Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

“Exploit:Java/CVE-2013-0507”


  • Please log in to reply
8 replies to this topic

#1 sonrol

sonrol

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 17 January 2013 - 03:20 PM

OS is XP PRO SP3.

Once every week I do a complete scan in Safe Mode using MSE. Two weeks ago MSE detected “Exploit:Java/CVE-2013-0507” and safely removed it. During the following week’s scan it detected “Exploit:Java/CVE-2013-4681”and safely removed it. Last night’s scan detected “Exploit:Java/CVE-2013-0422” and said that it was safely removed.
Apparently this file is some sort of Trojan that is difficult to remove and keeps coming back.

Can someone here guide me through the permanent removal process?

Thank you,

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 PM

Posted 17 January 2013 - 03:21 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 sonrol

sonrol
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 17 January 2013 - 06:55 PM

The following are the first 2 logs. I messed up on the third and hit continue instead of exporting the log. I did make a note of the one threat that it found. It was "win32/kryptik.asik.gen trojan". I hope that I did not mess up anything.


15:46:22.0171 3092 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:46:22.0546 3092 ============================================================
15:46:22.0546 3092 Current date / time: 2013/01/17 15:46:22.0546
15:46:22.0546 3092 SystemInfo:
15:46:22.0546 3092
15:46:22.0546 3092 OS Version: 5.1.2600 ServicePack: 3.0
15:46:22.0546 3092 Product type: Workstation
15:46:22.0546 3092 ComputerName: WINXP_PRO
15:46:22.0546 3092 UserName: Sonny
15:46:22.0546 3092 Windows directory: C:\WINDOWS
15:46:22.0546 3092 System windows directory: C:\WINDOWS
15:46:22.0546 3092 Processor architecture: Intel x86
15:46:22.0546 3092 Number of processors: 2
15:46:22.0546 3092 Page size: 0x1000
15:46:22.0546 3092 Boot type: Normal boot
15:46:22.0546 3092 ============================================================
15:46:24.0250 3092 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:46:42.0328 3092 Drive \Device\Harddisk1\DR3 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:46:42.0359 3092 ============================================================
15:46:42.0359 3092 \Device\Harddisk0\DR0:
15:46:42.0375 3092 MBR partitions:
15:46:42.0375 3092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x74315A, BlocksNum 0x39C41AE7
15:46:42.0375 3092 \Device\Harddisk1\DR3:
15:46:42.0375 3092 MBR partitions:
15:46:42.0375 3092 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
15:46:42.0375 3092 ============================================================
15:46:42.0406 3092 C: <-> \Device\Harddisk0\DR0\Partition1
15:46:42.0421 3092 I: <-> \Device\Harddisk1\DR3\Partition1
15:46:42.0421 3092 ============================================================
15:46:42.0421 3092 Initialize success
15:46:42.0421 3092 ============================================================
15:47:32.0578 0608 ============================================================
15:47:32.0578 0608 Scan started
15:47:32.0578 0608 Mode: Manual; TDLFS;
15:47:32.0578 0608 ============================================================
15:47:33.0171 0608 ================ Scan system memory ========================
15:47:33.0171 0608 System memory - ok
15:47:33.0171 0608 ================ Scan services =============================
15:47:33.0281 0608 Abiosdsk - ok
15:47:33.0281 0608 abp480n5 - ok
15:47:33.0312 0608 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:47:33.0312 0608 ACPI - ok
15:47:33.0328 0608 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:47:33.0328 0608 ACPIEC - ok
15:47:33.0406 0608 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:47:33.0406 0608 AdobeFlashPlayerUpdateSvc - ok
15:47:33.0421 0608 adpu160m - ok
15:47:33.0437 0608 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:47:33.0437 0608 aec - ok
15:47:33.0468 0608 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:47:33.0468 0608 AFD - ok
15:47:33.0468 0608 Aha154x - ok
15:47:33.0484 0608 aic78u2 - ok
15:47:33.0484 0608 aic78xx - ok
15:47:33.0515 0608 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:47:33.0515 0608 Alerter - ok
15:47:33.0546 0608 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:47:33.0546 0608 ALG - ok
15:47:33.0546 0608 AliIde - ok
15:47:33.0546 0608 amsint - ok
15:47:33.0562 0608 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:47:33.0578 0608 AppMgmt - ok
15:47:33.0578 0608 asc - ok
15:47:33.0578 0608 asc3350p - ok
15:47:33.0578 0608 asc3550 - ok
15:47:33.0687 0608 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:47:33.0687 0608 aspnet_state - ok
15:47:33.0718 0608 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:47:33.0718 0608 AsyncMac - ok
15:47:33.0734 0608 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:47:33.0734 0608 atapi - ok
15:47:33.0734 0608 Atdisk - ok
15:47:33.0765 0608 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:47:33.0765 0608 Atmarpc - ok
15:47:33.0796 0608 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:47:33.0796 0608 AudioSrv - ok
15:47:33.0843 0608 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:47:33.0843 0608 audstub - ok
15:47:33.0843 0608 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:47:33.0859 0608 Beep - ok
15:47:33.0890 0608 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
15:47:33.0906 0608 BITS - ok
15:47:33.0937 0608 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
15:47:33.0937 0608 Browser - ok
15:47:33.0937 0608 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:47:33.0953 0608 cbidf2k - ok
15:47:34.0031 0608 [ 8EF654045E518AC00E52E7A1E2D3AD70 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
15:47:34.0062 0608 CCALib8 - ok
15:47:34.0062 0608 cd20xrnt - ok
15:47:34.0062 0608 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:47:34.0062 0608 Cdaudio - ok
15:47:34.0062 0608 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:47:34.0062 0608 Cdfs - ok
15:47:34.0078 0608 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:47:34.0078 0608 Cdrom - ok
15:47:34.0078 0608 Changer - ok
15:47:34.0109 0608 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:47:34.0109 0608 CiSvc - ok
15:47:34.0125 0608 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:47:34.0125 0608 ClipSrv - ok
15:47:34.0203 0608 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:47:34.0203 0608 clr_optimization_v2.0.50727_32 - ok
15:47:34.0234 0608 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:47:34.0234 0608 clr_optimization_v4.0.30319_32 - ok
15:47:34.0234 0608 CmdIde - ok
15:47:34.0250 0608 COMSysApp - ok
15:47:34.0250 0608 Cpqarray - ok
15:47:34.0296 0608 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:47:34.0296 0608 CryptSvc - ok
15:47:34.0296 0608 dac2w2k - ok
15:47:34.0296 0608 dac960nt - ok
15:47:34.0343 0608 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:47:34.0359 0608 DcomLaunch - ok
15:47:34.0406 0608 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:47:34.0406 0608 Dhcp - ok
15:47:34.0406 0608 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:47:34.0406 0608 Disk - ok
15:47:34.0421 0608 dmadmin - ok
15:47:34.0437 0608 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:47:34.0453 0608 dmboot - ok
15:47:34.0453 0608 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:47:34.0453 0608 dmio - ok
15:47:34.0484 0608 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:47:34.0484 0608 dmload - ok
15:47:34.0515 0608 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:47:34.0515 0608 dmserver - ok
15:47:34.0546 0608 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:47:34.0546 0608 DMusic - ok
15:47:34.0578 0608 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:47:34.0578 0608 Dnscache - ok
15:47:34.0593 0608 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:47:34.0593 0608 Dot3svc - ok
15:47:34.0593 0608 dpti2o - ok
15:47:34.0625 0608 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:47:34.0625 0608 drmkaud - ok
15:47:34.0640 0608 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:47:34.0656 0608 EapHost - ok
15:47:34.0671 0608 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:47:34.0671 0608 ERSvc - ok
15:47:34.0718 0608 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:47:34.0718 0608 Eventlog - ok
15:47:34.0718 0608 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
15:47:34.0718 0608 EventSystem - ok
15:47:34.0765 0608 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:47:34.0781 0608 Fastfat - ok
15:47:34.0781 0608 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:47:34.0781 0608 FastUserSwitchingCompatibility - ok
15:47:34.0796 0608 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
15:47:34.0796 0608 Fdc - ok
15:47:34.0812 0608 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:47:34.0812 0608 Fips - ok
15:47:34.0812 0608 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
15:47:34.0812 0608 Flpydisk - ok
15:47:34.0828 0608 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:47:34.0828 0608 FltMgr - ok
15:47:34.0875 0608 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:47:34.0890 0608 FontCache3.0.0.0 - ok
15:47:34.0937 0608 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:47:34.0937 0608 Fs_Rec - ok
15:47:34.0937 0608 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:47:34.0937 0608 Ftdisk - ok
15:47:34.0953 0608 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:47:34.0968 0608 Gpc - ok
15:47:34.0968 0608 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:47:34.0968 0608 HDAudBus - ok
15:47:35.0062 0608 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:47:35.0062 0608 helpsvc - ok
15:47:35.0062 0608 HidServ - ok
15:47:35.0109 0608 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:47:35.0109 0608 hkmsvc - ok
15:47:35.0109 0608 hpn - ok
15:47:35.0156 0608 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:47:35.0156 0608 HTTP - ok
15:47:35.0187 0608 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:47:35.0203 0608 HTTPFilter - ok
15:47:35.0203 0608 i2omgmt - ok
15:47:35.0203 0608 i2omp - ok
15:47:35.0203 0608 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:47:35.0203 0608 i8042prt - ok
15:47:35.0328 0608 [ CD32607F1CC8AC67224334AE123F7B98 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:47:35.0421 0608 ialm - ok
15:47:35.0546 0608 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:47:35.0562 0608 idsvc - ok
15:47:35.0562 0608 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:47:35.0562 0608 Imapi - ok
15:47:35.0609 0608 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:47:35.0609 0608 ImapiService - ok
15:47:35.0609 0608 ini910u - ok
15:47:35.0703 0608 [ FB4293B1EAB313C28D4A1B8DB61ACA72 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:47:35.0734 0608 IntcAzAudAddService - ok
15:47:35.0734 0608 IntelIde - ok
15:47:35.0750 0608 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:47:35.0750 0608 intelppm - ok
15:47:35.0859 0608 [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
15:47:35.0859 0608 IntuitUpdateServiceV4 - ok
15:47:35.0875 0608 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:47:35.0875 0608 Ip6Fw - ok
15:47:35.0906 0608 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:47:35.0906 0608 IpFilterDriver - ok
15:47:35.0921 0608 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:47:35.0921 0608 IpInIp - ok
15:47:35.0953 0608 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:47:35.0953 0608 IpNat - ok
15:47:35.0953 0608 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:47:35.0953 0608 IPSec - ok
15:47:35.0984 0608 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:47:35.0984 0608 IRENUM - ok
15:47:36.0046 0608 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:47:36.0046 0608 isapnp - ok
15:47:36.0109 0608 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
15:47:36.0109 0608 JavaQuickStarterService - ok
15:47:36.0125 0608 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:47:36.0125 0608 Kbdclass - ok
15:47:36.0140 0608 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:47:36.0140 0608 kmixer - ok
15:47:36.0187 0608 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:47:36.0187 0608 KSecDD - ok
15:47:36.0234 0608 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:47:36.0234 0608 lanmanserver - ok
15:47:36.0250 0608 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:47:36.0250 0608 lanmanworkstation - ok
15:47:36.0250 0608 lbrtfdc - ok
15:47:36.0312 0608 [ C12476DE1AFFB1BBA1A48A459CEB3D39 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:47:36.0328 0608 LightScribeService - ok
15:47:36.0375 0608 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:47:36.0375 0608 LmHosts - ok
15:47:36.0406 0608 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:47:36.0406 0608 Messenger - ok
15:47:36.0437 0608 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:47:36.0437 0608 mnmdd - ok
15:47:36.0484 0608 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:47:36.0484 0608 mnmsrvc - ok
15:47:36.0500 0608 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:47:36.0500 0608 Modem - ok
15:47:36.0531 0608 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:47:36.0531 0608 Mouclass - ok
15:47:36.0531 0608 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:47:36.0531 0608 MountMgr - ok
15:47:36.0578 0608 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:47:36.0578 0608 MozillaMaintenance - ok
15:47:36.0625 0608 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:47:36.0625 0608 MpFilter - ok
15:47:36.0718 0608 [ A69630D039C38018689190234F866D77 ] MpKsl9b4bed46 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{776F551D-01F1-42A5-8885-36B6678A5BF9}\MpKsl9b4bed46.sys
15:47:36.0718 0608 MpKsl9b4bed46 - ok
15:47:36.0718 0608 mraid35x - ok
15:47:36.0734 0608 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:47:36.0734 0608 MRxDAV - ok
15:47:36.0750 0608 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:47:36.0750 0608 MRxSmb - ok
15:47:36.0765 0608 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:47:36.0781 0608 MSDTC - ok
15:47:36.0796 0608 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:47:36.0796 0608 Msfs - ok
15:47:36.0796 0608 MSIServer - ok
15:47:36.0828 0608 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:47:36.0828 0608 MSKSSRV - ok
15:47:36.0875 0608 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
15:47:36.0875 0608 MsMpSvc - ok
15:47:36.0890 0608 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:47:36.0890 0608 MSPCLOCK - ok
15:47:36.0906 0608 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:47:36.0906 0608 MSPQM - ok
15:47:36.0921 0608 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:47:36.0921 0608 mssmbios - ok
15:47:36.0937 0608 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
15:47:36.0937 0608 MTsensor - ok
15:47:36.0953 0608 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:47:36.0953 0608 Mup - ok
15:47:36.0984 0608 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:47:36.0984 0608 napagent - ok
15:47:37.0015 0608 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:47:37.0015 0608 NDIS - ok
15:47:37.0015 0608 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:47:37.0015 0608 NdisTapi - ok
15:47:37.0031 0608 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:47:37.0031 0608 Ndisuio - ok
15:47:37.0031 0608 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:47:37.0046 0608 NdisWan - ok
15:47:37.0046 0608 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:47:37.0046 0608 NDProxy - ok
15:47:37.0062 0608 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:47:37.0062 0608 NetBIOS - ok
15:47:37.0093 0608 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:47:37.0093 0608 NetBT - ok
15:47:37.0125 0608 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:47:37.0125 0608 NetDDE - ok
15:47:37.0125 0608 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:47:37.0125 0608 NetDDEdsdm - ok
15:47:37.0156 0608 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:47:37.0156 0608 Netlogon - ok
15:47:37.0156 0608 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:47:37.0171 0608 Netman - ok
15:47:37.0218 0608 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:47:37.0218 0608 NetTcpPortSharing - ok
15:47:37.0250 0608 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:47:37.0250 0608 Nla - ok
15:47:37.0250 0608 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:47:37.0250 0608 Npfs - ok
15:47:37.0265 0608 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:47:37.0265 0608 Ntfs - ok
15:47:37.0265 0608 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:47:37.0265 0608 NtLmSsp - ok
15:47:37.0296 0608 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:47:37.0296 0608 NtmsSvc - ok
15:47:37.0343 0608 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:47:37.0343 0608 Null - ok
15:47:37.0359 0608 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:47:37.0359 0608 NwlnkFlt - ok
15:47:37.0375 0608 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:47:37.0375 0608 NwlnkFwd - ok
15:47:37.0531 0608 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:47:37.0546 0608 odserv - ok
15:47:37.0578 0608 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:47:37.0578 0608 ose - ok
15:47:37.0625 0608 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
15:47:37.0625 0608 Parport - ok
15:47:37.0640 0608 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:47:37.0640 0608 PartMgr - ok
15:47:37.0656 0608 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:47:37.0656 0608 ParVdm - ok
15:47:37.0656 0608 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:47:37.0656 0608 PCI - ok
15:47:37.0656 0608 PCIDump - ok
15:47:37.0656 0608 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:47:37.0656 0608 PCIIde - ok
15:47:37.0687 0608 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:47:37.0687 0608 Pcmcia - ok
15:47:37.0687 0608 PDCOMP - ok
15:47:37.0687 0608 PDFRAME - ok
15:47:37.0703 0608 PDRELI - ok
15:47:37.0703 0608 PDRFRAME - ok
15:47:37.0703 0608 perc2 - ok
15:47:37.0703 0608 perc2hib - ok
15:47:37.0734 0608 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:47:37.0750 0608 PlugPlay - ok
15:47:37.0750 0608 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:47:37.0750 0608 PolicyAgent - ok
15:47:37.0796 0608 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:47:37.0796 0608 PptpMiniport - ok
15:47:37.0796 0608 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:47:37.0796 0608 ProtectedStorage - ok
15:47:37.0796 0608 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:47:37.0796 0608 PSched - ok
15:47:37.0812 0608 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:47:37.0812 0608 Ptilink - ok
15:47:37.0812 0608 ql1080 - ok
15:47:37.0812 0608 Ql10wnt - ok
15:47:37.0812 0608 ql12160 - ok
15:47:37.0828 0608 ql1240 - ok
15:47:37.0828 0608 ql1280 - ok
15:47:37.0843 0608 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:47:37.0843 0608 RasAcd - ok
15:47:37.0875 0608 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:47:37.0875 0608 RasAuto - ok
15:47:37.0906 0608 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:47:37.0906 0608 Rasl2tp - ok
15:47:37.0937 0608 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:47:37.0937 0608 RasMan - ok
15:47:37.0937 0608 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:47:37.0953 0608 RasPppoe - ok
15:47:37.0953 0608 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:47:37.0953 0608 Raspti - ok
15:47:37.0968 0608 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:47:37.0968 0608 Rdbss - ok
15:47:37.0968 0608 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:47:37.0968 0608 RDPCDD - ok
15:47:37.0984 0608 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:47:37.0984 0608 rdpdr - ok
15:47:38.0031 0608 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:47:38.0031 0608 RDPWD - ok
15:47:38.0062 0608 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:47:38.0062 0608 RDSessMgr - ok
15:47:38.0078 0608 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:47:38.0078 0608 redbook - ok
15:47:38.0109 0608 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:47:38.0109 0608 RemoteAccess - ok
15:47:38.0140 0608 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:47:38.0140 0608 RemoteRegistry - ok
15:47:38.0187 0608 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
15:47:38.0187 0608 RpcLocator - ok
15:47:38.0218 0608 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:47:38.0218 0608 RpcSs - ok
15:47:38.0281 0608 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:47:38.0281 0608 RSVP - ok
15:47:38.0328 0608 [ F0A21C62B9B835E1C96268EAAE31D239 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
15:47:38.0328 0608 RTLE8023xp - ok
15:47:38.0328 0608 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:47:38.0328 0608 SamSs - ok
15:47:38.0375 0608 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:47:38.0375 0608 SASDIFSV - ok
15:47:38.0375 0608 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:47:38.0375 0608 SASKUTIL - ok
15:47:38.0406 0608 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:47:38.0406 0608 SCardSvr - ok
15:47:38.0437 0608 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:47:38.0437 0608 Schedule - ok
15:47:38.0468 0608 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:47:38.0468 0608 Secdrv - ok
15:47:38.0500 0608 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:47:38.0500 0608 seclogon - ok
15:47:38.0515 0608 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:47:38.0515 0608 SENS - ok
15:47:38.0531 0608 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:47:38.0531 0608 serenum - ok
15:47:38.0531 0608 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:47:38.0531 0608 Serial - ok
15:47:38.0546 0608 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:47:38.0546 0608 Sfloppy - ok
15:47:38.0593 0608 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:47:38.0609 0608 SharedAccess - ok
15:47:38.0609 0608 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:47:38.0625 0608 ShellHWDetection - ok
15:47:38.0625 0608 Simbad - ok
15:47:38.0625 0608 Sparrow - ok
15:47:38.0640 0608 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:47:38.0640 0608 splitter - ok
15:47:38.0687 0608 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:47:38.0687 0608 Spooler - ok
15:47:38.0703 0608 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:47:38.0703 0608 sr - ok
15:47:38.0718 0608 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:47:38.0718 0608 srservice - ok
15:47:38.0765 0608 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:47:38.0765 0608 Srv - ok
15:47:38.0765 0608 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:47:38.0765 0608 SSDPSRV - ok
15:47:38.0828 0608 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:47:38.0828 0608 stisvc - ok
15:47:38.0843 0608 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:47:38.0843 0608 swenum - ok
15:47:38.0859 0608 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:47:38.0859 0608 swmidi - ok
15:47:38.0859 0608 SwPrv - ok
15:47:38.0859 0608 symc810 - ok
15:47:38.0859 0608 symc8xx - ok
15:47:38.0875 0608 sym_hi - ok
15:47:38.0875 0608 sym_u3 - ok
15:47:38.0921 0608 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:47:38.0921 0608 sysaudio - ok
15:47:38.0937 0608 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:47:38.0953 0608 SysmonLog - ok
15:47:38.0984 0608 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:47:38.0984 0608 TapiSrv - ok
15:47:39.0000 0608 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:47:39.0000 0608 Tcpip - ok
15:47:39.0015 0608 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:47:39.0015 0608 TDPIPE - ok
15:47:39.0031 0608 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:47:39.0031 0608 TDTCP - ok
15:47:39.0062 0608 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:47:39.0062 0608 TermDD - ok
15:47:39.0109 0608 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:47:39.0109 0608 TermService - ok
15:47:39.0125 0608 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:47:39.0125 0608 Themes - ok
15:47:39.0140 0608 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:47:39.0140 0608 TlntSvr - ok
15:47:39.0156 0608 TosIde - ok
15:47:39.0171 0608 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:47:39.0171 0608 TrkWks - ok
15:47:39.0203 0608 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:47:39.0203 0608 Udfs - ok
15:47:39.0203 0608 ultra - ok
15:47:39.0234 0608 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
15:47:39.0234 0608 UMWdf - ok
15:47:39.0250 0608 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:47:39.0265 0608 Update - ok
15:47:39.0296 0608 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:47:39.0296 0608 upnphost - ok
15:47:39.0312 0608 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:47:39.0312 0608 UPS - ok
15:47:39.0343 0608 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:47:39.0343 0608 usbehci - ok
15:47:39.0359 0608 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:47:39.0359 0608 usbhub - ok
15:47:39.0390 0608 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:47:39.0406 0608 usbscan - ok
15:47:39.0406 0608 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:47:39.0421 0608 usbstor - ok
15:47:39.0421 0608 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:47:39.0421 0608 usbuhci - ok
15:47:39.0468 0608 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:47:39.0468 0608 VgaSave - ok
15:47:39.0468 0608 ViaIde - ok
15:47:39.0468 0608 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:47:39.0468 0608 VolSnap - ok
15:47:39.0500 0608 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:47:39.0500 0608 VSS - ok
15:47:39.0531 0608 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
15:47:39.0531 0608 W32Time - ok
15:47:39.0546 0608 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:47:39.0546 0608 Wanarp - ok
15:47:39.0593 0608 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
15:47:39.0625 0608 WDC_SAM - ok
15:47:39.0703 0608 [ BF847A3972CC6B5CE26E0EA742DD52D9 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
15:47:39.0703 0608 WDDMService - ok
15:47:39.0765 0608 [ B5966F1DFF6E20576F3C8C2D93D129FD ] WDFME C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
15:47:39.0781 0608 WDFME - ok
15:47:39.0781 0608 WDICA - ok
15:47:39.0796 0608 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:47:39.0796 0608 wdmaud - ok
15:47:39.0812 0608 [ 92F0088CA18BB08BB596EF2608256F8A ] WDSC C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
15:47:39.0828 0608 WDSC - ok
15:47:39.0875 0608 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:47:39.0875 0608 WebClient - ok
15:47:39.0953 0608 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:47:39.0953 0608 winmgmt - ok
15:47:39.0984 0608 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:47:39.0984 0608 WmdmPmSN - ok
15:47:40.0015 0608 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:47:40.0031 0608 Wmi - ok
15:47:40.0046 0608 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:47:40.0046 0608 WmiApSrv - ok
15:47:40.0140 0608 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:47:40.0140 0608 WPFFontCache_v0400 - ok
15:47:40.0187 0608 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:47:40.0187 0608 wscsvc - ok
15:47:40.0187 0608 WSearch - ok
15:47:40.0234 0608 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:47:40.0234 0608 wuauserv - ok
15:47:40.0250 0608 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:47:40.0250 0608 WZCSVC - ok
15:47:40.0281 0608 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:47:40.0281 0608 xmlprov - ok
15:47:40.0281 0608 ================ Scan global ===============================
15:47:40.0312 0608 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:47:40.0359 0608 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:47:40.0359 0608 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
15:47:40.0375 0608 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:47:40.0375 0608 [Global] - ok
15:47:40.0375 0608 ================ Scan MBR ==================================
15:47:40.0390 0608 [ 923A599A126887912E20C0D762FB67BC ] \Device\Harddisk0\DR0
15:47:40.0703 0608 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:47:40.0703 0608 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:47:40.0703 0608 [ 923A599A126887912E20C0D762FB67BC ] \Device\Harddisk1\DR3
15:47:40.0828 0608 \Device\Harddisk1\DR3 - ok
15:47:40.0843 0608 ================ Scan VBR ==================================
15:47:40.0843 0608 [ 1715D44B632C28D7FB45CD22EF0B2C3D ] \Device\Harddisk0\DR0\Partition1
15:47:40.0843 0608 \Device\Harddisk0\DR0\Partition1 - ok
15:47:40.0843 0608 [ 4AE21F4C5DA1EDE45B67ADA07CB293B0 ] \Device\Harddisk1\DR3\Partition1
15:47:40.0843 0608 \Device\Harddisk1\DR3\Partition1 - ok
15:47:40.0843 0608 ============================================================
15:47:40.0843 0608 Scan finished
15:47:40.0843 0608 ============================================================
15:47:40.0843 2424 Detected object count: 1
15:47:40.0843 2424 Actual detected object count: 1
15:48:01.0453 2424 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:48:01.0453 2424 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:48:33.0906 2812 Deinitialize success

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-17 15:50:54
-----------------------------
15:50:54.265 OS Version: Windows 5.1.2600 Service Pack 3
15:50:54.265 Number of processors: 2 586 0x170A
15:50:54.265 ComputerName: WINXP_PRO UserName: Sonny
15:50:55.109 Initialize success
15:53:40.468 AVAST engine defs: 13011701
15:54:02.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
15:54:02.234 Disk 0 Vendor: ST3500418AS CC34 Size: 476940MB BusType: 3
15:54:02.265 Disk 0 MBR read successfully
15:54:02.265 Disk 0 MBR scan
15:54:02.281 Disk 0 unknown MBR code
15:54:02.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 473219 MB offset 7614810
15:54:02.296 Disk 0 Partition 2 00 12 Compaq diag RECOVERY 3718 MB offset 63
15:54:03.062 Disk 0 scanning sectors +976768065
15:54:03.140 Disk 0 scanning C:\WINDOWS\system32\drivers
15:54:16.828 Service scanning
15:54:23.890 Service MpKsl9b4bed46 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{776F551D-01F1-42A5-8885-36B6678A5BF9}\MpKsl9b4bed46.sys **LOCKED** 32
15:54:32.875 Modules scanning
15:54:35.625 Disk 0 trace - called modules:
15:54:35.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:54:35.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b15cab8]
15:54:35.640 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000061[0x8b1c7700]
15:54:35.640 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8b0e4d98]
15:54:39.531 AVAST engine scan C:\WINDOWS
15:55:01.187 AVAST engine scan C:\WINDOWS\system32
15:58:56.328 AVAST engine scan C:\WINDOWS\system32\drivers
15:59:26.750 AVAST engine scan C:\Documents and Settings\Sonny
16:17:38.265 AVAST engine scan C:\Documents and Settings\All Users
16:18:59.937 Scan finished successfully
16:19:53.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sonny\Desktop\MBR.dat"
16:19:53.187 The log file has been saved successfully to "C:\Documents and Settings\Sonny\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 PM

Posted 17 January 2013 - 06:57 PM

Run TDSSkiller and select DELETE

15:48:01.0453 2424 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#5 sonrol

sonrol
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 17 January 2013 - 07:27 PM

I am afraid that I do not understand the following instruction.

Run TDSSkiller and "select DELETE

15:48:01.0453 2424 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip "

Where do I selet delete? The scan found no threats.

#6 sonrol

sonrol
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 17 January 2013 - 09:49 PM

As requested, here are the logs

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.17.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sonny :: WINXP_PRO [administrator]

1/17/2013 7:12:13 PM
mbam-log-2013-01-17 (19-12-13).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 401157
Time elapsed: 1 hour(s), 31 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Sonny\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\53\adc87b5-41d028dd (Trojan.Tracur.ED) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{698B9A31-A43C-4532-B828-8302A308D698}\RP151\A0025317.exe (Trojan.Tracur.ED) -> Quarantined and deleted successfully.

(end)

MiniToolBox by Farbar Version: 23-07-2012
Ran by Sonny (administrator) on 17-01-2013 at 21:03:19
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15290 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek RTL8102E Family PCI-E Fast Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : winxp_pro

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-26-18-54-16-DA

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Thursday, January 17, 2013 6:38:02 PM

Lease Expires . . . . . . . . . . : Friday, January 18, 2013 6:38:02 PM

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.226.229, 74.125.226.226, 74.125.226.227, 74.125.226.232
74.125.226.231, 74.125.226.230, 74.125.226.225, 74.125.226.228, 74.125.226.224
74.125.226.233, 74.125.226.238



Pinging google.com [173.194.43.36] with 32 bytes of data:



Reply from 173.194.43.36: bytes=32 time=19ms TTL=55

Reply from 173.194.43.36: bytes=32 time=31ms TTL=55



Ping statistics for 173.194.43.36:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 31ms, Average = 25ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 206.190.36.45



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=99ms TTL=49

Reply from 206.190.36.45: bytes=32 time=145ms TTL=49



Ping statistics for 206.190.36.45:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 99ms, Maximum = 145ms, Average = 122ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 26 18 54 16 da ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 20
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 20
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 20
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/16/2013 05:47:02 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/15/2013 07:43:40 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (01/14/2013 06:41:41 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/10/2013 05:54:25 PM) (Source: Application Hang) (User: )
Description: Fault bucket 02223586.

Error: (01/10/2013 05:54:18 PM) (Source: Application Hang) (User: )
Description: Hanging application Visio32.exe, version 6.0.0.1159, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/10/2013 06:28:33 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.1.522.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/08/2013 02:33:11 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/08/2013 02:31:51 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\CONFIG.MSI\14AA8DB.RBS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/08/2013 02:28:13 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\CONFIG.MSI\14AA8CF.RBS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/08/2013 02:27:54 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\CONFIG.MSI\14AA8C9.RBS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (01/13/2013 11:59:54 AM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\Western Digital\WD SmartWare\Front Parlor\XP\Shadow.dll.
Reference error message: The operation completed successfully.
.

Error: (01/13/2013 11:59:54 AM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (01/13/2013 11:59:54 AM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (01/13/2013 05:18:35 AM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\Western Digital\WD SmartWare\Front Parlor\XP\Shadow.dll.
Reference error message: The operation completed successfully.
.

Error: (01/13/2013 05:18:35 AM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (01/13/2013 05:18:35 AM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (01/12/2013 00:20:35 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\Western Digital\WD SmartWare\Front Parlor\XP\Shadow.dll.
Reference error message: The operation completed successfully.
.

Error: (01/12/2013 00:20:35 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC90.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (01/12/2013 00:20:35 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (01/12/2013 09:27:54 AM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\Western Digital\WD SmartWare\Front Parlor\XP\Shadow.dll.
Reference error message: The operation completed successfully.
.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

2007 Microsoft Office system (Version: 12.0.6612.1000)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Add-ons (Version: 1.0.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader XI (11.0.01) (Version: 11.0.01)
Annotations (Version: 1.0.0.0)
Annotations Help (Version: 1.0.0.0)
Block Diagrams (Version: 1.0.0.0)
Block Diagrams Help (Version: 1.0.0.0)
Borders and Backgrounds (Version: 1.0.0.0)
Borders and Backgrounds Help (Version: 1.0.0.0)
Building Architecture (Version: 1.0.0.0)
Building Architecture Help (Version: 1.0.0.0)
Building Services (Version: 1.0.0.0)
Building Services Help (Version: 1.0.0.0)
CAD Drawing Converter (Version: 1.0.0.0)
CAD Drawing Converter Help (Version: 1.0.0.0)
CAD Drawing Display (Version: 1.0.0.0)
Callouts and Connectors (Version: 1.0.0.0)
Callouts and Connectors Help (Version: 1.0.0.0)
Canon Camera Access Library (Version: 8.4.0.1)
Canon DIGITAL CAMERA Solution Disk Software Guide (Version: 1.0.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.0.4)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.2.0.34)
Canon Personal Printing Guide (Version: 1.0.0.1)
Canon PowerShot SX120 IS Camera User Guide (Version: 1.0.1.2)
Canon Utilities CameraWindow (Version: 7.3.0.4)
Canon Utilities CameraWindow DC (Version: 7.4.1.10)
Canon Utilities CameraWindow DC 8 (Version: 8.0.0.19)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.5.0.3)
Canon Utilities MyCamera (Version: 7.3.0.5)
Canon Utilities MyCamera DC (Version: 7.2.1.6)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.8.0.1)
Canon Utilities ZoomBrowser EX (Version: 6.4.0.7)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.2.11)
Clip Art and Symbols (Version: 1.0.0.0)
Clip Art and Symbols Help (Version: 1.0.0.0)
Custom Patterns (Version: 1.0.0.0)
Custom Properties Editor (Version: 1.0.0.0)
Database Wizard (Version: 1.0.0.0)
Developing Visio Solutions Help (Version: 1.0.0.0)
EasyCleaner (Version: 2.0.6.380)
Electrical Engineering (Version: 1.0.0.0)
Electrical Engineering Help (Version: 1.0.0.0)
Equipment Selector (Version: 1.0.0.0)
Equipment Selector Furniture Database (Version: 1.0.0.0)
Equipment Selector Help (Version: 1.0.0.0)
ESET Online Scanner v3
Facilities Management (Version: 1.0.0.0)
Facilities Management Help (Version: 1.0.0.0)
Flowcharts (Version: 1.0.0.0)
Flowcharts Help (Version: 1.0.0.0)
Fluid Power (Version: 1.0.0.0)
Fluid Power Help (Version: 1.0.0.0)
Forms and Charts (Version: 1.0.0.0)
Forms and Charts Help (Version: 1.0.0.0)
Foundation technical (Version: 1.0.0.0)
Graphics Filters (Version: 1.0.0.0)
Help for Visio 2000 (HTML Help) (Version: 1.0.0.0)
Help_Technical (Version: 1.0.0.0)
Intel® Graphics Media Accelerator Driver
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
LightScribe 1.4.44.1 (Version: 1.4.44.1)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Maps (Version: 1.0.0.0)
Maps Help (Version: 1.0.0.0)
Mechanical Engineering (Version: 1.0.0.0)
Mechanical Engineering Help (Version: 1.0.0.0)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Repository (Version: 6.0.0.1)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual Studio Service Pack 3 (Version: 6.0.0.1)
Mozilla Firefox 18.0 (x86 en-US) (Version: 18.0)
Mozilla Maintenance Service (Version: 18.0)
Nero Suite
Network Diagrams (Version: 1.0.0.0)
Network Diagrams Help (Version: 1.0.0.0)
Office Layout (Version: 1.0.0.0)
Office Layout Help (Version: 1.0.0.0)
Organization Charts (Version: 1.0.0.0)
Organization Charts Help (Version: 1.0.0.0)
Page Layout Wizard (Version: 1.0.0.0)
PaperPort (Version: 9.02.0814)
PokerStars.net
PowerDVD
Process Engineering (Version: 1.0.0.0)
Process Engineering Help (Version: 1.0.0.0)
Program Files (Version: 06.00.0000)
Program Files Help (Version: 1.0.0.0)
Program Files Technical (Version: 1.0.0.0)
Project Schedules (Version: 1.0.0.0)
Project Schedules Help (Version: 1.0.0.0)
Property Reporting Wizard (Version: 1.0.0.0)
Quicken 2002 Home & Business
QuickTime (Version: 7.73.80.64)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.17.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5745)
Release Notes (Version: 1.0.0.0)
Save as HTML (Version: 1.0.0.0)
SES Driver (Version: 1.0.0)
Shape Explorer (Version: 1.0.0.0)
Shape Explorer Help (Version: 1.0.0.0)
Solutions (Version: 1.0.0.0)
Spelling (Version: 1.0.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.6 (Version: 4.6.0)
SUPERAntiSpyware (Version: 5.6.1014)
TurboTax 2012 (Version: 2012.0)
TurboTax 2012 WinPerFedFormset (Version: 012.000.1606)
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0378)
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0157)
TurboTax 2012 wmdiper (Version: 012.000.0979)
TurboTax 2012 wrapper (Version: 012.000.0127)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VBA (Version: 6.01.00.1234)
Visio (Version: 1.0.0.0)
Visio 2000 (Version: 6.0.0.1)
Visio Core Files (Version: 06.00.0000)
Visio Technical Core Files (Version: 06.00.0000)
WD SmartWare (Version: 1.4.5.5)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows Media Player 10
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 3574.11 MB
Available physical RAM: 2690.75 MB
Total Pagefile: 5456.54 MB
Available Pagefile: 4615.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.3 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:462.13 GB) (Free:340.17 GB) NTFS
7 Drive i: (My Book) (Fixed) (Total:931.48 GB) (Free:756.17 GB) NTFS

========================= Users: ========================================

User accounts for \\WINXP_PRO

Administrator ASPNET Guest
HelpAssistant Sonny SUPPORT_388945a0

========================= Restore Points ==================================

26-11-2012 00:23:06 System Checkpoint
26-11-2012 00:40:37 Software Distribution Service 3.0
26-11-2012 01:00:28 Software Distribution Service 3.0
26-11-2012 01:21:41 Software Distribution Service 3.0
26-11-2012 01:50:24 Installed Microsoft Office Home and Student 2007
26-11-2012 01:53:50 Printer Driver Send To Microsoft OneNote Driver Installed
26-11-2012 01:58:17 25 Nov 2012
26-11-2012 03:51:31 Installed TurboTax 2012 wrapper
26-11-2012 04:07:27 Printer Driver Acrobat PDFWriter Installed
26-11-2012 04:16:20 Installed Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
26-11-2012 05:28:19 Installed Windows XP Windows Desktop Search 3.01.
26-11-2012 05:38:32 Software Distribution Service 3.0
26-11-2012 18:27:35 Software Distribution Service 3.0
26-11-2012 19:29:22 Removed Claro Chrome Toolbar
26-11-2012 20:04:34 Installed EasyCleaner
26-11-2012 21:36:52 Installed QuickTime
26-11-2012 23:53:25 Installed PaperPort
26-11-2012 23:53:48 Installed DocuCom PDF Core Library
26-11-2012 23:54:02 Installed PaperPort Printer Driver
26-11-2012 23:54:06 Printer Driver PaperPort Color Printer Driver Installed
26-11-2012 23:54:10 Printer Driver PaperPort Mono Printer Driver Installed
27-11-2012 00:44:16 Software Distribution Service 3.0
27-11-2012 01:11:04 26 November 2012
27-11-2012 15:18:14 Software Distribution Service 3.0
27-11-2012 17:57:02 Software Distribution Service 3.0
27-11-2012 18:34:05 Installed Windows KB954550-v5.
27-11-2012 18:34:27 Printer Driver Microsoft XPS Document Writer Installed
27-11-2012 18:35:04 Printer Driver Microsoft XPS Document Writer Installed
27-11-2012 19:06:32 Installed SES Driver
27-11-2012 19:07:28 Installed WD SmartWare
27-11-2012 19:29:46 Installed WD Software Upgrader
28-11-2012 03:55:42 Software Distribution Service 3.0
28-11-2012 19:46:57 Software Distribution Service 3.0
28-11-2012 23:32:18 Software Distribution Service 3.0
28-11-2012 23:57:07 Software Distribution Service 3.0
29-11-2012 21:27:01 Installed Windows Internet Explorer 8.
29-11-2012 21:27:54 Software Distribution Service 3.0
29-11-2012 21:48:10 Software Distribution Service 3.0
30-11-2012 03:13:30 Software Distribution Service 3.0
30-11-2012 21:38:27 Software Distribution Service 3.0
30-11-2012 21:40:17 Removed Apple Software Update
30-11-2012 21:41:27 Removed Apple Application Support
30-11-2012 21:55:29 Installed Windows XP KB915800-v4.
30-11-2012 21:56:19 Installed Windows XP Windows Search 4.0.
01-12-2012 11:41:56 Software Distribution Service 3.0
01-12-2012 11:50:02 Removed WD SmartWare
01-12-2012 11:55:56 Software Distribution Service 3.0
01-12-2012 11:59:25 Installed WD SmartWare
01-12-2012 17:27:42 Software Distribution Service 3.0
01-12-2012 20:31:48 Software Distribution Service 3.0
02-12-2012 01:11:11 Installed Java 7 Update 9
02-12-2012 01:17:34 Software Distribution Service 3.0
02-12-2012 13:33:52 Software Distribution Service 3.0
02-12-2012 13:36:34 Software Distribution Service 3.0
02-12-2012 21:43:22 Software Distribution Service 3.0
03-12-2012 12:55:53 Software Distribution Service 3.0
04-12-2012 13:36:07 System Checkpoint
04-12-2012 21:56:13 Software Distribution Service 3.0
04-12-2012 23:39:44 Software Distribution Service 3.0
05-12-2012 12:22:30 Software Distribution Service 3.0
05-12-2012 23:01:53 Software Distribution Service 3.0
06-12-2012 14:06:18 Software Distribution Service 3.0
06-12-2012 21:57:16 Software Distribution Service 3.0
06-12-2012 23:09:56 Software Distribution Service 3.0
07-12-2012 03:11:29 Software Distribution Service 3.0
07-12-2012 13:11:39 Software Distribution Service 3.0
08-12-2012 03:36:50 Software Distribution Service 3.0
08-12-2012 11:56:47 Software Distribution Service 3.0
08-12-2012 19:24:08 Software Distribution Service 3.0
09-12-2012 03:20:15 Software Distribution Service 3.0
09-12-2012 14:49:51 Software Distribution Service 3.0
09-12-2012 21:15:39 Software Distribution Service 3.0
09-12-2012 22:20:22 Software Distribution Service 3.0
10-12-2012 13:10:51 Software Distribution Service 3.0
11-12-2012 12:16:14 Software Distribution Service 3.0
12-12-2012 03:20:24 Software Distribution Service 3.0
13-12-2012 11:56:50 Software Distribution Service 3.0
13-12-2012 12:14:18 Software Distribution Service 3.0
13-12-2012 19:40:38 Software Distribution Service 3.0
14-12-2012 03:06:40 Software Distribution Service 3.0
14-12-2012 12:53:55 Software Distribution Service 3.0
15-12-2012 03:14:14 Software Distribution Service 3.0
15-12-2012 11:35:56 Software Distribution Service 3.0
16-12-2012 03:37:31 Software Distribution Service 3.0
16-12-2012 12:45:54 Software Distribution Service 3.0
16-12-2012 17:15:29 Software Distribution Service 3.0
17-12-2012 17:35:44 System Checkpoint
18-12-2012 00:06:22 Installed WD Software Upgrader
18-12-2012 00:25:47 Software Distribution Service 3.0
18-12-2012 02:06:29 Removed WD SmartWare
18-12-2012 02:09:04 Installed WD SmartWare
18-12-2012 12:28:30 Software Distribution Service 3.0
19-12-2012 02:23:39 Software Distribution Service 3.0
19-12-2012 12:49:26 Software Distribution Service 3.0
19-12-2012 19:41:43 Software Distribution Service 3.0
20-12-2012 01:32:53 Software Distribution Service 3.0
20-12-2012 12:30:33 Software Distribution Service 3.0
20-12-2012 14:52:29 20 December 2012
20-12-2012 20:43:29 Software Distribution Service 3.0
21-12-2012 12:03:51 Software Distribution Service 3.0
21-12-2012 12:13:23 Software Distribution Service 3.0
22-12-2012 01:57:28 Software Distribution Service 3.0
22-12-2012 12:06:56 Software Distribution Service 3.0
22-12-2012 23:54:40 Software Distribution Service 3.0
23-12-2012 12:20:21 Software Distribution Service 3.0
24-12-2012 14:11:32 Software Distribution Service 3.0
25-12-2012 02:11:19 Software Distribution Service 3.0
25-12-2012 13:41:15 Software Distribution Service 3.0
26-12-2012 02:39:11 Software Distribution Service 3.0
26-12-2012 11:41:13 Software Distribution Service 3.0
27-12-2012 01:56:01 Software Distribution Service 3.0
27-12-2012 12:22:19 Software Distribution Service 3.0
28-12-2012 00:41:06 Software Distribution Service 3.0
28-12-2012 03:13:11 Software Distribution Service 3.0
28-12-2012 15:08:15 Software Distribution Service 3.0
28-12-2012 22:03:01 Installed TurboTax 2012 wmdiper
29-12-2012 03:52:02 Software Distribution Service 3.0
29-12-2012 17:28:14 Software Distribution Service 3.0
30-12-2012 13:05:42 Software Distribution Service 3.0
31-12-2012 05:02:01 Software Distribution Service 3.0
31-12-2012 15:10:02 Software Distribution Service 3.0
01-01-2013 15:00:19 Software Distribution Service 3.0
02-01-2013 15:20:32 Software Distribution Service 3.0
02-01-2013 20:28:20 Software Distribution Service 3.0
03-01-2013 12:14:55 Software Distribution Service 3.0
04-01-2013 01:56:48 Software Distribution Service 3.0
04-01-2013 12:30:16 Software Distribution Service 3.0
04-01-2013 12:35:07 Software Distribution Service 3.0
04-01-2013 17:14:57 Software Distribution Service 3.0
05-01-2013 12:05:26 Software Distribution Service 3.0
06-01-2013 02:24:51 Software Distribution Service 3.0
06-01-2013 02:26:58 5 Jan 2013
06-01-2013 11:47:19 Software Distribution Service 3.0
07-01-2013 13:11:29 Software Distribution Service 3.0
07-01-2013 20:16:49 Software Distribution Service 3.0
08-01-2013 01:24:25 Software Distribution Service 3.0
08-01-2013 13:17:33 Software Distribution Service 3.0
08-01-2013 19:14:34 Software Distribution Service 3.0
08-01-2013 19:35:31 Software Distribution Service 3.0
09-01-2013 12:27:55 Software Distribution Service 3.0
09-01-2013 21:28:58 Software Distribution Service 3.0
10-01-2013 11:28:57 Software Distribution Service 3.0
11-01-2013 13:40:14 Software Distribution Service 3.0
12-01-2013 14:30:20 Software Distribution Service 3.0
13-01-2013 10:20:41 Software Distribution Service 3.0
13-01-2013 17:04:45 Software Distribution Service 3.0
14-01-2013 11:42:29 Software Distribution Service 3.0
15-01-2013 02:34:46 Software Distribution Service 3.0
15-01-2013 02:36:33 Software Distribution Service 3.0
15-01-2013 12:22:22 Software Distribution Service 3.0
16-01-2013 00:36:08 Software Distribution Service 3.0
16-01-2013 10:48:11 Software Distribution Service 3.0
16-01-2013 14:41:02 Software Distribution Service 3.0
16-01-2013 21:53:01 Software Distribution Service 3.0
17-01-2013 11:42:52 Software Distribution Service 3.0

**** End of log ****

Farbar Service Scanner Version: 16-01-2013
Ran by Sonny (administrator) on 17-01-2013 at 21:07:00
Running from "C:\Documents and Settings\Sonny\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

# AdwCleaner v2.106 - Logfile created 01/17/2013 at 21:18:23
# Updated 17/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Sonny - WINXP_PRO
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Sonny\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Sonny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
File Deleted : C:\Documents and Settings\Sonny\Application Data\Mozilla\Firefox\Profiles\2mk6moqf.default\bprotector_extensions.sqlite
File Deleted : C:\Documents and Settings\Sonny\Application Data\Mozilla\Firefox\Profiles\2mk6moqf.default\bprotector_prefs.js
File Deleted : C:\WINDOWS\Tasks\Browser Manager.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Browser Manager

***** [Registry] *****

Key Deleted : HKCU\Software\5ded7dee13deb41
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\5ded7dee13deb41
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Value Deleted : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Documents and Settings\Sonny\Application Data\Mozilla\Firefox\Profiles\2mk6moqf.default\prefs.js

C:\Documents and Settings\Sonny\Application Data\Mozilla\Firefox\Profiles\2mk6moqf.default\user.js ... Deleted !

Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=116696&tt=4812_8&babsrc=[...]
Deleted : user_pref("avg.install.userSPSettings", "Claro Search");
Deleted : user_pref("browser.search.defaultenginename", "Claro Search");
Deleted : user_pref("browser.search.order.1", "Claro Search");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=116696&tt=481[...]
Deleted : user_pref("extensions.claro.admin", false);
Deleted : user_pref("extensions.claro.aflt", "babsst");
Deleted : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Deleted : user_pref("extensions.claro.dfltLng", "en");
Deleted : user_pref("extensions.claro.excTlbr", false);
Deleted : user_pref("extensions.claro.id", "6897e1700000000000000026185416da");
Deleted : user_pref("extensions.claro.instlDay", "15670");
Deleted : user_pref("extensions.claro.instlRef", "sst");
Deleted : user_pref("extensions.claro.prdct", "claro");
Deleted : user_pref("extensions.claro.prtnrId", "claro");
Deleted : user_pref("extensions.claro.tlbrId", "irhnew");
Deleted : user_pref("extensions.claro.tlbrSrchUrl", "");
Deleted : user_pref("extensions.claro.vrsn", "1.8.3.10");
Deleted : user_pref("extensions.claro.vrsni", "1.8.3.10");
Deleted : user_pref("extensions.claro_i.smplGrp", "none");
Deleted : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1014:27:33");
Deleted : user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=116696&tt=4812_8&babsrc=KW_ss&mntrId=68[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Sonny\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3929 octets] - [17/01/2013 21:18:23]

########## EOF - C:\AdwCleaner[S1].txt - [3989 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.4 (01.17.2013:1)
OS: Microsoft Windows XP x86
Ran by Sonny on at
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/17/2013 at 21:30:21.90
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/17/2013 09:34:14 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

20 out of 15310 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 01/17/2013 09:34:39 PM
Execution time: 0 hours(s), 0 minute(s), and 25 seconds(s)

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Alcmtr" "Realtek Azalia Audio - Event Monitor" "Realtek Semiconductor Corp." "c:\windows\alcmtr.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "IndexSearch" "PaperPort IndexSearch" "ScanSoft, Inc." "c:\program files\scansoft\paperport\indexsearch.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "NeroFilterCheck" "NeroCheck" "Ahead Software Gmbh" "c:\windows\system32\nerocheck.exe"
+ "PaperPort PTD" "PaperPort Print to Desktop for NT" "ScanSoft, Inc." "c:\program files\scansoft\paperport\pptd40nt.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "Recguard" "Recguard MFC Application" "" "c:\windows\sminst\recguard.exe"
+ "RTHDCPL" "Realtek HD Audio Control Panel" "Realtek Semiconductor Corp." "c:\windows\rthdcpl.exe"
+ "SSBkgdUpdate" "SSBkgdUpdate" "Scansoft, Inc." "c:\program files\common files\scansoft shared\ssbkgdupdate\ssbkgdupdate.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "Billminder.lnk" "Quicken Billminder" "Intuit" "c:\program files\quickenw\billmind.exe"
+ "Quicken Startup.lnk" "Quicken Load DLLs" "Intuit" "c:\program files\quickenw\qwdlls.exe"
+ "WDDMStatus.lnk" "WD Drive Manager Status" "Western Digital Technologies, Inc." "c:\program files\western digital\wd smartware\wd drive manager\wddmstatus.exe"
+ "Windows Search.lnk" "Windows Search System Tray" "Microsoft Corporation" "c:\program files\windows desktop search\windowssearch.exe"
"C:\Documents and Settings\Sonny\Start Menu\Programs\Startup" "" "" ""
+ "OneNote 2007 Screen Clipper and Launcher.lnk" "Microsoft Office OneNote Quick Launcher" "Microsoft Corporation" "c:\program files\microsoft office\office12\onenotem.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "MSMSGS" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
+ "SpybotSD TeaTimer" "System settings protector" "Safer-Networking Ltd." "c:\program files\spybot - search & destroy\teatimer.exe"
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\superantispyware.exe"
+ "updateMgr" "" "" "File not found: C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
+ "Windows Desktop Search Namespace Manager" "Windows Search Namespace Manager" "Microsoft Corporation" "c:\program files\windows desktop search\msnlnamespacemgr.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "NeroDigitalColumnHandler Class" "Nero Digital Shell Extension" "Nero AG" "c:\program files\common files\ahead\lib\nerodigitalext.dll"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "PokerStars.net" "PokerStars Update" "PokerStars" "c:\program files\pokerstars.net\pokerstarsupdate.exe"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
+ "Spybot - Search & Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.5 r502" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Microsoft Antimalware Scheduled Scan.job" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "CCALib8" "Canon Camera Access Library 8" "Canon Inc." "c:\program files\canon\cal\calmain.exe"
+ "IntuitUpdateServiceV4" "Helps Intuit applications automatically update themselves." "Intuit Inc." "c:\program files\common files\intuit\update service v4\intuitupdateservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\java\jre7\bin\jqs.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files\common files\lightscribe\lssrvc.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "WDDMService" "WD Drive Manager Service" "WDC" "c:\program files\western digital\wd smartware\wd drive manager\wddmservice.exe"
+ "WDFME" "WD File Management Engine" "" "c:\program files\western digital\wd smartware\front parlor\wdfme\wdfme.exe"
+ "WDSC" "WD File Management Shadow Engine" "" "c:\program files\western digital\wd smartware\front parlor\wdsc.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\igxpmp32.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkhdaud.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MTsensor" "ATK0110 ACPI Utility" "" "c:\windows\system32\drivers\asacpi.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "RTLE8023xp" "Realtek 10/100/1000 NDIS 5.1 Driver " "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtenicxp.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Canon DES Resizer SaveMode" "CanonDESResizer" "Canon Inc." "c:\program files\canon\mdl30\canondesresizer.ax"
+ "Canon Image Rotation Filter" "Canon Image Rotation Filter " "Canon Inc." "c:\program files\canon\mdp\canonrotatefilter.dll"
+ "Canon MDP Motion-JPEG Decoder" "Canon MDP Motion-JPEG Decoder Filter" "Canon Inc." "c:\program files\canon\mdp\canonmdpmjpegdecoder.ax"
+ "Canon Motion-JPEG Decoder" "Canon Motion-JPEG Decoder Filter" "Canon Inc." "c:\program files\canon\mdl30\canonmjpegdecoder.ax"
+ "Canon Motion-JPEG Encoder" "Motion-JPEG Encoder Filter" "Canon Inc." "c:\program files\canon\mdl30\canonmjpegencoder.ax"
+ "Canon Resizer" "CanonResizer" "Canon Inc." "c:\program files\canon\mdl30\canonresizer.ax"
+ "Canon Text Source Filter" "Canon Text Source Filter" "Canon Inc." "c:\program files\canon\mdl30\canontextsourcefilter.ax"
+ "Canon WAV Dest" "CanonWavDest" "Canon Inc." "c:\program files\canon\mdl30\canonwavdest.ax"
+ "Canon-Actual-Data-Length-Setter" "CanonActualDataLengthSetter" "Canon Inc." "c:\program files\canon\mdl30\canonactualdatalengthsetter.ax"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\shared files\audiofilter\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\shared files\audiofilter\claudfx.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\shared files\audiofilter\claudiocd.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\shared files\navfilter\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\shared files\videofilter\clline21.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\shared files\audiofilter\clauts.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\shared files\videofilter\clvsd.ax"
+ "DV Scenes" "DV-Timecode based Scenechange Detection" "Ahead Software AG" "c:\program files\ahead\nerovision\nvdv.dll"
+ "DV Source Filter" "DV-Timecode based Scenechange Detection" "Ahead Software AG" "c:\program files\ahead\nerovision\nvdv.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Nero Audio CD Filter" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio Processor" "Nero Audio Processor" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudioconv.ax"
+ "Nero Audio Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Digital Audio Decoder" "Nero Audio Decoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudio.ax"
+ "Nero Digital AVC Audio Encoder" "AAC LC/HE Audio Encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendaud.ax"
+ "Nero Digital AVC File Writer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Muxer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Null Renderer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital Parser" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero DV Splitter" "DV Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvsplitter.ax"
+ "Nero DVD Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero DVD Navigator" "DVD Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvd.ax"
+ "Nero ES Video Reader" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero File Source" "Nero SVCD source filter" "Nero AG " "c:\program files\common files\ahead\dsfilter\nefilesrc.ax"
+ "Nero File Source (Async.)" "NeFileSourceAsync" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nefilesourceasync.ax"
+ "Nero File Source / Splitter" "Push Mode VOB Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nefsource.ax"
+ "Nero Format Converter" "Frame rate / Color space converter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neroformatconv.ax"
+ "Nero Frame Capture" "Direct Show frame grabber filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\necapture.ax"
+ "Nero Mpeg2 Encoder" "MPEG 1/2 Video Encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcr.ax"
+ "Nero Photo Source" "NePhotoSource" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nephotosource.ax"
+ "Nero PS Muxer" "" "" "c:\program files\common files\ahead\dsfilter\nepsmuxer.ax"
+ "Nero QuickTime™ Audio Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero QuickTime™ Video Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero Resize" "Nero Resizing Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neresize.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Splitter" "Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesplitter.ax"
+ "Nero Vcd Navigator" "Nero Vcd Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcd.ax"
+ "Nero Video Analyzer" "Nero Video Analyzer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideoanalyzer.ax"
+ "Nero Video Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero Video Processor" "" "" "c:\program files\common files\ahead\dsfilter\nerovideoproc.ax"
+ "Nero Video Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "psWav Dest" "Canon Utilities Support Library" "Canon Inc." "c:\program files\canon\camerawindow\mycamera\pswavdes.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 PM

Posted 18 January 2013 - 09:50 AM

Current issues?

#8 sonrol

sonrol
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 18 January 2013 - 10:05 AM

No known issues at this time. I will know better later tonight or in the morning after I run MSE and Malewarebytes overnight.

Thank you for all of your assistance. I genuinely appreciate your prompt and professional response.

Regards

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 PM

Posted 18 January 2013 - 10:06 AM

You're welcome :)

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users