Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

an Avast up Date has Trashed my PC


  • Please log in to reply
15 replies to this topic

#1 Dazza

Dazza

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yandina Qld
  • Local time:02:32 PM

Posted 02 March 2013 - 11:10 PM

Hi Guys


I believe a piece of Malware damaged my registry or a Java update is to blame because I suddenly
got 7 Avarst message's saying that the
program ht//188.40.114.195:1233/c/vzy2HYfD5B5....


And


C:\Program Files\Mozilla
Firefox\firefox...Infection:    URL:Mal I

have also seen in some threat warning RTK is that Root kit?


The next time I opened my "Firefox Home Page" it redirected to another "Home page" Google Home and TheJust Cars web site's
<ht://centrebet.com/#Competitions,http://referenc.com/index.php?q=s&motcle=>
and several others that had nothing to do with where I was going

Then every time I tried to

open a web Page I got the Avast "Threat notice"now I cannot get on the

net at all only My Home page

I also had: The ordinal
1110 could not be located in the dynamic link library WSOCK32.dll"


When I tried to open a Kingsoft Word Doc but this stopped after I deleated and reinstalled
Mozilla FF.

I ran a Full scan MWMBs in Safe Mode nothing there.

I have done a Quick scan

Avast' nothing there either All this because I allowed a "Jarva Update" to install and it took ages. Before I deleted FF I opened "Add ons" in Mozilla and there was a Warning in Redabout the Jarva Update "java
™ platform SE U15 10.15.2.3 is known to be
vulnerable
use with caution"

 

I think the Java has done me in and I only just got over a Win XP "Clean Install" (see earlier Posts) Can anyone help me again please I'm back onthe wifes Laptop again Dazza

Win Xp, MWMBs Avast,PCleaner, Kingsoft Word

 



 


 


Edited by Dazza, 02 March 2013 - 11:11 PM.

2013 DELL Inspiron 660, Intel 4 CPU - 2.4 GB, 512 Meg Ram, 64 bit / BEN-Q 21.5" Scr,

Windows 10, Weston 1000 T-byte HDD - Partitions -  G, -  H, - I, - J 

CCleaner, Kaspersky (Full Version) MWMByts Weekly


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:32 PM

Posted 02 March 2013 - 11:11 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results

 



#3 Dazza

Dazza
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yandina Qld
  • Local time:02:32 PM

Posted 03 March 2013 - 02:50 PM

Thanks narenxp, :thumbup2: I made a
mistake in my post and the "Heading" It was a Jarva Update
that I thought started the problem NOT Avast!



 


I was unable to access
Control Panel>Windows Firewall to turn it off due to:



 


Error cannot display
Windows Firewall settings



 


I was unable to Run
esetonline as I have no internet on the PC I download it and saved it
onto a Laptop then moved it to the PC desktop but it will not run as
it cannot update! Thanks for your help Dazza



 


These are the other Logs
you requested



 


04:24:58.0203
2100
    TDSS rootkit removing tool 2.7.48.0
Jul 24 2012 13:16:32


04:24:58.0234
2100
    ============================================================


04:24:58.0234
2100
    Current date / time: 2013/03/04
04:24:58.0234


04:24:58.0234
2100
    SystemInfo:


04:24:58.0234 2100    


04:24:58.0234
2100
    OS Version: 5.1.2600 ServicePack: 3.0


04:24:58.0234
2100
    Product type: Workstation


04:24:58.0234
2100
    ComputerName: HOME-5HWD5VXP2X


04:24:58.0234
2100
    UserName: Owner


04:24:58.0234
2100
    Windows directory: C:\WINDOWS


04:24:58.0234
2100
    System windows directory: C:\WINDOWS


04:24:58.0234
2100
    Processor architecture: Intel x86


04:24:58.0234
2100
    Number of processors: 1


04:24:58.0234
2100
    Page size: 0x1000


04:24:58.0234
2100
    Boot type: Normal boot


04:24:58.0234
2100
    ============================================================


04:25:00.0453
2100
    Drive \Device\Harddisk0\DR0 - Size:
0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01,
SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags
0x00000054


04:25:00.0453
2100
    Drive \Device\Harddisk1\DR2 - Size:
0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00,
SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'


04:25:00.0875
2100
    ============================================================


04:25:00.0875
2100
    \Device\Harddisk0\DR0:


04:25:00.0875
2100
    MBR partitions:


04:25:00.0875
2100
    \Device\Harddisk0\DR0\Partition0: MBR,
Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1


04:25:00.0875
2100
    \Device\Harddisk1\DR2:


04:25:00.0875
2100
    MBR partitions:


04:25:00.0875
2100
    \Device\Harddisk1\DR2\Partition0: MBR,
Type 0x7, StartLBA 0x3F, BlocksNum 0x2AB9904C


04:25:00.0875
2100
    \Device\Harddisk1\DR2\Partition1: MBR,
Type 0x7, StartLBA 0x2AB9908B, BlocksNum 0x1869E598


04:25:00.0875
2100
    \Device\Harddisk1\DR2\Partition2: MBR,
Type 0x7, StartLBA 0x43237623, BlocksNum 0x1869E598


04:25:00.0875
2100
    \Device\Harddisk1\DR2\Partition3: MBR,
Type 0x7, StartLBA 0x5B8D5BBB, BlocksNum 0x1869E598


04:25:00.0875
2100
    ============================================================


04:25:00.0890
2100
    C: <->
\Device\Harddisk0\DR0\Partition0


04:25:00.0968
2100
    E: <->
\Device\Harddisk1\DR2\Partition0


04:25:03.0140
2100
    F: <->
\Device\Harddisk1\DR2\Partition1


04:25:03.0578
2100
    G: <->
\Device\Harddisk1\DR2\Partition2


04:25:03.0640
2100
    H: <->
\Device\Harddisk1\DR2\Partition3


04:25:03.0656
2100
    ============================================================


04:25:03.0656
2100
    Initialize success


04:25:03.0656
2100
    ============================================================


04:25:10.0812
2868
    ============================================================


04:25:10.0812
2868
    Scan started


04:25:10.0812
2868
    Mode: Manual;


04:25:10.0812
2868
    ============================================================


04:25:11.0171
2868
    Abiosdsk - ok


04:25:11.0187
2868
    abp480n5 - ok


04:25:11.0234
2868
    ACPI
(8fd99680a539792a30e97944fdaecf17)
C:\WINDOWS\system32\DRIVERS\ACPI.sys


04:25:11.0250
2868
    ACPI - ok


04:25:11.0296
2868
    ACPIEC
(9859c0f6936e723e4892d7141b1327d5)
C:\WINDOWS\system32\drivers\ACPIEC.sys


04:25:11.0296
2868
    ACPIEC - ok


04:25:11.0343
2868
    AdobeFlashPlayerUpdateSvc
(9942dc4cc265cda00486504444ef521d)
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe


04:25:11.0375
2868
    AdobeFlashPlayerUpdateSvc - ok


04:25:11.0390
2868
    adpu160m - ok


04:25:11.0437
2868
    aec
(8bed39e3c35d6a489438b8141717a557)
C:\WINDOWS\system32\drivers\aec.sys


04:25:11.0453
2868
    aec - ok


04:25:11.0500
2868
    AFD
(1e44bc1e83d8fd2305f8d452db109cf9)
C:\WINDOWS\System32\drivers\afd.sys


04:25:11.0500
2868
    AFD - ok


04:25:11.0515
2868
    Aha154x - ok


04:25:11.0531
2868
    aic78u2 - ok


04:25:11.0546
2868
    aic78xx - ok


04:25:11.0593
2868
    Alerter
(a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll


04:25:11.0593
2868
    Alerter - ok


04:25:11.0640
2868
    ALG
(8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe


04:25:11.0640
2868
    ALG - ok


04:25:11.0656
2868
    AliIde - ok


04:25:11.0671
2868
    amsint - ok


04:25:11.0781
2868
    Apple Mobile Device
(a5299d04ed225d64cf07a568a3e1bf8c) C:\Program Files\Common
Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe


04:25:11.0781
2868
    Apple Mobile Device - ok


04:25:11.0796
2868
    AppMgmt - ok


04:25:11.0812
2868
    asc - ok


04:25:11.0828
2868
    asc3350p - ok


04:25:11.0843
2868
    asc3550 - ok


04:25:11.0921
2868
    aspnet_state
(776acefa0ca9df0faa51a5fb2f435705)
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe


04:25:11.0937
2868
    aspnet_state - ok


04:25:11.0953
2868
    aswFsBlk
(5b3562d243ae2bb76858867dca43038d)
C:\WINDOWS\system32\drivers\aswFsBlk.sys


04:25:11.0953
2868
    aswFsBlk - ok


04:25:11.0984
2868
    aswMonFlt
(1a4eabee6a4809eda17f7593e211b402)
C:\WINDOWS\system32\drivers\aswMonFlt.sys


04:25:11.0984
2868
    aswMonFlt - ok


04:25:12.0015
2868
    AswRdr
(18dfc0a71f2c7aa13b2f18316ae208bb)
C:\WINDOWS\system32\drivers\AswRdr.sys


04:25:12.0015
2868
    AswRdr - ok


04:25:12.0031
2868
    aswRvrt
(f9647d0c5871245f60ad743b0a10d1f1)
C:\WINDOWS\system32\drivers\aswRvrt.sys


04:25:12.0031
2868
    aswRvrt - ok


04:25:12.0109
2868
    aswSnx
(2a8e206c73d6c0aa795df8299808ab26)
C:\WINDOWS\system32\drivers\aswSnx.sys


04:25:12.0140
2868
    aswSnx - ok


04:25:12.0187
2868
    aswSP
(f0d5770ae7f46387ae17ff9ebb287aac)
C:\WINDOWS\system32\drivers\aswSP.sys


04:25:12.0187
2868
    aswSP - ok


04:25:12.0218
2868
    aswTdi
(c75ddae1fdd93a6c9a53de175dc51225)
C:\WINDOWS\system32\drivers\aswTdi.sys


04:25:12.0218
2868
    aswTdi - ok


04:25:12.0234
2868
    aswVmm
(1dcb866ddd43751164afc01ec2c086cb)
C:\WINDOWS\system32\drivers\aswVmm.sys


04:25:12.0250
2868
    aswVmm - ok


04:25:12.0296
2868
    AsyncMac
(b153affac761e7f5fcfa822b9c4e97bc)
C:\WINDOWS\system32\DRIVERS\asyncmac.sys


04:25:12.0296
2868
    AsyncMac - ok


04:25:12.0328
2868
    atapi
(9f3a2f5aa6875c72bf062c712cfa2674)
C:\WINDOWS\system32\DRIVERS\atapi.sys


04:25:12.0328
2868
    atapi - ok


04:25:12.0343
2868
    Atdisk - ok


04:25:12.0359
2868
    Atmarpc
(9916c1225104ba14794209cfa8012159)
C:\WINDOWS\system32\DRIVERS\atmarpc.sys


04:25:12.0359
2868
    Atmarpc - ok


04:25:12.0406
2868
    AudioSrv
(def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll


04:25:12.0406
2868
    AudioSrv - ok


04:25:12.0453
2868
    audstub
(d9f724aa26c010a217c97606b160ed68)
C:\WINDOWS\system32\DRIVERS\audstub.sys


04:25:12.0453
2868
    audstub - ok


04:25:12.0500
2868
    avast! Antivirus
(aef6e1de647339c4990586d1de427bbb) C:\Program Files\AVAST
Software\Avast\AvastSvc.exe


04:25:12.0515
2868
    avast! Antivirus - ok


04:25:12.0562
2868
    bcm4sbxp
(b60f57b4d9cdbc663cc03eb8af7ec34e)
C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys


04:25:12.0562
2868
    bcm4sbxp - ok


04:25:12.0656
2868
    BCMModem
(41347688046d49cde0f6d138a534f73d)
C:\WINDOWS\system32\DRIVERS\BCMSM.sys


04:25:12.0703
2868
    BCMModem - ok


04:25:12.0734
2868
    Beep
(da1f27d85e0d1525f6621372e7b685e9)
C:\WINDOWS\system32\drivers\Beep.sys


04:25:12.0734
2868
    Beep - ok


04:25:12.0828
2868
    Bonjour Service
(db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program
Files\Bonjour\mDNSResponder.exe


04:25:12.0843
2868
    Bonjour Service - ok


04:25:12.0890
2868
    Browser
(cfd4e51402da9838b5a04ae680af54a0) C:\WINDOWS\System32\browser.dll


04:25:12.0906
2868
    Browser - ok


04:25:12.0937
2868
    cbidf2k
(90a673fc8e12a79afbed2576f6a7aaf9)
C:\WINDOWS\system32\drivers\cbidf2k.sys


04:25:12.0937
2868
    cbidf2k - ok


04:25:12.0953
2868
    cd20xrnt - ok


04:25:12.0984
2868
    Cdaudio
(c1b486a7658353d33a10cc15211a873b)
C:\WINDOWS\system32\drivers\Cdaudio.sys


04:25:13.0000
2868
    Cdaudio - ok


04:25:13.0015
2868
    Cdfs
(c885b02847f5d2fd45a24e219ed93b32)
C:\WINDOWS\system32\drivers\Cdfs.sys


04:25:13.0031
2868
    Cdfs - ok


04:25:13.0062
2868
    Cdrom
(1f4260cc5b42272d71f79e570a27a4fe)
C:\WINDOWS\system32\DRIVERS\cdrom.sys


04:25:13.0062
2868
    Cdrom - ok


04:25:13.0078
2868
    Changer - ok


04:25:13.0125
2868
    CiSvc
(1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe


04:25:13.0125
2868
    CiSvc - ok


04:25:13.0171
2868
    ClipSrv
(34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe


04:25:13.0171
2868
    ClipSrv - ok


04:25:13.0281
2868
    clr_optimization_v4.0.30319_32
(c5a75eb48e2344abdc162bda79e16841)
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


04:25:13.0328
2868
    clr_optimization_v4.0.30319_32 - ok


04:25:13.0343
2868
    CmdIde - ok


04:25:13.0359
2868
    COMSysApp - ok


04:25:13.0390
2868
    Cpqarray - ok


04:25:13.0421
2868
    CryptSvc
(3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll


04:25:13.0421
2868
    CryptSvc - ok


04:25:13.0437
2868
    dac2w2k - ok


04:25:13.0453
2868
    dac960nt - ok


04:25:13.0531
2868
    DcomLaunch
(6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll


04:25:13.0546
2868
    DcomLaunch - ok


04:25:13.0609
2868
    dg_ssudbus
(6cc6c4b9d7b906a151aa094ca087b9f0)
C:\WINDOWS\system32\DRIVERS\ssudbus.sys


04:25:13.0609
2868
    dg_ssudbus - ok


04:25:13.0656
2868
    Dhcp
(5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll


04:25:13.0656
2868
    Dhcp - ok


04:25:13.0703
2868
    Disk
(044452051f3e02e7963599fc8f4f3e25)
C:\WINDOWS\system32\DRIVERS\disk.sys


04:25:13.0703
2868
    Disk - ok


04:25:13.0718
2868
    dmadmin - ok


04:25:13.0796
2868
    dmboot
(d992fe1274bde0f84ad826acae022a41)
C:\WINDOWS\system32\drivers\dmboot.sys


04:25:13.0843
2868
    dmboot - ok


04:25:13.0859
2868
    dmio
(7c824cf7bbde77d95c08005717a95f6f)
C:\WINDOWS\system32\drivers\dmio.sys


04:25:13.0875
2868
    dmio - ok


04:25:13.0890
2868
    dmload
(e9317282a63ca4d188c0df5e09c6ac5f)
C:\WINDOWS\system32\drivers\dmload.sys


04:25:13.0890
2868
    dmload - ok


04:25:13.0921
2868
    dmserver
(57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll


04:25:13.0921
2868
    dmserver - ok


04:25:13.0968
2868
    DMusic
(8a208dfcf89792a484e76c40e5f50b45)
C:\WINDOWS\system32\drivers\DMusic.sys


04:25:13.0968
2868
    DMusic - ok


04:25:14.0000
2868
    Dnscache
(5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll


04:25:14.0015
2868
    Dnscache - ok


04:25:14.0046
2868
    Dot3svc
(0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll


04:25:14.0062
2868
    Dot3svc - ok


04:25:14.0078
2868
    dpti2o - ok


04:25:14.0078
2868
    drmkaud
(8f5fcff8e8848afac920905fbd9d33c8)
C:\WINDOWS\system32\drivers\drmkaud.sys


04:25:14.0093
2868
    drmkaud - ok


04:25:14.0125
2868
    EapHost
(2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll


04:25:14.0125
2868
    EapHost - ok


04:25:14.0171
2868
    ERSvc
(bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll


04:25:14.0171
2868
    ERSvc - ok


04:25:14.0218
2868
    Eventlog
(65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe


04:25:14.0234
2868
    Eventlog - ok


04:25:14.0281
2868
    EventSystem
(d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll


04:25:14.0312
2868
    EventSystem - ok


04:25:14.0375
2868
    Fastfat
(38d332a6d56af32635675f132548343e)
C:\WINDOWS\system32\drivers\Fastfat.sys


04:25:14.0390
2868
    Fastfat - ok


04:25:14.0437
2868
    FastUserSwitchingCompatibility
(99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll


04:25:14.0453
2868
    FastUserSwitchingCompatibility - ok


04:25:14.0468
2868
    Fdc
(92cdd60b6730b9f50f6a1a0c1f8cdc81)
C:\WINDOWS\system32\DRIVERS\fdc.sys


04:25:14.0484
2868
    Fdc - ok


04:25:14.0500
2868
    Fips
(d45926117eb9fa946a6af572fbe1caa3)
C:\WINDOWS\system32\drivers\Fips.sys


04:25:14.0500
2868
    Fips - ok


04:25:14.0546
2868
    Flpydisk
(9d27e7b80bfcdf1cdd9b555862d5e7f0)
C:\WINDOWS\system32\drivers\Flpydisk.sys


04:25:14.0546
2868
    Flpydisk - ok


04:25:14.0625
2868
    FltMgr
(b2cf4b0786f8212cb92ed2b50c6db6b0)
C:\WINDOWS\system32\drivers\fltmgr.sys


04:25:14.0640
2868
    FltMgr - ok


04:25:14.0671
2868
    Fs_Rec
(3e1e2bd4f39b0e2b7dc4f4d2bcc2779a)
C:\WINDOWS\system32\drivers\Fs_Rec.sys


04:25:14.0671
2868
    Fs_Rec - ok


04:25:14.0703
2868
    Ftdisk
(6ac26732762483366c3969c9e4d2259d)
C:\WINDOWS\system32\DRIVERS\ftdisk.sys


04:25:14.0703
2868
    Ftdisk - ok


04:25:14.0750
2868
    GEARAspiWDM
(185ada973b5020655cee342059a86cbb)
C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys


04:25:14.0750
2868
    GEARAspiWDM - ok


04:25:14.0812
2868
    Gpc
(0a02c63c8b144bd8c86b103dee7c86a2)
C:\WINDOWS\system32\DRIVERS\msgpc.sys


04:25:14.0812
2868
    Gpc - ok


04:25:14.0875
2868
    helpsvc
(4fcca060dfe0c51a09dd5c3843888bcd)
C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll


04:25:14.0875
2868
    helpsvc - ok


04:25:14.0890
2868
    HidServ
(deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll


04:25:14.0890
2868
    HidServ - ok


04:25:14.0921
2868
    hidusb
(ccf82c5ec8a7326c3066de870c06daf1)
C:\WINDOWS\system32\DRIVERS\hidusb.sys


04:25:14.0921
2868
    hidusb - ok


04:25:14.0953
2868
    hkmsvc
(8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll


04:25:14.0968
2868
    hkmsvc - ok


04:25:14.0984
2868
    hpn - ok


04:25:15.0031
2868
    HTTP
(f80a415ef82cd06ffaf0d971528ead38)
C:\WINDOWS\system32\Drivers\HTTP.sys


04:25:15.0031
2868
    HTTP - ok


04:25:15.0078
2868
    HTTPFilter
(6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll


04:25:15.0093
2868
    HTTPFilter - ok


04:25:15.0109
2868
    i2omgmt - ok


04:25:15.0125
2868
    i2omp - ok


04:25:15.0187
2868
    ialm
(0acebb31989cbf9a5663fe4a33d28d21)
C:\WINDOWS\system32\DRIVERS\ialmnt5.sys


04:25:15.0218
2868
    ialm - ok


04:25:15.0234
2868
    Imapi
(083a052659f5310dd8b6a6cb05edcf8e)
C:\WINDOWS\system32\DRIVERS\imapi.sys


04:25:15.0234
2868
    Imapi - ok


04:25:15.0296
2868
    ImapiService
(30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe


04:25:15.0296
2868
    ImapiService - ok


04:25:15.0328
2868
    ini910u - ok


04:25:15.0343
2868
    IntelIde
(b5466a9250342a7aa0cd1fba13420678)
C:\WINDOWS\system32\DRIVERS\intelide.sys


04:25:15.0343
2868
    IntelIde - ok


04:25:15.0375
2868
    intelppm
(8c953733d8f36eb2133f5bb58808b66b)
C:\WINDOWS\system32\DRIVERS\intelppm.sys


04:25:15.0390
2868
    intelppm - ok


04:25:15.0406
2868
    ip6fw
(3bb22519a194418d5fec05d800a19ad0)
C:\WINDOWS\system32\drivers\ip6fw.sys


04:25:15.0406
2868
    ip6fw - ok


04:25:15.0437
2868
    IpFilterDriver
(731f22ba402ee4b62748adaf6363c182)
C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys


04:25:15.0437
2868
    IpFilterDriver - ok


04:25:15.0437
2868
    IpInIp
(b87ab476dcf76e72010632b5550955f5)
C:\WINDOWS\system32\DRIVERS\ipinip.sys


04:25:15.0453
2868
    IpInIp - ok


04:25:15.0468
2868
    IpNat
(cc748ea12c6effde940ee98098bf96bb)
C:\WINDOWS\system32\DRIVERS\ipnat.sys


04:25:15.0500
2868
    IpNat - ok


04:25:15.0593
2868
    iPod Service
(e8a39d41474be42fd8830ced32932d6c) C:\Program
Files\iPod\bin\iPodService.exe


04:25:15.0609
2868
    iPod Service - ok


04:25:15.0625
2868
    IRENUM
(c93c9ff7b04d772627a3646d89f7bf89)
C:\WINDOWS\system32\DRIVERS\irenum.sys


04:25:15.0640
2868
    IRENUM - ok


04:25:15.0656
2868
    isapnp
(05a299ec56e52649b1cf2fc52d20f2d7)
C:\WINDOWS\system32\DRIVERS\isapnp.sys


04:25:15.0656
2868
    isapnp - ok


04:25:15.0687
2868
    Kbdclass
(463c1ec80cd17420a542b7f36a36f128)
C:\WINDOWS\system32\DRIVERS\kbdclass.sys


04:25:15.0687
2868
    Kbdclass - ok


04:25:15.0734
2868
    kbdhid
(9ef487a186dea361aa06913a75b3fa99)
C:\WINDOWS\system32\DRIVERS\kbdhid.sys


04:25:15.0734
2868
    kbdhid - ok


04:25:15.0796
2868
    kmixer
(692bcf44383d056aed41b045a323d378)
C:\WINDOWS\system32\drivers\kmixer.sys


04:25:15.0859
2868
    kmixer - ok


04:25:15.0906
2868
    KSecDD
(b467646c54cc746128904e1654c750c1)
C:\WINDOWS\system32\drivers\KSecDD.sys


04:25:15.0906
2868
    KSecDD - ok


04:25:15.0937
2868
    lanmanserver
(3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll


04:25:15.0953
2868
    lanmanserver - ok


04:25:16.0000
2868
    lanmanworkstation
(a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll


04:25:16.0015
2868
    lanmanworkstation - ok


04:25:16.0031
2868
    lbrtfdc - ok


04:25:16.0093
2868
    LmHosts
(a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll


04:25:16.0109
2868
    LmHosts - ok


04:25:16.0140
2868
    Messenger
(986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll


04:25:16.0140
2868
    Messenger - ok


04:25:16.0156
2868
    mnmdd
(4ae068242760a1fb6e1a44bf4e16afa6)
C:\WINDOWS\system32\drivers\mnmdd.sys


04:25:16.0171
2868
    mnmdd - ok


04:25:16.0203
2868
    mnmsrvc
(d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe


04:25:16.0218
2868
    mnmsrvc - ok


04:25:16.0250
2868
    Modem
(dfcbad3cec1c5f964962ae10e0bcc8e1)
C:\WINDOWS\system32\drivers\Modem.sys


04:25:16.0250
2868
    Modem - ok


04:25:16.0296
2868
    MODEMCSA
(1992e0d143b09653ab0f9c5e04b0fd65)
C:\WINDOWS\system32\drivers\MODEMCSA.sys


04:25:16.0296
2868
    MODEMCSA - ok


04:25:16.0343
2868
    Mouclass
(35c9e97194c8cfb8430125f8dbc34d04)
C:\WINDOWS\system32\DRIVERS\mouclass.sys


04:25:16.0359
2868
    Mouclass - ok


04:25:16.0390
2868
    mouhid
(b1c303e17fb9d46e87a98e4ba6769685)
C:\WINDOWS\system32\DRIVERS\mouhid.sys


04:25:16.0390
2868
    mouhid - ok


04:25:16.0406
2868
    MountMgr
(a80b9a0bad1b73637dbcbba7df72d3fd)
C:\WINDOWS\system32\drivers\MountMgr.sys


04:25:16.0406
2868
    MountMgr - ok


04:25:16.0453
2868
    MozillaMaintenance
(5c5e45ddabefbc9f564f1d5c83258b8f) C:\Program Files\Mozilla
Maintenance Service\maintenanceservice.exe


04:25:16.0468
2868
    MozillaMaintenance - ok


04:25:16.0484
2868
    mraid35x - ok


04:25:16.0500
2868
    MRxDAV
(11d42bb6206f33fbb3ba0288d3ef81bd)
C:\WINDOWS\system32\DRIVERS\mrxdav.sys


04:25:16.0500
2868
    MRxDAV - ok


04:25:16.0593
2868
    MRxSmb
(7d304a5eb4344ebeeab53a2fe3ffb9f0)
C:\WINDOWS\system32\DRIVERS\mrxsmb.sys


04:25:16.0593
2868
    MRxSmb - ok


04:25:16.0609
2868
    MSDTC
(a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe


04:25:16.0625
2868
    MSDTC - ok


04:25:16.0671
2868
    Msfs
(c941ea2454ba8350021d774daf0f1027)
C:\WINDOWS\system32\drivers\Msfs.sys


04:25:16.0671
2868
    Msfs - ok


04:25:16.0687
2868
    MSIServer - ok


04:25:16.0703
2868
    MSKSSRV
(d1575e71568f4d9e14ca56b7b0453bf1)
C:\WINDOWS\system32\drivers\MSKSSRV.sys


04:25:16.0703
2868
    MSKSSRV - ok


04:25:16.0734
2868
    MSPCLOCK
(325bb26842fc7ccc1fcce2c457317f3e)
C:\WINDOWS\system32\drivers\MSPCLOCK.sys


04:25:16.0734
2868
    MSPCLOCK - ok


04:25:16.0750
2868
    MSPQM
(bad59648ba099da4a17680b39730cb3d)
C:\WINDOWS\system32\drivers\MSPQM.sys


04:25:16.0750
2868
    MSPQM - ok


04:25:16.0781
2868
    mssmbios
(af5f4f3f14a8ea2c26de30f7a1e17136)
C:\WINDOWS\system32\DRIVERS\mssmbios.sys


04:25:16.0781
2868
    mssmbios - ok


04:25:16.0812
2868
    Mup
(de6a75f5c270e756c5508d94b6cf68f5)
C:\WINDOWS\system32\drivers\Mup.sys


04:25:16.0828
2868
    Mup - ok


04:25:16.0890
2868
    napagent
(0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll


04:25:16.0921
2868
    napagent - ok


04:25:16.0968
2868
    NDIS
(1df7f42665c94b825322fae71721130d)
C:\WINDOWS\system32\drivers\NDIS.sys


04:25:16.0968
2868
    NDIS - ok


04:25:17.0000
2868
    NdisTapi
(0109c4f3850dfbab279542515386ae22)
C:\WINDOWS\system32\DRIVERS\ndistapi.sys


04:25:17.0000
2868
    NdisTapi - ok


04:25:17.0031
2868
    Ndisuio
(f927a4434c5028758a842943ef1a3849)
C:\WINDOWS\system32\DRIVERS\ndisuio.sys


04:25:17.0046
2868
    Ndisuio - ok


04:25:17.0062
2868
    NdisWan
(edc1531a49c80614b2cfda43ca8659ab)
C:\WINDOWS\system32\DRIVERS\ndiswan.sys


04:25:17.0062
2868
    NdisWan - ok


04:25:17.0093
2868
    NDProxy
(9282bd12dfb069d3889eb3fcc1000a9b)
C:\WINDOWS\system32\drivers\NDProxy.sys


04:25:17.0109
2868
    NDProxy - ok


04:25:17.0125
2868
    NetBIOS
(5d81cf9a2f1a3a756b66cf684911cdf0)
C:\WINDOWS\system32\DRIVERS\netbios.sys


04:25:17.0125
2868
    NetBIOS - ok


04:25:17.0156
2868
    NetBT
(74b2b2f5bea5e9a3dc021d685551bd3d)
C:\WINDOWS\system32\DRIVERS\netbt.sys


04:25:17.0187
2868
    NetBT - ok


04:25:17.0218
2868
    NetDDE
(b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe


04:25:17.0234
2868
    NetDDE - ok


04:25:17.0250
2868
    NetDDEdsdm
(b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe


04:25:17.0265
2868
    NetDDEdsdm - ok


04:25:17.0312
2868
    Netlogon
(bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe


04:25:17.0312
2868
    Netlogon - ok


04:25:17.0390
2868
    Netman
(13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll


04:25:17.0437
2868
    Netman - ok


04:25:17.0562
2868
    NetTcpPortSharing
(d22cd77d4f0d63d1169bb35911bff12d)
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe


04:25:17.0593
2868
    NetTcpPortSharing - ok


04:25:17.0625
2868
    Nla
(943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll


04:25:17.0656
2868
    Nla - ok


04:25:17.0687
2868
    Npfs
(3182d64ae053d6fb034f44b6def8034a)
C:\WINDOWS\system32\drivers\Npfs.sys


04:25:17.0687
2868
    Npfs - ok


04:25:17.0734
2868
    Ntfs
(78a08dd6a8d65e697c18e1db01c5cdca)
C:\WINDOWS\system32\drivers\Ntfs.sys


04:25:17.0765
2868
    Ntfs - ok


04:25:17.0781
2868
    NtLmSsp
(bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe


04:25:17.0781
2868
    NtLmSsp - ok


04:25:17.0875
2868
    NtmsSvc
(156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll


04:25:17.0921
2868
    NtmsSvc - ok


04:25:17.0953
2868
    NuidFltr
(cf7e041663119e09d2e118521ada9300)
C:\WINDOWS\system32\DRIVERS\NuidFltr.sys


04:25:17.0968
2868
    NuidFltr - ok


04:25:18.0000
2868
    Null
(73c1e1f395918bc2c6dd67af7591a3ad)
C:\WINDOWS\system32\drivers\Null.sys


04:25:18.0000
2868
    Null - ok


04:25:18.0031
2868
    NwlnkFlt
(b305f3fad35083837ef46a0bbce2fc57)
C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys


04:25:18.0031
2868
    NwlnkFlt - ok


04:25:18.0031
2868
    NwlnkFwd
(c99b3415198d1aab7227f2c88fd664b9)
C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys


04:25:18.0031
2868
    NwlnkFwd - ok


04:25:18.0062
2868
    NwlnkIpx
(8b8b1be2dba4025da6786c645f77f123)
C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys


04:25:18.0062
2868
    NwlnkIpx - ok


04:25:18.0062
2868
    NwlnkNb
(56d34a67c05e94e16377c60609741ff8)
C:\WINDOWS\system32\DRIVERS\nwlnknb.sys


04:25:18.0078
2868
    NwlnkNb - ok


04:25:18.0078
2868
    NwlnkSpx
(c0bb7d1615e1acbdc99757f6ceaf8cf0)
C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys


04:25:18.0093
2868
    NwlnkSpx - ok


04:25:18.0140
2868
    NwSapAgent
(4b83fcbbe72af5f99d109798653e8b78) C:\WINDOWS\System32\ipxsap.dll


04:25:18.0140
2868
    NwSapAgent - ok


04:25:18.0171
2868
    Parport
(5575faf8f97ce5e713d108c2a58d7c7c)
C:\WINDOWS\system32\DRIVERS\parport.sys


04:25:18.0187
2868
    Parport - ok


04:25:18.0187
2868
    PartMgr
(beb3ba25197665d82ec7065b724171c6)
C:\WINDOWS\system32\drivers\PartMgr.sys


04:25:18.0187
2868
    PartMgr - ok


04:25:18.0218
2868
    ParVdm
(70e98b3fd8e963a6a46a2e6247e0bea1)
C:\WINDOWS\system32\drivers\ParVdm.sys


04:25:18.0218
2868
    ParVdm - ok


04:25:18.0218
2868
    PCI
(a219903ccf74233761d92bef471a07b1)
C:\WINDOWS\system32\DRIVERS\pci.sys


04:25:18.0234
2868
    PCI - ok


04:25:18.0234
2868
    PCIDump - ok


04:25:18.0250
2868
    PCIIde
(ccf5f451bb1a5a2a522a76e670000ff0)
C:\WINDOWS\system32\DRIVERS\pciide.sys


04:25:18.0250
2868
    PCIIde - ok


04:25:18.0281
2868
    Pcmcia
(9e89ef60e9ee05e3f2eef2da7397f1c1)
C:\WINDOWS\system32\drivers\Pcmcia.sys


04:25:18.0281
2868
    Pcmcia - ok


04:25:18.0296
2868
    PDCOMP - ok


04:25:18.0296
2868
    PDFRAME - ok


04:25:18.0296
2868
    PDRELI - ok


04:25:18.0296
2868
    PDRFRAME - ok


04:25:18.0296
2868
    perc2 - ok


04:25:18.0312
2868
    perc2hib - ok


04:25:18.0359
2868
    PlugPlay
(65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe


04:25:18.0359
2868
    PlugPlay - ok


04:25:18.0406
2868
    Point32
(b4f59a953ef9e507f0d00c3a68580b8b)
C:\WINDOWS\system32\DRIVERS\point32.sys


04:25:18.0406
2868
    Point32 - ok


04:25:18.0406
2868
    PolicyAgent
(bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe


04:25:18.0421
2868
    PolicyAgent - ok


04:25:18.0453
2868
    PptpMiniport
(efeec01b1d3cf84f16ddd24d9d9d8f99)
C:\WINDOWS\system32\DRIVERS\raspptp.sys


04:25:18.0453
2868
    PptpMiniport - ok


04:25:18.0484
2868
    Processor
(a32bebaf723557681bfc6bd93e98bd26)
C:\WINDOWS\system32\DRIVERS\processr.sys


04:25:18.0484
2868
    Processor - ok


04:25:18.0500
2868
    ProtectedStorage
(bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe


04:25:18.0500
2868
    ProtectedStorage - ok


04:25:18.0515
2868
    PSched
(09298ec810b07e5d582cb3a3f9255424)
C:\WINDOWS\system32\DRIVERS\psched.sys


04:25:18.0531
2868
    PSched - ok


04:25:18.0546
2868
    Ptilink
(80d317bd1c3dbc5d4fe7b1678c60cadd)
C:\WINDOWS\system32\DRIVERS\ptilink.sys


04:25:18.0546
2868
    Ptilink - ok


04:25:18.0578
2868
    ql1080 - ok


04:25:18.0593
2868
    Ql10wnt - ok


04:25:18.0593
2868
    ql12160 - ok


04:25:18.0609
2868
    ql1240 - ok


04:25:18.0625
2868
    ql1280 - ok


04:25:18.0640
2868
    RasAcd
(fe0d99d6f31e4fad8159f690d68ded9c)
C:\WINDOWS\system32\DRIVERS\rasacd.sys


04:25:18.0640
2868
    RasAcd - ok


04:25:18.0671
2868
    RasAuto
(ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll


04:25:18.0687
2868
    RasAuto - ok


04:25:18.0718
2868
    Rasl2tp
(11b4a627bc9614b885c4969bfa5ff8a6)
C:\WINDOWS\system32\DRIVERS\rasl2tp.sys


04:25:18.0718
2868
    Rasl2tp - ok


04:25:18.0765
2868
    RasMan
(76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll


04:25:18.0781
2868
    RasMan - ok


04:25:18.0796
2868
    RasPppoe
(5bc962f2654137c9909c3d4603587dee)
C:\WINDOWS\system32\DRIVERS\raspppoe.sys


04:25:18.0796
2868
    RasPppoe - ok


04:25:18.0828
2868
    Raspti
(fdbb1d60066fcfbb7452fd8f9829b242)
C:\WINDOWS\system32\DRIVERS\raspti.sys


04:25:18.0828
2868
    Raspti - ok


04:25:18.0859
2868
    Rdbss
(7ad224ad1a1437fe28d89cf22b17780a)
C:\WINDOWS\system32\DRIVERS\rdbss.sys


04:25:18.0875
2868
    Rdbss - ok


04:25:18.0890
2868
    RDPCDD
(4912d5b403614ce99c28420f75353332)
C:\WINDOWS\system32\DRIVERS\RDPCDD.sys


04:25:18.0890
2868
    RDPCDD - ok


04:25:18.0953
2868
    RDPWD
(43af5212bd8fb5ba6eed9754358bd8f7)
C:\WINDOWS\system32\drivers\RDPWD.sys


04:25:18.0953
2868
    RDPWD - ok


04:25:18.0968
2868
    RDSessMgr
(3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe


04:25:18.0984
2868
    RDSessMgr - ok


04:25:19.0000
2868
    redbook
(f828dd7e1419b6653894a8f97a0094c5)
C:\WINDOWS\system32\DRIVERS\redbook.sys


04:25:19.0000
2868
    redbook - ok


04:25:19.0031
2868
    RemoteAccess
(7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll


04:25:19.0046
2868
    RemoteAccess - ok


04:25:19.0046
2868
    RpcLocator
(aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe


04:25:19.0046
2868
    RpcLocator - ok


04:25:19.0093
2868
    RpcSs
(6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll


04:25:19.0109
2868
    RpcSs - ok


04:25:19.0140
2868
    RSVP
(471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe


04:25:19.0140
2868
    RSVP - ok


04:25:19.0156
2868
    SamSs
(bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe


04:25:19.0156
2868
    SamSs - ok


04:25:19.0171
2868
    SCardSvr
(86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe


04:25:19.0187
2868
    SCardSvr - ok


04:25:19.0234
2868
    Schedule
(0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll


04:25:19.0265
2868
    Schedule - ok


04:25:19.0296
2868
    Secdrv
(90a3935d05b494a5a39d37e71f09a677)
C:\WINDOWS\system32\DRIVERS\secdrv.sys


04:25:19.0296
2868
    Secdrv - ok


04:25:19.0343
2868
    seclogon
(cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll


04:25:19.0359
2868
    seclogon - ok


04:25:19.0562
2868
    senfilt
(b9c7617c1e8ab6fdff75d3c8dafcb4c8)
C:\WINDOWS\system32\drivers\senfilt.sys


04:25:19.0609
2868
    senfilt - ok


04:25:19.0625
2868
    SENS
(7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll


04:25:19.0625
2868
    SENS - ok


04:25:19.0640
2868
    serenum
(0f29512ccd6bead730039fb4bd2c85ce)
C:\WINDOWS\system32\DRIVERS\serenum.sys


04:25:19.0640
2868
    serenum - ok


04:25:19.0656
2868
    Serial
(cca207a8896d4c6a0c9ce29a4ae411a7)
C:\WINDOWS\system32\DRIVERS\serial.sys


04:25:19.0656
2868
    Serial - ok


04:25:19.0703
2868
    Sfloppy
(8e6b8c671615d126fdc553d1e2de5562)
C:\WINDOWS\system32\drivers\Sfloppy.sys


04:25:19.0703
2868
    Sfloppy - ok


04:25:19.0750
2868
    ShellHWDetection
(99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll


04:25:19.0750
2868
    ShellHWDetection - ok


04:25:19.0765
2868
    Simbad - ok


04:25:19.0812
2868
    smwdm
(c6d9959e493682f872a639b6ec1b4a08)
C:\WINDOWS\system32\drivers\smwdm.sys


04:25:19.0843
2868
    smwdm - ok


04:25:19.0859
2868
    Sparrow - ok


04:25:19.0875
2868
    splitter
(ab8b92451ecb048a4d1de7c3ffcb4a9f)
C:\WINDOWS\system32\drivers\splitter.sys


04:25:19.0875
2868
    splitter - ok


04:25:19.0906
2868
    Spooler
(60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe


04:25:19.0921
2868
    Spooler - ok


04:25:19.0953
2868
    sr
(76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys


04:25:19.0953
2868
    sr - ok


04:25:19.0984
2868
    srservice
(3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll


04:25:20.0000
2868
    srservice - ok


04:25:20.0062
2868
    Srv
(47ddfc2f003f7f9f0592c6874962a2e7)
C:\WINDOWS\system32\DRIVERS\srv.sys


04:25:20.0078
2868
    Srv - ok


04:25:20.0109
2868
    SSDPSRV
(0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll


04:25:20.0125
2868
    SSDPSRV - ok


04:25:20.0171
2868
    ssudmdm
(359fee084f1173ffffd7f9ccbd43d47f)
C:\WINDOWS\system32\DRIVERS\ssudmdm.sys


04:25:20.0187
2868
    ssudmdm - ok


04:25:20.0265
2868
    stisvc
(8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll


04:25:20.0281
2868
    stisvc - ok


04:25:20.0328
2868
    swenum
(3941d127aef12e93addf6fe6ee027e0f)
C:\WINDOWS\system32\DRIVERS\swenum.sys


04:25:20.0328
2868
    swenum - ok


04:25:20.0359
2868
    swmidi
(8ce882bcc6cf8a62f2b2323d95cb3d01)
C:\WINDOWS\system32\drivers\swmidi.sys


04:25:20.0359
2868
    swmidi - ok


04:25:20.0375
2868
    SwPrv - ok


04:25:20.0406
2868
    symc810 - ok


04:25:20.0406
2868
    symc8xx - ok


04:25:20.0421
2868
    sym_hi - ok


04:25:20.0437
2868
    sym_u3 - ok


04:25:20.0468
2868
    sysaudio
(8b83f3ed0f1688b4958f77cd6d2bf290)
C:\WINDOWS\system32\drivers\sysaudio.sys


04:25:20.0484
2868
    sysaudio - ok


04:25:20.0515
2868
    SysmonLog
(c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe


04:25:20.0531
2868
    SysmonLog - ok


04:25:20.0593
2868
    TapiSrv
(3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll


04:25:20.0625
2868
    TapiSrv - ok


04:25:20.0687
2868
    Tcpip
(9aefa14bd6b182d61e3119fa5f436d3d)
C:\WINDOWS\system32\DRIVERS\tcpip.sys


04:25:20.0703
2868
    Tcpip - ok


04:25:20.0734
2868
    TDPIPE
(6471a66807f5e104e4885f5b67349397)
C:\WINDOWS\system32\drivers\TDPIPE.sys


04:25:20.0734
2868
    TDPIPE - ok


04:25:20.0750
2868
    TDTCP
(c56b6d0402371cf3700eb322ef3aaf61)
C:\WINDOWS\system32\drivers\TDTCP.sys


04:25:20.0750
2868
    TDTCP - ok


04:25:20.0781
2868
    TermDD
(88155247177638048422893737429d9e)
C:\WINDOWS\system32\DRIVERS\termdd.sys


04:25:20.0781
2868
    TermDD - ok


04:25:20.0859
2868
    TermService
(ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll


04:25:20.0890
2868
    TermService - ok


04:25:20.0937
2868
    Themes
(99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll


04:25:20.0953
2868
    Themes - ok


04:25:20.0968
2868
    TosIde - ok


04:25:21.0015
2868
    TrkWks
(55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll


04:25:21.0031
2868
    TrkWks - ok


04:25:21.0078
2868
    Udfs
(5787b80c2e3c5e2f56c2a233d91fa2c9)
C:\WINDOWS\system32\drivers\Udfs.sys


04:25:21.0078
2868
    Udfs - ok


04:25:21.0093
2868
    ultra - ok


04:25:21.0156
2868
    Update
(402ddc88356b1bac0ee3dd1580c76a31)
C:\WINDOWS\system32\DRIVERS\update.sys


04:25:21.0171
2868
    Update - ok


04:25:21.0218
2868
    upnphost
(1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll


04:25:21.0250
2868
    upnphost - ok


04:25:21.0265
2868
    UPS
(05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe


04:25:21.0265
2868
    UPS - ok


04:25:21.0296
2868
    USBAAPL
(8bf5d980cdce35fb26f05047144bb57e)
C:\WINDOWS\system32\Drivers\usbaapl.sys


04:25:21.0296
2868
    USBAAPL - ok


04:25:21.0328
2868
    usbccgp
(173f317ce0db8e21322e71b7e60a27e8)
C:\WINDOWS\system32\DRIVERS\usbccgp.sys


04:25:21.0328
2868
    usbccgp - ok


04:25:21.0375
2868
    usbehci
(65dcf09d0e37d4c6b11b5b0b76d470a7)
C:\WINDOWS\system32\DRIVERS\usbehci.sys


04:25:21.0375
2868
    usbehci - ok


04:25:21.0390
2868
    usbhub
(1ab3cdde553b6e064d2e754efe20285c)
C:\WINDOWS\system32\DRIVERS\usbhub.sys


04:25:21.0390
2868
    usbhub - ok


04:25:21.0421
2868
    usbscan
(a0b8cf9deb1184fbdd20784a58fa75d4)
C:\WINDOWS\system32\DRIVERS\usbscan.sys


04:25:21.0437
2868
    usbscan - ok


04:25:21.0468
2868
    USBSTOR
(a32426d9b14a089eaa1d922e0c5801a9)
C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS


04:25:21.0468
2868
    USBSTOR - ok


04:25:21.0484
2868
    usbuhci
(26496f9dee2d787fc3e61ad54821ffe6)
C:\WINDOWS\system32\DRIVERS\usbuhci.sys


04:25:21.0500
2868
    usbuhci - ok


04:25:21.0515
2868
    VgaSave
(0d3a8fafceacd8b7625cd549757a7df1)
C:\WINDOWS\System32\drivers\vga.sys


04:25:21.0531
2868
    VgaSave - ok


04:25:21.0531
2868
    ViaIde - ok


04:25:21.0578
2868
    VolSnap
(4c8fcb5cc53aab716d810740fe59d025)
C:\WINDOWS\system32\drivers\VolSnap.sys


04:25:21.0578
2868
    VolSnap - ok


04:25:21.0656
2868
    VSS
(7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe


04:25:21.0671
2868
    VSS - ok


04:25:21.0718
2868
    W32Time
(54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll


04:25:21.0750
2868
    W32Time - ok


04:25:21.0781
2868
    Wanarp
(e20b95baedb550f32dd489265c1da1f6)
C:\WINDOWS\system32\DRIVERS\wanarp.sys


04:25:21.0781
2868
    Wanarp - ok


04:25:21.0843
2868
    Wdf01000
(fd47474bd21794508af449d9d91af6e6)
C:\WINDOWS\system32\DRIVERS\Wdf01000.sys


04:25:21.0875
2868
    Wdf01000 - ok


04:25:21.0890
2868
    WDICA - ok


04:25:21.0937
2868
    wdmaud
(6768acf64b18196494413695f0c3a00f)
C:\WINDOWS\system32\drivers\wdmaud.sys


04:25:21.0937
2868
    wdmaud - ok


04:25:21.0984
2868
    WebClient
(77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll


04:25:22.0000
2868
    WebClient - ok


04:25:22.0093
2868
    winmgmt
(2d0e4ed081963804ccc196a0929275b5)
C:\WINDOWS\system32\wbem\WMIsvc.dll


04:25:22.0109
2868
    winmgmt - ok


04:25:22.0171
2868
    WmdmPmSN
(c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll


04:25:22.0171
2868
    WmdmPmSN - ok


04:25:22.0218
2868
    WmiApSrv
(e0673f1106e62a68d2257e376079f821)
C:\WINDOWS\System32\wbem\wmiapsrv.exe


04:25:22.0218
2868
    WmiApSrv - ok


04:25:22.0250
2868
    WpdUsb
(cf4def1bf66f06964dc0d91844239104)
C:\WINDOWS\system32\DRIVERS\wpdusb.sys


04:25:22.0250
2868
    WpdUsb - ok


04:25:22.0406
2868
    WPFFontCache_v0400
(dcf3e3edf5109ee8bc02fe6e1f045795)
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe


04:25:22.0453
2868
    WPFFontCache_v0400 - ok


04:25:22.0484
2868
    WudfPf
(f15feafffbb3644ccc80c5da584e6311)
C:\WINDOWS\system32\DRIVERS\WudfPf.sys


04:25:22.0484
2868
    WudfPf - ok


04:25:22.0515
2868
    WudfRd
(28b524262bce6de1f7ef9f510ba3985b)
C:\WINDOWS\system32\DRIVERS\wudfrd.sys


04:25:22.0515
2868
    WudfRd - ok


04:25:22.0546
2868
    WudfSvc
(05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll


04:25:22.0546
2868
    WudfSvc - ok


04:25:22.0625
2868
    WZCSVC
(81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll


04:25:22.0671
2868
    WZCSVC - ok


04:25:22.0718
2868
    xmlprov
(295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll


04:25:22.0750
2868
    xmlprov - ok


04:25:22.0750
2868
    MBR (0x1B8)
(8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0


04:25:23.0203
2868
    \Device\Harddisk0\DR0 - ok


04:25:23.0609
2868
    MBR (0x1B8)
(8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2


04:25:23.0609
2868
    \Device\Harddisk1\DR2 - ok


04:25:23.0609
2868
    Boot (0x1200)
(17d5a587f37ebc5ccec29e61aa7d381e) \Device\Harddisk0\DR0\Partition0


04:25:23.0609
2868
    \Device\Harddisk0\DR0\Partition0 - ok


04:25:23.0609
2868
    Boot (0x1200)
(6e0a834c9ebdd8d8b395bbad727d5d35) \Device\Harddisk1\DR2\Partition0


04:25:23.0625
2868
    \Device\Harddisk1\DR2\Partition0 - ok


04:25:23.0640
2868
    Boot (0x1200)
(75f4af6ac998cba011a976fb32880eca) \Device\Harddisk1\DR2\Partition1


04:25:23.0640
2868
    \Device\Harddisk1\DR2\Partition1 - ok


04:25:23.0640
2868
    Boot (0x1200)
(51889d163adcc74049f99ea8e51475e9) \Device\Harddisk1\DR2\Partition2


04:25:23.0640
2868
    \Device\Harddisk1\DR2\Partition2 - ok


04:25:23.0640
2868
    Boot (0x1200)
(0e0115ab00d7060f65b8b5b39a070480) \Device\Harddisk1\DR2\Partition3


04:25:23.0640
2868
    \Device\Harddisk1\DR2\Partition3 - ok


04:25:23.0640
2868
    ============================================================


04:25:23.0640
2868
    Scan finished


04:25:23.0640
2868
    ============================================================


04:25:23.0656
2704
    Detected object count: 0


04:25:23.0656
2704
    Actual detected object count: 0


04:25:29.0093
2832
    Deinitialize success



 



 



 


--------------------------------------------------------------------------



 


aswMBR version 0.9.9.1707
Copyright© 2011 AVAST Software


Run date: 2013-03-04
04:43:24


-----------------------------


04:43:24.500 OS
Version: Windows 5.1.2600 Service Pack 3


04:43:24.500 Number of
processors: 1 586 0x209


04:43:24.500
ComputerName: HOME-5HWD5VXP2X UserName: Owner


04:43:24.921 Initialize
success


04:43:26.046 AVAST
engine defs: 13030100


04:43:47.062 Disk 0
(boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3


04:43:47.062 Disk 0
Vendor: WDC_WD1600JB-00REA0 20.00K20 Size: 152627MB BusType: 3


04:43:47.078 Disk 0 MBR
read successfully


04:43:47.078 Disk 0 MBR
scan


04:43:47.093 Disk 0
Windows XP default MBR code


04:43:47.093 Disk 0
Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63


04:43:47.109 Disk 0
scanning sectors +312560640


04:43:47.171 Disk 0
scanning C:\WINDOWS\system32\drivers


04:43:57.218 Service
scanning


04:44:07.343 Modules
scanning


04:44:13.609 Disk 0
trace - called modules:


04:44:13.625
ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
PCIIDEX.SYS


04:44:13.625 1
nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823d1ab8]


04:44:14.140 3
CLASSPNP.SYS[f8578fd7] -> nt!IofCallDriver ->
\Device\Ide\IdeDeviceP0T0L0-3[0x8236cb00]


04:44:14.484 AVAST
engine scan C:\WINDOWS


04:44:18.187 AVAST
engine scan C:\WINDOWS\system32


04:46:29.375 AVAST
engine scan C:\WINDOWS\system32\drivers


04:46:43.171 AVAST
engine scan C:\Documents and Settings\Owner


05:14:02.500 AVAST
engine scan C:\Documents and Settings\All Users


05:15:16.906 Scan
finished successfully


05:29:43.984 Disk 0 MBR
has been saved successfully to "C:\Documents and
Settings\Owner\Desktop\MBR.dat"


05:29:44.000 The log
file has been saved successfully to "C:\Documents and
Settings\Owner\Desktop\BleeingComaswMBR.txt"



 


-----------------



 


2013 DELL Inspiron 660, Intel 4 CPU - 2.4 GB, 512 Meg Ram, 64 bit / BEN-Q 21.5" Scr,

Windows 10, Weston 1000 T-byte HDD - Partitions -  G, -  H, - I, - J 

CCleaner, Kaspersky (Full Version) MWMByts Weekly


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:32 PM

Posted 03 March 2013 - 02:51 PM

Can you connect to internet in safemode with networking?

 

Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 



#5 Dazza

Dazza
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yandina Qld
  • Local time:02:32 PM

Posted 03 March 2013 - 05:39 PM

narenxp No Joy with Safe mode Networking Cannot connect

 

here are the 2 logs Dazza

 

Farbar Service Scanner Version: 03-03-2013
Ran by Owner (administrator) on 04-03-2013 at 08:30:23
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open IpSec registry key. The service key does not exist.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.
Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: ATTENTION!=====> Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2013-02-02 12:28] - [2008-04-14 05:42] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2003-07-17 06:44] - [2009-02-06 21:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
aswTdi(10) Gpc(3) NetBT(6) NwlnkIpx(8) NwlnkNb(9) PSched(7) Tcpip(4)
0x0A00000005000000010000000200000003000000040000000A00000006000000070000000800000009000000
ATTENTION!=====> IpSec Tag value should be 5. ATTENTION!=====> IpSec Tag value is missing and it should be 5.

**** End of log ****

 

MiniToolBox by Farbar  Version:01-03-2013
Ran by Owner (administrator) on 04-03-2013 at 08:28:43
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationAn internal error occurred: The request is not supported. Please contact Microsoft Product Support Services for further help.Additional information: Unable to query host name.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration


Windows IP ConfigurationAn internal error occurred: The request is not supported. Please contact Microsoft Product Support Services for further help.Additional information: Unable to query host name.Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.Unable to contact IP driver, error code 2,========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File not found] ()
Catalog9 02 mswsock.dll [File not found] ()
Catalog9 03 mswsock.dll [File not found] ()
Catalog9 04 mswsock.dll [File not found] ()
Catalog9 05 mswsock.dll [File not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 mswsock.dll [File not found] ()
Catalog9 12 mswsock.dll [File not found] ()
Catalog9 13 mswsock.dll [File not found] ()
Catalog9 14 mswsock.dll [File not found] ()
Catalog9 15 mswsock.dll [File not found] ()
Catalog9 16 mswsock.dll [File not found] ()
Catalog9 17 mswsock.dll [File not found] ()
Catalog9 18 mswsock.dll [File not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/01/2013 07:09:18 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/28/2013 07:39:15 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/28/2013 07:36:47 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/28/2013 07:34:06 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/28/2013 07:33:51 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/27/2013 08:25:38 AM) (Source: Application Hang) (User: )
Description: Hanging application uTorrent.exe, version 3.3.0.29038, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/26/2013 10:07:28 AM) (Source: Application Error) (User: )
Description: Faulting application googledrivesync.exe, version 1.7.4018.3496, faulting module wxbase293u_vc.dll, version 2.9.3.1, fault address 0x0007286c.
Processing media-specific event for [googledrivesync.exe!ws!]

Error: (02/19/2013 06:43:54 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 18.0.2.4780, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/10/2013 01:24:09 PM) (Source: .NET Runtime) (User: )
Description: Application: KiesDriverInstaller.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
Stack:
   at System.String.InternalSubStringWithChecks(Int32, Int32, Boolean)
   at Kies.Common.KiesDriverInstaller.Program.GetUsbDriverCmd(System.String)
   at Kies.Common.KiesDriverInstaller.Program.Main(System.String[])

Error: (02/10/2013 01:24:07 PM) (Source: .NET Runtime 4.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 kiesdriverinstaller.exe, P2 1.0.0.14, P3 50b5a4f3, P4 mscorlib, P5 4.0.0.0, P6 50484bd7, P7 2eb, P8 4f, P9 clr20r30, P10 clr20r31.


System errors:
=============
Error: (03/04/2013 08:28:47 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (03/04/2013 08:28:47 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (03/04/2013 08:28:47 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (03/04/2013 08:28:47 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (03/04/2013 08:28:47 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (03/04/2013 08:28:47 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (03/04/2013 08:28:46 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (03/04/2013 08:28:46 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (03/04/2013 08:28:46 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (03/04/2013 08:28:46 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec


Microsoft Office Sessions:
=========================
Error: (03/01/2013 07:09:18 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070422updateservicemanager-_get_servicesfallbackcheck1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL

Error: (02/28/2013 07:39:15 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070422updateservicemanager-_get_servicesfallbackcheck1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL

Error: (02/28/2013 07:36:47 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070422updateservicemanager-_get_servicesfallbackcheck1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL

Error: (02/28/2013 07:34:06 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070422updateservicemanager-_get_servicesfallbackcheck1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL

Error: (02/28/2013 07:33:51 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070422updateservicemanager-_get_servicesfallbackcheck1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL

Error: (02/27/2013 08:25:38 AM) (Source: Application Hang)(User: )
Description: uTorrent.exe3.3.0.29038hungapp0.0.0.000000000

Error: (02/26/2013 10:07:28 AM) (Source: Application Error)(User: )
Description: googledrivesync.exe1.7.4018.3496wxbase293u_vc.dll2.9.3.10007286c

Error: (02/19/2013 06:43:54 AM) (Source: Application Hang)(User: )
Description: firefox.exe18.0.2.4780hungapp0.0.0.000000000

Error: (02/10/2013 01:24:09 PM) (Source: .NET Runtime)(User: )
Description: Application: KiesDriverInstaller.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
Stack:
   at System.String.InternalSubStringWithChecks(Int32, Int32, Boolean)
   at Kies.Common.KiesDriverInstaller.Program.GetUsbDriverCmd(System.String)
   at Kies.Common.KiesDriverInstaller.Program.Main(System.String[])

Error: (02/10/2013 01:24:07 PM) (Source: .NET Runtime 4.0 Error Reporting)(User: )
Description: clr20r3kiesdriverinstaller.exe1.0.0.1450b5a4f3mscorlib4.0.0.050484bd72eb4fsystem.argumentoutofrangeNIL


=========================== Installed Programs ============================

µTorrent (Version: 3.3.0.29038)Adobe Flash Player 11 ActiveX (Version: 11.6.602.171)
Adobe Flash Player 11 Plugin (Version: 11.6.602.171)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 8.0.1482.0)
BCM V.92 56K Modem
Bonjour (Version: 3.0.0.10)
Broadcom 440x 10/100 Integrated Controller (Version: 3.29)
calibre (Version: 0.9.20)
CCleaner (Version: 3.28)
Dropbox (Version: 1.6.17)
EMCO UnLock IT 3.0
Intel® Extreme Graphics Driver
iTunes (Version: 11.0.1.12)
Kingsoft Office 2012 (8.1.0.3385) (Version: 8.1.0.3385)
K-Lite Codec Pack 9.7.5 (Full) (Version: 9.7.5)
M8 Free Clipboard
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
MediaMonkey 4.0 (Version: 4.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliPoint 6.2 (Version: 6.20.182.0)
Microsoft IntelliType Pro 6.2 (Version: 6.20.182.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Mozilla Firefox 19.0 (x86 en-US) (Version: 19.0)
Mozilla Maintenance Service (Version: 19.0)
MyFreeCodec
Paint.NET v3.5.10 (Version: 3.60.0)
QuickTime (Version: 7.73.80.64)
Revo Uninstaller 1.94 (Version: 1.94)
Samsung Kies (Version: 2.5.1.12123_2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
SoundMAX (Version: 5.12.01.5246)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.6513)
Windows Defender (Version: 1.1.1593.21)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.20 (32-bit) (Version: 4.20.0)


========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 510 MB
Available physical RAM: 274.59 MB
Total Pagefile: 1248.65 MB
Available Pagefile: 1060.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.3 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.04 GB) (Free:122.13 GB) NTFS
3 Drive e: () (Fixed) (Total:341.8 GB) (Free:317.44 GB) NTFS
4 Drive f: (MUSIC) (Fixed) (Total:195.31 GB) (Free:147.28 GB) NTFS
5 Drive g: (PICTURES) (Fixed) (Total:195.31 GB) (Free:185.52 GB) NTFS
6 Drive h: (VAULT) (Fixed) (Total:195.31 GB) (Free:181.72 GB) NTFS
7 Drive i: (SANS DISC) (Removable) (Total:30.78 GB) (Free:30.62 GB) FAT32

========================= Users: ========================================

User accounts for \\HOME-5HWD5VXP2X

Administrator            ASPNET                   Guest                    
HelpAssistant            Owner                    SUPPORT_388945a0         


**** End of log ****
 


2013 DELL Inspiron 660, Intel 4 CPU - 2.4 GB, 512 Meg Ram, 64 bit / BEN-Q 21.5" Scr,

Windows 10, Weston 1000 T-byte HDD - Partitions -  G, -  H, - I, - J 

CCleaner, Kaspersky (Full Version) MWMByts Weekly


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:32 PM

Posted 03 March 2013 - 05:53 PM

Download

 

http://download.bleepingcomputer.com/win-services/xp/IPSec.reg

 

Launch it and click YES

 

Restart the PC and post the new FSS log.



#7 Dazza

Dazza
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yandina Qld
  • Local time:02:32 PM

Posted 03 March 2013 - 06:52 PM

Download
 
http://download.bleepingcomputer.com/win-services/xp/IPSec.reg
 
Launch it and click YES
 
Restart the PC and post the new FSS log.

I have done this twice but there is no FSS Log on the desktop only the fssexe log I did earlier. Where would the fss Log go to' according to the Path it;s at C>DocSett>Owner>Desktop? I cannot find it anywhere Dazza


Edited by Dazza, 03 March 2013 - 10:52 PM.

2013 DELL Inspiron 660, Intel 4 CPU - 2.4 GB, 512 Meg Ram, 64 bit / BEN-Q 21.5" Scr,

Windows 10, Weston 1000 T-byte HDD - Partitions -  G, -  H, - I, - J 

CCleaner, Kaspersky (Full Version) MWMByts Weekly


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:32 PM

Posted 03 March 2013 - 06:56 PM

Delete the old log.Run FSS again and post the new one.It should be in same directory as tool is run.

 

See if you can browse now.



#9 Dazza

Dazza
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yandina Qld
  • Local time:02:32 PM

Posted 04 March 2013 - 01:26 AM

Hi narenxp yep it's working :clapping: the computer is back on line! I have run FSS again here Ya Go Cobba :busy:

Farbar Service Scanner Version: 03-03-2013
Ran by Owner (administrator) on 04-03-2013 at 16:22:35
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.
Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: ATTENTION!=====> Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2013-02-02 12:28] - [2008-04-14 05:42] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2003-07-17 06:44] - [2009-02-06 21:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
aswTdi(10) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(8) NwlnkNb(9) PSched(7) Tcpip(4)
0x0A00000005000000010000000200000003000000040000000A00000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****


2013 DELL Inspiron 660, Intel 4 CPU - 2.4 GB, 512 Meg Ram, 64 bit / BEN-Q 21.5" Scr,

Windows 10, Weston 1000 T-byte HDD - Partitions -  G, -  H, - I, - J 

CCleaner, Kaspersky (Full Version) MWMByts Weekly


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:32 PM

Posted 04 March 2013 - 09:17 AM

Please run ESET online scanner again in normal mode and post the log

 

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.  You can also right click on the link and select Save Link As

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log

 



#11 Dazza

Dazza
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yandina Qld
  • Local time:02:32 PM

Posted 04 March 2013 - 11:39 PM

Okay Cobba a Long time comming but here ya Go Cheers Dazzar

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.05.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: HOME-5HWD5VXP2X [administrator]

3/5/2013 12:17:45 PM
mbam-log-2013-03-05 (12-17-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215865
Time elapsed: 6 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

=======

MiniToolBox by Farbar  Version:01-03-2013
Ran by Owner (administrator) on 05-03-2013 at 12:28:04
Running from "C:\Documents and Settings\Owner\Desktop\FireFox Down"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration        Host Name . . . . . . . . . . . . : home-5hwd5vxp2x        Primary Dns Suffix  . . . . . . . :         Node Type . . . . . . . . . . . . : Unknown        IP Routing Enabled. . . . . . . . : No        WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection:        Connection-specific DNS Suffix  . :         Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller        Physical Address. . . . . . . . . : 00-0D-56-5F-61-5A        Dhcp Enabled. . . . . . . . . . . : Yes        Autoconfiguration Enabled . . . . : Yes        IP Address. . . . . . . . . . . . : 192.168.1.3        Subnet Mask . . . . . . . . . . . : 255.255.255.0        Default Gateway . . . . . . . . . : 192.168.1.254        DHCP Server . . . . . . . . . . . : 192.168.1.254        DNS Servers . . . . . . . . . . . : 192.168.1.254        Lease Obtained. . . . . . . . . . : Tuesday, March 05, 2013 9:36:57 AM        Lease Expires . . . . . . . . . . : Tuesday, March 05, 2013 9:36:57 PMServer:  home.gateway
Address:  192.168.1.254

Name:    google.com
Addresses:  74.125.237.40, 74.125.237.41, 74.125.237.46, 74.125.237.32
      74.125.237.33, 74.125.237.34, 74.125.237.35, 74.125.237.36, 74.125.237.37
      74.125.237.38, 74.125.237.39

Pinging google.com [74.125.237.40] with 32 bytes of data:Reply from 74.125.237.40: bytes=32 time=46ms TTL=56Reply from 74.125.237.40: bytes=32 time=46ms TTL=56Ping statistics for 74.125.237.40:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 46ms, Maximum = 46ms, Average = 46msServer:  home.gateway
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:Reply from 98.138.253.109: bytes=32 time=266ms TTL=52Reply from 98.138.253.109: bytes=32 time=315ms TTL=52Ping statistics for 98.138.253.109:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 266ms, Maximum = 315ms, Average = 290msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0d 56 5f 61 5a ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.3      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      169.254.0.0      255.255.0.0      192.168.1.3     192.168.1.3      20
      192.168.1.0    255.255.255.0      192.168.1.3     192.168.1.3      20
      192.168.1.3  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255      192.168.1.3     192.168.1.3      20
        224.0.0.0        240.0.0.0      192.168.1.3     192.168.1.3      20
  255.255.255.255  255.255.255.255      192.168.1.3     192.168.1.3      1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File not found] ()
Catalog9 02 mswsock.dll [File not found] ()
Catalog9 03 mswsock.dll [File not found] ()
Catalog9 04 mswsock.dll [File not found] ()
Catalog9 05 mswsock.dll [File not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 mswsock.dll [File not found] ()
Catalog9 12 mswsock.dll [File not found] ()
Catalog9 13 mswsock.dll [File not found] ()
Catalog9 14 mswsock.dll [File not found] ()
Catalog9 15 mswsock.dll [File not found] ()
Catalog9 16 mswsock.dll [File not found] ()
Catalog9 17 mswsock.dll [File not found] ()
Catalog9 18 mswsock.dll [File not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/01/2013 07:09:18 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/28/2013 07:39:15 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/28/2013 07:36:47 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/28/2013 07:34:06 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/28/2013 07:33:51 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services, P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/27/2013 08:25:38 AM) (Source: Application Hang) (User: )
Description: Hanging application uTorrent.exe, version 3.3.0.29038, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/26/2013 10:07:28 AM) (Source: Application Error) (User: )
Description: Faulting application googledrivesync.exe, version 1.7.4018.3496, faulting module wxbase293u_vc.dll, version 2.9.3.1, fault address 0x0007286c.
Processing media-specific event for [googledrivesync.exe!ws!]

Error: (02/19/2013 06:43:54 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 18.0.2.4780, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/10/2013 01:24:09 PM) (Source: .NET Runtime) (User: )
Description: Application: KiesDriverInstaller.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
Stack:
   at System.String.InternalSubStringWithChecks(Int32, Int32, Boolean)
   at Kies.Common.KiesDriverInstaller.Program.GetUsbDriverCmd(System.String)
   at Kies.Common.KiesDriverInstaller.Program.Main(System.String[])

Error: (02/10/2013 01:24:07 PM) (Source: .NET Runtime 4.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 kiesdriverinstaller.exe, P2 1.0.0.14, P3 50b5a4f3, P4 mscorlib, P5 4.0.0.0, P6 50484bd7, P7 2eb, P8 4f, P9 clr20r30, P10 clr20r31.


System errors:
=============
Error: (03/05/2013 08:36:52 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (03/04/2013 03:37:06 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{84679C0C-0F61-4118-8F8E-91CBAE39ED7F} because another computer on the network has the same name.  The server could not start.

Error: (03/04/2013 09:50:26 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (03/04/2013 09:40:24 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (03/04/2013 08:28:47 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (03/04/2013 08:28:47 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (03/04/2013 08:28:47 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (03/04/2013 08:28:47 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (03/04/2013 08:28:47 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (03/04/2013 08:28:47 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec


Microsoft Office Sessions:
=========================
Error: (03/01/2013 07:09:18 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070422updateservicemanager-_get_servicesfallbackcheck1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL

Error: (02/28/2013 07:39:15 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070422updateservicemanager-_get_servicesfallbackcheck1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL

Error: (02/28/2013 07:36:47 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070422updateservicemanager-_get_servicesfallbackcheck1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL

Error: (02/28/2013 07:34:06 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070422updateservicemanager-_get_servicesfallbackcheck1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL

Error: (02/28/2013 07:33:51 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070422updateservicemanager-_get_servicesfallbackcheck1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL

Error: (02/27/2013 08:25:38 AM) (Source: Application Hang)(User: )
Description: uTorrent.exe3.3.0.29038hungapp0.0.0.000000000

Error: (02/26/2013 10:07:28 AM) (Source: Application Error)(User: )
Description: googledrivesync.exe1.7.4018.3496wxbase293u_vc.dll2.9.3.10007286c

Error: (02/19/2013 06:43:54 AM) (Source: Application Hang)(User: )
Description: firefox.exe18.0.2.4780hungapp0.0.0.000000000

Error: (02/10/2013 01:24:09 PM) (Source: .NET Runtime)(User: )
Description: Application: KiesDriverInstaller.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
Stack:
   at System.String.InternalSubStringWithChecks(Int32, Int32, Boolean)
   at Kies.Common.KiesDriverInstaller.Program.GetUsbDriverCmd(System.String)
   at Kies.Common.KiesDriverInstaller.Program.Main(System.String[])

Error: (02/10/2013 01:24:07 PM) (Source: .NET Runtime 4.0 Error Reporting)(User: )
Description: clr20r3kiesdriverinstaller.exe1.0.0.1450b5a4f3mscorlib4.0.0.050484bd72eb4fsystem.argumentoutofrangeNIL


=========================== Installed Programs ============================

µTorrent (Version: 3.3.0.29038)Adobe Flash Player 11 ActiveX (Version: 11.6.602.171)
Adobe Flash Player 11 Plugin (Version: 11.6.602.171)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 8.0.1482.0)
BCM V.92 56K Modem
Bonjour (Version: 3.0.0.10)
Broadcom 440x 10/100 Integrated Controller (Version: 3.29)
calibre (Version: 0.9.20)
CCleaner (Version: 3.28)
Dropbox (Version: 1.6.17)
EMCO UnLock IT 3.0
Intel® Extreme Graphics Driver
iTunes (Version: 11.0.1.12)
Kingsoft Office 2012 (8.1.0.3385) (Version: 8.1.0.3385)
K-Lite Codec Pack 9.7.5 (Full) (Version: 9.7.5)
M8 Free Clipboard
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
MediaMonkey 4.0 (Version: 4.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliPoint 6.2 (Version: 6.20.182.0)
Microsoft IntelliType Pro 6.2 (Version: 6.20.182.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Mozilla Firefox 19.0 (x86 en-US) (Version: 19.0)
Mozilla Maintenance Service (Version: 19.0)
MyFreeCodec
Paint.NET v3.5.10 (Version: 3.60.0)
QuickTime (Version: 7.73.80.64)
Revo Uninstaller 1.94 (Version: 1.94)
Samsung Kies (Version: 2.5.1.12123_2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
SoundMAX (Version: 5.12.01.5246)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.6513)
Windows Defender (Version: 1.1.1593.21)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.20 (32-bit) (Version: 4.20.0)


========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 510 MB
Available physical RAM: 304.06 MB
Total Pagefile: 1248.65 MB
Available Pagefile: 919.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.3 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.04 GB) (Free:121.74 GB) NTFS
3 Drive e: () (Fixed) (Total:341.8 GB) (Free:317.44 GB) NTFS
4 Drive f: (MUSIC) (Fixed) (Total:195.31 GB) (Free:147.28 GB) NTFS
5 Drive g: (PICTURES) (Fixed) (Total:195.31 GB) (Free:185.52 GB) NTFS
6 Drive h: (VAULT) (Fixed) (Total:195.31 GB) (Free:181.72 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME-5HWD5VXP2X

Administrator            ASPNET                   Guest                    
HelpAssistant            Owner                    SUPPORT_388945a0         

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

02-02-2013 02:35:50 System Checkpoint
02-02-2013 03:26:15 Installed Broadcom 440x 10/100 Integrated Controller
02-02-2013 04:17:33 Installed Windows XP Service Pack 3.
02-02-2013 17:00:13 Software Distribution Service 3.0
03-02-2013 03:38:11 Software Distribution Service 3.0
03-02-2013 03:45:02 Software Distribution Service 3.0
03-02-2013 04:19:30 Software Distribution Service 3.0
03-02-2013 04:22:17 avast! Free Antivirus Setup
03-02-2013 21:37:34 Software Distribution Service 3.0
03-02-2013 21:44:40 Configured Broadcom 440x 10/100 Integrated Controller
04-02-2013 01:21:57 Revo Uninstaller's restore point - AVG Security Toolbar
04-02-2013 06:44:26 Installed SoundMAX
04-02-2013 06:44:33 Installed SoundMAX
04-02-2013 22:21:14 Installed iTunes
04-02-2013 22:26:27 Installed QuickTime
05-02-2013 05:27:13 Installed SoftMaker FreeOffice
05-02-2013 20:37:42 Software Distribution Service 3.0
06-02-2013 05:22:39 Revo Uninstaller's restore point - AnyPic JPG to PDF Converter 1.1.0
06-02-2013 05:37:14 Revo Uninstaller's restore point - AnyPic Image Converter 1.2.2
06-02-2013 09:48:08 Revo Uninstaller's restore point - SoftMaker FreeOffice
06-02-2013 09:48:37 Removed SoftMaker FreeOffice
06-02-2013 20:43:58 Revo Uninstaller's restore point - FromDocToPDF Toolbar
07-02-2013 08:52:51 Installed calibre
07-02-2013 21:36:20 Revo Uninstaller's restore point - Delta toolbar  
07-02-2013 21:38:28 Revo Uninstaller's restore point - Delta
07-02-2013 21:39:48 Revo Uninstaller's restore point - BrowserProtect
08-02-2013 22:41:48 System Checkpoint
09-02-2013 23:21:06 System Checkpoint
10-02-2013 03:24:58 Revo Uninstaller's restore point - SAMSUNG USB Driver for Mobile Phones
10-02-2013 23:03:14 Installed Windows Media Player Firefox Plugin
11-02-2013 01:50:51 Revo Uninstaller's restore point - SAMSUNG USB Driver for Mobile Phones
11-02-2013 02:21:31 Installed Windows XP Wudf01000.
11-02-2013 02:21:44 Installed Samsung Kies
11-02-2013 03:29:01 Revo Uninstaller's restore point - Google Gmail Notifier
13-02-2013 05:06:31 System Checkpoint
14-02-2013 05:52:32 System Checkpoint
15-02-2013 06:35:59 System Checkpoint
16-02-2013 06:47:47 System Checkpoint
17-02-2013 07:09:50 System Checkpoint
18-02-2013 21:23:43 System Checkpoint
19-02-2013 22:49:18 System Checkpoint
20-02-2013 20:07:29 Paint.NET v3.5.10
21-02-2013 20:24:43 System Checkpoint
22-02-2013 21:21:02 System Checkpoint
23-02-2013 04:17:33 Installed calibre
23-02-2013 04:18:22 Removed calibre
24-02-2013 04:42:25 System Checkpoint
25-02-2013 05:47:19 System Checkpoint
26-02-2013 07:20:21 System Checkpoint
27-02-2013 07:58:52 System Checkpoint
27-02-2013 21:33:33 Installed Windows Defender
28-02-2013 21:44:53 System Checkpoint
01-03-2013 00:58:49 Installed Java 7 Update 15
01-03-2013 21:43:56 Revo Uninstaller's restore point - Google Drive
01-03-2013 21:46:10 Removed Google Drive
01-03-2013 21:47:47 Revo Uninstaller's restore point - Revo Uninstaller 1.94
01-03-2013 22:03:28 Removed Java 7 Update 15
02-03-2013 22:30:57 System Checkpoint
03-03-2013 23:01:37 System Checkpoint
05-03-2013 00:46:30 System Checkpoint

**** End of log ****

================

 

Farbar Service Scanner Version: 03-03-2013
Ran by Owner (administrator) on 05-03-2013 at 12:57:46
Running from "C:\Documents and Settings\Owner\Desktop\FireFox Down"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.
Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: ATTENTION!=====> Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2013-02-02 12:28] - [2008-04-14 05:42] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2003-07-17 06:44] - [2009-02-06 21:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
aswTdi(10) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(8) NwlnkNb(9) PSched(7) Tcpip(4)
0x0A00000005000000010000000200000003000000040000000A00000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

 

===========

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=db09fb7f8f2d7241bcf1b8cb1bd3e44a
# engine=13297
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-05 12:10:04
# local_time=2013-03-05 10:10:04 (+1000, E. Australia Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=774 16777213 85 91 0 138320476 0 0
# compatibility_mode=5889 16768382 80 100 441387 203238550 0 0
# scanned=181319
# found=0
# cleaned=0
# scan_time=6157

========

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.8 (03.04.2013:1)
OS: Microsoft Windows XP x86
Ran by Owner on Tue 03/05/2013 at 13:59:56.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\xlq1dvq6.default\invalidprefs.js





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/05/2013 at 14:09:43.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
=============

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon"    "Apple Push"    "Apple Inc."    "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "avast"    "avast! Antivirus"    "AVAST Software"    "c:\program files\avast software\avast\avastui.exe"
+ "BCMSMMSG"    "Modem Messaging Applet"    "Broadcom Corporation"    "c:\windows\bcmsmmsg.exe"
+ "HotKeysCmds"    "hkcmd Module"    "Intel Corporation"    "c:\windows\system32\hkcmd.exe"
+ "IgfxTray"    "igfxTray Module"    "Intel Corporation"    "c:\windows\system32\igfxtray.exe"
+ "IntelliPoint"    "IPoint.exe"    "Microsoft Corporation"    "c:\program files\microsoft intellipoint\ipoint.exe"
+ "iTunesHelper"    "iTunesHelper"    "Apple Inc."    "c:\program files\itunes\ituneshelper.exe"
+ "itype"    "IType.exe"    "Microsoft Corporation"    "c:\program files\microsoft intellitype pro\itype.exe"
+ "QuickTime Task"    "QuickTime Task"    "Apple Inc."    "c:\program files\quicktime\qttask.exe"
+ "SoundMAXPnP"    "SMax4PNP MFC Application"    "Analog Devices, Inc."    "c:\program files\analog devices\core\smax4pnp.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""
+ "Address Book 6"    "Outlook Express Setup Library"    "Microsoft Corporation"    "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6"    "Outlook Express Setup Library"    "Microsoft Corporation"    "c:\program files\outlook express\setup50.exe"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components"    ""    ""    ""
+ "0"    ""    ""    "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks"    ""    ""    ""
+ "Microsoft AntiMalware ShellExecuteHook"    "Shell Execution Monitor"    "Microsoft Corporation"    "c:\program files\windows defender\mpshhook.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "DropboxExt"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\documents and settings\owner\application data\dropbox\bin\dropboxext.17.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashshell.dll"
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "00avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashshell.dll"
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "DropboxExt"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\documents and settings\owner\application data\dropbox\bin\dropboxext.17.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "DropboxExt"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\documents and settings\owner\application data\dropbox\bin\dropboxext.17.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "igfxcui"    "igfxpph Module"    "Intel Corporation"    "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""
+ "Haali Column Provider"    ""    ""    "c:\program files\mega codec pack\filters\haali\mmfinfo.dll"
+ "PDF Shell Extension"    "PDF Shell Extension"    "Adobe Systems, Inc."    "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashshell.dll"
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""
+ "00avast"    "avast! Shell Extension"    "AVAST Software"    "c:\program files\avast software\avast\ashshell.dll"
+ "0MediaIconsOerlay"    ""    ""    "c:\documents and settings\all users\application data\microsoft\media tools\mediaiconsoverlays.dll"
+ "DropboxExt1"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\documents and settings\owner\application data\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt2"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\documents and settings\owner\application data\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt3"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\documents and settings\owner\application data\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt4"    "Dropbox Shell Extension"    "Dropbox, Inc."    "c:\documents and settings\owner\application data\dropbox\bin\dropboxext.17.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "Adobe PDF Link Helper"    "Adobe PDF Helper for Internet Explorer"    "Adobe Systems Incorporated"    "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "avast! WebRep"    "avast! WebRep Plugin"    "AVAST Software"    "c:\program files\avast software\avast\aswwebrepie.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""
+ "avast! WebRep"    "avast! WebRep Plugin"    "AVAST Software"    "c:\program files\avast software\avast\aswwebrepie.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
+ "Windows Messenger"    "Windows Messenger"    "Microsoft Corporation"    "c:\program files\messenger\msmsgs.exe"
"Task Scheduler"    ""    ""    ""
+ "Adobe Flash Player Updater.job"    "Adobe® Flash® Player Update Service 11.6 r602"    "Adobe Systems Incorporated"    "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "avast! Emergency Update.job"    "avast! Emergency Update"    "AVAST Software"    "c:\program files\avast software\avast\avastemupdate.exe"
+ "MP Scheduled Scan.job"    "Windows Defender Command Line Utility"    "Microsoft Corporation"    "c:\program files\windows defender\mpcmdrun.exe"
+ "WpsUpdateTask_Owner.job"    "Kingsoft Office Automatic Upgrade"    "Zhuhai Kingsoft Office-software Co.,Ltd"    "c:\program files\kingsoft\kingsoft office\office6\wpsupdate.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "AdobeFlashPlayerUpdateSvc"    "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes."    "Adobe Systems Incorporated"    "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device"    "Provides the interface to Apple mobile devices."    "Apple Inc."    "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "avast! Antivirus"    "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler."    "AVAST Software"    "c:\program files\avast software\avast\avastsvc.exe"
+ "Bonjour Service"    "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence."    "Apple Inc."    "c:\program files\bonjour\mdnsresponder.exe"
+ "iPod Service"    "iPod hardware management services"    "Apple Inc."    "c:\program files\ipod\bin\ipodservice.exe"
+ "MozillaMaintenance"    "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."    "Mozilla Foundation"    "c:\program files\mozilla maintenance service\maintenanceservice.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "aswFsBlk"    "avast! mini-filter driver (aswFsBlk)"    "AVAST Software"    "c:\windows\system32\drivers\aswfsblk.sys"
+ "aswMonFlt"    "avast! mini-filter driver (aswMonFlt)"    "AVAST Software"    "c:\windows\system32\drivers\aswmonflt.sys"
+ "AswRdr"    "avast! TDI Redirect driver"    "AVAST Software"    "c:\windows\system32\drivers\aswrdr.sys"
+ "aswRvrt"    "avast! Revert"    ""    "c:\windows\system32\drivers\aswrvrt.sys"
+ "aswSnx"    "avast! virtualization driver (aswSnx)"    "AVAST Software"    "c:\windows\system32\drivers\aswsnx.sys"
+ "aswSP"    "avast! Self Protection"    "AVAST Software"    "c:\windows\system32\drivers\aswsp.sys"
+ "aswTdi"    "avast! Network Shield TDI driver"    "AVAST Software"    "c:\windows\system32\drivers\aswtdi.sys"
+ "aswVmm"    "avast! VM Monitor"    ""    "c:\windows\system32\drivers\aswvmm.sys"
+ "bcm4sbxp"    "Broadcom Corporation NDIS 5.1 ethernet driver"    "Broadcom Corporation"    "c:\windows\system32\drivers\bcm4sbxp.sys"
+ "BCMModem"    "Modem Device Driver"    "Broadcom Corporation"    "c:\windows\system32\drivers\bcmsm.sys"
+ "Changer"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "dg_ssudbus"    "SAMSUNG USB Composite Device Driver (MSS Ver.3)"    "DEVGURU Co., LTD.(www.devguru.co.kr)"    "c:\windows\system32\drivers\ssudbus.sys"
+ "GEARAspiWDM"    "CD DVD Filter"    "GEAR Software Inc."    "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "i2omgmt"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm"    "Intel Graphics Miniport Driver"    "Intel Corporation"    "c:\windows\system32\drivers\ialmnt5.sys"
+ "lbrtfdc"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "PCIDump"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink"    "Direct Parallel Link Driver"    "Parallel Technologies, Inc."    "c:\windows\system32\drivers\ptilink.sys"
+ "Secdrv"    "SafeDisc driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"
+ "senfilt"    "Creative WDM Audio Driver"    "Creative Technology Ltd."    "c:\windows\system32\drivers\senfilt.sys"
+ "smwdm"    "SoundMAX Integrated Digital Audio "    "Analog Devices, Inc."    "c:\windows\system32\drivers\smwdm.sys"
+ "ssudmdm"    "SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)"    "DEVGURU Co., LTD.(www.devguru.co.kr)"    "c:\windows\system32\drivers\ssudmdm.sys"
+ "USBAAPL"    "Apple Mobile Device USB Driver"    "Apple, Inc."    "c:\windows\system32\drivers\usbaapl.sys"
+ "WDICA"    ""    ""    "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.iac2"    "Indeo® audio software"    "Intel Corporation"    "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet"    "Audio codec for MS ACM"    "Sipro Lab Telecom Inc."    "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch"    "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50"    "DSP GROUP, INC."    "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\system32\iccvid.dll"
+ "vidc.iv31"    ""    ""    "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32"    ""    ""    "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50"    "Intel Indeo® video 5.10"    "Intel Corporation"    "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter"    ""    ""    ""
+ "Indeo® video 4.4 Compression Filter"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""
+ "9x8Resize"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "AC3 Decoder Filter"    "TODO: <파일 설명>"    "TODO: <회사 이름>"    "c:\program files\myfree codec\1.0b beta\ac-3\ac3dx.ax"
+ "ACELP.net Audio Decoder"    "ACELP.net Audio Decoder"    "Sipro Lab Telecom Inc."    "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "DC-Bass Source"    "BASS based DirectShow™ Audio Decoder"    "http://www.dsp-worx.de"    "c:\program files\k-lite codec pack\filters\dcbass\dcbasssourcemod.ax"
+ "DirectVobSub"    "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth"    "xy-VSFilter Team"    "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)"    "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth"    "xy-VSFilter Team"    "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "ffdshow Audio Decoder"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files\k-lite codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files\k-lite codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow DXVA Video Decoder"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files\mega codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files\k-lite codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files\k-lite codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files\k-lite codec pack\filters\ffdshow\ffdshow.ax"
+ "Frame Eater"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Haali Matroska Muxer"    "Haali Media Splitter"    ""    "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter"    "Haali Media Splitter"    ""    "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)"    "Haali Media Splitter"    ""    "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter"    "Haali Media Splitter"    ""    "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer"    ""    ""    "c:\program files\k-lite codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink"    "Haali Media Splitter"    ""    "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Indeo Video ® 5.1 Progressive Download Source"    "Intel Indeo® video IVF Source Filter 5.10"    "Intel Corporation"    "c:\windows\system32\ivfsrc.ax"
+ "Indeo® audio software"    "Indeo® audio software"    "Intel Corporation"    "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter"    "Intel Indeo® video 5.10"    "Intel Corporation"    "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter"    "Intel Indeo® video 5.10"    "Intel Corporation"    "c:\windows\system32\ir50_32.dll"
+ "LAV Audio Decoder"    "LAV Audio Decoder - DirectShow Audio Decoder"    "1f0.de - Hendrik Leppkes"    "c:\program files\k-lite codec pack\filters\lav\lavaudio.ax"
+ "LAV Splitter"    "LAV Splitter - DirectShow Media Splitter"    "1f0.de - Hendrik Leppkes"    "c:\program files\k-lite codec pack\filters\lav\lavsplitter.ax"
+ "LAV Splitter Source"    "LAV Splitter - DirectShow Media Splitter"    "1f0.de - Hendrik Leppkes"    "c:\program files\k-lite codec pack\filters\lav\lavsplitter.ax"
+ "LAV Video Decoder"    "LAV Video Decoder - DirectShow Video Decoder"    "1f0.de - Hendrik Leppkes"    "c:\program files\k-lite codec pack\filters\lav\lavvideo.ax"
+ "MACSReaderMP3 Filter"    "MACSReaderMP3 Filter"    ""    "c:\program files\samsung\kies\external\mediamodules\macsreaderavi.ax"
+ "madVR"    "madshi's D3D9 based video renderer"    "madshi.net"    "c:\program files\k-lite codec pack\filters\madvr\madvr.ax"
+ "MPC - FLV Source (Gabest)"    "FLV Splitter"    "Gabest"    "c:\program files\mega codec pack\filters\flvsplitter.ax"
+ "MPC - FLV Splitter (Gabest)"    "FLV Splitter"    "Gabest"    "c:\program files\mega codec pack\filters\flvsplitter.ax"
+ "MPC - MPEG-2 Video Decoder (Gabest)"    "MPEG-2 Decoder Filter for DirectShow"    "Gabest"    "c:\program files\mega codec pack\filters\mpeg2decfilter.ax"
+ "MPEG Layer-3 Decoder"    "MPEG Layer-3 Audio Decoder"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codecx.ax"
+ "MpegVideo Filter"    "MpegVideo Module"    "DScaler Team"    "c:\program files\k-lite codec pack\filters\mpegvideo.dll"
+ "MyFree Codec Filter"    ""    ""    "c:\program files\myfree codec\1.0b beta\myfree.ax"
+ "NEDFilter4Samsung Filter"    "MACSReaderMP3 Filter"    "L544™ Technology"    "c:\program files\samsung\kies\external\mediamodules\nedfilter4samsung.ax"
+ "Record Queue"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "SelfMusicVideo Dump Filter"    "SelfMusicVideo Dump Filter (DShow)"    "ENJsoft Corporation"    "c:\program files\samsung\kies\external\transmodules\tg_dump0708.dll"
+ "ShotBoundaryDet"    "Windows Movie Maker"    "Microsoft Corporation"    "c:\program files\movie maker\wmmfilt.dll"
+ "ShotDetect"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "T"    "VP7 Decompression Filter"    "On2.com Inc."    "c:\program files\k-lite codec pack\filters\vp7dec.ax"
+ "WavPack Audio Decoder"    "WavPack Audio DirectShow Decoder"    "-"    "c:\program files\mega codec pack\filters\wavpackdsdecoder.ax"
+ "WavPack Audio Splitter"    "WavPack Audio DirectShow Splitter"    "-"    "c:\program files\mega codec pack\filters\wavpackdssplitter.ax"
+ "WIA Stream Snapshot Filter"    "WIA Stream Snapshot Filter"    "MyCompanyName"    "c:\windows\system32\wiasf.ax"
+ "Windows Media Pad VU Data Grabber"    "Windows Movie Maker"    "Microsoft Corporation"    "c:\program files\movie maker\wmmfilt.dll"
+ "WM VIH2 Fix"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"    ""    ""    ""
+ "igfxcui"    "igfxsrvc Module"    "Intel Corporation"    "c:\windows\system32\igfxsrvc.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries"    ""    ""    ""
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files\bonjour\mdnsnsp.dll"

==================================

 


2013 DELL Inspiron 660, Intel 4 CPU - 2.4 GB, 512 Meg Ram, 64 bit / BEN-Q 21.5" Scr,

Windows 10, Weston 1000 T-byte HDD - Partitions -  G, -  H, - I, - J 

CCleaner, Kaspersky (Full Version) MWMByts Weekly


#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:32 PM

Posted 04 March 2013 - 11:46 PM

RKILL log?

 

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log



#13 Dazza

Dazza
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yandina Qld
  • Local time:02:32 PM

Posted 05 March 2013 - 05:39 PM

Goodmorning nerenxp, Ran kb est as you asked and re scanned Farbar and here is the Rkill Log I forgot and the Farba Log

Cheers Dazza

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/05/2013 02:12:05 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * BITS [Missing Service]
 * wscsvc [Missing Service]
 * wuauserv [Missing Service]

 * SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 03/05/2013 02:12:57 PM
Execution time: 0 hours(s), 0 minute(s), and 51 seconds(s)

==============

 

 

Farbar Service Scanner Version: 03-03-2013
Ran by Owner (administrator) on 06-03-2013 at 08:32:23
Running from "C:\Documents and Settings\Owner\Desktop\FireFox Down"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2013-02-02 12:28] - [2008-04-14 05:42] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2003-07-17 06:44] - [2009-02-06 21:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
aswTdi(10) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(8) NwlnkNb(9) PSched(7) Tcpip(4)
0x0A00000005000000010000000200000003000000040000000A00000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****


2013 DELL Inspiron 660, Intel 4 CPU - 2.4 GB, 512 Meg Ram, 64 bit / BEN-Q 21.5" Scr,

Windows 10, Weston 1000 T-byte HDD - Partitions -  G, -  H, - I, - J 

CCleaner, Kaspersky (Full Version) MWMByts Weekly


#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:32 PM

Posted 05 March 2013 - 11:04 PM


That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

 



#15 Dazza

Dazza
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yandina Qld
  • Local time:02:32 PM

Posted 06 March 2013 - 03:17 PM

Thank thank you soooo much narenxp :thumbup2: I appreciate every thing you have done to help me thank you Regards Dazza :hello:PS EDIT: It may assist you naremxp It was the Java update that caused this Iremarked about how long the dud Java took to install and the 'Red printed warning' in the "AddOn's box" of Mozilla FF this time Jarva installed in about a minute" and there are no warning's in the AddOn's Box


Edited by Dazza, 06 March 2013 - 03:48 PM.

2013 DELL Inspiron 660, Intel 4 CPU - 2.4 GB, 512 Meg Ram, 64 bit / BEN-Q 21.5" Scr,

Windows 10, Weston 1000 T-byte HDD - Partitions -  G, -  H, - I, - J 

CCleaner, Kaspersky (Full Version) MWMByts Weekly





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users