: 8.02.0000.0001)
SupportSoft Assisted Service (Version: 15)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual C++ 8.0 ATL (x86) WinSXS MSM (Version: 8.0.50727.762)
Visual C++ 8.0 CRT (x86) WinSXS MSM (Version: 8.0.50727.762)
VPRINTOL (Version: 8.02.0000.0001)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinUtilities 10.23 Free Edition
WIRELESS (Version: 8.02.0000.0001)

========================= Memory info: ===================================

Percentage of memory in use: 69%
Total physical RAM: 509.98 MB
Available physical RAM: 156.59 MB
Total Pagefile: 1373.11 MB
Available Pagefile: 847.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.75 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.44 GB) (Free:50.95 GB) NTFS

========================= Users: ========================================

User accounts for \\BARBARA-6D961D8

Administrator Barbara Guest
HelpAssistant SUPPORT_388945a0

========================= Restore Points ==================================

06-10-2012 21:01:50 System Checkpoint
06-10-2012 21:17:36 System Checkpoint
09-10-2012 11:16:05 System Checkpoint
10-10-2012 15:08:39 System Checkpoint
12-10-2012 06:35:32 System Checkpoint
13-10-2012 22:44:58 System Checkpoint
14-10-2012 22:52:19 System Checkpoint
16-10-2012 11:30:34 before update
16-10-2012 12:06:36 Software Distribution Service 3.0
17-10-2012 18:09:30 System Checkpoint
18-10-2012 20:12:50 System Checkpoint
19-10-2012 23:22:42 System Checkpoint
21-10-2012 19:02:00 System Checkpoint
22-10-2012 19:16:40 System Checkpoint
23-10-2012 19:59:49 System Checkpoint
24-10-2012 20:11:58 System Checkpoint
24-10-2012 21:17:17 postsirefef!removal

**** End of log ****


Farbar Service Scanner Log

Farbar Service Scanner Version: 19-10-2012
Ran by Administrator (administrator) on 25-10-2012 at 15:17:41
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

adware cleaner log

# AdwCleaner v2.005 - Logfile created 10/25/2012 at 15:26:37
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - BARBARA-6D961D8
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\incredibar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2599 octets] - [25/10/2012 15:25:19]
AdwCleaner[R2].txt - [2659 octets] - [25/10/2012 15:26:09]
AdwCleaner[S1].txt - [2324 octets] - [25/10/2012 15:26:37]

########## EOF - C:\AdwCleaner[S1].txt - [2384 octets] ##########

Junkware removal tool log

Junkware Removal Tool (JRT) by Thisisu
Version: 2.1.5 (10.25.2012)
OS: Microsoft Windows XP x86
Ran by Administrator on Thu 10/25/2012 at 15:34:28.04
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}



*** Files: 0 Detections



*** Folders:

Successfully deleted: [FOLDER] "C:\Program Files\coupons"
Successfully deleted: [FOLDER] "C:\Program Files\freeze.com"



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Thu 10/25/2012 at 15:58:43.00
End of Report

Edited by Barbarino, 25 October 2012 - 06:34 PM.


#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:54 PM

Posted 25 October 2012 - 06:44 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#14 Barbarino

Barbarino
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:54 PM

Posted 25 October 2012 - 06:50 PM

Ok, thanks, will get started now.

#15 Barbarino

Barbarino
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:54 PM

Posted 25 October 2012 - 08:25 PM

I am having a problem figuring out the Autoruns program.

I extracted it, and got a folder with 4 things in it, a txt file which is a consent that I don't need to check, a help file which I can't figure out how to use, and autoruns.exe and autorunsc.exe

I clicked on both exe and told them to run. One of them showed for a nanosecond what looked like a log file, but then it disappeared and now I can't find it and I don't know where to look for it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users