Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans removed. Reboot. Can't get on 'net. Restore. Trojans back.


  • Please log in to reply
24 replies to this topic

#1 ZeldaB

ZeldaB

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 22 November 2012 - 03:33 AM

Greetings. My operating system is Windows XP, service pack 3.

I usually use SuperAntiSpyware nightly when I quit the computer. Usually it either finds no threats, or finds spyware. I skipped it night before last. Yesterday morning,the computer was moving very slowly, keystrokes not appearing, etc., so I decided to run it. It both trojans and spywares. I removed all threats and rebooted (as I was instructed).

When the system was back up, it was telling me (via a balloon in the lower right of monitor) that the networks were not working. This is not a message I usually see. I'm not on a network. I tried to log onto the internet using IE, and the system wouldn't connect. Ran IE's diagnostics, and was told to check router connections (all fine -- I'd just been on the 'net before stopping to do the scan), router was showing all the appropriate green lights.

I did a system restore to a point about 24 hours earlier, and that worked. Used the computer a good part of the day, on and off the 'net. Ran the usual scan at the end of the day, and no threats were detected.

Used the computer today, was just wrapping up, ran the SuperAntiSpyware scan, and right away it found 3 trojans, and within 5 minutes, found a total of 7 trojans(plus 12 spywares).

It listed the trojans found as:

Trojan.Agent/Gen-Sirefef [7 Items Found]
HKLM\System\ControlSet001\Services\AFD
C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_AFD
HKLM\System\ControlSet003\Services\AFD
HKLM\System\ControlSet003\Enum\Root\LEGACY_AFD
HKLM\System\CurrentControlSet\Services\AFD
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_AFD

I stopped the scan, removed all threats, rebooted, and when it had rebooted I could not access the 'net. I restored to last Thursday, the 15th (today is the 21st). The system restored, and I could access the 'net. Restarted a full scan with SuperAntiSpyware, and it finds the same 7 trojans. It is still scanning as I type this. So far it's also found 1 spyware, nothing more.

I will remove the threats, shut down the computer, and use a laptop to check back tomorrow and see if someone has had time to respond. If not, then I hope you're enjoying Thanksgiving. And I'll check back later.

Thank you for any help you may provide!

ZB

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:36 PM

Posted 22 November 2012 - 06:06 AM

Please do not run any other scans when I'm helping you

Stop scanning with super antispyware

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 ZeldaB

ZeldaB
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 23 November 2012 - 03:15 PM

Thank you for your reply. Here is the TDSSKiller log. I'll make separate posts as I complete each step.

ZB

13:04:10.0875 3108 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:04:11.0343 3108 ============================================================
13:04:11.0343 3108 Current date / time: 2012/11/23 13:04:11.0343
13:04:11.0343 3108 SystemInfo:
13:04:11.0343 3108
13:04:11.0343 3108 OS Version: 5.1.2600 ServicePack: 3.0
13:04:11.0343 3108 Product type: Workstation
13:04:11.0343 3108 ComputerName: ZELDAB
13:04:11.0343 3108 UserName: Owner
13:04:11.0343 3108 Windows directory: C:\WINDOWS
13:04:11.0359 3108 System windows directory: C:\WINDOWS
13:04:11.0359 3108 Processor architecture: Intel x86
13:04:11.0359 3108 Number of processors: 2
13:04:11.0359 3108 Page size: 0x1000
13:04:11.0359 3108 Boot type: Normal boot
13:04:11.0359 3108 ============================================================
13:04:13.0703 3108 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:04:13.0968 3108 ============================================================
13:04:13.0968 3108 \Device\Harddisk0\DR0:
13:04:13.0968 3108 MBR partitions:
13:04:13.0968 3108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x855A20, BlocksNum 0x1C96ACA0
13:04:13.0968 3108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x8559E1
13:04:13.0968 3108 ============================================================
13:04:14.0000 3108 C: <-> \Device\Harddisk0\DR0\Partition1
13:04:14.0000 3108 D: <-> \Device\Harddisk0\DR0\Partition2
13:04:14.0000 3108 ============================================================
13:04:14.0000 3108 Initialize success
13:04:14.0000 3108 ============================================================
13:04:53.0281 3540 ============================================================
13:04:53.0281 3540 Scan started
13:04:53.0281 3540 Mode: Manual; TDLFS;
13:04:53.0281 3540 ============================================================
13:04:54.0218 3540 ================ Scan system memory ========================
13:04:54.0234 3540 System memory - ok
13:04:54.0234 3540 ================ Scan services =============================
13:04:54.0328 3540 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:04:54.0343 3540 !SASCORE - ok
13:04:54.0609 3540 Abiosdsk - ok
13:04:54.0640 3540 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:04:54.0718 3540 abp480n5 - ok
13:04:54.0765 3540 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:04:54.0765 3540 ACPI - ok
13:04:54.0859 3540 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:04:54.0859 3540 ACPIEC - ok
13:04:54.0859 3540 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:04:54.0937 3540 adpu160m - ok
13:04:54.0968 3540 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:04:54.0984 3540 aec - ok
13:04:55.0015 3540 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:04:55.0015 3540 AFD - ok
13:04:55.0046 3540 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
13:04:55.0125 3540 agp440 - ok
13:04:55.0156 3540 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:04:55.0203 3540 agpCPQ - ok
13:04:55.0218 3540 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:04:55.0234 3540 Aha154x - ok
13:04:55.0250 3540 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:04:55.0296 3540 aic78u2 - ok
13:04:55.0312 3540 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:04:55.0343 3540 aic78xx - ok
13:04:55.0375 3540 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:04:55.0375 3540 Alerter - ok
13:04:55.0406 3540 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:04:55.0406 3540 ALG - ok
13:04:55.0406 3540 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
13:04:55.0421 3540 AliIde - ok
13:04:55.0437 3540 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:04:55.0484 3540 alim1541 - ok
13:04:55.0500 3540 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:04:55.0531 3540 amdagp - ok
13:04:55.0546 3540 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
13:04:55.0578 3540 amsint - ok
13:04:55.0843 3540 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
13:04:55.0843 3540 AOL ACS - ok
13:04:55.0890 3540 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:04:55.0906 3540 AppMgmt - ok
13:04:55.0937 3540 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:04:56.0031 3540 Arp1394 - ok
13:04:56.0046 3540 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
13:04:56.0078 3540 asc - ok
13:04:56.0109 3540 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:04:56.0140 3540 asc3350p - ok
13:04:56.0156 3540 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:04:56.0171 3540 asc3550 - ok
13:04:56.0218 3540 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
13:04:56.0218 3540 ASCTRM - ok
13:04:56.0343 3540 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:04:56.0406 3540 aspnet_state - ok
13:04:56.0453 3540 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:04:56.0468 3540 AsyncMac - ok
13:04:56.0515 3540 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:04:56.0515 3540 atapi - ok
13:04:56.0515 3540 Atdisk - ok
13:04:56.0578 3540 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:04:56.0625 3540 Atmarpc - ok
13:04:56.0656 3540 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:04:56.0734 3540 AudioSrv - ok
13:04:56.0906 3540 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:04:56.0921 3540 audstub - ok
13:04:57.0078 3540 [ 48BF91CFFBCDD12A710207F2A08FEC4D ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
13:04:57.0203 3540 b57w2k - ok
13:04:57.0234 3540 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:04:57.0234 3540 Beep - ok
13:04:57.0265 3540 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:04:57.0296 3540 BITS - ok
13:04:57.0343 3540 [ D3FACB34FFF5DB91ADB70987838F8BA7 ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
13:04:57.0343 3540 Brother XP spl Service - ok
13:04:57.0375 3540 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:04:57.0390 3540 Browser - ok
13:04:57.0421 3540 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\Drivers\BrScnUsb.sys
13:04:57.0437 3540 BrScnUsb - ok
13:04:57.0484 3540 [ 26051D886F3333CB41857D6F52248DE1 ] BrSerIf C:\WINDOWS\system32\Drivers\BrSerIf.sys
13:04:57.0562 3540 BrSerIf - ok
13:04:57.0593 3540 [ 7AC85CDC03BEFD78908B3B6A73D201D0 ] BrUsbSer C:\WINDOWS\system32\Drivers\BrUsbSer.sys
13:04:57.0640 3540 BrUsbSer - ok
13:04:57.0765 3540 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:04:57.0796 3540 cbidf - ok
13:04:57.0796 3540 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:04:57.0796 3540 cbidf2k - ok
13:04:57.0843 3540 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:04:57.0875 3540 CCDECODE - ok
13:04:57.0968 3540 [ CF1A0433BB97C839484DD359691DD521 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
13:04:57.0968 3540 ccEvtMgr - ok
13:04:58.0000 3540 [ F6394A17866C8E553874DE5EFF3F3679 ] ccPwdSvc C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
13:04:58.0000 3540 ccPwdSvc - ok
13:04:58.0031 3540 [ 76C495A19F694E18BCE9713B3587948E ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
13:04:58.0046 3540 ccSetMgr - ok
13:04:58.0062 3540 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:04:58.0078 3540 cd20xrnt - ok
13:04:58.0109 3540 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:04:58.0109 3540 Cdaudio - ok
13:04:58.0156 3540 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:04:58.0156 3540 Cdfs - ok
13:04:58.0203 3540 [ B025339FBC76547DB7D9633D83D0706D ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
13:04:58.0203 3540 Cdr4_xp - ok
13:04:58.0203 3540 [ 2EDE09C61866FAC671953576FE4CA3BC ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
13:04:58.0203 3540 Cdralw2k - ok
13:04:58.0218 3540 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:04:58.0406 3540 Cdrom - ok
13:04:58.0421 3540 Changer - ok
13:04:58.0500 3540 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:04:58.0593 3540 CiSvc - ok
13:04:58.0625 3540 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:04:58.0765 3540 ClipSrv - ok
13:04:58.0843 3540 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:04:59.0046 3540 clr_optimization_v2.0.50727_32 - ok
13:04:59.0093 3540 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:04:59.0140 3540 clr_optimization_v4.0.30319_32 - ok
13:04:59.0187 3540 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:04:59.0218 3540 CmdIde - ok
13:04:59.0218 3540 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:04:59.0250 3540 Compbatt - ok
13:04:59.0250 3540 COMSysApp - ok
13:04:59.0265 3540 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:04:59.0296 3540 Cpqarray - ok
13:04:59.0390 3540 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:04:59.0421 3540 CryptSvc - ok
13:04:59.0421 3540 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:04:59.0468 3540 dac2w2k - ok
13:04:59.0484 3540 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:04:59.0500 3540 dac960nt - ok
13:04:59.0546 3540 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:04:59.0562 3540 DcomLaunch - ok
13:04:59.0609 3540 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:04:59.0609 3540 Dhcp - ok
13:04:59.0687 3540 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:04:59.0734 3540 Disk - ok
13:04:59.0750 3540 dmadmin - ok
13:05:00.0125 3540 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:05:00.0453 3540 dmboot - ok
13:05:00.0500 3540 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:05:00.0687 3540 dmio - ok
13:05:00.0765 3540 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:05:00.0921 3540 dmload - ok
13:05:00.0984 3540 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:05:00.0984 3540 dmserver - ok
13:05:01.0000 3540 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:05:01.0015 3540 DMusic - ok
13:05:01.0046 3540 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:05:01.0062 3540 Dnscache - ok
13:05:01.0203 3540 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:05:01.0218 3540 Dot3svc - ok
13:05:01.0234 3540 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:05:01.0343 3540 dpti2o - ok
13:05:01.0468 3540 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:05:01.0468 3540 drmkaud - ok
13:05:01.0515 3540 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:05:01.0531 3540 EapHost - ok
13:05:01.0765 3540 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
13:05:01.0781 3540 ehRecvr - ok
13:05:01.0828 3540 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
13:05:01.0828 3540 ehSched - ok
13:05:01.0890 3540 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:05:01.0906 3540 ERSvc - ok
13:05:01.0984 3540 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:05:01.0984 3540 Eventlog - ok
13:05:02.0046 3540 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
13:05:02.0046 3540 EventSystem - ok
13:05:02.0109 3540 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:05:02.0156 3540 Fastfat - ok
13:05:02.0218 3540 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:05:02.0218 3540 FastUserSwitchingCompatibility - ok
13:05:02.0265 3540 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:05:02.0296 3540 Fdc - ok
13:05:02.0359 3540 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:05:02.0359 3540 Fips - ok
13:05:02.0375 3540 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:05:02.0406 3540 Flpydisk - ok
13:05:02.0453 3540 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:05:02.0578 3540 FltMgr - ok
13:05:02.0734 3540 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:05:02.0859 3540 FontCache3.0.0.0 - ok
13:05:02.0921 3540 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:05:02.0921 3540 Fs_Rec - ok
13:05:02.0937 3540 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:05:02.0968 3540 Ftdisk - ok
13:05:02.0984 3540 g7bs_device - ok
13:05:03.0015 3540 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:05:03.0046 3540 Gpc - ok
13:05:03.0187 3540 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:05:03.0203 3540 gupdate - ok
13:05:03.0203 3540 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:05:03.0203 3540 gupdatem - ok
13:05:03.0296 3540 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:05:03.0296 3540 HDAudBus - ok
13:05:03.0390 3540 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:05:03.0390 3540 helpsvc - ok
13:05:03.0406 3540 [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys
13:05:03.0437 3540 HidBatt - ok
13:05:03.0437 3540 HidServ - ok
13:05:03.0468 3540 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:05:03.0515 3540 HidUsb - ok
13:05:03.0562 3540 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:05:03.0562 3540 hkmsvc - ok
13:05:03.0718 3540 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
13:05:03.0921 3540 hpn - ok
13:05:04.0031 3540 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:05:04.0031 3540 hpqcxs08 - ok
13:05:04.0078 3540 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:05:04.0078 3540 hpqddsvc - ok
13:05:04.0140 3540 [ 14229263AA19C704E0D6D2E7404A8455 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
13:05:04.0156 3540 HPSLPSVC - ok
13:05:04.0218 3540 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:05:04.0265 3540 HPZid412 - ok
13:05:04.0296 3540 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:05:04.0328 3540 HPZipr12 - ok
13:05:04.0343 3540 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:05:04.0453 3540 HPZius12 - ok
13:05:04.0500 3540 [ B6B0721A86E51D141EC55C3CC1CA5686 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
13:05:04.0562 3540 HSFHWBS2 - ok
13:05:04.0640 3540 [ B2DFC168D6F7512FAEA085253C5A37AD ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
13:05:04.0781 3540 HSF_DP - ok
13:05:04.0843 3540 [ 698204D9C2832E53633E53A30A53FC3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
13:05:04.0890 3540 HSF_DPV - ok
13:05:04.0937 3540 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:05:04.0937 3540 HTTP - ok
13:05:04.0984 3540 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:05:04.0984 3540 HTTPFilter - ok
13:05:05.0015 3540 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
13:05:05.0015 3540 i2omgmt - ok
13:05:05.0031 3540 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:05:05.0062 3540 i2omp - ok
13:05:05.0093 3540 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:05:05.0140 3540 i8042prt - ok
13:05:05.0218 3540 [ 0294A30B302CA71A2C26E582DDA93486 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:05:05.0312 3540 ialm - ok
13:05:05.0406 3540 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:05:05.0421 3540 idsvc - ok
13:05:05.0484 3540 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:05:05.0531 3540 Imapi - ok
13:05:05.0578 3540 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:05:05.0578 3540 ImapiService - ok
13:05:05.0625 3540 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:05:05.0640 3540 ini910u - ok
13:05:05.0656 3540 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
13:05:05.0671 3540 IntelIde - ok
13:05:05.0718 3540 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:05:05.0765 3540 intelppm - ok
13:05:05.0875 3540 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
13:05:05.0875 3540 IntuitUpdateService - ok
13:05:05.0921 3540 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
13:05:05.0937 3540 IntuitUpdateServiceV4 - ok
13:05:05.0968 3540 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:05:06.0000 3540 Ip6Fw - ok
13:05:06.0031 3540 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:05:06.0062 3540 IpFilterDriver - ok
13:05:06.0078 3540 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:05:06.0140 3540 IpInIp - ok
13:05:06.0171 3540 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:05:06.0171 3540 IpNat - ok
13:05:06.0203 3540 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:05:06.0406 3540 IPSec - ok
13:05:06.0437 3540 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:05:06.0843 3540 IRENUM - ok
13:05:06.0875 3540 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:05:06.0968 3540 isapnp - ok
13:05:07.0000 3540 [ 8F1BA487B35F0C8F637E05113AA815F8 ] itchfltr C:\WINDOWS\system32\DRIVERS\itchfltr.sys
13:05:07.0078 3540 itchfltr - ok
13:05:07.0125 3540 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:05:07.0156 3540 Kbdclass - ok
13:05:07.0328 3540 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:05:07.0359 3540 kmixer - ok
13:05:07.0437 3540 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:05:07.0500 3540 KSecDD - ok
13:05:07.0562 3540 [ 0F8B7BF7097D1E8D78F2F52A2BEA03CD ] L8042pr2 C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
13:05:07.0656 3540 L8042pr2 - ok
13:05:07.0890 3540 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:05:07.0906 3540 lanmanserver - ok
13:05:08.0000 3540 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:05:08.0031 3540 lanmanworkstation - ok
13:05:08.0046 3540 lbrtfdc - ok
13:05:08.0093 3540 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:05:08.0109 3540 LmHosts - ok
13:05:08.0140 3540 [ AEF09673376A4D93C09E8341854F1BF4 ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
13:05:08.0296 3540 LMouFlt2 - ok
13:05:08.0343 3540 [ 8731762B5CE81DB560AA7CA6039AE5D5 ] MAFWBOOT C:\WINDOWS\system32\DRIVERS\mafwboot.sys
13:05:08.0406 3540 MAFWBOOT - ok
13:05:09.0906 3540 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
13:05:09.0984 3540 McComponentHostService - ok
13:05:10.0312 3540 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
13:05:10.0468 3540 McrdSvc - ok
13:05:10.0546 3540 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:05:10.0656 3540 mdmxsdk - ok
13:05:10.0781 3540 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:05:10.0843 3540 Messenger - ok
13:05:10.0953 3540 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
13:05:11.0015 3540 MHN - ok
13:05:11.0296 3540 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
13:05:11.0328 3540 MHNDRV - ok
13:05:11.0484 3540 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:05:11.0531 3540 mnmdd - ok
13:05:11.0765 3540 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:05:11.0843 3540 mnmsrvc - ok
13:05:12.0140 3540 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:05:12.0156 3540 Modem - ok
13:05:12.0171 3540 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:05:12.0218 3540 Mouclass - ok
13:05:12.0265 3540 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:05:12.0343 3540 mouhid - ok
13:05:12.0531 3540 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:05:12.0562 3540 MountMgr - ok
13:05:12.0656 3540 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:05:12.0781 3540 MpFilter - ok
13:05:12.0843 3540 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:05:12.0875 3540 mraid35x - ok
13:05:13.0390 3540 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:05:13.0468 3540 MRxDAV - ok
13:05:14.0687 3540 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:05:14.0828 3540 MRxSmb - ok
13:05:14.0875 3540 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:05:14.0906 3540 MSDTC - ok
13:05:14.0921 3540 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:05:14.0937 3540 Msfs - ok
13:05:14.0953 3540 MSIServer - ok
13:05:14.0968 3540 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:05:15.0000 3540 MSKSSRV - ok
13:05:15.0156 3540 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:05:15.0187 3540 MsMpSvc - ok
13:05:15.0250 3540 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:05:15.0265 3540 MSPCLOCK - ok
13:05:15.0328 3540 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:05:15.0343 3540 MSPQM - ok
13:05:15.0406 3540 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:05:15.0453 3540 mssmbios - ok
13:05:15.0859 3540 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:05:15.0921 3540 MSTEE - ok
13:05:16.0000 3540 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:05:16.0031 3540 Mup - ok
13:05:16.0109 3540 [ E1CDF20697D992CF83FF86DD04DF1285 ] mxnic C:\WINDOWS\system32\DRIVERS\mxnic.sys
13:05:16.0187 3540 mxnic - ok
13:05:16.0187 3540 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:05:16.0250 3540 NABTSFEC - ok
13:05:16.0562 3540 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:05:16.0703 3540 napagent - ok
13:05:16.0843 3540 [ E8C8A45C761DC2B807698642A3BB0B55 ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080723.039\NAVENG.SYS
13:05:16.0953 3540 NAVENG - ok
13:05:17.0328 3540 [ 672ED614F1E2F388B20290B2DA1B8DAD ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080723.039\NAVEX15.SYS
13:05:17.0562 3540 NAVEX15 - ok
13:05:17.0625 3540 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:05:17.0734 3540 NDIS - ok
13:05:17.0765 3540 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:05:17.0796 3540 NdisIP - ok
13:05:17.0937 3540 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:05:17.0968 3540 NdisTapi - ok
13:05:18.0062 3540 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:05:18.0093 3540 Ndisuio - ok
13:05:18.0140 3540 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:05:18.0250 3540 NdisWan - ok
13:05:18.0328 3540 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:05:18.0359 3540 NDProxy - ok
13:05:18.0468 3540 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
13:05:18.0484 3540 Net Driver HPZ12 - ok
13:05:18.0546 3540 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:05:18.0640 3540 NetBIOS - ok
13:05:18.0671 3540 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:05:18.0765 3540 NetBT - ok
13:05:18.0875 3540 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:05:19.0015 3540 NetDDE - ok
13:05:19.0093 3540 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:05:19.0093 3540 NetDDEdsdm - ok
13:05:19.0140 3540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:05:19.0156 3540 Netlogon - ok
13:05:19.0187 3540 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:05:19.0234 3540 Netman - ok
13:05:19.0281 3540 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:05:19.0484 3540 NetTcpPortSharing - ok
13:05:19.0515 3540 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:05:19.0578 3540 NIC1394 - ok
13:05:19.0640 3540 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:05:19.0750 3540 Nla - ok
13:05:19.0828 3540 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:05:19.0843 3540 Npfs - ok
13:05:20.0015 3540 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:05:20.0140 3540 Ntfs - ok
13:05:20.0156 3540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:05:20.0156 3540 NtLmSsp - ok
13:05:20.0453 3540 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:05:20.0546 3540 NtmsSvc - ok
13:05:20.0640 3540 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:05:20.0656 3540 Null - ok
13:05:21.0562 3540 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:05:22.0343 3540 nv - ok
13:05:22.0390 3540 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:05:22.0453 3540 NwlnkFlt - ok
13:05:22.0484 3540 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:05:22.0546 3540 NwlnkFwd - ok
13:05:22.0578 3540 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:05:22.0640 3540 ohci1394 - ok
13:05:22.0859 3540 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:05:22.0875 3540 ose - ok
13:05:22.0921 3540 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
13:05:22.0984 3540 P3 - ok
13:05:23.0375 3540 [ 34A947ACB48B2085D0FBF2D025169962 ] PACSPTISVR-Sound_Organizer C:\Program Files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe
13:05:23.0484 3540 PACSPTISVR-Sound_Organizer - ok
13:05:23.0546 3540 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:05:23.0640 3540 Parport - ok
13:05:23.0656 3540 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:05:23.0687 3540 PartMgr - ok
13:05:23.0765 3540 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:05:23.0812 3540 ParVdm - ok
13:05:23.0828 3540 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:05:23.0906 3540 PCI - ok
13:05:23.0906 3540 PCIDump - ok
13:05:23.0984 3540 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:05:24.0015 3540 PCIIde - ok
13:05:24.0109 3540 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:05:24.0109 3540 Pcmcia - ok
13:05:24.0125 3540 PDCOMP - ok
13:05:24.0125 3540 PDFRAME - ok
13:05:24.0140 3540 PDRELI - ok
13:05:24.0140 3540 PDRFRAME - ok
13:05:24.0171 3540 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
13:05:24.0218 3540 perc2 - ok
13:05:24.0250 3540 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:05:24.0281 3540 perc2hib - ok
13:05:24.0312 3540 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:05:24.0359 3540 PlugPlay - ok
13:05:24.0390 3540 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
13:05:24.0406 3540 Pml Driver HPZ12 - ok
13:05:24.0437 3540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:05:24.0437 3540 PolicyAgent - ok
13:05:24.0468 3540 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:05:24.0531 3540 PptpMiniport - ok
13:05:24.0656 3540 [ 33D7285F12D934268A34206DFC4AD1B3 ] PrismXL C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
13:05:24.0875 3540 PrismXL - ok
13:05:24.0906 3540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:05:24.0906 3540 ProtectedStorage - ok
13:05:24.0937 3540 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:05:25.0015 3540 PSched - ok
13:05:25.0015 3540 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:05:25.0062 3540 Ptilink - ok
13:05:25.0093 3540 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:05:25.0140 3540 PxHelp20 - ok
13:05:25.0156 3540 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:05:25.0187 3540 ql1080 - ok
13:05:25.0203 3540 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:05:25.0250 3540 Ql10wnt - ok
13:05:25.0250 3540 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:05:25.0296 3540 ql12160 - ok
13:05:25.0328 3540 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:05:25.0375 3540 ql1240 - ok
13:05:25.0390 3540 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:05:25.0468 3540 ql1280 - ok
13:05:25.0500 3540 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:05:25.0515 3540 RasAcd - ok
13:05:25.0640 3540 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:05:25.0703 3540 RasAuto - ok
13:05:25.0734 3540 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:05:25.0796 3540 Rasl2tp - ok
13:05:25.0906 3540 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:05:25.0937 3540 RasMan - ok
13:05:25.0953 3540 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:05:26.0015 3540 RasPppoe - ok
13:05:26.0093 3540 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:05:26.0140 3540 Raspti - ok
13:05:26.0218 3540 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:05:26.0328 3540 Rdbss - ok
13:05:26.0359 3540 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:05:26.0406 3540 RDPCDD - ok
13:05:26.0421 3540 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:05:26.0562 3540 rdpdr - ok
13:05:26.0671 3540 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:05:26.0750 3540 RDPWD - ok
13:05:26.0843 3540 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:05:26.0937 3540 RDSessMgr - ok
13:05:26.0968 3540 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:05:27.0031 3540 redbook - ok
13:05:27.0093 3540 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:05:27.0093 3540 RemoteAccess - ok
13:05:27.0156 3540 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:05:27.0171 3540 RemoteRegistry - ok
13:05:27.0234 3540 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:05:27.0296 3540 RpcLocator - ok
13:05:27.0390 3540 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:05:27.0406 3540 RpcSs - ok
13:05:27.0453 3540 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:05:27.0546 3540 RSVP - ok
13:05:27.0562 3540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:05:27.0562 3540 SamSs - ok
13:05:27.0640 3540 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:05:27.0734 3540 SASDIFSV - ok
13:05:27.0734 3540 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:05:27.0734 3540 SASKUTIL - ok
13:05:27.0750 3540 SAVRT - ok
13:05:27.0750 3540 SAVRTPEL - ok
13:05:27.0781 3540 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:05:27.0859 3540 SCardSvr - ok
13:05:28.0000 3540 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:05:28.0015 3540 Schedule - ok
13:05:28.0031 3540 SCR33X USB Smart Card Reader - ok
13:05:28.0078 3540 [ A2B0F1AD2919B13C7EB0FC743492BFD1 ] SCR3xx USB Smart Card Reader C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys
13:05:28.0187 3540 SCR3xx USB Smart Card Reader - ok
13:05:28.0234 3540 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:05:28.0296 3540 Secdrv - ok
13:05:28.0328 3540 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:05:28.0328 3540 seclogon - ok
13:05:28.0406 3540 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:05:28.0421 3540 SENS - ok
13:05:28.0468 3540 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:05:28.0515 3540 Serenum - ok
13:05:28.0531 3540 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:05:28.0625 3540 Serial - ok
13:05:28.0750 3540 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:05:28.0765 3540 Sfloppy - ok
13:05:28.0812 3540 [ 71011E31A67514BE6E5468734766F673 ] sfng32 C:\WINDOWS\system32\drivers\sfng32.sys
13:05:28.0890 3540 sfng32 - ok
13:05:28.0984 3540 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:05:29.0046 3540 SharedAccess - ok
13:05:29.0125 3540 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:05:29.0125 3540 ShellHWDetection - ok
13:05:29.0140 3540 Simbad - ok
13:05:29.0171 3540 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:05:29.0265 3540 sisagp - ok
13:05:29.0296 3540 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:05:29.0343 3540 SLIP - ok
13:05:29.0390 3540 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:05:29.0437 3540 Sparrow - ok
13:05:29.0468 3540 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:05:29.0500 3540 splitter - ok
13:05:29.0531 3540 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:05:30.0250 3540 Spooler - ok
13:05:30.0296 3540 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:05:30.0375 3540 sr - ok
13:05:30.0468 3540 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:05:30.0500 3540 srservice - ok
13:05:30.0593 3540 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:05:30.0671 3540 Srv - ok
13:05:30.0734 3540 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:05:30.0781 3540 SSDPSRV - ok
13:05:30.0828 3540 [ 8564BC9598BE1705477B7FA61D657C2B ] SSKBFD C:\WINDOWS\system32\Drivers\sskbfd.sys
13:05:30.0859 3540 SSKBFD - ok
13:05:30.0968 3540 [ 002A21C2B0493C83E593DE01E96D2999 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
13:05:31.0265 3540 STHDA - ok
13:05:32.0078 3540 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:05:32.0234 3540 stisvc - ok
13:05:32.0250 3540 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:05:32.0296 3540 streamip - ok
13:05:32.0359 3540 [ 86CA1A5C15A5A98D5533945FB1120B05 ] SunkFilt C:\WINDOWS\System32\Drivers\sunkfilt.sys
13:05:32.0421 3540 SunkFilt - ok
13:05:32.0453 3540 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:05:32.0500 3540 swenum - ok
13:05:32.0656 3540 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:05:32.0937 3540 swmidi - ok
13:05:32.0937 3540 SwPrv - ok
13:05:33.0046 3540 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
13:05:33.0093 3540 symc810 - ok
13:05:33.0140 3540 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:05:33.0187 3540 symc8xx - ok
13:05:33.0312 3540 [ C9B8F325B2A22CDA1BDA7B25181B1389 ] SymEvent C:\Program Files\Symantec\SYMEVENT.SYS
13:05:33.0687 3540 SymEvent - ok
13:05:33.0718 3540 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:05:33.0781 3540 sym_hi - ok
13:05:33.0796 3540 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:05:33.0859 3540 sym_u3 - ok
13:05:33.0906 3540 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:05:34.0000 3540 sysaudio - ok
13:05:34.0109 3540 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:05:34.0250 3540 SysmonLog - ok
13:05:34.0421 3540 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:05:34.0468 3540 TapiSrv - ok
13:05:34.0593 3540 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:05:34.0750 3540 Tcpip - ok
13:05:34.0781 3540 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:05:34.0796 3540 TDPIPE - ok
13:05:34.0843 3540 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:05:34.0859 3540 TDTCP - ok
13:05:34.0890 3540 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:05:34.0968 3540 TermDD - ok
13:05:35.0187 3540 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:05:35.0390 3540 TermService - ok
13:05:35.0437 3540 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:05:35.0437 3540 Themes - ok
13:05:35.0500 3540 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
13:05:35.0656 3540 TlntSvr - ok
13:05:35.0765 3540 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
13:05:35.0859 3540 TosIde - ok
13:05:36.0031 3540 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:05:36.0062 3540 TrkWks - ok
13:05:36.0140 3540 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:05:36.0171 3540 Udfs - ok
13:05:36.0328 3540 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
13:05:36.0375 3540 ultra - ok
13:05:36.0671 3540 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:05:36.0953 3540 Update - ok
13:05:37.0078 3540 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:05:37.0156 3540 upnphost - ok
13:05:37.0171 3540 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:05:37.0343 3540 UPS - ok
13:05:37.0546 3540 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
13:05:37.0640 3540 usbaudio - ok
13:05:37.0687 3540 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:05:37.0765 3540 usbccgp - ok
13:05:37.0796 3540 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:05:37.0843 3540 usbehci - ok
13:05:37.0890 3540 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:05:37.0968 3540 usbhub - ok
13:05:37.0984 3540 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:05:38.0078 3540 usbprint - ok
13:05:38.0125 3540 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:05:38.0140 3540 usbscan - ok
13:05:38.0187 3540 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:05:38.0234 3540 USBSTOR - ok
13:05:38.0281 3540 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:05:38.0343 3540 usbuhci - ok
13:05:38.0375 3540 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
13:05:38.0421 3540 usbvideo - ok
13:05:38.0453 3540 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:05:38.0484 3540 VgaSave - ok
13:05:38.0531 3540 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:05:38.0578 3540 viaagp - ok
13:05:38.0593 3540 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
13:05:38.0609 3540 ViaIde - ok
13:05:38.0625 3540 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:05:38.0625 3540 VolSnap - ok
13:05:38.0687 3540 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:05:38.0812 3540 VSS - ok
13:05:38.0875 3540 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
13:05:38.0890 3540 W32Time - ok
13:05:38.0921 3540 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:05:38.0984 3540 Wanarp - ok
13:05:39.0031 3540 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
13:05:39.0062 3540 wanatw - ok
13:05:39.0109 3540 [ EB9A99AB5D17B1727034FF191E6448D7 ] WANMiniportService C:\WINDOWS\wanmpsvc.exe
13:05:40.0140 3540 WANMiniportService - ok
13:05:40.0140 3540 WDICA - ok
13:05:40.0187 3540 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:05:40.0281 3540 wdmaud - ok
13:05:40.0312 3540 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:05:40.0343 3540 WebClient - ok
13:05:40.0578 3540 [ 74CF3F2E4E40C4A2E18D39D6300A5C24 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:05:40.0843 3540 winachsf - ok
13:05:41.0031 3540 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:05:41.0046 3540 winmgmt - ok
13:05:41.0109 3540 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:05:41.0109 3540 WmdmPmSN - ok
13:05:41.0359 3540 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
13:05:41.0593 3540 Wmi - ok
13:05:41.0656 3540 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:05:41.0859 3540 WmiApSrv - ok
13:05:42.0281 3540 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
13:05:42.0593 3540 WMPNetworkSvc - ok
13:05:43.0234 3540 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:05:44.0046 3540 WPFFontCache_v0400 - ok
13:05:44.0125 3540 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:05:44.0156 3540 wscsvc - ok
13:05:44.0187 3540 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:05:44.0218 3540 WSTCODEC - ok
13:05:44.0218 3540 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:05:44.0312 3540 wuauserv - ok
13:05:44.0359 3540 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:05:44.0484 3540 WudfPf - ok
13:05:44.0515 3540 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:05:44.0640 3540 WudfRd - ok
13:05:44.0750 3540 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:05:44.0796 3540 WudfSvc - ok
13:05:44.0937 3540 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:05:45.0031 3540 WZCSVC - ok
13:05:45.0062 3540 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:05:45.0062 3540 xmlprov - ok
13:05:45.0078 3540 ================ Scan global ===============================
13:05:45.0125 3540 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:05:45.0218 3540 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:05:45.0250 3540 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:05:45.0296 3540 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:05:45.0296 3540 [Global] - ok
13:05:45.0296 3540 ================ Scan MBR ==================================
13:05:45.0343 3540 [ B20939CD98B7710036274839082AE757 ] \Device\Harddisk0\DR0
13:05:46.0656 3540 \Device\Harddisk0\DR0 - ok
13:05:46.0656 3540 ================ Scan VBR ==================================
13:05:46.0687 3540 [ 6FD3744F4B783D79CD280A1E0335AC19 ] \Device\Harddisk0\DR0\Partition1
13:05:46.0687 3540 \Device\Harddisk0\DR0\Partition1 - ok
13:05:46.0703 3540 [ 2D31A2DB75E809A3408EBAD24C64A116 ] \Device\Harddisk0\DR0\Partition2
13:05:46.0703 3540 \Device\Harddisk0\DR0\Partition2 - ok
13:05:46.0703 3540 ============================================================
13:05:46.0703 3540 Scan finished
13:05:46.0703 3540 ============================================================
13:05:46.0718 1820 Detected object count: 0
13:05:46.0718 1820 Actual detected object count: 0
13:10:49.0625 3988 Deinitialize success

#4 ZeldaB

ZeldaB
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 23 November 2012 - 03:19 PM

I used the link provided for aswMBR, and when I tried to execute, received a message that the certificate could not be verified. Is this as it should be, or is there a problem? The warning message recommends not running the file, so for the moment, I have not done so.

Thank you,
ZB

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:36 PM

Posted 23 November 2012 - 03:21 PM

Go ahead

#6 ZeldaB

ZeldaB
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 23 November 2012 - 07:44 PM

The ESET log reads:

C:\Documents and Settings\Owner\My Documents\Downloads\MMCsetup.exe Win32/Somoto application cleaned by deleting - quarantined

#7 ZeldaB

ZeldaB
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 23 November 2012 - 08:09 PM

This is the aswMBR log. I hope I didn't mess things up by doing the two scans in reverse order from your instructions. Let me know if I need to redo the ESET scan.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-23 17:46:49
-----------------------------
17:46:49.281 OS Version: Windows 5.1.2600 Service Pack 3
17:46:49.281 Number of processors: 2 586 0x404
17:46:49.281 ComputerName: ZELDAB UserName: Owner
17:46:52.359 Initialize success
17:50:07.406 AVAST engine defs: 12112302
17:55:11.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
17:55:11.421 Disk 0 Vendor: HDS722525VLSA80 V36OA6MA Size: 238475MB BusType: 3
17:55:11.437 Disk 0 MBR read successfully
17:55:11.437 Disk 0 MBR scan
17:55:11.625 Disk 0 unknown MBR code
17:55:11.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 234197 MB offset 8739360
17:55:11.671 Disk 0 Partition 2 00 0B FAT32 RECOVERY 4267 MB offset 63
17:55:13.046 Disk 0 scanning sectors +488376000
17:55:13.125 Disk 0 scanning C:\WINDOWS\system32\drivers
17:55:34.843 Service scanning
17:55:52.718 Service MpKsl8cb05f7f c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{898D3741-5FD3-45F2-8BC6-431BC9F311A2}\MpKsl8cb05f7f.sys **LOCKED** 32
17:56:10.703 Modules scanning
17:56:15.781 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
17:56:17.015 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
17:56:17.015 Disk 0 trace - called modules:
17:56:17.031
17:56:17.609 AVAST engine scan C:\WINDOWS
17:56:31.265 AVAST engine scan C:\WINDOWS\system32
18:02:11.031 AVAST engine scan C:\WINDOWS\system32\drivers
18:02:48.750 AVAST engine scan C:\Documents and Settings\Owner
18:06:55.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\Computer\MBR.dat"
18:06:55.796 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\Computer\aswMBR.txt"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:36 PM

Posted 23 November 2012 - 08:32 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#9 ZeldaB

ZeldaB
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 24 November 2012 - 02:57 AM

Here is the MalwareBytes log.

Note: I already had this program on my computer, but when I tried to open it, I got a message saying that files were missing and the program could not be opened. I downloaded and reinstalled to run this. But it didn't find anything.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.24.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: ZELDAB [administrator]

11/23/2012 11:36:00 PM
mbam-log-2012-11-23 (23-36-00).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 406249
Time elapsed: 1 hour(s), 18 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 ZeldaB

ZeldaB
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 24 November 2012 - 03:03 AM

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by Owner (administrator) on 24-11-2012 at 00:59:13
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : ZeldaB

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Home



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : Home

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

Physical Address. . . . . . . . . : 00-13-20-55-70-47

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

205.171.2.25

Lease Obtained. . . . . . . . . . : Saturday, November 24, 2012 12:53:28 AM

Lease Expires . . . . . . . . . . : Sunday, November 25, 2012 12:53:28 AM

DNS request timed out.
timeout was 2 seconds.
Server: resolver.qwest.net
Address: 205.171.2.25

Name: google.com
Addresses: 74.125.225.198, 74.125.225.199, 74.125.225.200, 74.125.225.201
74.125.225.206, 74.125.225.192, 74.125.225.193, 74.125.225.194, 74.125.225.195
74.125.225.196, 74.125.225.197



Pinging google.com [74.125.225.193] with 32 bytes of data:



Reply from 74.125.225.193: bytes=32 time=26ms TTL=57

Reply from 74.125.225.193: bytes=32 time=26ms TTL=57



Ping statistics for 74.125.225.193:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 26ms, Maximum = 26ms, Average = 26ms

DNS request timed out.
timeout was 2 seconds.
Server: resolver.qwest.net
Address: 205.171.2.25

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=138ms TTL=51

Reply from 98.139.183.24: bytes=32 time=94ms TTL=51



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 94ms, Maximum = 138ms, Average = 116ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 55 70 47 ...... Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 10
192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 10
224.0.0.0 240.0.0.0 192.168.0.2 192.168.0.2 10
255.255.255.255 255.255.255.255 192.168.0.2 192.168.0.2 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/23/2012 00:33:48 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (11/22/2012 00:36:26 AM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 21672, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (11/22/2012 00:36:23 AM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (11/22/2012 00:36:23 AM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 21672, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (11/21/2012 02:20:13 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (11/21/2012 02:20:09 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/21/2012 00:57:40 PM) (Source: Application Hang) (User: )
Description: Hanging application wpwin9.exe, version 9.0.0.528, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/16/2012 01:27:43 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/25/2012 08:54:54 PM) (Source: Application Hang) (User: )
Description: Fault bucket -1175926165.

Error: (10/25/2012 08:54:47 PM) (Source: Application Hang) (User: )
Description: Hanging application OCDMEDIAMANAGER.EXE, version 59.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (11/23/2012 00:54:18 PM) (Source: Service Control Manager) (User: )
Description: The SAVRTPEL service failed to start due to the following error:
%%3

Error: (11/23/2012 00:54:18 PM) (Source: Service Control Manager) (User: )
Description: The Media Center Extender Service service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058

Error: (11/23/2012 00:53:28 PM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted: %24

Error Code: 0x80070002

Error description: The system cannot find the file specified.

Signature version: 1.141.28.0;1.141.28.0

Engine version: %600

Error: (11/23/2012 00:47:05 PM) (Source: Service Control Manager) (User: )
Description: The g7bs_device service failed to start due to the following error:
%%1053

Error: (11/23/2012 00:47:05 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the g7bs_device service to connect.

Error: (11/23/2012 00:47:05 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1053" attempting to start the service g7bs_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E441086}

Error: (11/23/2012 00:46:46 PM) (Source: Service Control Manager) (User: )
Description: The g7bs_device service failed to start due to the following error:
%%1053

Error: (11/23/2012 00:46:46 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the g7bs_device service to connect.

Error: (11/23/2012 00:46:46 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1053" attempting to start the service g7bs_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E441086}

Error: (11/23/2012 00:41:23 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.141.233.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (11/23/2012 00:33:48 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (11/22/2012 00:36:26 AM) (Source: LoadPerf)(User: )
Description: 21672

Error: (11/22/2012 00:36:23 AM) (Source: LoadPerf)(User: )
Description: WmiApRplWmiApRpl

Error: (11/22/2012 00:36:23 AM) (Source: LoadPerf)(User: )
Description: 21672

Error: (11/21/2012 02:20:13 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (11/21/2012 02:20:09 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (11/21/2012 00:57:40 PM) (Source: Application Hang)(User: )
Description: wpwin9.exe9.0.0.528hungapp0.0.0.000000000

Error: (11/16/2012 01:27:43 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/25/2012 08:54:54 PM) (Source: Application Hang)(User: )
Description: -1175926165

Error: (10/25/2012 08:54:47 PM) (Source: Application Hang)(User: )
Description: OCDMEDIAMANAGER.EXE59.0.0.0hungapp0.0.0.000000000


=========================== Installed Programs ============================

.NET Framework Enterprise Code Access Security Policy (Version: 1.0.2411.0)
32 Bit HP CIO Components Installer (Version: 3.1.1)
6500_E709_eDocs (Version: 1.00.0000)
6500_E709_Help (Version: 1.00.0000)
6500_E709n (Version: 50.0.165.000)
Adobe Acrobat 4.0 (Version: 4.0)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Reader 7.0.9 (Version: 7.0.9)
AnswerWorks 4.0 Runtime - English (Version: 4.0.101)
AnswerWorks 5.0 English Runtime (Version: 008.000.0003)
AnswerWorks Runtime
AOL Uninstaller (Choose which Products to Remove)
AVG PC Tuneup (Version: 10.0.0.27)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 120.0.194.000)
ccCommon (Version: 103.0.2.10)
CenturyLink Installer (Version: 1.0)
CKMAG5
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Corel Applications
Destination Component (Version: 110.0.0.0)
DeviceDiscovery (Version: 120.0.194.000)
Digital Media Reader (Version: 1.10)
DocMgr (Version: 120.0.000.000)
DocProc (Version: 12.0.0.0)
EBSCO Publishing Download Manager (Version: 1.1.2)
ESET Online Scanner v3
Fax (Version: 120.0.194.000)
Firewire Family (Version: 5.10.0.5023x19v4)
Freemake Video Converter version 1.3.0
Google Chrome (Version: 23.0.1271.64)
Google SketchUp 8 (Version: 3.0.3117)
Google Update Helper (Version: 1.3.21.123)
GPBaseService2 (Version: 120.0.194.000)
HP Customer Participation Program 12.0 (Version: 12.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 12.0 (Version: 12.0)
HP Officejet 6500 E709 Series (Version: 12.0)
HP Smart Web Printing (Version: 4.05)
HP Solution Center 12.0 (Version: 12.0)
HP Update (Version: 4.000.011.006)
HPProductAssistant (Version: 120.0.194.000)
Intel Audio Studio (Version: 1.57.3000)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4299)
Learn2 Player (Uninstall Only)
Live 6.0.1
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.79.1
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MarketResearch (Version: 120.0.226.000)
McAfee Security Scan Plus (Version: 3.0.207.4)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Digital Image Library 9 - Blocker (Version: 9.00.0000)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Picture It! Library 10 (Version: 10.0.0612)
Microsoft Picture It! Premium 10 (Version: 10.0.0612)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.04.0623)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Multimedia Keyboard Driver
Napster (Version: 3.0.3.7)
Napster Burn Engine (Version: 2.5.0000)
Nero BurnRights
Nero OEM
Netflix Movie Viewer (Version: 1.2.211)
Network (Version: 120.0.194.000)
OCR Software by I.R.I.S. 12.0 (Version: 12.0)
OneClickdigital Media Manager (Version: 59.0.0.0)
OverDrive Media Console (Version: 3.2.20)
PaperPort (Version: 9.02.0814)
PowerDVD
ProductContext (Version: 50.0.165.000)
Python 3.3.0 (Version: 3.3.150)
Quicken 2001 Home & Business
QuickTime
RapidSketch Web Component (Version: 1.00.0000)
RealPlayer Basic
Scan (Version: 12.0.0.0)
Sentrilock Card Utiltity (Version: 1.0.2)
SigmaTel Audio (Version: 5.10.4441.0)
SmartWebPrinting (Version: 120.0.194.000)
Soft Data Fax Modem with SmartCP
SolutionCenter (Version: 120.0.194.000)
Sound Organizer (Version: 1.1.1.12161)
Status (Version: 120.0.194.000)
SUPERAntiSpyware (Version: 5.6.1012)
Toolbox (Version: 120.0.194.000)
TrayApp (Version: 120.0.194.000)
TurboTax 2008
TurboTax 2008 wcoiper (Version: 008.000.0118)
TurboTax 2008 WinPerFedFormset (Version: 008.000.0341)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0219)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0197)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.1007)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0433)
TurboTax 2008 wrapper (Version: 008.000.0065)
TurboTax 2009
TurboTax 2009 wcaiper (Version: 009.000.1050)
TurboTax 2009 wcoiper (Version: 009.000.0687)
TurboTax 2009 WinPerFedFormset (Version: 009.000.2881)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0245)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 wcaiper (Version: 010.000.1393)
TurboTax 2010 wcoiper (Version: 010.000.1335)
TurboTax 2010 WinPerFedFormset (Version: 010.000.4227)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0483)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0214)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2011
TurboTax 2011 wcaiper (Version: 011.000.1647)
TurboTax 2011 wcoiper (Version: 011.000.1608)
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0474)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax Deluxe 2007
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB972636) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
VersaJette M300
Viewpoint Media Player
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 120.0.194.000)
Windows Driver Package - SCM Microsystems Inc. (SCR3xx USB Smart Card Reader) SmartCardReader (11/07/2006 4.35.00.01) (Version: 11/07/2006 4.35.00.01)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Media Center Edition 2005 KB2628259
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 69%
Total physical RAM: 1011.83 MB
Available physical RAM: 306.85 MB
Total Pagefile: 2425.72 MB
Available Pagefile: 1820.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.92 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:228.71 GB) (Free:143.61 GB) NTFS
2 Drive d: () (Fixed) (Total:4.16 GB) (Free:0.98 GB) FAT32

========================= Users: ========================================

User accounts for \\ZELDAB

Administrator ASPNET Guest
HelpAssistant Lannie Owner
SUPPORT_388945a0

========================= Restore Points ==================================

26-08-2012 10:28:43 Software Distribution Service 3.0
26-08-2012 15:52:39 Software Distribution Service 3.0
27-08-2012 10:29:44 Software Distribution Service 3.0
27-08-2012 15:52:42 Software Distribution Service 3.0
28-08-2012 10:29:28 Software Distribution Service 3.0
28-08-2012 15:52:46 Software Distribution Service 3.0
29-08-2012 10:30:29 Software Distribution Service 3.0
29-08-2012 15:52:40 Software Distribution Service 3.0
30-08-2012 10:41:20 Software Distribution Service 3.0
30-08-2012 15:53:58 Software Distribution Service 3.0
31-08-2012 10:30:10 Software Distribution Service 3.0
31-08-2012 15:56:09 Software Distribution Service 3.0
01-09-2012 10:20:24 Software Distribution Service 3.0
02-09-2012 07:06:01 Software Distribution Service 3.0
02-09-2012 10:24:48 Software Distribution Service 3.0
03-09-2012 07:35:55 Software Distribution Service 3.0
03-09-2012 10:25:01 Software Distribution Service 3.0
04-09-2012 07:35:19 Software Distribution Service 3.0
04-09-2012 10:24:40 Software Distribution Service 3.0
05-09-2012 07:33:43 Software Distribution Service 3.0
06-09-2012 07:33:09 Software Distribution Service 3.0
07-09-2012 08:14:49 System Checkpoint
07-09-2012 09:54:05 Software Distribution Service 3.0
08-09-2012 09:54:38 Software Distribution Service 3.0
09-09-2012 10:06:38 Software Distribution Service 3.0
10-09-2012 09:36:42 Software Distribution Service 3.0
11-09-2012 09:36:51 Software Distribution Service 3.0
12-09-2012 09:37:59 Software Distribution Service 3.0
13-09-2012 09:00:20 Software Distribution Service 3.0
13-09-2012 09:36:59 Software Distribution Service 3.0
14-09-2012 09:36:55 Software Distribution Service 3.0
15-09-2012 09:37:32 Software Distribution Service 3.0
16-09-2012 09:38:41 Software Distribution Service 3.0
17-09-2012 09:39:05 Software Distribution Service 3.0
18-09-2012 09:36:59 Software Distribution Service 3.0
19-09-2012 09:37:34 Software Distribution Service 3.0
20-09-2012 09:38:31 Software Distribution Service 3.0
21-09-2012 09:39:44 Software Distribution Service 3.0
22-09-2012 09:00:19 Software Distribution Service 3.0
22-09-2012 09:36:19 Software Distribution Service 3.0
23-09-2012 09:38:57 System Checkpoint
23-09-2012 09:51:28 Software Distribution Service 3.0
23-09-2012 16:45:30 Software Distribution Service 3.0
24-09-2012 09:53:39 Software Distribution Service 3.0
24-09-2012 16:46:22 Software Distribution Service 3.0
25-09-2012 17:40:06 System Checkpoint
26-09-2012 10:28:51 Software Distribution Service 3.0
26-09-2012 14:47:46 Software Distribution Service 3.0
27-09-2012 10:31:30 Software Distribution Service 3.0
27-09-2012 14:48:01 Software Distribution Service 3.0
29-09-2012 02:56:38 Software Distribution Service 3.0
29-09-2012 10:08:38 Software Distribution Service 3.0
30-09-2012 02:56:30 Software Distribution Service 3.0
30-09-2012 10:06:16 Software Distribution Service 3.0
01-10-2012 02:56:34 Software Distribution Service 3.0
01-10-2012 10:07:32 Software Distribution Service 3.0
02-10-2012 05:10:50 Software Distribution Service 3.0
03-10-2012 03:06:29 Software Distribution Service 3.0
03-10-2012 09:37:58 Software Distribution Service 3.0
04-10-2012 09:35:34 Software Distribution Service 3.0
05-10-2012 06:07:37 Software Distribution Service 3.0
05-10-2012 09:35:48 Software Distribution Service 3.0
06-10-2012 06:09:42 Software Distribution Service 3.0
07-10-2012 06:07:11 Software Distribution Service 3.0
07-10-2012 09:35:25 Software Distribution Service 3.0
08-10-2012 06:07:14 Software Distribution Service 3.0
08-10-2012 09:36:55 Software Distribution Service 3.0
08-10-2012 18:19:21 Installed Python 3.3.0
09-10-2012 06:07:25 Software Distribution Service 3.0
10-10-2012 06:07:04 Software Distribution Service 3.0
10-10-2012 09:00:27 Software Distribution Service 3.0
10-10-2012 10:16:34 Software Distribution Service 3.0
11-10-2012 16:13:50 System Checkpoint
12-10-2012 17:00:27 Software Distribution Service 3.0
13-10-2012 09:32:27 Software Distribution Service 3.0
13-10-2012 17:00:44 Software Distribution Service 3.0
14-10-2012 17:06:21 System Checkpoint
15-10-2012 18:06:24 System Checkpoint
16-10-2012 18:07:29 System Checkpoint
17-10-2012 05:15:27 Software Distribution Service 3.0
17-10-2012 10:12:11 Software Distribution Service 3.0
18-10-2012 05:16:12 Software Distribution Service 3.0
18-10-2012 10:11:03 Software Distribution Service 3.0
19-10-2012 05:16:38 Software Distribution Service 3.0
20-10-2012 05:14:29 Software Distribution Service 3.0
20-10-2012 10:11:12 Software Distribution Service 3.0
21-10-2012 05:15:17 Software Distribution Service 3.0
21-10-2012 10:12:34 Software Distribution Service 3.0
22-10-2012 05:14:01 Software Distribution Service 3.0
22-10-2012 10:11:59 Software Distribution Service 3.0
23-10-2012 05:14:44 Software Distribution Service 3.0
23-10-2012 10:13:53 Software Distribution Service 3.0
24-10-2012 05:14:30 Software Distribution Service 3.0
24-10-2012 10:12:04 Software Distribution Service 3.0
25-10-2012 05:14:27 Software Distribution Service 3.0
25-10-2012 10:12:38 Software Distribution Service 3.0
26-10-2012 05:15:23 Software Distribution Service 3.0
26-10-2012 10:11:49 Software Distribution Service 3.0
27-10-2012 05:13:38 Software Distribution Service 3.0
27-10-2012 10:12:43 Software Distribution Service 3.0
28-10-2012 05:14:41 Software Distribution Service 3.0
28-10-2012 10:12:26 Software Distribution Service 3.0
29-10-2012 05:14:24 Software Distribution Service 3.0
29-10-2012 10:12:42 Software Distribution Service 3.0
30-10-2012 05:14:32 Software Distribution Service 3.0
30-10-2012 10:12:26 Software Distribution Service 3.0
31-10-2012 05:14:32 Software Distribution Service 3.0
31-10-2012 10:13:51 Software Distribution Service 3.0
01-11-2012 05:14:52 Software Distribution Service 3.0
01-11-2012 10:12:47 Software Distribution Service 3.0
02-11-2012 05:14:51 Software Distribution Service 3.0
02-11-2012 10:12:56 Software Distribution Service 3.0
03-11-2012 05:16:15 Software Distribution Service 3.0
03-11-2012 10:11:39 Software Distribution Service 3.0
04-11-2012 05:14:56 Software Distribution Service 3.0
04-11-2012 11:14:47 Software Distribution Service 3.0
05-11-2012 05:13:50 Software Distribution Service 3.0
05-11-2012 11:22:56 Software Distribution Service 3.0
06-11-2012 05:15:19 Software Distribution Service 3.0
06-11-2012 11:12:33 Software Distribution Service 3.0
07-11-2012 05:17:13 Software Distribution Service 3.0
08-11-2012 05:14:56 Software Distribution Service 3.0
08-11-2012 11:12:12 Software Distribution Service 3.0
09-11-2012 05:15:09 Software Distribution Service 3.0
09-11-2012 11:11:44 Software Distribution Service 3.0
10-11-2012 05:14:55 Software Distribution Service 3.0
10-11-2012 11:12:39 Software Distribution Service 3.0
11-11-2012 05:15:00 Software Distribution Service 3.0
12-11-2012 05:15:21 Software Distribution Service 3.0
12-11-2012 11:12:33 Software Distribution Service 3.0
13-11-2012 05:15:58 Software Distribution Service 3.0
13-11-2012 11:14:38 Software Distribution Service 3.0
14-11-2012 05:15:23 Software Distribution Service 3.0
14-11-2012 11:11:01 Software Distribution Service 3.0
15-11-2012 05:19:46 Software Distribution Service 3.0
15-11-2012 11:12:28 Software Distribution Service 3.0
16-11-2012 05:15:41 Software Distribution Service 3.0
16-11-2012 07:52:02 Software Distribution Service 3.0
16-11-2012 10:50:04 Software Distribution Service 3.0
16-11-2012 18:35:05 Unsigned driver install
17-11-2012 10:32:45 Software Distribution Service 3.0
17-11-2012 22:03:10 Software Distribution Service 3.0
18-11-2012 10:34:48 Software Distribution Service 3.0
18-11-2012 22:10:54 Software Distribution Service 3.0
19-11-2012 10:34:16 Software Distribution Service 3.0
19-11-2012 22:03:04 Software Distribution Service 3.0
20-11-2012 10:35:05 Software Distribution Service 3.0
20-11-2012 22:02:03 Software Distribution Service 3.0
21-11-2012 10:33:03 Software Distribution Service 3.0
21-11-2012 20:49:27 Restore Operation
21-11-2012 21:03:48 Software Distribution Service 3.0
22-11-2012 07:26:13 Restore Operation
22-11-2012 07:44:56 Software Distribution Service 3.0
22-11-2012 08:54:24 Software Distribution Service 3.0
23-11-2012 19:46:44 Restore Operation
23-11-2012 20:04:32 Software Distribution Service 3.0

**** End of log ****

#11 ZeldaB

ZeldaB
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 24 November 2012 - 03:06 AM

Farbar Service Scanner Version: 09-11-2012
Ran by Owner (administrator) on 24-11-2012 at 01:05:25
Running from "C:\Documents and Settings\Owner\My Documents\Computer"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000800000009000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#12 ZeldaB

ZeldaB
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 24 November 2012 - 03:18 AM

# AdwCleaner v2.008 - Logfile created 11/24/2012 at 01:08:29
# Updated 17/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - ZELDAB
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Computer\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\DOCUME~1\Owner\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\DOCUME~1\Owner\LOCALS~1\Temp\AskSearch
Folder Deleted : C:\DOCUME~1\Owner\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\odxq1cs1.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3940 octets] - [24/11/2012 01:08:29]

########## EOF - C:\AdwCleaner[S1].txt - [4000 octets] ##########

#13 ZeldaB

ZeldaB
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 24 November 2012 - 03:33 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.4.9 (11.23.2012)
OS: Microsoft Windows XP x86
Ran by Owner on Sat 11/24/2012 at 1:19:47.39
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-666450678-491563341-1779115723-1006\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/24/2012 at 1:25:41.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#14 ZeldaB

ZeldaB
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 24 November 2012 - 03:39 AM

Thank you for your help! If you have the patience to tell me what all this means, I'd be delighted.

ZB

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:36 PM

Posted 24 November 2012 - 01:38 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users