Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What's got hold of my machine?


  • Please log in to reply
28 replies to this topic

#1 saxdragon

saxdragon

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenbelt, Maryland USA
  • Local time:12:48 AM

Posted 20 March 2013 - 04:10 AM

I log onto my computer.  Most of the time it boots up okay, though sometimes it will hang somewhere during the process.

 

If I see my desktop, I have about 15 to 30 seconds before I lose control and can't do anything.  My mouse won't activate anything on the desktop. Clicking and double-clicking don't work.

 

Norton antivirus has disappeared from the desktop.  Most of my files and folders are not visible if I look on the hard drive after clicking "My Computer".

 

I bought a new hard drive and installed it and loaded Windows XP Home Edition to it.  I've been trying various forms of rescue operations from this new drive, which is protected by Norton 360.

 

I first noticed a problem after trying to install H&R Block's Tax software on my computer, so my wife could do our taxes.  The program wouldn't install properly so we called their customer service and spent maybe more than an hour trying different fixes.  At one point, the customer service rep told me to turn off my firewall.  Reluctantly, I did and it was down for maybe 10 minutes.  I believe something crept in at that point, because since then I haven't been able to do anything when i boot from that drive.

 

When performing operations from the new (probably clean drive), I can examine that infected disk, but - as i said - only a few files and folders are visible.  I used Partition Wizard Mini to run a disk check which found a few minor errors and fixed them.  I can't boot that disk in Safe Mode.

 

I have a custom-built PC.  It has three internal hard disk drives now, the newest being 500 Gb, the other two 300 Gb and 250 Gb respectively.  The 250 Gb drive also seems tro be exhibiting the same signs of infection.  The newest drive has Windows XP Home and the 300 Gb drive has Windows XP Pro.  The processer is a 2.8 Ghz AMD dual 64-bit.  It has an nVidia 8500GT video card and Realtek Advanced Audio.  Four modules supply 2 Gb of RAM. Internet comes through a Verizon FIOS modem.  It has wireless, but I've disabled that and only use the ethernet connection.

 

I have lots of important files on this machine and desperately want them back!  I'm a digital artist and lots of my artwork is being held hostage by this malicious worm.  Please help me if you can!

 

Thanks,

SCB


Edited by saxdragon, 20 March 2013 - 04:10 AM.


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:48 AM

Posted 20 March 2013 - 07:27 PM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs,  unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
- Do NOT backup any unknown files ending in .exe, .com, .scr, .pif, and .bat since files of these types are more likely to be infected.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

step1.gif

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
  • Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the boxes next to Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.

 

step2.gif

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

 

step3.gif

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.

 

step4.gif

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points

NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


Edited by dev00790, 20 March 2013 - 07:28 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 saxdragon

saxdragon
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenbelt, Maryland USA
  • Local time:12:48 AM

Posted 20 March 2013 - 09:45 PM

Thanks very much.  I'll reserve tomorrow for this task and I'll do my best to follow your instructions.

 

SCB



#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:48 AM

Posted 21 March 2013 - 06:06 AM

Ok :)

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 saxdragon

saxdragon
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenbelt, Maryland USA
  • Local time:12:48 AM

Posted 22 March 2013 - 09:36 PM

In preparing to start the malware removal process, I copied the applications you recommended and pasted them into the infected drive from my new (uninfected) drive.  I'm not sure I can control the infected drive well enough to activate the applications from the desktop of the infected drive.

 

I received a message after pasting the apps onto the infected drive, and it struck me as strange. Here it is:

 

[ResponseResult]
ResultCode=0
[Install Progress]
 Check Operation System Version
 Realtek HD Audio Driver WDM Directory Exist
 Copy Realtek HD Audio Driver from WDM Directory
 Install Realtek HD Audio Audio Driver
 --> SetupAPI result LAAW_PARAMETERS.nLaunchResult = 0
 Copy Audio Driver to each correct location from Driver Directory



#6 saxdragon

saxdragon
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenbelt, Maryland USA
  • Local time:12:48 AM

Posted 22 March 2013 - 10:00 PM

This is the AdwCleaner logfile.  I think I have to run the TDSS scan again, due to incorrectly configuring it when i ran it the first time.

 

# AdwCleaner v2.115 - Logfile created 03/22/2013 at 22:51:06
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Steve - SAXDRAGON
# Boot Mode : Normal
# Running from : C:\AdwCleaner.exe
# Option [Search]


***** [Services] *****

Found : Application Updater

***** [Files / Folders] *****

File Found : C:\Documents and Settings\Bonnie\Application Data\Mozilla\Firefox\Profiles\uuz26eog.default\searchplugins\safesearch.xml
File Found : C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\n4ya9jyd.default\searchplugins\safesearch.xml
File Found : C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\n4ya9jyd.default\searchplugins\SearchResults.xml
File Found : C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
Folder Found : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Found : C:\Documents and Settings\All Users\Application Data\FreeRIP
Folder Found : C:\Documents and Settings\Bonnie\Application Data\Search Settings
Folder Found : C:\Documents and Settings\Cam\Application Data\Search Settings
Folder Found : C:\Documents and Settings\Steve\Application Data\Application Updater
Folder Found : C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\n4ya9jyd.default\CT3282134
Folder Found : C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\n4ya9jyd.default\extensions\{2713b394-286f-4d7c-89ea-4174eeab9f5a}
Folder Found : C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\n4ya9jyd.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841}
Folder Found : C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\n4ya9jyd.default\Smartbar
Folder Found : C:\Documents and Settings\Steve\Application Data\Search Settings
Folder Found : C:\Documents and Settings\Steve\Local Settings\Application Data\APN
Folder Found : C:\Documents and Settings\Steve\Local Settings\Application Data\PackageAware
Folder Found : C:\Documents and Settings\Steve\Start Menu\Programs\FreeRIP
Folder Found : C:\Program Files\Application Updater
Folder Found : C:\Program Files\Common Files\spigot
Folder Found : C:\Program Files\FreeRIP
Folder Found : C:\Program Files\Object
Folder Found : C:\Program Files\YouTube Downloader Toolbar

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\GreenTree Applications
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\SmartBar
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Found : HKLM\Software\GreenTree Applications
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facetheme
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facetheme
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Search Settings
Key Found : HKU\S-1-5-21-823518204-1682526488-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-823518204-1682526488-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : HKU\S-1-5-21-823518204-1682526488-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\n4ya9jyd.default\prefs.js

Found : user_pref("CT3282134.1000082.isPlayDisplay", "true");
Found : user_pref("CT3282134.1000082.state", "{\"state\":\"stopped\",\"text\":\"LIVE\",\"description\":\"LIV[...]
Found : user_pref("CT3282134.1000234.TWC_TMP_city", "WASHINGTON");
Found : user_pref("CT3282134.1000234.TWC_TMP_country", "US");
Found : user_pref("CT3282134.1000234.TWC_country", "UNITED STATES");
Found : user_pref("CT3282134.1000234.TWC_locId", "USDC0001");
Found : user_pref("CT3282134.1000234.TWC_location", "Washington, DC");
Found : user_pref("CT3282134.1000234.TWC_region", "US");
Found : user_pref("CT3282134.1000234.TWC_temp_dis", "f");
Found : user_pref("CT3282134.1000234.TWC_wind_dis", "mph");
Found : user_pref("CT3282134.1000234.weatherData", "{\"icon\":\"33.png\",\"temperature\":\"42°F\",\"temperat[...]
Found : user_pref("CT3282134.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3282134.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3282134.FirstTime", "true");
Found : user_pref("CT3282134.FirstTimeFF3", "true");
Found : user_pref("CT3282134.PG_ENABLE", "ZmFsc2U=");
Found : user_pref("CT3282134.UserID", "UN84321545702444583");
Found : user_pref("CT3282134.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3282134.browser.search.defaultthis.engineName", true);
Found : user_pref("CT3282134.cb.enc", "MA==");
Found : user_pref("CT3282134.cb_experience_000.enc", "MQ==");
Found : user_pref("CT3282134.cb_firstuse0100.enc", "MQ==");
Found : user_pref("CT3282134.cb_user_id_000.enc", "Q0IyOTE1MTQ0MjM5OTdfMTM2MTIyNDYxOTEwN19GaXJlZm94");
Found : user_pref("CT3282134.cbfirsttime.enc", "TW9uIEZlYiAxOCAyMDEzIDE0OjQyOjM1IEdNVC0wNTAwIChFYXN0ZXJuIFN0[...]
Found : user_pref("CT3282134.enableAlerts", "never");
Found : user_pref("CT3282134.enableFix404ByUser", "FALSE");
Found : user_pref("CT3282134.event_data.enc", "JTVCJTVE");
Found : user_pref("CT3282134.fired_events.enc", "");
Found : user_pref("CT3282134.firstTimeDialogOpened", "true");
Found : user_pref("CT3282134.fixPageNotFoundErrorByUser", "TRUE");
Found : user_pref("CT3282134.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3282134.fixUrls", true);
Found : user_pref("CT3282134.homepageuserchanged", true);
Found : user_pref("CT3282134.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc",[...]
Found : user_pref("CT3282134.installType", "Unknown");
Found : user_pref("CT3282134.isCheckedStartAsHidden", true);
Found : user_pref("CT3282134.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3282134.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3282134.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3282134.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3282134.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3282134.key_date.enc", "MTk=");
Found : user_pref("CT3282134.lastVersion", "10.14.65.43");
Found : user_pref("CT3282134.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Found : user_pref("CT3282134.migrateAppsAndComponents", true);
Found : user_pref("CT3282134.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Found : user_pref("CT3282134.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3282134.revertSettingsEnabled", "false");
Found : user_pref("CT3282134.search.searchAppId", "130037721295619503");
Found : user_pref("CT3282134.search.searchCount", "0");
Found : user_pref("CT3282134.searchInNewTabEnabledByUser", "false");
Found : user_pref("CT3282134.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3282134.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3282134.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3282134.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3282134.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3282134.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3282134.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3282134.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3282134.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1361216549585");
Found : user_pref("CT3282134.serviceLayer_services_appsMetadata_lastUpdate", "1361250166329");
Found : user_pref("CT3282134.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1361216549715");
Found : user_pref("CT3282134.serviceLayer_services_location_lastUpdate", "1361325620807");
Found : user_pref("CT3282134.serviceLayer_services_login_10.14.65.43_lastUpdate", "1362795996022");
Found : user_pref("CT3282134.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13612[...]
Found : user_pref("CT3282134.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13612[...]
Found : user_pref("CT3282134.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1361216549759");
Found : user_pref("CT3282134.serviceLayer_services_searchAPI_lastUpdate", "1361325620811");
Found : user_pref("CT3282134.serviceLayer_services_serviceMap_lastUpdate", "1362730509675");
Found : user_pref("CT3282134.serviceLayer_services_setupAPI_lastUpdate", "1361325620828");
Found : user_pref("CT3282134.serviceLayer_services_toolbarContextMenu_lastUpdate", "1361216549670");
Found : user_pref("CT3282134.serviceLayer_services_toolbarSettings_lastUpdate", "1362795995999");
Found : user_pref("CT3282134.serviceLayer_services_translation_lastUpdate", "1362730510832");
Found : user_pref("CT3282134.settingsINI", true);
Found : user_pref("CT3282134.smartbar.CTID", "CT3282134");
Found : user_pref("CT3282134.smartbar.Uninstall", "0");
Found : user_pref("CT3282134.smartbar.homepage", true);
Found : user_pref("CT3282134.smartbar.isHidden", true);
Found : user_pref("CT3282134.smartbar.toolbarName", "WiseConvert B ");
Found : user_pref("CT3282134.toolbarBornServerTime", "18-2-2013");
Found : user_pref("CT3282134.toolbarCurrentServerTime", "9-3-2013");
Found : user_pref("CT3282134.url_history0001.enc", "aHR0cDovL3d3dy5nZW5lcmFsZ3VpdGFyZ2FkZ2V0cy5jb20vY29tcG9u[...]
Found : user_pref("CT3282134_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("browser.search.order.1", "Search Results");
Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3282134&SearchSource=13[...]
Found : user_pref("smartbar.originalHomepage", "hxxp://www.google.com/");
Found : user_pref("smartbar.originalSearchEngine", "Google");

File : C:\Documents and Settings\Bonnie\Application Data\Mozilla\Firefox\Profiles\uuz26eog.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.152

File : C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Bonnie\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14189 octets] - [22/03/2013 22:51:06]

########## EOF - C:\AdwCleaner[R1].txt - [14250 octets] ##########
 



#7 saxdragon

saxdragon
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenbelt, Maryland USA
  • Local time:12:48 AM

Posted 22 March 2013 - 10:26 PM

I ran the TDSS scan with the correct parameters and it found 12 threats.  I couldn't find "Cure" so I ran it with "Skip" as the option for all the threats.  Then I clicked "Continue" and it froze.  I'm hampered in my efforts because it's a race everytime before the malware takes control and I can't do anything.  succeeded in retrieving th logfile, though.

 

 

23:15:39.0921 3308  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:15:40.0109 3308  ============================================================
23:15:40.0109 3308  Current date / time: 2013/03/22 23:15:40.0109
23:15:40.0109 3308  SystemInfo:
23:15:40.0109 3308  
23:15:40.0109 3308  OS Version: 5.1.2600 ServicePack: 3.0
23:15:40.0109 3308  Product type: Workstation
23:15:40.0109 3308  ComputerName: SAXDRAGON
23:15:40.0109 3308  UserName: Steve
23:15:40.0109 3308  Windows directory: C:\WINDOWS
23:15:40.0109 3308  System windows directory: C:\WINDOWS
23:15:40.0109 3308  Processor architecture: Intel x86
23:15:40.0109 3308  Number of processors: 2
23:15:40.0109 3308  Page size: 0x1000
23:15:40.0109 3308  Boot type: Normal boot
23:15:40.0109 3308  ============================================================
23:15:43.0093 3308  Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:15:43.0109 3308  Drive \Device\Harddisk1\DR1 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:15:43.0109 3308  Drive \Device\Harddisk2\DR2 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:15:43.0109 3308  ============================================================
23:15:43.0109 3308  \Device\Harddisk0\DR0:
23:15:43.0109 3308  MBR partitions:
23:15:43.0109 3308  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30ECCBD7
23:15:43.0140 3308  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x30ECCC55, BlocksNum 0x94B412B
23:15:43.0140 3308  \Device\Harddisk1\DR1:
23:15:43.0187 3308  MBR partitions:
23:15:43.0187 3308  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
23:15:43.0187 3308  \Device\Harddisk2\DR2:
23:15:43.0187 3308  MBR partitions:
23:15:43.0187 3308  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
23:15:43.0187 3308  ============================================================
23:15:43.0234 3308  C: <-> \Device\Harddisk1\DR1\Partition1
23:15:43.0281 3308  D: <-> \Device\Harddisk0\DR0\Partition1
23:15:43.0312 3308  G: <-> \Device\Harddisk0\DR0\Partition2
23:15:43.0796 3308  F: <-> \Device\Harddisk2\DR2\Partition1
23:15:43.0796 3308  ============================================================
23:15:43.0796 3308  Initialize success
23:15:43.0796 3308  ============================================================
23:15:50.0812 3644  ============================================================
23:15:50.0812 3644  Scan started
23:15:50.0812 3644  Mode: Manual; SigCheck; TDLFS;
23:15:50.0812 3644  ============================================================
23:15:51.0875 3644  ================ Scan system memory ========================
23:15:51.0875 3644  System memory - ok
23:15:51.0875 3644  ================ Scan services =============================
23:15:51.0984 3644  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
23:15:52.0125 3644  !SASCORE - ok
23:15:52.0250 3644  Abiosdsk - ok
23:15:52.0265 3644  abp480n5 - ok
23:15:52.0296 3644  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:15:54.0390 3644  ACPI - ok
23:15:54.0437 3644  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
23:15:54.0593 3644  ACPIEC - ok
23:15:54.0609 3644  adpu160m - ok
23:15:54.0875 3644  [ 993F7B0BA5188A0007C085AA10257B8E ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
23:15:54.0953 3644  AdvancedSystemCareService6 - ok
23:15:54.0984 3644  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
23:15:55.0125 3644  aec - ok
23:15:55.0187 3644  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
23:15:55.0234 3644  AFD - ok
23:15:55.0234 3644  Aha154x - ok
23:15:55.0250 3644  aic78u2 - ok
23:15:55.0265 3644  aic78xx - ok
23:15:55.0296 3644  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
23:15:55.0406 3644  Alerter - ok
23:15:55.0437 3644  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
23:15:55.0578 3644  ALG - ok
23:15:55.0578 3644  AliIde - ok
23:15:55.0625 3644  [ 6A6497003DC82917F7064498935AAC58 ] AMD64CA         C:\WINDOWS\System32\Drivers\AMD64CAx86.sys
23:15:55.0625 3644  AMD64CA ( UnsignedFile.Multi.Generic ) - warning
23:15:55.0625 3644  AMD64CA - detected UnsignedFile.Multi.Generic (1)
23:15:55.0703 3644  [ 0A4D13B388C814560BD69C3A496ECFA8 ] AmdK8           C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23:15:55.0796 3644  AmdK8 - ok
23:15:55.0796 3644  amsint - ok
23:15:55.0937 3644  [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:15:55.0968 3644  Apple Mobile Device - ok
23:15:56.0062 3644  [ 5234837DFEC4092E235594B25CF02865 ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe
23:15:56.0125 3644  Application Updater - ok
23:15:56.0140 3644  AppMgmt - ok
23:15:56.0171 3644  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:15:56.0265 3644  Arp1394 - ok
23:15:56.0281 3644  asc - ok
23:15:56.0281 3644  asc3350p - ok
23:15:56.0296 3644  asc3550 - ok
23:15:56.0406 3644  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:15:56.0437 3644  aspnet_state - ok
23:15:56.0453 3644  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:15:56.0578 3644  AsyncMac - ok
23:15:56.0640 3644  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
23:15:56.0781 3644  atapi - ok
23:15:56.0781 3644  Atdisk - ok
23:15:56.0812 3644  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:15:56.0937 3644  Atmarpc - ok
23:15:56.0984 3644  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
23:15:57.0109 3644  AudioSrv - ok
23:15:57.0125 3644  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
23:15:57.0265 3644  audstub - ok
23:15:57.0312 3644  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
23:15:57.0468 3644  Beep - ok
23:15:57.0687 3644  [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx86.sys
23:15:57.0718 3644  BHDrvx86 - ok
23:15:57.0796 3644  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
23:15:57.0921 3644  BITS - ok
23:15:57.0984 3644  [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:15:58.0000 3644  Bonjour Service - ok
23:15:58.0046 3644  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
23:15:58.0093 3644  Browser - ok
23:15:58.0125 3644  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
23:15:58.0265 3644  cbidf2k - ok
23:15:58.0296 3644  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:15:58.0390 3644  CCDECODE - ok
23:15:58.0468 3644  [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_N360      C:\WINDOWS\system32\drivers\N360\1402010.016\ccSetx86.sys
23:15:58.0468 3644  ccSet_N360 - ok
23:15:58.0484 3644  cd20xrnt - ok
23:15:58.0515 3644  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
23:15:58.0671 3644  Cdaudio - ok
23:15:58.0703 3644  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
23:15:58.0796 3644  Cdfs - ok
23:15:58.0843 3644  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:15:58.0937 3644  Cdrom - ok
23:15:58.0953 3644  Changer - ok
23:15:58.0984 3644  [ 01E69E1BC3BC6D35329ACB207E6CDE08 ] chdrvr01        C:\WINDOWS\system32\DRIVERS\chdrvr01.sys
23:15:58.0984 3644  chdrvr01 ( UnsignedFile.Multi.Generic ) - warning
23:15:58.0984 3644  chdrvr01 - detected UnsignedFile.Multi.Generic (1)
23:15:59.0000 3644  [ B78D09B9937E6422A33852F00CB04107 ] chdrvr02        C:\WINDOWS\system32\DRIVERS\chdrvr02.sys
23:15:59.0015 3644  chdrvr02 ( UnsignedFile.Multi.Generic ) - warning
23:15:59.0015 3644  chdrvr02 - detected UnsignedFile.Multi.Generic (1)
23:15:59.0031 3644  [ FE6A4519DAD98A645486CC14330F2E71 ] chdrvr03        C:\WINDOWS\system32\DRIVERS\chdrvr03.sys
23:15:59.0046 3644  chdrvr03 ( UnsignedFile.Multi.Generic ) - warning
23:15:59.0046 3644  chdrvr03 - detected UnsignedFile.Multi.Generic (1)
23:15:59.0078 3644  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
23:15:59.0171 3644  CiSvc - ok
23:15:59.0203 3644  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
23:15:59.0312 3644  ClipSrv - ok
23:15:59.0375 3644  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:15:59.0609 3644  clr_optimization_v2.0.50727_32 - ok
23:15:59.0671 3644  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:15:59.0765 3644  clr_optimization_v4.0.30319_32 - ok
23:15:59.0765 3644  CmdIde - ok
23:15:59.0781 3644  COMSysApp - ok
23:15:59.0796 3644  Cpqarray - ok
23:15:59.0859 3644  cpuz134 - ok
23:15:59.0875 3644  [ 26CE59F9FC8639FD7FED53CE3B785015 ] cpuz135         C:\WINDOWS\system32\drivers\cpuz135_x32.sys
23:15:59.0890 3644  cpuz135 - ok
23:15:59.0906 3644  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
23:16:00.0015 3644  CryptSvc - ok
23:16:00.0015 3644  dac2w2k - ok
23:16:00.0031 3644  dac960nt - ok
23:16:00.0062 3644  [ DB66841A22E3F51030C7671F33B2D290 ] DAZContentManagementService C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
23:16:00.0093 3644  DAZContentManagementService ( UnsignedFile.Multi.Generic ) - warning
23:16:00.0093 3644  DAZContentManagementService - detected UnsignedFile.Multi.Generic (1)
23:16:00.0125 3644  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
23:16:00.0203 3644  DcomLaunch - ok
23:16:00.0234 3644  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
23:16:00.0328 3644  Dhcp - ok
23:16:00.0375 3644  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
23:16:00.0484 3644  Disk - ok
23:16:00.0484 3644  dmadmin - ok
23:16:00.0531 3644  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
23:16:00.0687 3644  dmboot - ok
23:16:00.0718 3644  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
23:16:00.0859 3644  dmio - ok
23:16:00.0953 3644  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
23:16:01.0125 3644  dmload - ok
23:16:01.0156 3644  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
23:16:01.0250 3644  dmserver - ok
23:16:01.0296 3644  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
23:16:01.0468 3644  DMusic - ok
23:16:01.0515 3644  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
23:16:01.0578 3644  Dnscache - ok
23:16:01.0609 3644  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
23:16:01.0703 3644  Dot3svc - ok
23:16:01.0703 3644  dpti2o - ok
23:16:01.0734 3644  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
23:16:01.0828 3644  drmkaud - ok
23:16:01.0859 3644  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
23:16:01.0968 3644  EapHost - ok
23:16:02.0015 3644  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:16:02.0031 3644  eeCtrl - ok
23:16:02.0093 3644  [ F9472131367D39435D750F5FA3D23582 ] Eplpdx02        C:\WINDOWS\system32\Drivers\EPLPDX02.SYS
23:16:02.0109 3644  Eplpdx02 ( UnsignedFile.Multi.Generic ) - warning
23:16:02.0109 3644  Eplpdx02 - detected UnsignedFile.Multi.Generic (1)
23:16:02.0140 3644  [ 4E9975F73039132A673DB1AAA90EFF74 ] EPSONStatusAgent2 C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
23:16:02.0140 3644  EPSONStatusAgent2 ( UnsignedFile.Multi.Generic ) - warning
23:16:02.0140 3644  EPSONStatusAgent2 - detected UnsignedFile.Multi.Generic (1)
23:16:02.0187 3644  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:16:02.0203 3644  EraserUtilRebootDrv - ok
23:16:02.0234 3644  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
23:16:02.0343 3644  ERSvc - ok
23:16:02.0375 3644  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
23:16:02.0406 3644  Eventlog - ok
23:16:02.0437 3644  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
23:16:02.0500 3644  EventSystem - ok
23:16:02.0562 3644  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
23:16:02.0671 3644  Fastfat - ok
23:16:02.0781 3644  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:16:02.0828 3644  FastUserSwitchingCompatibility - ok
23:16:02.0859 3644  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
23:16:02.0984 3644  Fdc - ok
23:16:03.0000 3644  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
23:16:03.0078 3644  Fips - ok
23:16:03.0125 3644  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:16:03.0156 3644  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:16:03.0156 3644  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:16:03.0187 3644  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:16:03.0296 3644  Flpydisk - ok
23:16:03.0312 3644  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
23:16:03.0421 3644  FltMgr - ok
23:16:03.0468 3644  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:16:03.0468 3644  FontCache3.0.0.0 - ok
23:16:03.0484 3644  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:16:03.0640 3644  Fs_Rec - ok
23:16:03.0687 3644  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:16:03.0828 3644  Ftdisk - ok
23:16:03.0875 3644  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:16:03.0890 3644  GEARAspiWDM - ok
23:16:03.0906 3644  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:16:04.0000 3644  Gpc - ok
23:16:04.0046 3644  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
23:16:04.0062 3644  gupdate - ok
23:16:04.0078 3644  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:16:04.0093 3644  gupdatem - ok
23:16:04.0109 3644  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:16:04.0218 3644  HDAudBus - ok
23:16:04.0265 3644  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:16:04.0343 3644  helpsvc - ok
23:16:04.0343 3644  HidServ - ok
23:16:04.0359 3644  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:16:04.0468 3644  hidusb - ok
23:16:04.0500 3644  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
23:16:04.0593 3644  hkmsvc - ok
23:16:04.0593 3644  hpn - ok
23:16:04.0656 3644  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
23:16:04.0703 3644  HTTP - ok
23:16:04.0750 3644  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
23:16:04.0859 3644  HTTPFilter - ok
23:16:04.0859 3644  i2omgmt - ok
23:16:04.0875 3644  i2omp - ok
23:16:04.0890 3644  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:16:04.0984 3644  i8042prt - ok
23:16:05.0031 3644  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:16:05.0078 3644  idsvc - ok
23:16:05.0203 3644  [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130308.001\IDSxpx86.sys
23:16:05.0218 3644  IDSxpx86 - ok
23:16:05.0250 3644  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
23:16:05.0328 3644  Imapi - ok
23:16:05.0359 3644  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
23:16:05.0453 3644  ImapiService - ok
23:16:05.0515 3644  [ 8AE99EBE30E8338907361018D9030835 ] IMFservice      C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
23:16:05.0546 3644  IMFservice - ok
23:16:05.0546 3644  ini910u - ok
23:16:05.0671 3644  [ 47F27AF890DA3E51C633FDD510910115 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:16:05.0828 3644  IntcAzAudAddService - ok
23:16:05.0843 3644  IntelIde - ok
23:16:05.0875 3644  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
23:16:05.0968 3644  Ip6Fw - ok
23:16:05.0984 3644  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:16:06.0125 3644  IpFilterDriver - ok
23:16:06.0140 3644  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:16:06.0218 3644  IpInIp - ok
23:16:06.0250 3644  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:16:06.0343 3644  IpNat - ok
23:16:06.0390 3644  [ B84A28B3984185EDA8867541AF14CDDB ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:16:06.0421 3644  iPod Service - ok
23:16:06.0453 3644  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:16:06.0546 3644  IPSec - ok
23:16:06.0562 3644  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
23:16:06.0656 3644  IRENUM - ok
23:16:06.0687 3644  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:16:06.0781 3644  isapnp - ok
23:16:06.0812 3644  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:16:06.0906 3644  Kbdclass - ok
23:16:06.0921 3644  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:16:07.0015 3644  kbdhid - ok
23:16:07.0031 3644  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
23:16:07.0109 3644  kmixer - ok
23:16:07.0140 3644  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
23:16:07.0250 3644  KSecDD - ok
23:16:07.0296 3644  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
23:16:07.0375 3644  lanmanserver - ok
23:16:07.0421 3644  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:16:07.0468 3644  lanmanworkstation - ok
23:16:07.0468 3644  lbrtfdc - ok
23:16:07.0500 3644  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
23:16:07.0593 3644  LmHosts - ok
23:16:07.0671 3644  [ E174CC91EEF02FD32E090E17FD6B8CB6 ] MarkFun_NT      C:\Program Files\GIGABYTE\DMI_View\markfun.w32
23:16:07.0687 3644  MarkFun_NT - ok
23:16:07.0703 3644  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
23:16:08.0000 3644  Messenger - ok
23:16:08.0031 3644  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
23:16:08.0171 3644  mnmdd - ok
23:16:08.0203 3644  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
23:16:08.0281 3644  mnmsrvc - ok
23:16:08.0328 3644  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
23:16:08.0421 3644  Modem - ok
23:16:08.0437 3644  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:16:08.0546 3644  Mouclass - ok
23:16:08.0593 3644  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:16:08.0734 3644  mouhid - ok
23:16:08.0765 3644  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
23:16:08.0859 3644  MountMgr - ok
23:16:08.0906 3644  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:16:08.0921 3644  MozillaMaintenance - ok
23:16:08.0921 3644  mraid35x - ok
23:16:08.0953 3644  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:16:09.0046 3644  MRxDAV - ok
23:16:09.0093 3644  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:16:09.0140 3644  MRxSmb - ok
23:16:09.0187 3644  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
23:16:09.0281 3644  MSDTC - ok
23:16:09.0312 3644  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
23:16:09.0406 3644  Msfs - ok
23:16:09.0406 3644  MSIServer - ok
23:16:09.0421 3644  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:16:09.0515 3644  MSKSSRV - ok
23:16:09.0593 3644  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:16:09.0703 3644  MSPCLOCK - ok
23:16:09.0718 3644  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
23:16:09.0812 3644  MSPQM - ok
23:16:09.0843 3644  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:16:09.0937 3644  mssmbios - ok
23:16:09.0968 3644  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
23:16:10.0062 3644  MSTEE - ok
23:16:10.0109 3644  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
23:16:10.0171 3644  Mup - ok
23:16:10.0250 3644  [ 4BA84C832E0741A294C4444556DFE993 ] N360            C:\Program Files\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
23:16:10.0265 3644  N360 - ok
23:16:10.0296 3644  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:16:10.0390 3644  NABTSFEC - ok
23:16:10.0421 3644  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
23:16:10.0515 3644  napagent - ok
23:16:10.0609 3644  [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG          C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130308.017\NAVENG.SYS
23:16:10.0609 3644  NAVENG - ok
23:16:10.0656 3644  [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130308.017\NAVEX15.SYS
23:16:10.0734 3644  NAVEX15 - ok
23:16:10.0781 3644  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
23:16:10.0890 3644  NDIS - ok
23:16:10.0906 3644  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:16:11.0000 3644  NdisIP - ok
23:16:11.0046 3644  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:16:11.0093 3644  NdisTapi - ok
23:16:11.0125 3644  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:16:11.0218 3644  Ndisuio - ok
23:16:11.0250 3644  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:16:11.0343 3644  NdisWan - ok
23:16:11.0390 3644  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
23:16:11.0453 3644  NDProxy - ok
23:16:11.0468 3644  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
23:16:11.0546 3644  NetBIOS - ok
23:16:11.0578 3644  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
23:16:11.0656 3644  NetBT - ok
23:16:11.0703 3644  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
23:16:11.0781 3644  NetDDE - ok
23:16:11.0796 3644  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
23:16:11.0875 3644  NetDDEdsdm - ok
23:16:11.0906 3644  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
23:16:12.0000 3644  Netlogon - ok
23:16:12.0031 3644  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
23:16:12.0125 3644  Netman - ok
23:16:12.0140 3644  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:16:12.0171 3644  NetTcpPortSharing - ok
23:16:12.0187 3644  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:16:12.0265 3644  NIC1394 - ok
23:16:12.0281 3644  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
23:16:12.0296 3644  Nla - ok
23:16:12.0328 3644  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
23:16:12.0421 3644  Npfs - ok
23:16:12.0421 3644  npggsvc - ok
23:16:12.0453 3644  [ 1200C4321C982AEEFA60326E89D15FD8 ] NPUSB           C:\WINDOWS\system32\DRIVERS\npusb.sys
23:16:12.0453 3644  NPUSB ( UnsignedFile.Multi.Generic ) - warning
23:16:12.0453 3644  NPUSB - detected UnsignedFile.Multi.Generic (1)
23:16:12.0484 3644  [ 494FDCA436C1AB7A983E7778D34678E1 ] npusbio         C:\WINDOWS\system32\Drivers\npusbio.sys
23:16:12.0500 3644  npusbio - ok
23:16:12.0531 3644  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
23:16:12.0625 3644  Ntfs - ok
23:16:12.0640 3644  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
23:16:12.0718 3644  NtLmSsp - ok
23:16:12.0765 3644  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
23:16:12.0875 3644  NtmsSvc - ok
23:16:12.0906 3644  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
23:16:13.0062 3644  Null - ok
23:16:13.0328 3644  [ 7B5A17BD54BB9142843DBE99A1CAAED8 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:16:13.0890 3644  nv - ok
23:16:13.0921 3644  [ 4D6C6B46B3EDF6F2E219A86B61D104AE ] nvata           C:\WINDOWS\system32\DRIVERS\nvata.sys
23:16:13.0953 3644  nvata - ok
23:16:13.0968 3644  [ 1B83B60541BE1B6DB81641C448007F21 ] NVENETFD        C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
23:16:14.0000 3644  NVENETFD - ok
23:16:14.0031 3644  [ 57B669F9234604A350174B86764444B0 ] nvnetbus        C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23:16:14.0078 3644  nvnetbus - ok
23:16:14.0093 3644  [ 5150B108EA88831E1C599603D8B89621 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
23:16:14.0109 3644  NVSvc - ok
23:16:14.0156 3644  [ 83E8AB7BB3C8956C53FEC071C94F0BBB ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:16:14.0234 3644  nvUpdatusService - ok
23:16:14.0250 3644  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:16:14.0406 3644  NwlnkFlt - ok
23:16:14.0437 3644  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:16:14.0578 3644  NwlnkFwd - ok
23:16:14.0593 3644  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:16:14.0671 3644  ohci1394 - ok
23:16:14.0734 3644  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:16:14.0750 3644  ose - ok
23:16:14.0781 3644  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
23:16:14.0875 3644  Parport - ok
23:16:14.0906 3644  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
23:16:15.0000 3644  PartMgr - ok
23:16:15.0031 3644  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
23:16:15.0203 3644  ParVdm - ok
23:16:15.0218 3644  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
23:16:15.0312 3644  PCI - ok
23:16:15.0328 3644  PCIDump - ok
23:16:15.0359 3644  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
23:16:15.0515 3644  PCIIde - ok
23:16:15.0531 3644  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
23:16:15.0609 3644  Pcmcia - ok
23:16:15.0625 3644  PDCOMP - ok
23:16:15.0625 3644  PDFRAME - ok
23:16:15.0640 3644  PDRELI - ok
23:16:15.0640 3644  PDRFRAME - ok
23:16:15.0656 3644  perc2 - ok
23:16:15.0656 3644  perc2hib - ok
23:16:15.0718 3644  [ 8512A7A19959218711F884EECC1DBAEB ] PfFilter        C:\Program Files\IObit\Protected Folder\pffilter.sys
23:16:15.0734 3644  PfFilter - ok
23:16:15.0750 3644  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
23:16:15.0765 3644  PlugPlay - ok
23:16:15.0796 3644  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
23:16:15.0875 3644  PolicyAgent - ok
23:16:15.0890 3644  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:16:15.0968 3644  PptpMiniport - ok
23:16:15.0984 3644  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
23:16:16.0062 3644  Processor - ok
23:16:16.0062 3644  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:16:16.0140 3644  ProtectedStorage - ok
23:16:16.0171 3644  [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe
23:16:16.0187 3644  ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
23:16:16.0187 3644  ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)
23:16:16.0203 3644  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
23:16:16.0296 3644  PSched - ok
23:16:16.0328 3644  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:16:16.0484 3644  Ptilink - ok
23:16:16.0500 3644  [ FDDD1AEB9F81EF1E6E48AE1EDC2A97D6 ] QCDonner        C:\WINDOWS\system32\DRIVERS\OVCD.sys
23:16:16.0656 3644  QCDonner - ok
23:16:16.0656 3644  ql1080 - ok
23:16:16.0671 3644  Ql10wnt - ok
23:16:16.0671 3644  ql12160 - ok
23:16:16.0687 3644  ql1240 - ok
23:16:16.0687 3644  ql1280 - ok
23:16:16.0718 3644  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:16:16.0859 3644  RasAcd - ok
23:16:16.0890 3644  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
23:16:16.0968 3644  RasAuto - ok
23:16:16.0984 3644  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:16:17.0078 3644  Rasl2tp - ok
23:16:17.0109 3644  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
23:16:17.0187 3644  RasMan - ok
23:16:17.0203 3644  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:16:17.0296 3644  RasPppoe - ok
23:16:17.0312 3644  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
23:16:17.0453 3644  Raspti - ok
23:16:17.0468 3644  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:16:17.0562 3644  Rdbss - ok
23:16:17.0578 3644  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:16:17.0718 3644  RDPCDD - ok
23:16:17.0765 3644  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
23:16:17.0828 3644  RDPWD - ok
23:16:17.0859 3644  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
23:16:17.0953 3644  RDSessMgr - ok
23:16:17.0968 3644  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
23:16:18.0062 3644  redbook - ok
23:16:18.0093 3644  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
23:16:18.0171 3644  RemoteAccess - ok
23:16:18.0203 3644  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
23:16:18.0281 3644  RpcLocator - ok
23:16:18.0296 3644  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
23:16:18.0343 3644  RpcSs - ok
23:16:18.0375 3644  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
23:16:18.0500 3644  RSVP - ok
23:16:18.0546 3644  [ D1495837D30F432577095B04C03B03ED ] rtl8185         C:\WINDOWS\system32\DRIVERS\rtl8185.sys
23:16:18.0593 3644  rtl8185 - ok
23:16:18.0625 3644  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
23:16:18.0703 3644  SamSs - ok
23:16:18.0781 3644  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:16:18.0796 3644  SASDIFSV - ok
23:16:18.0796 3644  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:16:18.0812 3644  SASKUTIL - ok
23:16:18.0828 3644  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
23:16:18.0921 3644  SCardSvr - ok
23:16:18.0953 3644  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
23:16:19.0046 3644  Schedule - ok
23:16:19.0062 3644  [ A689D522EEDF89401E1DA2FE883AA7EC ] SCREAMINGBDRIVER C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
23:16:19.0078 3644  SCREAMINGBDRIVER - ok
23:16:19.0093 3644  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:16:19.0171 3644  Secdrv - ok
23:16:19.0203 3644  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
23:16:19.0296 3644  seclogon - ok
23:16:19.0328 3644  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
23:16:19.0406 3644  SENS - ok
23:16:19.0421 3644  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
23:16:19.0515 3644  serenum - ok
23:16:19.0531 3644  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
23:16:19.0609 3644  Serial - ok
23:16:19.0656 3644  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
23:16:19.0750 3644  Sfloppy - ok
23:16:19.0781 3644  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
23:16:19.0875 3644  SharedAccess - ok
23:16:19.0906 3644  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:16:19.0921 3644  ShellHWDetection - ok
23:16:19.0921 3644  Simbad - ok
23:16:19.0953 3644  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:16:20.0046 3644  SLIP - ok
23:16:20.0078 3644  [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
23:16:20.0093 3644  SmartDefragDriver - ok
23:16:20.0109 3644  Sparrow - ok
23:16:20.0125 3644  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
23:16:20.0203 3644  splitter - ok
23:16:20.0265 3644  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
23:16:20.0312 3644  Spooler - ok
23:16:20.0343 3644  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
23:16:20.0421 3644  sr - ok
23:16:20.0468 3644  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
23:16:20.0562 3644  srservice - ok
23:16:20.0609 3644  [ 26C1B59C80FEF94B025DF5C3C1B791A7 ] SRTSP           C:\WINDOWS\System32\Drivers\N360\1402010.016\SRTSP.SYS
23:16:20.0640 3644  SRTSP - ok
23:16:20.0671 3644  [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX          C:\WINDOWS\system32\drivers\N360\1402010.016\SRTSPX.SYS
23:16:20.0687 3644  SRTSPX - ok
23:16:20.0734 3644  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
23:16:20.0781 3644  Srv - ok
23:16:20.0828 3644  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
23:16:20.0921 3644  SSDPSRV - ok
23:16:20.0953 3644  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
23:16:21.0046 3644  stisvc - ok
23:16:21.0062 3644  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:16:21.0156 3644  streamip - ok
23:16:21.0171 3644  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
23:16:21.0250 3644  swenum - ok
23:16:21.0281 3644  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
23:16:21.0375 3644  swmidi - ok
23:16:21.0375 3644  SwPrv - ok
23:16:21.0390 3644  symc810 - ok
23:16:21.0406 3644  symc8xx - ok
23:16:21.0421 3644  [ FB69A67FEEE3026C7F99774A1C405326 ] SymDS           C:\WINDOWS\system32\drivers\N360\1402010.016\SYMDS.SYS
23:16:21.0437 3644  SymDS - ok
23:16:21.0484 3644  [ 28C5FAFA7FD1C522B8DCD59694D39412 ] SymEFA          C:\WINDOWS\system32\drivers\N360\1402010.016\SYMEFA.SYS
23:16:21.0531 3644  SymEFA - ok
23:16:21.0578 3644  [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
23:16:21.0593 3644  SymEvent - ok
23:16:21.0625 3644  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\WINDOWS\system32\drivers\N360\1402010.016\Ironx86.SYS
23:16:21.0625 3644  SymIRON - ok
23:16:21.0671 3644  [ EC979002EBA25C9D109B2FE0E03457DA ] SYMTDI          C:\WINDOWS\System32\Drivers\N360\1402010.016\SYMTDI.SYS
23:16:21.0687 3644  SYMTDI - ok
23:16:21.0687 3644  sym_hi - ok
23:16:21.0703 3644  sym_u3 - ok
23:16:21.0718 3644  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
23:16:21.0796 3644  sysaudio - ok
23:16:21.0828 3644  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
23:16:21.0921 3644  SysmonLog - ok
23:16:22.0062 3644  [ 68261A8395CDA72BCAE3CE4AC0DD5CAF ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
23:16:22.0312 3644  TabletServiceWacom - ok
23:16:22.0343 3644  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
23:16:22.0437 3644  TapiSrv - ok
23:16:22.0484 3644  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:16:22.0531 3644  Tcpip - ok
23:16:22.0546 3644  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
23:16:22.0640 3644  TDPIPE - ok
23:16:22.0656 3644  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
23:16:22.0734 3644  TDTCP - ok
23:16:22.0750 3644  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
23:16:22.0843 3644  TermDD - ok
23:16:22.0875 3644  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
23:16:22.0968 3644  TermService - ok
23:16:22.0984 3644  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
23:16:23.0000 3644  Themes - ok
23:16:23.0000 3644  TosIde - ok
23:16:23.0031 3644  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
23:16:23.0109 3644  TrkWks - ok
23:16:23.0125 3644  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
23:16:23.0218 3644  Udfs - ok
23:16:23.0234 3644  ultra - ok
23:16:23.0265 3644  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
23:16:23.0375 3644  Update - ok
23:16:23.0406 3644  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
23:16:23.0484 3644  upnphost - ok
23:16:23.0500 3644  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
23:16:23.0593 3644  UPS - ok
23:16:23.0609 3644  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:16:23.0703 3644  usbccgp - ok
23:16:23.0734 3644  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:16:23.0828 3644  usbehci - ok
23:16:23.0843 3644  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:16:23.0921 3644  usbhub - ok
23:16:23.0937 3644  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:16:24.0031 3644  usbohci - ok
23:16:24.0046 3644  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:16:24.0125 3644  usbprint - ok
23:16:24.0140 3644  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:16:24.0218 3644  usbscan - ok
23:16:24.0250 3644  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:16:24.0328 3644  USBSTOR - ok
23:16:24.0375 3644  [ B2ABAB4CA46BAD182E27763DC19C780F ] VCSVADHWSer     C:\WINDOWS\system32\DRIVERS\vcsvad.sys
23:16:24.0390 3644  VCSVADHWSer ( UnsignedFile.Multi.Generic ) - warning
23:16:24.0390 3644  VCSVADHWSer - detected UnsignedFile.Multi.Generic (1)
23:16:24.0421 3644  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
23:16:24.0500 3644  VgaSave - ok
23:16:24.0500 3644  ViaIde - ok
23:16:24.0515 3644  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
23:16:24.0609 3644  VolSnap - ok
23:16:24.0671 3644  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
23:16:24.0765 3644  VSS - ok
23:16:24.0796 3644  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
23:16:24.0875 3644  W32Time - ok
23:16:24.0890 3644  [ C3B03ED7B06657A3355F620BC02ACFB6 ] wacmoumonitor   C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
23:16:24.0921 3644  wacmoumonitor - ok
23:16:24.0937 3644  [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
23:16:24.0953 3644  wacommousefilter - ok
23:16:24.0953 3644  [ 846B58EA44BF8C92E4B59F4E2252C4C0 ] wacomvhid       C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
23:16:24.0968 3644  wacomvhid - ok
23:16:24.0984 3644  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:16:25.0062 3644  Wanarp - ok
23:16:25.0093 3644  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM         C:\WINDOWS\system32\DRIVERS\wdcsam.sys
23:16:25.0125 3644  WDC_SAM - ok
23:16:25.0125 3644  WDICA - ok
23:16:25.0156 3644  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
23:16:25.0234 3644  wdmaud - ok
23:16:25.0250 3644  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
23:16:25.0328 3644  WebClient - ok
23:16:25.0375 3644  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
23:16:25.0468 3644  winmgmt - ok
23:16:25.0531 3644  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
23:16:25.0609 3644  WinRM - ok
23:16:25.0687 3644  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
23:16:25.0765 3644  WmdmPmSN - ok
23:16:25.0781 3644  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:16:25.0859 3644  WmiApSrv - ok
23:16:25.0921 3644  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
23:16:25.0953 3644  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
23:16:25.0953 3644  WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
23:16:26.0031 3644  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:16:26.0078 3644  WPFFontCache_v0400 - ok
23:16:26.0125 3644  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
23:16:26.0203 3644  wscsvc - ok
23:16:26.0234 3644  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:16:26.0312 3644  WSTCODEC - ok
23:16:26.0359 3644  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
23:16:26.0437 3644  wuauserv - ok
23:16:26.0468 3644  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:16:26.0515 3644  WudfPf - ok
23:16:26.0531 3644  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:16:26.0546 3644  WudfRd - ok
23:16:26.0562 3644  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
23:16:26.0593 3644  WudfSvc - ok
23:16:26.0625 3644  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
23:16:26.0750 3644  WZCSVC - ok
23:16:26.0812 3644  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
23:16:26.0906 3644  xmlprov - ok
23:16:26.0968 3644  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:16:27.0015 3644  YahooAUService - ok
23:16:27.0046 3644  ================ Scan global ===============================
23:16:27.0062 3644  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:16:27.0125 3644  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:16:27.0140 3644  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:16:27.0156 3644  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:16:27.0156 3644  [Global] - ok
23:16:27.0156 3644  ================ Scan MBR ==================================
23:16:27.0156 3644  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:16:27.0312 3644  \Device\Harddisk0\DR0 - ok
23:16:27.0328 3644  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
23:16:27.0515 3644  \Device\Harddisk1\DR1 - ok
23:16:27.0531 3644  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
23:16:27.0718 3644  \Device\Harddisk2\DR2 - ok
23:16:27.0718 3644  ================ Scan VBR ==================================
23:16:27.0718 3644  [ B0B1870FAA114D035DA2C62374B1266D ] \Device\Harddisk0\DR0\Partition1
23:16:27.0718 3644  \Device\Harddisk0\DR0\Partition1 - ok
23:16:27.0718 3644  [ 49658E21786E148E2DD0640AA8BAA6D4 ] \Device\Harddisk0\DR0\Partition2
23:16:27.0718 3644  \Device\Harddisk0\DR0\Partition2 - ok
23:16:27.0734 3644  [ 8F3BE59E0FC0D639546324585F4946FD ] \Device\Harddisk1\DR1\Partition1
23:16:27.0734 3644  \Device\Harddisk1\DR1\Partition1 - ok
23:16:27.0734 3644  [ 3D046AC90944BC7C21F3C2A603F90022 ] \Device\Harddisk2\DR2\Partition1
23:16:27.0734 3644  \Device\Harddisk2\DR2\Partition1 - ok
23:16:27.0734 3644  ============================================================
23:16:27.0734 3644  Scan finished
23:16:27.0734 3644  ============================================================
23:16:27.0843 3632  Detected object count: 12
23:16:27.0843 3632  Actual detected object count: 12
23:16:28.0968 3632  AMD64CA ( UnsignedFile.Multi.Generic ) - skipped by user
23:16:28.0968 3632  AMD64CA ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:16:28.0968 3632  chdrvr01 ( UnsignedFile.Multi.Generic ) - skipped by user
23:16:28.0968 3632  chdrvr01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:16:28.0968 3632  chdrvr02 ( UnsignedFile.Multi.Generic ) - skipped by user
23:16:28.0968 3632  chdrvr02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:16:28.0984 3632  chdrvr03 ( UnsignedFile.Multi.Generic ) - skipped by user
23:16:28.0984 3632  chdrvr03 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:16:28.0984 3632  DAZContentManagementService ( UnsignedFile.Multi.Generic ) - skipped by user
23:16:28.0984 3632  DAZContentManagementService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:16:28.0984 3632  Eplpdx02 ( UnsignedFile.Multi.Generic ) - skipped by user
23:16:28.0984 3632  Eplpdx02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:16:28.0984 3632  EPSONStatusAgent2 ( UnsignedFile.Multi.Generic ) - skipped by user
23:16:28.0984 3632  EPSONStatusAgent2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:16:28.0984 3632  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:16:28.0984 3632  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:16:29.0000 3632  NPUSB ( UnsignedFile.Multi.Generic ) - skipped by user
23:16:29.0000 3632  NPUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:16:29.0000 3632  ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
23:16:29.0000 3632  ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:16:29.0000 3632  VCSVADHWSer ( UnsignedFile.Multi.Generic ) - skipped by user
23:16:29.0000 3632  VCSVADHWSer ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:16:29.0000 3632  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:16:29.0000 3632  WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
 



#8 saxdragon

saxdragon
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenbelt, Maryland USA
  • Local time:12:48 AM

Posted 22 March 2013 - 10:31 PM

I'm going to stop the removal process until I hear further from you.  I'm pretty sure nothing was done to remove the threats that TDSS found.

 

Thanks,

SteveB



#9 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:48 AM

Posted 23 March 2013 - 12:03 PM

Hi

 

Please do steps 3 and 4 of my earlier post here next.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#10 saxdragon

saxdragon
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenbelt, Maryland USA
  • Local time:12:48 AM

Posted 23 March 2013 - 06:52 PM

The next two logfiles were collected with the computer operating in safe mode with no networking.

 

Farbar Service Scanner Version: 03-03-2013
Ran by Steve (administrator) on 23-03-2013 at 19:37:19
Running from "C:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Minimal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.

NetBt Service is not running. Checking service configuration:
The start type of NetBt service is OK.
The ImagePath of NetBt service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
The start type of IpSec service is OK.
The ImagePath of IpSec service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

netman Service is not running. Checking service configuration:
The start type of netman service is OK.
The ImagePath of netman service is OK.
The ServiceDll of netman service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2011-10-22 01:20] - [2008-04-14 05:42] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2012-09-20 23:06] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x0A000000050000000100000002000000030000000400000008000000090000000A0000000600000007000000
IpSec Tag value is correct.

**** End of log ****



#11 saxdragon

saxdragon
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenbelt, Maryland USA
  • Local time:12:48 AM

Posted 23 March 2013 - 06:53 PM

MiniToolBox by Farbar  Version:05-03-2013
Ran by Steve (administrator) on 23-03-2013 at 19:41:05
Running from "C:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Minimal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



An internal error occurred: The request is not supported.

 

Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================



# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration




Windows IP Configuration



An internal error occurred: The request is not supported.

 

Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Unable to contact IP driver, error code 2,

========================= Winsock entries =====================================

Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 02 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/22/2013 10:52:47 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00009e32.
Processing media-specific event for [explorer.exe!ws!]

Error: (03/17/2013 03:42:12 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00009e32.
Processing media-specific event for [explorer.exe!ws!]

Error: (03/08/2013 11:51:13 PM) (Source: Application Error) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (03/08/2013 11:50:37 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00009e32.
Processing media-specific event for [explorer.exe!ws!]

Error: (03/06/2013 11:41:52 AM) (Source: Application Error) (User: )
Description: Faulting application ccsvchst.exe, version 12.2.1.4, faulting module symhtml.dll, version 7.2.0.31, fault address 0x0004d2e8.
Processing media-specific event for [ccsvchst.exe!ws!]

Error: (03/06/2013 06:30:04 AM) (Source: Application Error) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (03/06/2013 06:29:29 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00009e32.
Processing media-specific event for [explorer.exe!ws!]

Error: (03/05/2013 05:10:16 PM) (Source: Application Error) (User: )
Description: Faulting application hrblock2012.exe, version 2012.2.0.7301, faulting module hrblock2012.exe, version 2012.2.0.7301, fault address 0x00122471.
Processing media-specific event for [hrblock2012.exe!ws!]

Error: (03/05/2013 05:02:11 PM) (Source: Application Error) (User: )
Description: Faulting application hrblock2012.exe, version 2012.2.0.4201, faulting module hrblock2012.exe, version 2012.2.0.4201, fault address 0x00121e31.
Processing media-specific event for [hrblock2012.exe!ws!]

Error: (02/27/2013 05:21:22 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 6.0.2900.5512, faulting module urlmon.dll, version 6.0.2900.6332, fault address 0x000040e6.
Processing media-specific event for [iexplore.exe!ws!]


System errors:
=============
Error: (03/23/2013 07:41:09 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (03/23/2013 07:41:09 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (03/23/2013 07:41:09 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (03/23/2013 07:41:09 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (03/23/2013 07:41:09 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (03/23/2013 07:41:08 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (03/23/2013 07:41:08 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (03/23/2013 07:41:08 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (03/23/2013 07:41:08 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error: (03/23/2013 07:41:08 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}


Microsoft Office Sessions:
=========================
Error: (03/22/2013 10:52:47 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512kernel32.dll5.1.2600.629300009e32

Error: (03/17/2013 03:42:12 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512kernel32.dll5.1.2600.629300009e32

Error: (03/08/2013 11:51:13 PM) (Source: Application Error)(User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d

Error: (03/08/2013 11:50:37 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512kernel32.dll5.1.2600.629300009e32

Error: (03/06/2013 11:41:52 AM) (Source: Application Error)(User: )
Description: ccsvchst.exe12.2.1.4symhtml.dll7.2.0.310004d2e8

Error: (03/06/2013 06:30:04 AM) (Source: Application Error)(User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d

Error: (03/06/2013 06:29:29 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512kernel32.dll5.1.2600.629300009e32

Error: (03/05/2013 05:10:16 PM) (Source: Application Error)(User: )
Description: hrblock2012.exe2012.2.0.7301hrblock2012.exe2012.2.0.730100122471

Error: (03/05/2013 05:02:11 PM) (Source: Application Error)(User: )
Description: hrblock2012.exe2012.2.0.4201hrblock2012.exe2012.2.0.420100121e31

Error: (02/27/2013 05:21:22 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.5512urlmon.dll6.0.2900.6332000040e6


=========================== Installed Programs ============================

7-Zip 9.20
ABBYY FineReader 6.0 Sprint (Version: 6.00.1793.40819)
Adobe AIR (Version: 2.7.0.19530)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.270)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop 6.0 (Version: 6.0)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Advanced Font Manager v1.2
Advanced SystemCare 6 (Version: 6.0)
Apple Application Support (Version: 1.5.2)
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
AtHomeConnect version 1.0.1.0 (Version: 1.0.1.0)
AV Voice Changer Software GOLD 7.0 (Version: 7.0.51)
Battleground Europe
BestPractice (remove only)
Bonjour (Version: 2.0.5.0)
Cakewalk Music Creator 3
Cakewalk VST Adapter 4
CH Control Manager Software
Click to Call with Skype (Version: 5.6.8153)
Converter Plus
Corel Painter X
Corel Painter X (Version: 10.00)
CPUID CPU-Z 1.60.1
DAZ Content Management Service (Version: 4.8.1.7)
DAZ Studio 4 (Version: 4.0.0.343)
DMIView B7.0108.01 (Version: 1.3)
DreamStation DXi2
DS4 Default Content (Version: 4.0.0.10)
EPSON Printer Software
FaceGen Modeller 3.5 Free (Version: 3.5.0)
Facetheme (Version: 1.0)
Firestorm-Release (remove only) (Version: 4.3.1.31155)
FreeRIP 3.80 (Version: 3.80)
Game Booster (Version: 2.4.1.0)
Google Chrome (Version: 25.0.1364.152)
Google Earth Plug-in (Version: 7.0.3.8542)
Google SketchUp 8 (Version: 3.0.4811)
Google Update Helper (Version: 1.3.21.135)
H&R Block Deluxe + Efile + State 2012 (Version: 12.05.7301)
H&R Block Maryland 2011 (Version: 1.11.6301)
H&R Block Premium + Efile + State 2011 (Version: 11.07.7102)
IL-2 Manager 5.0 PF
IL-2 Sturmovik 1946 (Version: 1.00.0000)
Ink Monitor
IObit Malware Fighter (Version: 1.0)
IObit Toolbar v4.7 (Version: 4.7)
IObit Toolbar v7.0 (Version: 7.0)
iTunes (Version: 10.3.1.55)
Java 7 Update 11 (Version: 7.0.110)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 6 Update 37 (Version: 6.0.370)
KRISTAL Audio Engine
Manga Studio EX 4.0
MaskImage
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MorphVOX Pro (Version: 4.3.13)
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Norton 360 (Version: 20.2.1.22)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Drivers
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA nView 136.27 (Version: 136.27)
NVIDIA nView Desktop Manager (Version: 6.14.10.13594)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
OpenOffice.org 3.3 (Version: 3.3.9567)
Pando Media Booster (Version: 2.6.0.1)
PDF Settings (Version: 1.0)
Phoenix Viewer 1.6.0.1691
Protected Folder
QuickTime (Version: 7.69.80.9)
QuickTime (Version: 7.73.80.64)
Realtek High Definition Audio Driver (Version: 5.10.0.5319)
Rhythm Rascal (Version: 3.0.0)
Scribus 1.3.3.14 (Version: 1.3.3.14)
SE A3 USB 1200 Pro v1.4
SecondLifeViewer (remove only)
SendSpace Wizard (Version: 1.2.15)
Serif DrawPlus Starter Edition (Version: 2.0.1.008)
Skype™ 5.5 (Version: 5.5.115)
Smart Defrag 2 (Version: 2.2)
SUPERAntiSpyware (Version: 5.5.1012)
swMSM (Version: 12.0.0.1)
TapinRadio 1.38
The Extractor (Version: 1.4.3.2)
TrackIR4
TrackIR5
TVPaint Animation Pro
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Virtual Sound Canvas DXi
VLC media player 2.0.2 (Version: 2.0.2)
Wacom Tablet (Version: 6.1.7-3)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0) (Version: 05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 1)
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Messenger
Yahoo! Software Update
YouTube Downloader Toolbar v4.7 (Version: 4.7)
YTD Toolbar v7.0 (Version: 7.0)
YTD Video Downloader 3.9.6 (Version: 3.9.6)

========================= Devices: ================================

Name: Realtek RTL8185 54M Wireless LAN Network Adapter #2
Description: Realtek RTL8185 54M Wireless LAN Network Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: rtl8185
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 9%
Total physical RAM: 3327.48 MB
Available physical RAM: 3025.7 MB
Total Pagefile: 5215.34 MB
Available Pagefile: 5113.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1984.66 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:298.08 GB) (Free:98.56 GB) NTFS
3 Drive d: () (Fixed) (Total:391.4 GB) (Free:380.96 GB) NTFS
5 Drive f: () (Fixed) (Total:232.88 GB) (Free:95.09 GB) NTFS
6 Drive g: () (Fixed) (Total:74.35 GB) (Free:72.67 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator            ASPNET                   Bonnie                   
Cam                      Creek                    Guest                    
HelpAssistant            Steve                    SUPPORT_388945a0         
UpdatusUser              

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini031113-01.dmp
========================= Restore Points ==================================

29-01-2013 22:55:54 Software Distribution Service 3.0
29-01-2013 23:01:09 Software Distribution Service 3.0
31-01-2013 19:34:58 System Checkpoint
03-02-2013 06:19:35 System Checkpoint
04-02-2013 22:42:22 System Checkpoint
06-02-2013 12:31:39 System Checkpoint
08-02-2013 03:21:49 Software Distribution Service 3.0
09-02-2013 21:19:05 Norton Security Suite Registry
09-02-2013 23:46:03 Norton Security Suite Registry
10-02-2013 23:57:53 System Checkpoint
12-02-2013 21:15:32 Installed Windows XP KB2778344.
12-02-2013 21:15:52 Installed Windows XP KB2792100.
12-02-2013 21:16:12 Installed Windows XP KB2799494.
12-02-2013 21:16:38 Installed Windows XP KB2802968.
12-02-2013 21:16:52 Installed Windows XP KB2797052.
12-02-2013 21:17:06 Installed Windows XP KB2780091.
13-02-2013 19:37:02 Software Distribution Service 3.0
15-02-2013 18:06:01 System Checkpoint
16-02-2013 20:48:40 System Checkpoint
18-02-2013 04:59:43 Software Distribution Service 3.0
18-02-2013 05:00:45 Software Distribution Service 3.0
20-02-2013 19:56:15 System Checkpoint
22-02-2013 02:26:16 Installed H&R Block Deluxe + Efile + State 2012.
22-02-2013 02:38:06 Software Distribution Service 3.0
25-02-2013 01:21:16 Software Distribution Service 3.0
25-02-2013 01:24:30 Software Distribution Service 3.0
25-02-2013 01:27:06 Software Distribution Service 3.0
25-02-2013 01:30:29 Software Distribution Service 3.0
26-02-2013 20:32:50 System Checkpoint
28-02-2013 19:17:47 System Checkpoint
01-03-2013 21:28:31 System Checkpoint
02-03-2013 22:48:08 System Checkpoint
03-03-2013 23:42:13 System Checkpoint
05-03-2013 22:06:05 IObit Uninstaller restore point
05-03-2013 22:06:58 Removed H&R Block Deluxe + Efile + State 2012.
05-03-2013 22:21:46 Installed H&R Block Deluxe + Efile + State 2012.
05-03-2013 22:35:39 Removed H&R Block Deluxe + Efile + State 2012.
05-03-2013 22:49:38 Installed H&R Block Deluxe + Efile + State 2012.
06-03-2013 23:29:11 System Checkpoint
07-03-2013 23:31:12 System Checkpoint
09-03-2013 00:08:17 System Checkpoint

**** End of log ****
 



#12 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:48 AM

Posted 23 March 2013 - 06:55 PM

Hi

 

Are you able to run Farbar Service Scanner and Minitoolbox in Normal mode?


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#13 saxdragon

saxdragon
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenbelt, Maryland USA
  • Local time:12:48 AM

Posted 23 March 2013 - 08:21 PM

The next two logs were collected with the machine in "safe mode with networking"

 

Farbar Service Scanner Version: 03-03-2013
Ran by Steve (administrator) on 23-03-2013 at 21:09:57
Running from "C:\Documents and Settings\Steve\My Documents\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2011-10-22 01:20] - [2008-04-14 05:42] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2012-09-20 23:06] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x0A000000050000000100000002000000030000000400000008000000090000000A0000000600000007000000
IpSec Tag value is correct.

**** End of log ****



MiniToolBox by Farbar  Version:05-03-2013
Ran by Steve (administrator) on 23-03-2013 at 21:13:53
Running from "C:\"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek RTL8185 54M Wireless LAN Network Adapter = Wireless Network Connection 2 (Disconnected)
NVIDIA nForce Networking Controller = Local Area Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration        Host Name . . . . . . . . . . . . : saxdragon        Primary Dns Suffix  . . . . . . . :         Node Type . . . . . . . . . . . . : Unknown        IP Routing Enabled. . . . . . . . : No        WINS Proxy Enabled. . . . . . . . : No        DNS Suffix Search List. . . . . . : homeEthernet adapter Local Area Connection 2:        Connection-specific DNS Suffix  . : home        Description . . . . . . . . . . . : NVIDIA nForce Networking Controller #2        Physical Address. . . . . . . . . : 00-1D-7D-AD-F3-15        Dhcp Enabled. . . . . . . . . . . : Yes        Autoconfiguration Enabled . . . . : Yes        IP Address. . . . . . . . . . . . : 192.168.1.3        Subnet Mask . . . . . . . . . . . : 255.255.255.0        Default Gateway . . . . . . . . . : 192.168.1.1        DHCP Server . . . . . . . . . . . : 192.168.1.1        DNS Servers . . . . . . . . . . . : 192.168.1.1        Lease Obtained. . . . . . . . . . : Saturday, March 23, 2013 9:07:50 PM        Lease Expires . . . . . . . . . . : Sunday, March 24, 2013 9:07:50 PMServer:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    google.com
Addresses:  74.125.228.103, 74.125.228.97, 74.125.228.101, 74.125.228.96
      74.125.228.110, 74.125.228.100, 74.125.228.104, 74.125.228.102, 74.125.228.99
      74.125.228.98, 74.125.228.105

Pinging google.com [74.125.228.101] with 32 bytes of data:Reply from 74.125.228.101: bytes=32 time=7ms TTL=252Reply from 74.125.228.101: bytes=32 time=8ms TTL=252Ping statistics for 74.125.228.101:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 7ms, Maximum = 8ms, Average = 7msServer:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  206.190.36.45, 98.138.253.109, 98.139.183.24

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:Reply from 98.138.253.109: bytes=32 time=498ms TTL=51Reply from 98.138.253.109: bytes=32 time=427ms TTL=51Ping statistics for 98.138.253.109:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 427ms, Maximum = 498ms, Average = 462msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Ping statistics for 127.0.0.1:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 7d ad f3 15 ...... NVIDIA nForce Networking Controller #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.3      10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.1.0    255.255.255.0      192.168.1.3     192.168.1.3      10
      192.168.1.3  255.255.255.255        127.0.0.1       127.0.0.1      10
    192.168.1.255  255.255.255.255      192.168.1.3     192.168.1.3      10
        224.0.0.0        240.0.0.0      192.168.1.3     192.168.1.3      10
  255.255.255.255  255.255.255.255      192.168.1.3     192.168.1.3      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 02 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/23/2013 07:43:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2013 07:43:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2013 07:43:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2013 07:43:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2013 07:43:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2013 07:43:44 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2013 07:43:44 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2013 07:43:44 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2013 07:43:43 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2013 07:43:42 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (03/23/2013 09:12:03 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/23/2013 09:09:28 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AmdK8
BHDrvx86
ccSet_N360
eeCtrl
Fips
SASDIFSV
SASKUTIL
SRTSPX
SymIRON
SYMTDI

Error: (03/23/2013 09:09:28 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/23/2013 09:08:40 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/23/2013 09:08:20 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/23/2013 07:48:04 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/23/2013 07:47:10 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/23/2013 07:46:47 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/23/2013 07:46:37 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/23/2013 07:41:09 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AD1-2166-11D1-B1D0-00805FC1270E}


Microsoft Office Sessions:
=========================
Error: (03/23/2013 07:43:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/23/2013 07:43:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/23/2013 07:43:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/23/2013 07:43:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/23/2013 07:43:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/23/2013 07:43:44 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/23/2013 07:43:44 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/23/2013 07:43:44 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/23/2013 07:43:43 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/23/2013 07:43:42 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.


=========================== Installed Programs ============================

7-Zip 9.20
ABBYY FineReader 6.0 Sprint (Version: 6.00.1793.40819)
Adobe AIR (Version: 2.7.0.19530)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.270)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop 6.0 (Version: 6.0)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Advanced Font Manager v1.2
Advanced SystemCare 6 (Version: 6.0)
Apple Application Support (Version: 1.5.2)
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
AtHomeConnect version 1.0.1.0 (Version: 1.0.1.0)
AV Voice Changer Software GOLD 7.0 (Version: 7.0.51)
Battleground Europe
BestPractice (remove only)
Bonjour (Version: 2.0.5.0)
Cakewalk Music Creator 3
Cakewalk VST Adapter 4
CH Control Manager Software
Click to Call with Skype (Version: 5.6.8153)
Converter Plus
Corel Painter X
Corel Painter X (Version: 10.00)
CPUID CPU-Z 1.60.1
DAZ Content Management Service (Version: 4.8.1.7)
DAZ Studio 4 (Version: 4.0.0.343)
DMIView B7.0108.01 (Version: 1.3)
DreamStation DXi2
DS4 Default Content (Version: 4.0.0.10)
EPSON Printer Software
FaceGen Modeller 3.5 Free (Version: 3.5.0)
Facetheme (Version: 1.0)
Firestorm-Release (remove only) (Version: 4.3.1.31155)
FreeRIP 3.80 (Version: 3.80)
Game Booster (Version: 2.4.1.0)
Google Chrome (Version: 25.0.1364.152)
Google Earth Plug-in (Version: 7.0.3.8542)
Google SketchUp 8 (Version: 3.0.4811)
Google Update Helper (Version: 1.3.21.135)
H&R Block Deluxe + Efile + State 2012 (Version: 12.05.7301)
H&R Block Maryland 2011 (Version: 1.11.6301)
H&R Block Premium + Efile + State 2011 (Version: 11.07.7102)
IL-2 Manager 5.0 PF
IL-2 Sturmovik 1946 (Version: 1.00.0000)
Ink Monitor
IObit Malware Fighter (Version: 1.0)
IObit Toolbar v4.7 (Version: 4.7)
IObit Toolbar v7.0 (Version: 7.0)
iTunes (Version: 10.3.1.55)
Java 7 Update 11 (Version: 7.0.110)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 6 Update 37 (Version: 6.0.370)
KRISTAL Audio Engine
Manga Studio EX 4.0
MaskImage
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MorphVOX Pro (Version: 4.3.13)
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Norton 360 (Version: 20.2.1.22)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Drivers
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA nView 136.27 (Version: 136.27)
NVIDIA nView Desktop Manager (Version: 6.14.10.13594)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
OpenOffice.org 3.3 (Version: 3.3.9567)
Pando Media Booster (Version: 2.6.0.1)
PDF Settings (Version: 1.0)
Phoenix Viewer 1.6.0.1691
Protected Folder
QuickTime (Version: 7.69.80.9)
QuickTime (Version: 7.73.80.64)
Realtek High Definition Audio Driver (Version: 5.10.0.5319)
Rhythm Rascal (Version: 3.0.0)
Scribus 1.3.3.14 (Version: 1.3.3.14)
SE A3 USB 1200 Pro v1.4
SecondLifeViewer (remove only)
SendSpace Wizard (Version: 1.2.15)
Serif DrawPlus Starter Edition (Version: 2.0.1.008)
Skype™ 5.5 (Version: 5.5.115)
Smart Defrag 2 (Version: 2.2)
SUPERAntiSpyware (Version: 5.5.1012)
swMSM (Version: 12.0.0.1)
TapinRadio 1.38
The Extractor (Version: 1.4.3.2)
TrackIR4
TrackIR5
TVPaint Animation Pro
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Virtual Sound Canvas DXi
VLC media player 2.0.2 (Version: 2.0.2)
Wacom Tablet (Version: 6.1.7-3)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0) (Version: 05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 1)
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Messenger
Yahoo! Software Update
YouTube Downloader Toolbar v4.7 (Version: 4.7)
YTD Toolbar v7.0 (Version: 7.0)
YTD Video Downloader 3.9.6 (Version: 3.9.6)

========================= Devices: ================================

Name: Realtek RTL8185 54M Wireless LAN Network Adapter #2
Description: Realtek RTL8185 54M Wireless LAN Network Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: rtl8185
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 9%
Total physical RAM: 3327.48 MB
Available physical RAM: 3010.61 MB
Total Pagefile: 5215.34 MB
Available Pagefile: 5104.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.66 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:298.08 GB) (Free:98.55 GB) NTFS
3 Drive d: () (Fixed) (Total:391.4 GB) (Free:380.96 GB) NTFS
5 Drive f: () (Fixed) (Total:232.88 GB) (Free:95.09 GB) NTFS
6 Drive g: () (Fixed) (Total:74.35 GB) (Free:72.67 GB) NTFS

========================= Users: ========================================

User accounts for \\SAXDRAGON

Administrator            ASPNET                   Bonnie                   
Cam                      Creek                    Guest                    
HelpAssistant            Steve                    SUPPORT_388945a0         
UpdatusUser              

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini031113-01.dmp
========================= Restore Points ==================================

29-01-2013 22:55:54 Software Distribution Service 3.0
29-01-2013 23:01:09 Software Distribution Service 3.0
31-01-2013 19:34:58 System Checkpoint
03-02-2013 06:19:35 System Checkpoint
04-02-2013 22:42:22 System Checkpoint
06-02-2013 12:31:39 System Checkpoint
08-02-2013 03:21:49 Software Distribution Service 3.0
09-02-2013 21:19:05 Norton Security Suite Registry
09-02-2013 23:46:03 Norton Security Suite Registry
10-02-2013 23:57:53 System Checkpoint
12-02-2013 21:15:32 Installed Windows XP KB2778344.
12-02-2013 21:15:52 Installed Windows XP KB2792100.
12-02-2013 21:16:12 Installed Windows XP KB2799494.
12-02-2013 21:16:38 Installed Windows XP KB2802968.
12-02-2013 21:16:52 Installed Windows XP KB2797052.
12-02-2013 21:17:06 Installed Windows XP KB2780091.
13-02-2013 19:37:02 Software Distribution Service 3.0
15-02-2013 18:06:01 System Checkpoint
16-02-2013 20:48:40 System Checkpoint
18-02-2013 04:59:43 Software Distribution Service 3.0
18-02-2013 05:00:45 Software Distribution Service 3.0
20-02-2013 19:56:15 System Checkpoint
22-02-2013 02:26:16 Installed H&R Block Deluxe + Efile + State 2012.
22-02-2013 02:38:06 Software Distribution Service 3.0
25-02-2013 01:21:16 Software Distribution Service 3.0
25-02-2013 01:24:30 Software Distribution Service 3.0
25-02-2013 01:27:06 Software Distribution Service 3.0
25-02-2013 01:30:29 Software Distribution Service 3.0
26-02-2013 20:32:50 System Checkpoint
28-02-2013 19:17:47 System Checkpoint
01-03-2013 21:28:31 System Checkpoint
02-03-2013 22:48:08 System Checkpoint
03-03-2013 23:42:13 System Checkpoint
05-03-2013 22:06:05 IObit Uninstaller restore point
05-03-2013 22:06:58 Removed H&R Block Deluxe + Efile + State 2012.
05-03-2013 22:21:46 Installed H&R Block Deluxe + Efile + State 2012.
05-03-2013 22:35:39 Removed H&R Block Deluxe + Efile + State 2012.
05-03-2013 22:49:38 Installed H&R Block Deluxe + Efile + State 2012.
06-03-2013 23:29:11 System Checkpoint
07-03-2013 23:31:12 System Checkpoint
09-03-2013 00:08:17 System Checkpoint

**** End of log ****
 



I'm going to try to do it in "Normal" mode now.



#14 saxdragon

saxdragon
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenbelt, Maryland USA
  • Local time:12:48 AM

Posted 23 March 2013 - 08:36 PM

The next two logs were collected after opening Wndows in "Normal" mode.

 

Farbar Service Scanner Version: 03-03-2013
Ran by Steve (administrator) on 23-03-2013 at 21:25:27
Running from "C:\Documents and Settings\Steve\My Documents\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2011-10-22 01:20] - [2008-04-14 05:42] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2012-09-20 23:06] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x0A000000050000000100000002000000030000000400000008000000090000000A0000000600000007000000
IpSec Tag value is correct.

**** End of log ****



MiniToolBox by Farbar  Version:05-03-2013
Ran by Steve (administrator) on 23-03-2013 at 21:26:35
Running from "C:\Documents and Settings\Steve\My Documents\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek RTL8185 54M Wireless LAN Network Adapter = Wireless Network Connection 2 (Disconnected)
1394 Net Adapter = 1394 Connection 2 (Connected)
NVIDIA nForce Networking Controller = Local Area Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration        Host Name . . . . . . . . . . . . : saxdragon        Primary Dns Suffix  . . . . . . . :         Node Type . . . . . . . . . . . . : Unknown        IP Routing Enabled. . . . . . . . : No        WINS Proxy Enabled. . . . . . . . : No        DNS Suffix Search List. . . . . . : homeEthernet adapter Local Area Connection 2:        Connection-specific DNS Suffix  . : home        Description . . . . . . . . . . . : NVIDIA nForce Networking Controller #2        Physical Address. . . . . . . . . : 00-1D-7D-AD-F3-15        Dhcp Enabled. . . . . . . . . . . : Yes        Autoconfiguration Enabled . . . . : Yes        IP Address. . . . . . . . . . . . : 192.168.1.3        Subnet Mask . . . . . . . . . . . : 255.255.255.0        Default Gateway . . . . . . . . . : 192.168.1.1        DHCP Server . . . . . . . . . . . : 192.168.1.1        DNS Servers . . . . . . . . . . . : 192.168.1.1        Lease Obtained. . . . . . . . . . : Saturday, March 23, 2013 9:24:08 PM        Lease Expires . . . . . . . . . . : Sunday, March 24, 2013 9:24:08 PMServer:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    google.com
Addresses:  74.125.228.37, 74.125.228.41, 74.125.228.46, 74.125.228.36
      74.125.228.38, 74.125.228.33, 74.125.228.40, 74.125.228.35, 74.125.228.32
      74.125.228.34, 74.125.228.39

Pinging google.com [74.125.228.41] with 32 bytes of data:Reply from 74.125.228.41: bytes=32 time=7ms TTL=252Reply from 74.125.228.41: bytes=32 time=8ms TTL=252Ping statistics for 74.125.228.41:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 7ms, Maximum = 8ms, Average = 7msServer:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.139.183.24, 206.190.36.45, 98.138.253.109

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:Reply from 206.190.36.45: bytes=32 time=136ms TTL=250Reply from 206.190.36.45: bytes=32 time=154ms TTL=250Ping statistics for 206.190.36.45:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 136ms, Maximum = 154ms, Average = 145msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Ping statistics for 127.0.0.1:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 7d ad f3 15 ...... NVIDIA nForce Networking Controller #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.3      10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      169.254.0.0      255.255.0.0      192.168.1.3     192.168.1.3      20
      192.168.1.0    255.255.255.0      192.168.1.3     192.168.1.3      10
      192.168.1.3  255.255.255.255        127.0.0.1       127.0.0.1      10
    192.168.1.255  255.255.255.255      192.168.1.3     192.168.1.3      10
        224.0.0.0        240.0.0.0      192.168.1.3     192.168.1.3      10
  255.255.255.255  255.255.255.255      192.168.1.3     192.168.1.3      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 02 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/23/2013 07:43:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2013 07:43:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2013 07:43:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2013 07:43:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2013 07:43:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2013 07:43:44 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2013 07:43:44 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2013 07:43:44 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2013 07:43:43 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (03/23/2013 07:43:42 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (03/23/2013 09:24:36 PM) (Source: Service Control Manager) (User: )
Description: The Yahoo! Updater service failed to start due to the following error:
%%1053

Error: (03/23/2013 09:24:36 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Yahoo! Updater service to connect.

Error: (03/23/2013 09:15:49 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/23/2013 09:14:50 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/23/2013 09:14:27 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/23/2013 09:12:03 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/23/2013 09:09:28 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AmdK8
BHDrvx86
ccSet_N360
eeCtrl
Fips
SASDIFSV
SASKUTIL
SRTSPX
SymIRON
SYMTDI

Error: (03/23/2013 09:09:28 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/23/2013 09:08:40 PM) (Source: DCOM) (User: SAXDRAGON)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/23/2013 09:08:20 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (03/23/2013 07:43:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/23/2013 07:43:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/23/2013 07:43:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/23/2013 07:43:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/23/2013 07:43:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/23/2013 07:43:44 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/23/2013 07:43:44 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/23/2013 07:43:44 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/23/2013 07:43:43 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (03/23/2013 07:43:42 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.


=========================== Installed Programs ============================

7-Zip 9.20
ABBYY FineReader 6.0 Sprint (Version: 6.00.1793.40819)
Adobe AIR (Version: 2.7.0.19530)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.270)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop 6.0 (Version: 6.0)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Advanced Font Manager v1.2
Advanced SystemCare 6 (Version: 6.0)
Apple Application Support (Version: 1.5.2)
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
AtHomeConnect version 1.0.1.0 (Version: 1.0.1.0)
AV Voice Changer Software GOLD 7.0 (Version: 7.0.51)
Battleground Europe
BestPractice (remove only)
Bonjour (Version: 2.0.5.0)
Cakewalk Music Creator 3
Cakewalk VST Adapter 4
CH Control Manager Software
Click to Call with Skype (Version: 5.6.8153)
Converter Plus
Corel Painter X
Corel Painter X (Version: 10.00)
CPUID CPU-Z 1.60.1
DAZ Content Management Service (Version: 4.8.1.7)
DAZ Studio 4 (Version: 4.0.0.343)
DMIView B7.0108.01 (Version: 1.3)
DreamStation DXi2
DS4 Default Content (Version: 4.0.0.10)
EPSON Printer Software
FaceGen Modeller 3.5 Free (Version: 3.5.0)
Facetheme (Version: 1.0)
Firestorm-Release (remove only) (Version: 4.3.1.31155)
FreeRIP 3.80 (Version: 3.80)
Game Booster (Version: 2.4.1.0)
Google Chrome (Version: 25.0.1364.152)
Google Earth Plug-in (Version: 7.0.3.8542)
Google SketchUp 8 (Version: 3.0.4811)
Google Update Helper (Version: 1.3.21.135)
H&R Block Deluxe + Efile + State 2012 (Version: 12.05.7301)
H&R Block Maryland 2011 (Version: 1.11.6301)
H&R Block Premium + Efile + State 2011 (Version: 11.07.7102)
IL-2 Manager 5.0 PF
IL-2 Sturmovik 1946 (Version: 1.00.0000)
Ink Monitor
IObit Malware Fighter (Version: 1.0)
IObit Toolbar v4.7 (Version: 4.7)
IObit Toolbar v7.0 (Version: 7.0)
iTunes (Version: 10.3.1.55)
Java 7 Update 11 (Version: 7.0.110)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 6 Update 37 (Version: 6.0.370)
KRISTAL Audio Engine
Manga Studio EX 4.0
MaskImage
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MorphVOX Pro (Version: 4.3.13)
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Norton 360 (Version: 20.2.1.22)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Drivers
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA nView 136.27 (Version: 136.27)
NVIDIA nView Desktop Manager (Version: 6.14.10.13594)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
OpenOffice.org 3.3 (Version: 3.3.9567)
Pando Media Booster (Version: 2.6.0.1)
PDF Settings (Version: 1.0)
Phoenix Viewer 1.6.0.1691
Protected Folder
QuickTime (Version: 7.69.80.9)
QuickTime (Version: 7.73.80.64)
Realtek High Definition Audio Driver (Version: 5.10.0.5319)
Rhythm Rascal (Version: 3.0.0)
Scribus 1.3.3.14 (Version: 1.3.3.14)
SE A3 USB 1200 Pro v1.4
SecondLifeViewer (remove only)
SendSpace Wizard (Version: 1.2.15)
Serif DrawPlus Starter Edition (Version: 2.0.1.008)
Skype™ 5.5 (Version: 5.5.115)
Smart Defrag 2 (Version: 2.2)
SUPERAntiSpyware (Version: 5.5.1012)
swMSM (Version: 12.0.0.1)
TapinRadio 1.38
The Extractor (Version: 1.4.3.2)
TrackIR4
TrackIR5
TVPaint Animation Pro
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Virtual Sound Canvas DXi
VLC media player 2.0.2 (Version: 2.0.2)
Wacom Tablet (Version: 6.1.7-3)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0) (Version: 05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 1)
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Messenger
Yahoo! Software Update
YouTube Downloader Toolbar v4.7 (Version: 4.7)
YTD Toolbar v7.0 (Version: 7.0)
YTD Video Downloader 3.9.6 (Version: 3.9.6)

========================= Devices: ================================

Name: Realtek RTL8185 54M Wireless LAN Network Adapter #2
Description: Realtek RTL8185 54M Wireless LAN Network Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: rtl8185
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 3327.48 MB
Available physical RAM: 2331.42 MB
Total Pagefile: 5210.53 MB
Available Pagefile: 4587.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.64 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:298.08 GB) (Free:98.28 GB) NTFS
3 Drive d: () (Fixed) (Total:391.4 GB) (Free:380.96 GB) NTFS
5 Drive f: () (Fixed) (Total:232.88 GB) (Free:95.09 GB) NTFS
6 Drive g: () (Fixed) (Total:74.35 GB) (Free:72.67 GB) NTFS

========================= Users: ========================================

User accounts for \\SAXDRAGON

Administrator            ASPNET                   Bonnie                   
Cam                      Creek                    Guest                    
HelpAssistant            Steve                    SUPPORT_388945a0         
UpdatusUser              

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini031113-01.dmp
========================= Restore Points ==================================

29-01-2013 22:55:54 Software Distribution Service 3.0
29-01-2013 23:01:09 Software Distribution Service 3.0
31-01-2013 19:34:58 System Checkpoint
03-02-2013 06:19:35 System Checkpoint
04-02-2013 22:42:22 System Checkpoint
06-02-2013 12:31:39 System Checkpoint
08-02-2013 03:21:49 Software Distribution Service 3.0
09-02-2013 21:19:05 Norton Security Suite Registry
09-02-2013 23:46:03 Norton Security Suite Registry
10-02-2013 23:57:53 System Checkpoint
12-02-2013 21:15:32 Installed Windows XP KB2778344.
12-02-2013 21:15:52 Installed Windows XP KB2792100.
12-02-2013 21:16:12 Installed Windows XP KB2799494.
12-02-2013 21:16:38 Installed Windows XP KB2802968.
12-02-2013 21:16:52 Installed Windows XP KB2797052.
12-02-2013 21:17:06 Installed Windows XP KB2780091.
13-02-2013 19:37:02 Software Distribution Service 3.0
15-02-2013 18:06:01 System Checkpoint
16-02-2013 20:48:40 System Checkpoint
18-02-2013 04:59:43 Software Distribution Service 3.0
18-02-2013 05:00:45 Software Distribution Service 3.0
20-02-2013 19:56:15 System Checkpoint
22-02-2013 02:26:16 Installed H&R Block Deluxe + Efile + State 2012.
22-02-2013 02:38:06 Software Distribution Service 3.0
25-02-2013 01:21:16 Software Distribution Service 3.0
25-02-2013 01:24:30 Software Distribution Service 3.0
25-02-2013 01:27:06 Software Distribution Service 3.0
25-02-2013 01:30:29 Software Distribution Service 3.0
26-02-2013 20:32:50 System Checkpoint
28-02-2013 19:17:47 System Checkpoint
01-03-2013 21:28:31 System Checkpoint
02-03-2013 22:48:08 System Checkpoint
03-03-2013 23:42:13 System Checkpoint
05-03-2013 22:06:05 IObit Uninstaller restore point
05-03-2013 22:06:58 Removed H&R Block Deluxe + Efile + State 2012.
05-03-2013 22:21:46 Installed H&R Block Deluxe + Efile + State 2012.
05-03-2013 22:35:39 Removed H&R Block Deluxe + Efile + State 2012.
05-03-2013 22:49:38 Installed H&R Block Deluxe + Efile + State 2012.
06-03-2013 23:29:11 System Checkpoint
07-03-2013 23:31:12 System Checkpoint
09-03-2013 00:08:17 System Checkpoint

**** End of log ****
 


Edited by saxdragon, 23 March 2013 - 08:36 PM.


#15 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:48 AM

Posted 24 March 2013 - 06:58 PM

Hi

Please do the following next:

:step1:
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
:spacer:
:step2:
  • Please run Malwarebytes Anti-Malware.
    Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
    • Under the Scanner tab, make sure the "Perform Full Scan" option is selected.
    • Click on the Scan button.
    • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
  • Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).


    :step3:

    I'd like us to scan your machine with ESET OnlineScan
    • Hold down Control and click on this link to open ESET OnlineScan in a new window.
    • Click the esetonlinebtn.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png
        icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.

Edited by dev00790, 24 March 2013 - 06:59 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users