Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wind xp shuts down during start up


  • This topic is locked This topic is locked
9 replies to this topic

#1 Pere92

Pere92

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 08 January 2013 - 10:42 AM

I am trying to save this computer from the point of no return if possible. Recently had a virus which I believed to be removed. System started behaving abnormally during the removal process. Now when i turn it on, sometimes it gets all the way to the home screen, sometimes not, it just shuts down. I started in safe mode. Sometimes that doesnt work either. If i manage to get it started, what can i do to save it?

Edited by hamluis, 08 January 2013 - 11:01 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:44 AM

Posted 09 January 2013 - 09:09 PM

Hello can you run these??

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.


>>>>

MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
>>>

ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Pere92

Pere92
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 10 January 2013 - 08:01 AM

07:32:00.0390 1608 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
07:32:00.0468 1608 ============================================================
07:32:00.0468 1608 Current date / time: 2013/01/10 07:32:00.0468
07:32:00.0468 1608 SystemInfo:
07:32:00.0468 1608
07:32:00.0468 1608 OS Version: 5.1.2600 ServicePack: 3.0
07:32:00.0468 1608 Product type: Workstation
07:32:00.0468 1608 ComputerName: KIDS
07:32:00.0468 1608 UserName: Administrator
07:32:00.0468 1608 Windows directory: C:\WINNT
07:32:00.0468 1608 System windows directory: C:\WINNT
07:32:00.0468 1608 Processor architecture: Intel x86
07:32:00.0468 1608 Number of processors: 2
07:32:00.0468 1608 Page size: 0x1000
07:32:00.0468 1608 Boot type: Safe boot
07:32:00.0468 1608 ============================================================
07:32:07.0750 1608 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:32:07.0765 1608 Drive \Device\Harddisk5\DR10 - Size: 0x7A900000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:32:07.0765 1608 ============================================================
07:32:07.0765 1608 \Device\Harddisk0\DR0:
07:32:07.0765 1608 MBR partitions:
07:32:07.0765 1608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
07:32:07.0765 1608 \Device\Harddisk5\DR10:
07:32:07.0765 1608 MBR partitions:
07:32:07.0765 1608 \Device\Harddisk5\DR10\Partition1: MBR, Type 0x6, StartLBA 0x1F0, BlocksNum 0x3D4610
07:32:07.0765 1608 ============================================================
07:32:07.0812 1608 C: <-> \Device\Harddisk0\DR0\Partition1
07:32:07.0828 1608 ============================================================
07:32:07.0828 1608 Initialize success
07:32:07.0828 1608 ============================================================
07:32:35.0812 1632 ============================================================
07:32:35.0812 1632 Scan started
07:32:35.0812 1632 Mode: Manual; TDLFS;
07:32:35.0812 1632 ============================================================
07:32:36.0812 1632 ================ Scan system memory ========================
07:32:36.0828 1632 System memory - ok
07:32:36.0828 1632 ================ Scan services =============================
07:32:37.0203 1632 Abiosdsk - ok
07:32:37.0218 1632 abp480n5 - ok
07:32:37.0328 1632 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINNT\system32\drivers\ac97intc.sys
07:32:37.0359 1632 ac97intc - ok
07:32:37.0468 1632 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINNT\system32\DRIVERS\ACPI.sys
07:32:37.0515 1632 ACPI - ok
07:32:37.0578 1632 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINNT\system32\drivers\ACPIEC.sys
07:32:37.0578 1632 ACPIEC - ok
07:32:37.0750 1632 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:32:37.0828 1632 AdobeFlashPlayerUpdateSvc - ok
07:32:37.0906 1632 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINNT\system32\DRIVERS\adpu160m.sys
07:32:37.0937 1632 adpu160m - ok
07:32:38.0000 1632 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINNT\system32\drivers\aeaudio.sys
07:32:38.0000 1632 aeaudio - ok
07:32:38.0078 1632 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINNT\system32\drivers\aec.sys
07:32:38.0125 1632 aec - ok
07:32:38.0218 1632 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINNT\System32\drivers\afd.sys
07:32:38.0265 1632 AFD - ok
07:32:38.0328 1632 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINNT\system32\DRIVERS\agp440.sys
07:32:38.0343 1632 agp440 - ok
07:32:38.0375 1632 Aha154x - ok
07:32:38.0390 1632 aic78u2 - ok
07:32:38.0421 1632 aic78xx - ok
07:32:38.0484 1632 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINNT\system32\alrsvc.dll
07:32:38.0515 1632 Alerter - ok
07:32:38.0546 1632 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINNT\System32\alg.exe
07:32:38.0562 1632 ALG - ok
07:32:38.0578 1632 AliIde - ok
07:32:38.0609 1632 amsint - ok
07:32:39.0218 1632 [ 73D675514F148B1E69429E1D95E22ADC ] AOL ACS C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
07:32:39.0718 1632 AOL ACS - ok
07:32:39.0859 1632 [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
07:32:39.0921 1632 Apple Mobile Device - ok
07:32:39.0937 1632 AppMgmt - ok
07:32:40.0031 1632 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINNT\system32\DRIVERS\arp1394.sys
07:32:40.0046 1632 Arp1394 - ok
07:32:40.0062 1632 asc - ok
07:32:40.0093 1632 asc3350p - ok
07:32:40.0109 1632 asc3550 - ok
07:32:40.0187 1632 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINNT\system32\drivers\ASCTRM.sys
07:32:40.0187 1632 ASCTRM - ok
07:32:40.0328 1632 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
07:32:40.0359 1632 aspnet_state - ok
07:32:40.0421 1632 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINNT\system32\DRIVERS\asyncmac.sys
07:32:40.0421 1632 AsyncMac - ok
07:32:40.0484 1632 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINNT\system32\DRIVERS\atapi.sys
07:32:40.0484 1632 atapi - ok
07:32:40.0515 1632 Atdisk - ok
07:32:40.0703 1632 [ A2EAEB497CA29ECAEAF0DF66AD85C57D ] Ati HotKey Poller C:\WINNT\system32\Ati2evxx.exe
07:32:40.0828 1632 Ati HotKey Poller - ok
07:32:41.0062 1632 [ 312A17DFF710A0F4E6D4DD1D52EAD1A8 ] ATI Smart C:\WINNT\system32\ati2sgag.exe
07:32:41.0218 1632 ATI Smart - ok
07:32:41.0765 1632 [ 492BD2A5F65F218D4EDE5764A3BB67E9 ] ati2mtag C:\WINNT\system32\DRIVERS\ati2mtag.sys
07:32:42.0312 1632 ati2mtag - ok
07:32:42.0437 1632 [ 5B80E84AF6B02ECAB72DAE9AFEE06309 ] atksgt C:\WINNT\system32\DRIVERS\atksgt.sys
07:32:42.0484 1632 atksgt - ok
07:32:42.0562 1632 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINNT\system32\DRIVERS\atmarpc.sys
07:32:42.0578 1632 Atmarpc - ok
07:32:42.0640 1632 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINNT\System32\audiosrv.dll
07:32:42.0656 1632 AudioSrv - ok
07:32:42.0718 1632 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINNT\system32\DRIVERS\audstub.sys
07:32:42.0718 1632 audstub - ok
07:32:42.0796 1632 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINNT\system32\drivers\Beep.sys
07:32:42.0796 1632 Beep - ok
07:32:42.0812 1632 BITS - ok
07:32:42.0937 1632 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:32:43.0015 1632 Bonjour Service - ok
07:32:43.0093 1632 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINNT\System32\browser.dll
07:32:43.0140 1632 Browser - ok
07:32:43.0203 1632 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINNT\system32\drivers\cbidf2k.sys
07:32:43.0203 1632 cbidf2k - ok
07:32:43.0234 1632 cd20xrnt - ok
07:32:43.0265 1632 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINNT\system32\drivers\Cdaudio.sys
07:32:43.0281 1632 Cdaudio - ok
07:32:43.0343 1632 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINNT\system32\drivers\Cdfs.sys
07:32:43.0359 1632 Cdfs - ok
07:32:43.0437 1632 [ 8B68B071B2BFB89C71508D588049AC74 ] Cdr4_xp C:\WINNT\system32\drivers\Cdr4_xp.sys
07:32:43.0468 1632 Cdr4_xp - ok
07:32:43.0500 1632 [ A639398D54889DF9D5EED609849B2A4A ] Cdralw2k C:\WINNT\system32\drivers\Cdralw2k.sys
07:32:43.0500 1632 Cdralw2k - ok
07:32:43.0531 1632 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINNT\system32\DRIVERS\cdrom.sys
07:32:43.0562 1632 Cdrom - ok
07:32:43.0578 1632 Changer - ok
07:32:43.0625 1632 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINNT\system32\cisvc.exe
07:32:43.0625 1632 CiSvc - ok
07:32:43.0671 1632 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINNT\system32\clipsrv.exe
07:32:43.0687 1632 ClipSrv - ok
07:32:43.0703 1632 CmdIde - ok
07:32:43.0734 1632 COMSysApp - ok
07:32:43.0781 1632 Cpqarray - ok
07:32:43.0890 1632 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINNT\System32\cryptsvc.dll
07:32:43.0890 1632 CryptSvc - ok
07:32:43.0906 1632 dac2w2k - ok
07:32:43.0937 1632 dac960nt - ok
07:32:44.0140 1632 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINNT\system32\rpcss.dll
07:32:44.0406 1632 DcomLaunch - ok
07:32:44.0484 1632 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINNT\System32\dhcpcsvc.dll
07:32:44.0531 1632 Dhcp - ok
07:32:44.0578 1632 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINNT\system32\DRIVERS\disk.sys
07:32:44.0593 1632 Disk - ok
07:32:44.0609 1632 dmadmin - ok
07:32:44.0921 1632 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINNT\system32\drivers\dmboot.sys
07:32:45.0187 1632 dmboot - ok
07:32:45.0250 1632 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINNT\system32\drivers\dmio.sys
07:32:45.0296 1632 dmio - ok
07:32:45.0343 1632 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINNT\system32\drivers\dmload.sys
07:32:45.0359 1632 dmload - ok
07:32:45.0406 1632 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINNT\System32\dmserver.dll
07:32:45.0406 1632 dmserver - ok
07:32:45.0453 1632 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINNT\system32\drivers\DMusic.sys
07:32:45.0468 1632 DMusic - ok
07:32:45.0546 1632 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINNT\System32\dnsrslvr.dll
07:32:45.0562 1632 Dnscache - ok
07:32:45.0656 1632 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINNT\System32\dot3svc.dll
07:32:45.0703 1632 Dot3svc - ok
07:32:45.0718 1632 dpti2o - ok
07:32:45.0765 1632 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINNT\system32\drivers\drmkaud.sys
07:32:45.0765 1632 drmkaud - ok
07:32:45.0875 1632 [ 98B46B331404A951CABAD8B4877E1276 ] E100B C:\WINNT\system32\DRIVERS\e100b325.sys
07:32:45.0921 1632 E100B - ok
07:32:45.0968 1632 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINNT\System32\eapsvc.dll
07:32:45.0984 1632 EapHost - ok
07:32:46.0031 1632 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINNT\System32\ersvc.dll
07:32:46.0046 1632 ERSvc - ok
07:32:46.0125 1632 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINNT\system32\services.exe
07:32:46.0156 1632 Eventlog - ok
07:32:46.0265 1632 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINNT\System32\es.dll
07:32:46.0343 1632 EventSystem - ok
07:32:46.0453 1632 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINNT\system32\drivers\Fastfat.sys
07:32:46.0484 1632 Fastfat - ok
07:32:46.0578 1632 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINNT\System32\shsvcs.dll
07:32:46.0625 1632 FastUserSwitchingCompatibility - ok
07:32:46.0656 1632 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINNT\system32\DRIVERS\fdc.sys
07:32:46.0671 1632 Fdc - ok
07:32:46.0718 1632 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINNT\system32\drivers\Fips.sys
07:32:46.0734 1632 Fips - ok
07:32:46.0781 1632 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINNT\system32\DRIVERS\flpydisk.sys
07:32:46.0781 1632 Flpydisk - ok
07:32:46.0875 1632 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINNT\system32\drivers\fltmgr.sys
07:32:46.0906 1632 FltMgr - ok
07:32:46.0953 1632 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINNT\system32\drivers\Fs_Rec.sys
07:32:46.0953 1632 Fs_Rec - ok
07:32:47.0015 1632 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINNT\system32\DRIVERS\ftdisk.sys
07:32:47.0046 1632 Ftdisk - ok
07:32:47.0109 1632 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINNT\system32\DRIVERS\GEARAspiWDM.sys
07:32:47.0109 1632 GEARAspiWDM - ok
07:32:47.0156 1632 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINNT\system32\DRIVERS\msgpc.sys
07:32:47.0171 1632 Gpc - ok
07:32:47.0265 1632 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:32:47.0265 1632 helpsvc - ok
07:32:47.0312 1632 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINNT\System32\hidserv.dll
07:32:47.0328 1632 HidServ - ok
07:32:47.0359 1632 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINNT\system32\DRIVERS\hidusb.sys
07:32:47.0375 1632 HidUsb - ok
07:32:47.0437 1632 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINNT\System32\kmsvc.dll
07:32:47.0453 1632 hkmsvc - ok
07:32:47.0484 1632 hpn - ok
07:32:47.0546 1632 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINNT\system32\DRIVERS\HPZid412.sys
07:32:47.0562 1632 HPZid412 - ok
07:32:47.0593 1632 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINNT\system32\DRIVERS\HPZipr12.sys
07:32:47.0609 1632 HPZipr12 - ok
07:32:47.0640 1632 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINNT\system32\DRIVERS\HPZius12.sys
07:32:47.0656 1632 HPZius12 - ok
07:32:47.0781 1632 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINNT\system32\Drivers\HTTP.sys
07:32:47.0875 1632 HTTP - ok
07:32:47.0921 1632 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINNT\System32\w3ssl.dll
07:32:47.0968 1632 HTTPFilter - ok
07:32:47.0984 1632 i2omgmt - ok
07:32:48.0000 1632 i2omp - ok
07:32:48.0046 1632 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINNT\system32\DRIVERS\i8042prt.sys
07:32:48.0062 1632 i8042prt - ok
07:32:48.0156 1632 [ 537EFE2F9ADCD01073F59E9D3D24164E ] ialm C:\WINNT\system32\DRIVERS\ialmnt5.sys
07:32:48.0187 1632 ialm - ok
07:32:48.0296 1632 [ 50B56E7DE809BE4B8F4D24B3F0381520 ] iaStor C:\WINNT\system32\DRIVERS\iaStor.sys
07:32:48.0390 1632 iaStor - ok
07:32:48.0593 1632 iatmunin - ok
07:32:48.0703 1632 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
07:32:48.0718 1632 IDriverT - ok
07:32:48.0765 1632 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINNT\system32\DRIVERS\imapi.sys
07:32:48.0781 1632 Imapi - ok
07:32:48.0875 1632 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINNT\System32\imapi.exe
07:32:48.0921 1632 ImapiService - ok
07:32:48.0953 1632 ini910u - ok
07:32:49.0375 1632 [ DD476200776D9BD8B693AD733D33CDFD ] IntelC51 C:\WINNT\system32\DRIVERS\IntelC51.sys
07:32:49.0734 1632 IntelC51 - ok
07:32:49.0921 1632 [ 633CE6C73ADD83B2CBD3D121978D74C4 ] IntelC52 C:\WINNT\system32\DRIVERS\IntelC52.sys
07:32:50.0093 1632 IntelC52 - ok
07:32:50.0125 1632 [ DDC319760DFC9F898682599F4AE025EA ] IntelC53 C:\WINNT\system32\DRIVERS\IntelC53.sys
07:32:50.0140 1632 IntelC53 - ok
07:32:50.0187 1632 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINNT\system32\DRIVERS\intelide.sys
07:32:50.0187 1632 IntelIde - ok
07:32:50.0250 1632 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINNT\system32\DRIVERS\intelppm.sys
07:32:50.0265 1632 intelppm - ok
07:32:50.0687 1632 [ 1A0A8D69CF1486F7B722F4779E7A314E ] ioloSystemService C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
07:32:51.0125 1632 ioloSystemService - ok
07:32:51.0171 1632 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINNT\system32\drivers\ip6fw.sys
07:32:51.0187 1632 ip6fw - ok
07:32:51.0250 1632 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINNT\system32\DRIVERS\ipfltdrv.sys
07:32:51.0265 1632 IpFilterDriver - ok
07:32:51.0312 1632 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINNT\system32\DRIVERS\ipinip.sys
07:32:51.0312 1632 IpInIp - ok
07:32:51.0406 1632 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINNT\system32\DRIVERS\ipnat.sys
07:32:51.0453 1632 IpNat - ok
07:32:51.0671 1632 [ 1E6F080D5EDB4C3B4C4EB787A0848DCC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:32:51.0859 1632 iPod Service - ok
07:32:51.0937 1632 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINNT\system32\DRIVERS\ipsec.sys
07:32:51.0953 1632 IPSec - ok
07:32:52.0015 1632 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINNT\system32\DRIVERS\irenum.sys
07:32:52.0015 1632 IRENUM - ok
07:32:52.0078 1632 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINNT\system32\DRIVERS\isapnp.sys
07:32:52.0078 1632 isapnp - ok
07:32:52.0265 1632 [ 9AA67569D5257462E230767510B0C815 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
07:32:52.0328 1632 JavaQuickStarterService - ok
07:32:52.0359 1632 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINNT\system32\DRIVERS\kbdclass.sys
07:32:52.0375 1632 Kbdclass - ok
07:32:52.0390 1632 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINNT\system32\DRIVERS\kbdhid.sys
07:32:52.0406 1632 kbdhid - ok
07:32:52.0500 1632 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINNT\system32\drivers\kmixer.sys
07:32:52.0562 1632 kmixer - ok
07:32:52.0625 1632 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINNT\system32\drivers\KSecDD.sys
07:32:52.0656 1632 KSecDD - ok
07:32:52.0734 1632 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINNT\System32\srvsvc.dll
07:32:52.0765 1632 lanmanserver - ok
07:32:52.0859 1632 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINNT\System32\wkssvc.dll
07:32:52.0906 1632 lanmanworkstation - ok
07:32:52.0921 1632 lbrtfdc - ok
07:32:53.0000 1632 [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt C:\WINNT\system32\DRIVERS\lirsgt.sys
07:32:53.0015 1632 lirsgt - ok
07:32:53.0062 1632 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINNT\System32\lmhsvc.dll
07:32:53.0078 1632 LmHosts - ok
07:32:53.0109 1632 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINNT\System32\msgsvc.dll
07:32:53.0125 1632 Messenger - ok
07:32:53.0171 1632 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINNT\system32\drivers\mnmdd.sys
07:32:53.0187 1632 mnmdd - ok
07:32:53.0234 1632 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINNT\System32\mnmsrvc.exe
07:32:53.0250 1632 mnmsrvc - ok
07:32:53.0296 1632 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINNT\system32\drivers\Modem.sys
07:32:53.0312 1632 Modem - ok
07:32:53.0343 1632 [ B23378126AF4E02DC691E9F5880F2ACD ] mohfilt C:\WINNT\system32\DRIVERS\mohfilt.sys
07:32:53.0359 1632 mohfilt - ok
07:32:53.0390 1632 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINNT\system32\DRIVERS\mouclass.sys
07:32:53.0390 1632 Mouclass - ok
07:32:53.0453 1632 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINNT\system32\DRIVERS\mouhid.sys
07:32:53.0453 1632 mouhid - ok
07:32:53.0500 1632 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINNT\system32\drivers\MountMgr.sys
07:32:53.0500 1632 MountMgr - ok
07:32:53.0593 1632 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:32:53.0640 1632 MozillaMaintenance - ok
07:32:53.0750 1632 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINNT\system32\DRIVERS\MpFilter.sys
07:32:53.0781 1632 MpFilter - ok
07:32:54.0046 1632 [ A69630D039C38018689190234F866D77 ] MpKslc91163b1 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C62AEF0D-1C66-4B11-981A-BCE72593DFE9}\MpKslc91163b1.sys
07:32:54.0062 1632 MpKslc91163b1 - ok
07:32:54.0078 1632 mraid35x - ok
07:32:54.0156 1632 [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
07:32:54.0203 1632 MRENDIS5 - ok
07:32:54.0312 1632 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINNT\system32\DRIVERS\mrxdav.sys
07:32:54.0359 1632 MRxDAV - ok
07:32:54.0546 1632 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINNT\system32\DRIVERS\mrxsmb.sys
07:32:54.0718 1632 MRxSmb - ok
07:32:54.0765 1632 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINNT\System32\msdtc.exe
07:32:54.0781 1632 MSDTC - ok
07:32:54.0796 1632 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINNT\system32\drivers\Msfs.sys
07:32:54.0843 1632 Msfs - ok
07:32:54.0859 1632 MSIServer - ok
07:32:54.0906 1632 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINNT\system32\drivers\MSKSSRV.sys
07:32:54.0906 1632 MSKSSRV - ok
07:32:55.0000 1632 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
07:32:55.0000 1632 MsMpSvc - ok
07:32:55.0046 1632 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINNT\system32\drivers\MSPCLOCK.sys
07:32:55.0046 1632 MSPCLOCK - ok
07:32:55.0078 1632 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINNT\system32\drivers\MSPQM.sys
07:32:55.0078 1632 MSPQM - ok
07:32:55.0125 1632 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINNT\system32\DRIVERS\mssmbios.sys
07:32:55.0125 1632 mssmbios - ok
07:32:55.0187 1632 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINNT\system32\drivers\Mup.sys
07:32:55.0218 1632 Mup - ok
07:32:55.0296 1632 [ C6EEE2261681396E36F3D8A003582C9E ] MxlW2k C:\WINNT\system32\drivers\MxlW2k.sys
07:32:55.0312 1632 MxlW2k - ok
07:32:55.0453 1632 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINNT\System32\qagentrt.dll
07:32:55.0546 1632 napagent - ok
07:32:55.0640 1632 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINNT\system32\drivers\NDIS.sys
07:32:55.0718 1632 NDIS - ok
07:32:55.0765 1632 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINNT\system32\DRIVERS\ndistapi.sys
07:32:55.0781 1632 NdisTapi - ok
07:32:55.0796 1632 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINNT\system32\DRIVERS\ndisuio.sys
07:32:55.0812 1632 Ndisuio - ok
07:32:55.0875 1632 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINNT\system32\DRIVERS\ndiswan.sys
07:32:55.0906 1632 NdisWan - ok
07:32:55.0968 1632 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINNT\system32\drivers\NDProxy.sys
07:32:55.0984 1632 NDProxy - ok
07:32:56.0031 1632 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINNT\system32\DRIVERS\netbios.sys
07:32:56.0046 1632 NetBIOS - ok
07:32:56.0109 1632 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINNT\system32\DRIVERS\netbt.sys
07:32:56.0171 1632 NetBT - ok
07:32:56.0265 1632 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINNT\system32\netdde.exe
07:32:56.0296 1632 NetDDE - ok
07:32:56.0343 1632 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINNT\system32\netdde.exe
07:32:56.0343 1632 NetDDEdsdm - ok
07:32:56.0406 1632 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINNT\System32\lsass.exe
07:32:56.0406 1632 Netlogon - ok
07:32:56.0500 1632 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINNT\System32\netman.dll
07:32:56.0562 1632 Netman - ok
07:32:56.0625 1632 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINNT\system32\DRIVERS\nic1394.sys
07:32:56.0640 1632 NIC1394 - ok
07:32:56.0765 1632 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINNT\System32\mswsock.dll
07:32:56.0843 1632 Nla - ok
07:32:56.0890 1632 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINNT\system32\drivers\Npfs.sys
07:32:56.0906 1632 Npfs - ok
07:32:57.0140 1632 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINNT\system32\drivers\Ntfs.sys
07:32:57.0328 1632 Ntfs - ok
07:32:57.0359 1632 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINNT\System32\lsass.exe
07:32:57.0359 1632 NtLmSsp - ok
07:32:57.0546 1632 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINNT\system32\ntmssvc.dll
07:32:57.0687 1632 NtmsSvc - ok
07:32:57.0718 1632 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINNT\system32\drivers\Null.sys
07:32:57.0718 1632 Null - ok
07:32:59.0937 1632 [ 9F4384AA43548DDD438F7B7825D11699 ] nv C:\WINNT\system32\DRIVERS\nv4_mini.sys
07:33:02.0125 1632 nv - ok
07:33:02.0218 1632 [ 0C41C4ACFE00D826DB479C40C1D9EDC8 ] NVSvc C:\WINNT\system32\nvsvc32.exe
07:33:02.0281 1632 NVSvc - ok
07:33:02.0328 1632 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINNT\system32\DRIVERS\nwlnkflt.sys
07:33:02.0328 1632 NwlnkFlt - ok
07:33:02.0375 1632 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINNT\system32\DRIVERS\nwlnkfwd.sys
07:33:02.0390 1632 NwlnkFwd - ok
07:33:02.0453 1632 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINNT\system32\DRIVERS\ohci1394.sys
07:33:02.0484 1632 ohci1394 - ok
07:33:02.0593 1632 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:33:02.0640 1632 ose - ok
07:33:04.0390 1632 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:33:05.0984 1632 osppsvc - ok
07:33:06.0031 1632 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINNT\system32\DRIVERS\parport.sys
07:33:06.0062 1632 Parport - ok
07:33:06.0109 1632 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINNT\system32\drivers\PartMgr.sys
07:33:06.0109 1632 PartMgr - ok
07:33:06.0156 1632 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINNT\system32\drivers\ParVdm.sys
07:33:06.0171 1632 ParVdm - ok
07:33:06.0203 1632 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINNT\system32\DRIVERS\pci.sys
07:33:06.0218 1632 PCI - ok
07:33:06.0234 1632 PCIDump - ok
07:33:06.0281 1632 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINNT\system32\DRIVERS\pciide.sys
07:33:06.0281 1632 PCIIde - ok
07:33:06.0359 1632 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINNT\system32\drivers\Pcmcia.sys
07:33:06.0390 1632 Pcmcia - ok
07:33:06.0406 1632 PDCOMP - ok
07:33:06.0406 1632 PDFRAME - ok
07:33:06.0421 1632 PDRELI - ok
07:33:06.0421 1632 PDRFRAME - ok
07:33:06.0437 1632 perc2 - ok
07:33:06.0437 1632 perc2hib - ok
07:33:06.0515 1632 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINNT\system32\services.exe
07:33:06.0515 1632 PlugPlay - ok
07:33:06.0562 1632 [ 901C43516504CBE582E4C4193E00876A ] Pml Driver HPZ12 C:\WINNT\system32\HPZipm12.exe
07:33:06.0593 1632 Pml Driver HPZ12 - ok
07:33:06.0609 1632 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINNT\System32\lsass.exe
07:33:06.0609 1632 PolicyAgent - ok
07:33:06.0656 1632 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINNT\system32\DRIVERS\raspptp.sys
07:33:06.0687 1632 PptpMiniport - ok
07:33:06.0703 1632 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINNT\system32\DRIVERS\processr.sys
07:33:06.0718 1632 Processor - ok
07:33:06.0734 1632 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINNT\system32\lsass.exe
07:33:06.0734 1632 ProtectedStorage - ok
07:33:06.0765 1632 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINNT\system32\DRIVERS\psched.sys
07:33:06.0781 1632 PSched - ok
07:33:06.0859 1632 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINNT\system32\DRIVERS\ptilink.sys
07:33:06.0859 1632 Ptilink - ok
07:33:06.0875 1632 ql1080 - ok
07:33:06.0890 1632 Ql10wnt - ok
07:33:06.0890 1632 ql12160 - ok
07:33:06.0906 1632 ql1240 - ok
07:33:06.0906 1632 ql1280 - ok
07:33:06.0921 1632 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINNT\system32\DRIVERS\rasacd.sys
07:33:06.0921 1632 RasAcd - ok
07:33:06.0984 1632 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINNT\System32\rasauto.dll
07:33:07.0015 1632 RasAuto - ok
07:33:07.0046 1632 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINNT\system32\DRIVERS\rasl2tp.sys
07:33:07.0062 1632 Rasl2tp - ok
07:33:07.0156 1632 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINNT\System32\rasmans.dll
07:33:07.0203 1632 RasMan - ok
07:33:07.0234 1632 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINNT\system32\DRIVERS\raspppoe.sys
07:33:07.0250 1632 RasPppoe - ok
07:33:07.0265 1632 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINNT\system32\DRIVERS\raspti.sys
07:33:07.0281 1632 Raspti - ok
07:33:07.0359 1632 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINNT\system32\DRIVERS\rdbss.sys
07:33:07.0406 1632 Rdbss - ok
07:33:07.0421 1632 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINNT\system32\DRIVERS\RDPCDD.sys
07:33:07.0421 1632 RDPCDD - ok
07:33:07.0500 1632 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINNT\system32\drivers\RDPWD.sys
07:33:07.0562 1632 RDPWD - ok
07:33:07.0640 1632 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINNT\system32\sessmgr.exe
07:33:07.0687 1632 RDSessMgr - ok
07:33:07.0718 1632 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINNT\system32\DRIVERS\redbook.sys
07:33:07.0750 1632 redbook - ok
07:33:07.0796 1632 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINNT\System32\mprdim.dll
07:33:07.0812 1632 RemoteAccess - ok
07:33:07.0875 1632 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINNT\System32\locator.exe
07:33:07.0890 1632 RpcLocator - ok
07:33:08.0046 1632 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINNT\system32\rpcss.dll
07:33:08.0046 1632 RpcSs - ok
07:33:08.0703 1632 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINNT\System32\rsvp.exe
07:33:08.0750 1632 RSVP - ok
07:33:08.0859 1632 [ 918CC067FFF88A3C063A79952B82C1C7 ] RT2500USB C:\WINNT\system32\DRIVERS\rt2500usb.sys
07:33:08.0937 1632 RT2500USB - ok
07:33:08.0968 1632 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINNT\system32\lsass.exe
07:33:08.0968 1632 SamSs - ok
07:33:09.0031 1632 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINNT\System32\SCardSvr.exe
07:33:09.0062 1632 SCardSvr - ok
07:33:09.0156 1632 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINNT\system32\schedsvc.dll
07:33:09.0218 1632 Schedule - ok
07:33:09.0250 1632 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINNT\system32\DRIVERS\secdrv.sys
07:33:09.0265 1632 Secdrv - ok
07:33:09.0296 1632 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINNT\System32\seclogon.dll
07:33:09.0296 1632 seclogon - ok
07:33:09.0328 1632 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINNT\system32\sens.dll
07:33:09.0343 1632 SENS - ok
07:33:09.0750 1632 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINNT\system32\DRIVERS\serenum.sys
07:33:09.0750 1632 serenum - ok
07:33:09.0781 1632 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINNT\system32\DRIVERS\serial.sys
07:33:09.0812 1632 Serial - ok
07:33:09.0828 1632 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINNT\system32\drivers\Sfloppy.sys
07:33:09.0843 1632 Sfloppy - ok
07:33:09.0984 1632 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINNT\System32\ipnathlp.dll
07:33:10.0093 1632 SharedAccess - ok
07:33:10.0140 1632 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINNT\System32\shsvcs.dll
07:33:10.0156 1632 ShellHWDetection - ok
07:33:10.0156 1632 Simbad - ok
07:33:10.0375 1632 [ EBA50C8F7EFD8178E8C4BDE6B74E744C ] smwdm C:\WINNT\system32\drivers\smwdm.sys
07:33:10.0546 1632 smwdm - ok
07:33:10.0562 1632 Sparrow - ok
07:33:10.0593 1632 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINNT\system32\drivers\splitter.sys
07:33:10.0593 1632 splitter - ok
07:33:10.0640 1632 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINNT\system32\spoolsv.exe
07:33:10.0671 1632 Spooler - ok
07:33:10.0703 1632 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINNT\system32\DRIVERS\sr.sys
07:33:10.0734 1632 sr - ok
07:33:10.0812 1632 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINNT\System32\srsvc.dll
07:33:10.0875 1632 srservice - ok
07:33:11.0046 1632 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINNT\system32\DRIVERS\srv.sys
07:33:11.0171 1632 Srv - ok
07:33:11.0218 1632 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINNT\System32\ssdpsrv.dll
07:33:11.0234 1632 SSDPSRV - ok
07:33:11.0375 1632 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINNT\system32\wiaservc.dll
07:33:11.0500 1632 stisvc - ok
07:33:11.0546 1632 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINNT\system32\DRIVERS\swenum.sys
07:33:11.0546 1632 swenum - ok
07:33:11.0578 1632 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINNT\system32\drivers\swmidi.sys
07:33:11.0593 1632 swmidi - ok
07:33:11.0609 1632 SwPrv - ok
07:33:11.0609 1632 symc810 - ok
07:33:11.0625 1632 symc8xx - ok
07:33:11.0625 1632 sym_hi - ok
07:33:11.0640 1632 sym_u3 - ok
07:33:11.0671 1632 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINNT\system32\drivers\sysaudio.sys
07:33:11.0687 1632 sysaudio - ok
07:33:11.0750 1632 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINNT\system32\smlogsvc.exe
07:33:11.0781 1632 SysmonLog - ok
07:33:11.0906 1632 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINNT\System32\tapisrv.dll
07:33:12.0015 1632 TapiSrv - ok
07:33:12.0156 1632 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINNT\system32\DRIVERS\tcpip.sys
07:33:12.0265 1632 Tcpip - ok
07:33:12.0312 1632 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINNT\system32\drivers\TDPIPE.sys
07:33:12.0312 1632 TDPIPE - ok
07:33:12.0343 1632 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINNT\system32\drivers\TDTCP.sys
07:33:12.0343 1632 TDTCP - ok
07:33:12.0375 1632 [ 88155247177638048422893737429D9E ] TermDD C:\WINNT\system32\DRIVERS\termdd.sys
07:33:12.0390 1632 TermDD - ok
07:33:12.0515 1632 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINNT\System32\termsrv.dll
07:33:12.0609 1632 TermService - ok
07:33:12.0656 1632 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINNT\System32\shsvcs.dll
07:33:12.0671 1632 Themes - ok
07:33:12.0671 1632 TosIde - ok
07:33:12.0718 1632 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINNT\system32\trkwks.dll
07:33:12.0750 1632 TrkWks - ok
07:33:12.0781 1632 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINNT\system32\drivers\Udfs.sys
07:33:12.0812 1632 Udfs - ok
07:33:12.0843 1632 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINNT\system32\DRIVERS\ultra.sys
07:33:12.0859 1632 ultra - ok
07:33:13.0031 1632 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINNT\system32\DRIVERS\update.sys
07:33:13.0156 1632 Update - ok
07:33:13.0828 1632 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINNT\System32\upnphost.dll
07:33:13.0890 1632 upnphost - ok
07:33:13.0921 1632 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINNT\System32\ups.exe
07:33:13.0921 1632 UPS - ok
07:33:13.0968 1632 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINNT\system32\DRIVERS\usbccgp.sys
07:33:13.0984 1632 usbccgp - ok
07:33:14.0000 1632 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINNT\system32\DRIVERS\usbehci.sys
07:33:14.0015 1632 usbehci - ok
07:33:14.0046 1632 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINNT\system32\DRIVERS\usbhub.sys
07:33:14.0062 1632 usbhub - ok
07:33:14.0093 1632 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINNT\system32\DRIVERS\usbprint.sys
07:33:14.0109 1632 usbprint - ok
07:33:14.0156 1632 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINNT\system32\DRIVERS\usbscan.sys
07:33:14.0156 1632 usbscan - ok
07:33:14.0203 1632 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINNT\system32\DRIVERS\USBSTOR.SYS
07:33:14.0218 1632 USBSTOR - ok
07:33:14.0234 1632 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINNT\system32\DRIVERS\usbuhci.sys
07:33:14.0250 1632 usbuhci - ok
07:33:14.0265 1632 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINNT\System32\drivers\vga.sys
07:33:14.0281 1632 VgaSave - ok
07:33:14.0281 1632 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINNT\system32\DRIVERS\viaide.sys
07:33:14.0296 1632 ViaIde - ok
07:33:14.0312 1632 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINNT\system32\drivers\VolSnap.sys
07:33:14.0328 1632 VolSnap - ok
07:33:14.0453 1632 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINNT\System32\vssvc.exe
07:33:14.0546 1632 VSS - ok
07:33:14.0609 1632 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINNT\System32\w32time.dll
07:33:14.0671 1632 W32Time - ok
07:33:14.0718 1632 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINNT\system32\DRIVERS\wanarp.sys
07:33:14.0734 1632 Wanarp - ok
07:33:14.0796 1632 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINNT\system32\DRIVERS\wanatw4.sys
07:33:14.0812 1632 wanatw - ok
07:33:14.0859 1632 [ 909F2DC0DA7F57D229A05EE90647B2C3 ] WANMiniportService C:\WINNT\wanmpsvc.exe
07:33:18.0921 1632 WANMiniportService - ok
07:33:18.0937 1632 WDICA - ok
07:33:18.0968 1632 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINNT\system32\drivers\wdmaud.sys
07:33:19.0000 1632 wdmaud - ok
07:33:19.0046 1632 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINNT\System32\webclnt.dll
07:33:19.0078 1632 WebClient - ok
07:33:19.0203 1632 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINNT\system32\wbem\WMIsvc.dll
07:33:19.0234 1632 winmgmt - ok
07:33:19.0281 1632 [ BC3ECBCB40147BDAE3AD2FD0B4B346D8 ] WmBEnum C:\WINNT\system32\drivers\WmBEnum.sys
07:33:19.0296 1632 WmBEnum - ok
07:33:19.0328 1632 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINNT\system32\mspmsnsv.dll
07:33:19.0343 1632 WmdmPmSN - ok
07:33:19.0375 1632 [ 19F9881D8B3484FEDB605D0216876898 ] WmFilter C:\WINNT\system32\drivers\WmFilter.sys
07:33:19.0390 1632 WmFilter - ok
07:33:19.0453 1632 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINNT\System32\wbem\wmiapsrv.exe
07:33:19.0484 1632 WmiApSrv - ok
07:33:19.0515 1632 [ 7A51545A6409A25EEDBDBD97D019E8CC ] WmVirHid C:\WINNT\system32\drivers\WmVirHid.sys
07:33:19.0515 1632 WmVirHid - ok
07:33:19.0546 1632 [ 1F083B3BC73017E60C3CA85CF4A70753 ] WmXlCore C:\WINNT\system32\drivers\WmXlCore.sys
07:33:19.0562 1632 WmXlCore - ok
07:33:19.0578 1632 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINNT\System32\drivers\ws2ifsl.sys
07:33:19.0578 1632 WS2IFSL - ok
07:33:19.0640 1632 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINNT\system32\wscsvc.dll
07:33:19.0671 1632 wscsvc - ok
07:33:19.0671 1632 wuauserv - ok
07:33:19.0875 1632 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINNT\System32\wzcsvc.dll
07:33:20.0203 1632 WZCSVC - ok
07:33:20.0281 1632 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINNT\System32\xmlprov.dll
07:33:20.0375 1632 xmlprov - ok
07:33:20.0484 1632 [ E6C22D34BAEF5196E1B23A4492C275B7 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINNT\system32\drivers\ialmsbw.sys
07:33:20.0515 1632 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
07:33:20.0578 1632 [ 6E53BD96B0EBAD721CDD6320DBFC3F5F ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINNT\system32\drivers\ialmkchw.sys
07:33:20.0609 1632 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
07:33:20.0609 1632 ================ Scan global ===============================
07:33:20.0671 1632 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINNT\system32\basesrv.dll
07:33:20.0796 1632 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINNT\system32\winsrv.dll
07:33:21.0265 1632 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINNT\system32\winsrv.dll
07:33:21.0625 1632 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINNT\system32\services.exe
07:33:21.0625 1632 [Global] - ok
07:33:21.0625 1632 ================ Scan MBR ==================================
07:33:21.0656 1632 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
07:33:22.0031 1632 \Device\Harddisk0\DR0 - ok
07:33:22.0031 1632 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk5\DR10
07:33:22.0203 1632 \Device\Harddisk5\DR10 - ok
07:33:22.0203 1632 ================ Scan VBR ==================================
07:33:22.0203 1632 [ D32C8C556711F1AF10DE3552FF84B144 ] \Device\Harddisk0\DR0\Partition1
07:33:22.0203 1632 \Device\Harddisk0\DR0\Partition1 - ok
07:33:22.0218 1632 [ 88EB27CF92688B29F1DA710BFD116D04 ] \Device\Harddisk5\DR10\Partition1
07:33:22.0218 1632 \Device\Harddisk5\DR10\Partition1 - ok
07:33:22.0218 1632 ============================================================
07:33:22.0218 1632 Scan finished
07:33:22.0218 1632 ============================================================
07:33:22.0234 1624 Detected object count: 0
07:33:22.0234 1624 Actual detected object count: 0
07:42:14.0578 1600 Deinitialize success


MiniToolBox by Farbar Version: 25-11-2012
Ran by Administrator (administrator) on 10-01-2013 at 07:36:16
Running from "J:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Minimal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
# 38.25.63.10 x.acme.com # x client host

========================= IP Configuration: ================================



# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration




Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Unable to contact IP driver, error code 2,

========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [File Not found] ()
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 02 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 03 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 04 C:\Windows\system32\rsvpsp.dll [File Not found] ()
Catalog9 05 C:\Windows\system32\rsvpsp.dll [File Not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 07 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 08 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 09 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 10 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 11 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 12 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 13 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 14 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 15 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 16 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 17 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 18 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 19 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 20 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 21 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 22 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 23 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 24 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 25 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 26 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 27 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 28 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 29 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 30 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 31 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 32 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 33 C:\Windows\system32\mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/18/2012 01:53:00 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x8050a003, P2 mpupdateengine, P3 am fe, P4 11.1.3927.0, P5 mpsigstub.exe, P6 4.1.522.0, P7 microsoft security essentials, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/18/2012 07:53:49 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (12/14/2012 02:57:58 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/13/2012 11:20:06 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.1.522.00x80080005updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (12/13/2012 11:13:59 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.1.522.00x80080005updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (12/13/2012 11:08:21 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.1.522.00x80080005updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (12/13/2012 11:01:32 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.1.522.00x80080005updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (12/13/2012 10:56:33 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.1.522.00x80080005updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (12/13/2012 10:40:50 AM) (Source: Application Error) (User: )
Description: Faulting application sssysanalyzer.exe, version 4.2.11.0, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
Processing media-specific event for [sssysanalyzer.exe!ws!]

Error: (12/13/2012 07:42:58 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.1.522.00x80080005updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL


System errors:
=============
Error: (01/10/2013 07:36:29 AM) (Source: DCOM) (User: KIDS)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (01/10/2013 07:36:28 AM) (Source: DCOM) (User: KIDS)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (01/10/2013 07:36:27 AM) (Source: DCOM) (User: KIDS)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (01/10/2013 07:36:26 AM) (Source: DCOM) (User: KIDS)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (01/10/2013 07:36:25 AM) (Source: DCOM) (User: KIDS)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (01/10/2013 07:36:24 AM) (Source: DCOM) (User: KIDS)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (01/10/2013 07:36:23 AM) (Source: DCOM) (User: KIDS)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (01/10/2013 07:36:23 AM) (Source: DCOM) (User: KIDS)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (01/10/2013 07:36:22 AM) (Source: DCOM) (User: KIDS)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (01/10/2013 07:36:21 AM) (Source: DCOM) (User: KIDS)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}


Microsoft Office Sessions:
=========================
Error: (12/18/2012 01:53:00 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x8050a003mpupdateengineam fe11.1.3927.0mpsigstub.exe4.1.522.0microsoft security essentialsNILNILNIL

Error: (12/18/2012 07:53:49 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset4.1.522.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (12/14/2012 02:57:58 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (12/13/2012 11:20:06 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.1.522.00x80080005updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (12/13/2012 11:13:59 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.1.522.00x80080005updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (12/13/2012 11:08:21 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.1.522.00x80080005updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (12/13/2012 11:01:32 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.1.522.00x80080005updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (12/13/2012 10:56:33 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.1.522.00x80080005updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (12/13/2012 10:40:50 AM) (Source: Application Error)(User: )
Description: sssysanalyzer.exe4.2.11.0kernel32.dll5.1.2600.578100012afb

Error: (12/13/2012 07:42:58 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.1.522.00x80080005updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL


=========================== Installed Programs ============================

2600 (Version: 43.0.217.000)
2600_Help (Version: 43.0.217.000)
2600Trb (Version: 43.0.217.000)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Adobe Reader 9.5.1 (Version: 9.5.1)
Age of Empires III (Version: 1.00.0000)
Age of Mythology
Age of Mythology - The Titans Expansion
Ahead Nero BurnRights
AiO_Scan (Version: 43.0.217.000)
AiOSoftware (Version: 43.0.217.000)
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20030807.3)
Apple Application Support (Version: 1.1.0)
Apple Mobile Device Support (Version: 2.6.0.32)
Apple Software Update (Version: 2.1.1.116)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Catalyst Control Center (Version: 1.2.2314.20337)
ATI Display Driver (Version: 8.252-060503a-038185C-ATI)
BellSouth Wireless Connection Tool
BIG-IP Edge Client Components (All Users) (Version: 70.2011.0622.1118)
Blackhawk Striker from Gateway (remove only)
Blasterball 2 from Gateway (remove only)
Bonjour (Version: 1.0.106)
Bounce Symphony from Gateway (remove only)
BufferChm (Version: 43.1.5.000)
Carnival Cruise Lines Tycoon 2005 - Island Hopping
Copy (Version: 43.1.5.000)
CreativeProjects (Version: 43.1.5.000)
CreativeProjectsTemplates (Version: 43.1.5.000)
CueTour (Version: 43.1.5.000)
Cypress USB Mass Storage Driver Installation
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 43.1.5.000)
Director (Version: 43.1.5.000)
Disney Pirates of the Caribbean Online (Version: )
DocProc (Version: 4.0.0.0)
DocumentViewer (Version: 43.0.217.000)
DoMore (Version: 1)
DVD
EA Download Manager (Version: 5.1.0.4)
Emperor's New Groove - Groove Center
ESET Online Scanner v3
Excavation from Gateway (remove only)
Fax (Version: 43.0.217.000)
Five Card Frenzy from Gateway (remove only)
Frogger2
GameSpy Arcade
Gateway Ink Monitor (Version: 1.2.0.0)
GWCares (Version: 1.10.0000)
Harley-Davidson® - Race Around The World
Harry Potter
Hoyle Board Games
Hoyle Card Games
HP Diagnostic Assistant (Version: 1.0.0.0)
HP Image Zone 4.2 (Version: 4.2)
HP PSC & OfficeJet 4.2
HP Software Update (Version: 2.0.39.20040212)
HPSystemDiagnostics (Version: 1.5.0.0)
InstantShare (Version: 4.0.0.40)
Intel® 537EP Data Fax Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
iolo technologies' System Mechanic (Version: 10.8.5)
iTunes (Version: 9.0.3.15)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
JumpStart Explorers
KODAK Share Button App (Version: 2.02.0000.0000)
Learn2 Player (Uninstall Only)
Lock On: Modern Air Combat (Version: 1.00.000)
LockOn Flaming Cliffs 2
Logitech Gaming Software (Version: 4.40)
Mass Effect (Version: 1.00)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Age of Empires II
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft CART Precision Racing Trial
Microsoft Combat Flight Simulator 3.1
Microsoft Encarta Encyclopedia Standard 2004 (Version: 2004)
Microsoft Flight Simulator 2004 A Century of Flight (Version: 9.0)
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Learning and Research Plus Support Files (Version: 2003)
Microsoft Midtown Madness
Microsoft Midtown Madness 2
Microsoft Money 2004 (Version: 12.0.50)
Microsoft Money 2004 System Pack (Version: 12.0.80)
Microsoft Monster Truck Madness 2
Microsoft Motocross Madness
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Picture It! Express 7.0 (Version: 7.0.0.0000)
Microsoft Picture It! Photo Premium 9 (Version: 9.0.0.0000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft Streets and Trips 2004 (Version: 11.00.18.1900)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 07.03.0719)
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word (Version: 7.0.0.0000)
Monster Jam (Version: 1.00.000)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSN Internet Software
MSN Messenger 5.0 (Version: 5.0.0527)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML4 Parser (Version: 1.0.0)
MUSICMATCH® Jukebox
My Disney Kitchen
Napster
NASCAR SimRacing
Nero OEM
Network Play System (Patching)
NVIDIA Drivers
Orbital from Gateway (remove only)
Otto from Gateway (remove only)
Overball from Gateway (remove only)
Overland (Version: 2.1.5)
ParaWorld (Version: 1.00)
PC-Doctor for Windows
Pearl Harbor
PhotoGallery (Version: 43.1.5.000)
Polar Bowler from Gateway (remove only)
PrintScreen (Version: 43.1.5.000)
ProductContext (Version: 43.0.217.000)
QFolder (Version: 1.00.0000)
Quicken 2004 (Version: 13.00.0000)
QuickProjects (Version: 43.1.5.000)
QuickTime (Version: 7.65.17.80)
Readme (Version: 43.0.217.000)
RealPlayer Basic
Rise of Nations Gold (Version: 1.0)
RollerCoaster Tycoon 2
RollerCoaster Tycoon 2: Time Twister (Version: 1.00.000)
RollerCoaster Tycoon 2: Wacky Worlds
RollerCoaster Tycoon® 3 (Version: 1.00.000)
Roxio Burn Engine (Version: 1.2.0000)
Scan (Version: 4.1.0.0)
Scratches
Shockwave
Sierra Utilities
SimCoaster
SkinsHP1 (Version: 43.1.5.000)
Slyder from Gateway (remove only)
SPORE™ (Version: 1.05.0001)
SPORE™ Creepy & Cute Parts Pack (Version: 1.00.0000)
SPORE™ Galactic Adventures (Version: 1.01.0001)
Star Wars Empire at War (Version: 1.0)
Star Wars Empire at War Forces of Corruption (Version: 1.0)
System Requirements Lab
Tarzan Activity Center
The Office
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims Superstar
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 Celebration! Stuff
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 Kitchen & Bath Interior Design Stuff
The Sims™ 2 Mansion and Garden Stuff
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
Thomas & Friends - The Great Festival Adventure
Toy Story 2
Toy Story 2 Activity Center
TrayApp (Version: 43.1.5.000)
Ultimate Ride Disney Coaster
Uninstall Best Reading Program
Unload (Version: 4.0.0)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB Storage Adapter FX (SM1)
Virtools 3D Life Player (Version: 4.0.0.x)
WebFldrs XP (Version: 9.50.6513)
WebReg (Version: 43.1.5.000)
Windows Defender (Version: 1.1.1593.21)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows XP Service Pack 3 (Version: 20080414.031525)
Zoo Tycoon 2 (Version: 1.0)
Zoo Tycoon Expanded

========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 1006.73 MB
Available physical RAM: 772.06 MB
Total Pagefile: 1658.58 MB
Available Pagefile: 1516.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.91 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.79 GB) (Free:22.81 GB) NTFS
8 Drive j: (USB DISK) (Removable) (Total:1.91 GB) (Free:1.9 GB) FAT

========================= Users: ========================================

User accounts for \\

Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0


**** End of log ****

# AdwCleaner v2.011 - Logfile created 01/10/2013 at 07:42:30
# Updated 02/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - KIDS
# Boot Mode : Safe mode
# Running from : J:\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [2357 octets] - [06/12/2012 10:48:17]
AdwCleaner[S2].txt - [560 octets] - [10/01/2013 07:42:30]

########## EOF - C:\AdwCleaner[S2].txt - [619 octets] ##########

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:44 AM

Posted 10 January 2013 - 10:47 AM

Ok, first unless you work for the CIA ..
Your How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the prompts in the Fix it wizard.




Now...
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.



Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Pere92

Pere92
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 11 January 2013 - 07:21 AM

Hi - no, no CIA for me
I ran all requested programs but I had to leave before the ESET was through so unfortunaetly I missed getting a log. This morning however, on start up, I had to go in through Safe Mode because it was still shutting down during start up. I am on another computer now to send this. The Fix it Ran properl, I did the winsock reset and then aswMBR and ESET. It is unkown to me if a log was created - I left when it was at about 96% through and when I got home home the comp was off.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-10 13:01:15
-----------------------------
13:01:15.125 OS Version: Windows 5.1.2600 Service Pack 3
13:01:15.125 Number of processors: 2 586 0x303
13:01:15.171 ComputerName: KIDS UserName:
13:01:28.046 Initialize success
13:55:05.421 AVAST engine defs: 13011000
14:03:31.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:03:31.609 Disk 0 Vendor: WDC_WD1200BB-22DWA0 15.05R15 Size: 114473MB BusType: 3
14:03:31.625 Disk 0 MBR read successfully
14:03:31.625 Disk 0 MBR scan
14:03:31.718 Disk 0 Windows XP default MBR code
14:03:31.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114470 MB offset 63
14:03:31.750 Disk 0 scanning sectors +234436545
14:03:31.812 Disk 0 scanning C:\WINNT\system32\drivers
14:04:04.687 Service scanning
14:04:32.875 Service MpKsld57f6272 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C62AEF0D-1C66-4B11-981A-BCE72593DFE9}\MpKsld57f6272.sys **LOCKED** 32
14:04:56.656 Modules scanning
14:05:05.250 Disk 0 trace - called modules:
14:05:05.265 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:05:05.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b7dab8]
14:05:05.281 3 CLASSPNP.SYS[f7643fd7] -> nt!IofCallDriver -> \Device\0000006a[0x86b89f18]
14:05:05.281 5 ACPI.sys[f75aa620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b68d98]
14:05:05.906 AVAST engine scan C:\WINNT
14:05:45.718 AVAST engine scan C:\WINNT\system32
14:12:02.765 AVAST engine scan C:\WINNT\system32\drivers
14:12:41.015 AVAST engine scan C:\Documents and Settings\Owner
14:16:26.093 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
14:16:26.125 The log file has been saved successfully to "J:\aswMBR.txt"

Edited by Pere92, 11 January 2013 - 07:24 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:44 AM

Posted 11 January 2013 - 10:50 AM

Ok Lets look at a new Minitoolbox. Re run it with only this checked.
•List content of Hosts

•List Winsock Entries



The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on the desktop.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Pere92

Pere92
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 11 January 2013 - 02:14 PM

I almost couldn't get it started. This is making me sooo nervous. Anyway, I ran the mini tool and also got the ESET log. Thanks.

ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=f04adea541331c4ba79df6917a8756f0
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-06 04:44:54
# local_time=2012-12-05 11:44:54 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5889 16768382 80 100 142582293 194593440 0 141831894
# scanned=319896
# found=4
# cleaned=4
# scan_time=18149
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BYQZNK2R\cat-and-dolphin-playing-together[1].txt HTML/ScrInject.B.Gen virus (deleted - quarantined) 4BC3B29F5C657DDC1783B5B4D92157B989CE3A8D C
C:\Documents and Settings\Owner\Local Settings\Application Data\IsolatedStorage\Identities\wcgso.dll a variant of Win32/Kryptik.APHW trojan (cleaned by deleting (after the next restart) - quarantined) 55E3632EEF3A492B7D43202323100F7AAB1F0F38 C
C:\WINNT\wt\backup\1.6.0.037\wcmdmgrl.exe Win32/Adware.WildTangent application (cleaned by deleting - quarantined) 1F724BE8515469AD82580650A05DBA5C004156F4 C
C:\WINNT\wt\updater\wcmdmgrl.exe Win32/Adware.WildTangent application (cleaned by deleting - quarantined) 1F724BE8515469AD82580650A05DBA5C004156F4 C
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=f04adea541331c4ba79df6917a8756f0
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-01-11 01:07:26
# local_time=2013-01-10 08:07:26 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5892 16777213 88 94 1109582 10562618 0 0
# scanned=319473
# found=2
# cleaned=2
# scan_time=20356
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP2064\A1127618.exe Win32/Adware.WildTangent application (cleaned by deleting - quarantined) 1F724BE8515469AD82580650A05DBA5C004156F4 C
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP2064\A1127619.exe Win32/Adware.WildTangent application (cleaned by deleting - quarantined) 1F724BE8515469AD82580650A05DBA5C004156F4 C



MiniToolBox by Farbar Version: 25-11-2012
Ran by Owner (administrator) on 11-01-2013 at 13:53:34
Running from "J:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Minimal
***************************************************************************
========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost

========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [File Not found] ()
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 02 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 03 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 04 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 05 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 07 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 08 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 09 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 10 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 11 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 12 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 13 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 14 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 15 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 16 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 17 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 18 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 19 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 20 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 21 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 22 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 23 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 24 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 25 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 26 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 27 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 28 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 29 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 30 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 31 C:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 32 C:\Windows\system32\rsvpsp.dll [File Not found] ()
Catalog9 33 C:\Windows\system32\rsvpsp.dll [File Not found] ()

**** End of log ****

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:44 AM

Posted 11 January 2013 - 04:41 PM

OK, thats because the rootkit(s) is still alive. To remove.we should get a deeper look. Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Pere92

Pere92
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 13 January 2013 - 09:14 PM

Working on it now in the other forum - thank you SO much for your time - found the zeroaccess rootkit....

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:44 AM

Posted 13 January 2013 - 09:26 PM

You're welcome.. You are in great hands with gringo. So as to avoid confusion and others posting here I will close this.

Thanks for the update.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users