Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Real time antivirus fail


  • Please log in to reply
16 replies to this topic

#1 P233MHZ

P233MHZ

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:30 PM

Posted 26 March 2013 - 12:03 PM

I'm one of those people who think they can fix anything. UNCLE. I give. I've spent too much time, I need help, please.

 

I have tried lots of suggested things in this and other forums to get this fixed but it hasn't worked.

 

I can not find any sign of infection, but a few months ago the real time antivirus portion of my antivirus at the time (Microsoft Security Essentials) failed. It said it wasn't turned on. When I tried to enable it, it would just shut off again. I uninstalled and tried Panda, I was looking for something "light" since this is an old machine. Same thing, the real time portion will not stay enabled. I uninstalled Panda and tried Immunet. Same thing, the real time portion would not stay enabled. I uninstalled Immunet and ran specific uninstallers for every antivirus I can remember ever having installed. I believe the only ones I ever tried previously were AVG and Kaspersky. Then I used CCcleaner (I am an advanced user) and tried some of the other tools like Malwarebytes just to be sure I wasn't missing an infection. I can't find any issues.

 

The computer is old (P2, 333MHz, 384MB of ECC ram), CPU is not overloaded and nothing about the hardware has changed for years. It is like a mini server I keep under my office desk. It is running XP Pro SP3. All MS updates are applied, I check regularly.

 

Windows firewall is running.

 

I do have Alcohol 120% installed, which I know can appear as a rootkit. It has been installed for years and the real time antivirus has always worked. I'm very willing to uninstall it if that is part of this process. I can't remember the last time I used it.

 

 

So, I need help. I will follow directions and do whatever I need to do, even if I've already tried it. Looking forward to some help. Thank you so much.

 


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:30 PM

Posted 26 March 2013 - 12:08 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run
  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply
  • Due to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient

===================================================

RKILL
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another.) and save it to your desktop:
  • Link 1
  • Link 2

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    esetsmartinstaller_enu.png

    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button

===================================================

Junkware Removal Tool by thisisu
  • Please download Junkware Removal Tool
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply.

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • TDSSKiller log
  • RKILL log
  • ESET log
  • Junkware removal tool log

 



#3 P233MHZ

P233MHZ
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:30 PM

Posted 26 March 2013 - 12:45 PM

I forgot to mention that after running CCleaner and Malwarebytes I tried re-installing MSE, which didn't work, same issue. I uninstalled it and tried Panda again, same issue. But, Panda is currently installed. Would you like me to uninstall Panda first?



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:30 PM

Posted 26 March 2013 - 09:50 PM

Please follow my instructions.



#5 P233MHZ

P233MHZ
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:30 PM

Posted 05 April 2013 - 12:22 AM

As you instructed I did not uninstall Panda, but while running all of the steps you requested it had the small red x on the icon indicated real time protection was disabled. Below are my logs. Thank you.

 

TDSSKiller log

 

13:29:24.0275 2832  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:29:24.0595 2832  ============================================================
13:29:24.0595 2832  Current date / time: 2013/04/04 13:29:24.0595
13:29:24.0595 2832  SystemInfo:
13:29:24.0595 2832  
13:29:24.0595 2832  OS Version: 5.1.2600 ServicePack: 3.0
13:29:24.0595 2832  Product type: Workstation
13:29:24.0595 2832  ComputerName: AMP
13:29:24.0595 2832  UserName: Administrator
13:29:24.0595 2832  Windows directory: C:\WINDOWS
13:29:24.0595 2832  System windows directory: C:\WINDOWS
13:29:24.0595 2832  Processor architecture: Intel x86
13:29:24.0595 2832  Number of processors: 1
13:29:24.0595 2832  Page size: 0x1000
13:29:24.0595 2832  Boot type: Normal boot
13:29:24.0595 2832  ============================================================
13:29:28.0000 2832  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:29:28.0020 2832  Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:29:28.0040 2832  Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:29:28.0040 2832  ============================================================
13:29:28.0040 2832  \Device\Harddisk0\DR0:
13:29:28.0040 2832  MBR partitions:
13:29:28.0040 2832  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C444B6
13:29:28.0050 2832  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C44534, BlocksNum 0xC34F28D
13:29:28.0050 2832  \Device\Harddisk1\DR1:
13:29:28.0050 2832  MBR partitions:
13:29:28.0050 2832  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
13:29:28.0050 2832  \Device\Harddisk2\DR2:
13:29:28.0050 2832  MBR partitions:
13:29:28.0050 2832  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
13:29:28.0050 2832  ============================================================
13:29:28.0080 2832  C: <-> \Device\Harddisk0\DR0\Partition1
13:29:28.0100 2832  D: <-> \Device\Harddisk0\DR0\Partition2
13:29:28.0160 2832  F: <-> \Device\Harddisk2\DR2\Partition1
13:29:28.0160 2832  E: <-> \Device\Harddisk1\DR1\Partition1
13:29:28.0160 2832  ============================================================
13:29:28.0160 2832  Initialize success
13:29:28.0160 2832  ============================================================
13:29:48.0439 2748  Deinitialize success
 

 

RKILL log

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/04/2013 02:26:29 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\WINDOWS\system32\wdfmgr.exe (PID: 3300) [WD-HEUR]
 * C:\WINDOWS\System32\alg.exe (PID: 4084) [WD-HEUR]
 
2 proccesses terminated!
 
Possibly Patched Files.
 
 * C:\WINDOWS\system32\services.exe
 * C:\WINDOWS\system32\lsass.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\system32\svchost.exe
 * C:\WINDOWS\System32\svchost.exe
 * C:\WINDOWS\System32\svchost.exe
 * C:\WINDOWS\System32\svchost.exe
 * C:\WINDOWS\system32\spoolsv.exe
 * C:\WINDOWS\System32\svchost.exe
 * C:\WINDOWS\System32\svchost.exe
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * System Restore Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   "DisableSR" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * System Restore Service (srservice) is not Running.
   Startup Type set to: Automatic
 
 * System Restore Filter Driver (sr) is not Running.
   Startup Type set to: Disabled
 
 * ACPI [Missing ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * C:\WINDOWS\System32\appmgmts.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\appmgmts.dll : 167,936 : 04/13/2008 08:11 PM : d8849f77c0b66226335a59d26cb4edc6 [Pos Repl]
 
 * C:\WINDOWS\System32\clipsrv.exe [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe : 33,280 : 04/13/2008 08:12 PM : 34cbe729f38138217f9c80212a2a0c82 [Pos Repl]
 
 * C:\WINDOWS\System32\comctl32.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\comctl32.dll : 617,472 : 04/13/2008 08:11 PM : 06f247492bc786ce5c24a23e178c711a [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\comctl32.dll : 617,472 : 08/23/2010 08:12 AM : 93afb83fbc1f9443cac722fca63d73bf [Pos Repl]
 +-> C:\WINDOWS\WinSxS\InstallTemp\63803680\comctl32.dll : 921,600 : 04/16/2004 05:56 PM : a7b3f3fb365b8b3b29c7c7322392c765 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll : 921,088 : 08/23/2001 03:00 PM : aef3d788dbf40c7c4d204ea45eb0c505 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll : 921,600 : 08/29/2002 03:41 AM : 76b90bd220f1b1cc9e183c6b1ae9fbb4 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1331_x-ww_7abf6d02\comctl32.dll : 921,600 : 02/20/2004 10:07 PM : 8a9c54692387060aad0ab02d75896a59 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1515_x-ww_7bb98b8a\comctl32.dll : 921,600 : 04/16/2004 05:56 PM : a7b3f3fb365b8b3b29c7c7322392c765 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll : 1,050,624 : 08/04/2004 05:57 AM : 5af68a5e44734a082442668e9c787743 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll : 1,054,208 : 08/25/2006 05:45 AM : c4e80875c1cf1222fc5efd0314ae5c01 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll : 1,054,208 : 04/13/2008 08:12 PM : bd38d1ebe24a46bd3eda059560afba12 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll : 1,054,208 : 08/23/2010 08:12 AM : 736b12b725aeb2b07f0241a9f680cb10 [Pos Repl]
 
 * C:\WINDOWS\System32\comres.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\comres.dll : 792,064 : 04/13/2008 08:11 PM : 1280a158c722fa95a80fb7aebe78fa7d [Pos Repl]
 
 * C:\WINDOWS\System32\cryptsvc.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll : 62,464 : 04/13/2008 08:11 PM : 3d4e199942e29207970e04315d02ad3b [Pos Repl]
 
 * C:\WINDOWS\System32\csrss.exe [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\csrss.exe : 6,144 : 04/13/2008 08:12 PM : 44f275c64738ea2056e3d9580c23b60f [Pos Repl]
 
 * C:\WINDOWS\System32\ctfmon.exe [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe : 15,360 : 04/13/2008 08:12 PM : 5f1d5f88303d4a4dbc8e5f97ba967cc3 [Pos Repl]
 
 * C:\WINDOWS\System32\d3d8.dll [NoSig]
 +-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3d8.dll : 1,156,608 : 12/11/2002 11:14 PM : 0f90fa771b76f6793e5ac601daea550a [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\d3d8.dll : 1,179,648 : 04/13/2008 08:11 PM : f099b129022170f2df9e1c0185c9bcfb [Pos Repl]
 
 * C:\WINDOWS\System32\d3d8thk.dll [NoSig]
 +-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3d8thk.dll : 8,192 : 12/11/2002 11:14 PM : d6e38d3cde17a05ba6304917c80d6d3c [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\d3d8thk.dll : 8,192 : 04/13/2008 08:11 PM : 31b067c412fa1a9bad3ca2a63d7da440 [Pos Repl]
 
 * C:\WINDOWS\System32\d3d9.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\d3d9.dll : 1,689,088 : 04/13/2008 08:11 PM : 0607cbc6fa20114cb491efe4b2f9efad [Pos Repl]
 
 * C:\WINDOWS\System32\ddraw.dll [NoSig]
 +-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll : 257,536 : 12/11/2002 11:14 PM : dd7437d215b2ace3c84226be5457634a [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ddraw.dll : 279,552 : 04/13/2008 08:11 PM : a340cd71eb535a3dd751b5f28723e50c [Pos Repl]
 
 * C:\WINDOWS\System32\dllhost.exe [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\dllhost.exe : 5,120 : 04/13/2008 08:12 PM : 0a9ba6af531afe7fa5e4fb973852d863 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\aec.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\aec.sys : 142,592 : 04/13/2008 08:39 AM : 8bed39e3c35d6a489438b8141717a557 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\agp440.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\agp440.sys : 42,368 : 04/13/2008 02:36 PM : 08fd04aa961bdc77fb983f328334e3d7 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\AGP440.SYS : 42,368 : 08/04/2004 00:07 AM : 2c428fa0c3e3a01ed93c9b2a27d8d4bb [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\amdk6.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\amdk6.sys : 37,376 : 04/13/2008 02:31 PM : d7701d7e72243286cc88c9973d891057 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\amdk7.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\amdk7.sys : 37,760 : 04/13/2008 02:31 PM : 8fce268cdbdd83b23419d1f35f42c7b1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\arp1394.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\arp1394.sys : 60,800 : 04/13/2008 02:51 PM : b5b8a80875c1dededa8b02765642c32f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\asyncmac.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys : 14,336 : 04/13/2008 02:57 PM : b153affac761e7f5fcfa822b9c4e97bc [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\atapi.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\atapi.sys : 96,512 : 04/13/2008 02:40 PM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\audstub.sys [NoSig]
 
 * C:\WINDOWS\System32\drivers\beep.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\beep.sys : 4,224 : 08/23/2001 03:00 PM : da1f27d85e0d1525f6621372e7b685e9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\bridge.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\bridge.sys : 71,552 : 04/13/2008 02:53 PM : f934d1b230f84e1d19dd00ac5a7a83ed [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\bthport.sys [NoSig]
 +-> C:\WINDOWS\Driver Cache\i386\bthport.sys : 272,128 : 06/13/2008 02:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\bthport.sys : 273,024 : 04/13/2008 02:46 PM : 10b85171b90c449f8da71c2640b797e9 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\bthport.sys : 272,128 : 06/13/2008 02:05 AM : 662bfd909447dd9cc15b1a1c366583b4 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\cbidf2k.sys [NoSig]
 
 * C:\WINDOWS\System32\drivers\cdaudio.sys [NoSig]
 
 * C:\WINDOWS\System32\drivers\cdfs.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\cdfs.sys : 63,744 : 04/13/2008 03:14 PM : c885b02847f5d2fd45a24e219ed93b32 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\cdrom.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\cdrom.sys : 62,976 : 04/13/2008 02:40 PM : 1f4260cc5b42272d71f79e570a27a4fe [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\classpnp.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\classpnp.sys : 49,536 : 04/13/2008 03:16 PM : fe47dd8fe6d7768ff94ebec6c74b2719 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\cpqdap01.sys [NoSig]
 
 * C:\WINDOWS\System32\drivers\crusoe.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\crusoe.sys : 36,736 : 04/13/2008 02:31 PM : f50d9bdbb25cce075e514dc07472a22f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\diskdump.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\diskdump.sys : 14,208 : 04/13/2008 02:40 PM : e65e2353a5d74ea89971cb918eeeb2f6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\disk.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\disk.sys : 36,352 : 04/13/2008 02:40 PM : 044452051f3e02e7963599fc8f4f3e25 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\dmboot.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\dmboot.sys : 799,744 : 04/13/2008 02:44 PM : d992fe1274bde0f84ad826acae022a41 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\dmio.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\dmio.sys : 153,344 : 04/13/2008 02:44 PM : 7c824cf7bbde77d95c08005717a95f6f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\dmload.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dmload.sys : 5,888 : 08/23/2001 03:00 PM : e9317282a63ca4d188c0df5e09c6ac5f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\DMusic.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\dmusic.sys : 52,864 : 04/13/2008 02:45 PM : 8a208dfcf89792a484e76c40e5f50b45 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\drmkaud.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys : 2,944 : 04/13/2008 02:45 PM : 8f5fcff8e8848afac920905fbd9d33c8 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\drmk.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\drmk.sys : 60,160 : 04/13/2008 02:45 PM : 6cb08593487f5701d2d2254e693eafce [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\dxapi.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dxapi.sys : 10,496 : 08/23/2001 03:00 PM : fe97d0343acfdebdd578fc67cc91fa87 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\dxg.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\dxg.sys : 71,168 : 04/13/2008 02:38 PM : ac7280566a7bb85cb3291f04ddc1198e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\dxgthk.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\dxgthk.sys : 3,328 : 08/23/2001 03:00 PM : a73f5d6705b1d820c19b18782e176efd [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fastfat.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\fastfat.sys : 143,744 : 04/13/2008 03:14 PM : 38d332a6d56af32635675f132548343e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fdc.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\fdc.sys : 27,392 : 04/13/2008 02:40 PM : 92cdd60b6730b9f50f6a1a0c1f8cdc81 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fips.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\fips.sys : 44,544 : 04/13/2008 02:33 PM : d45926117eb9fa946a6af572fbe1caa3 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\flpydisk.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\flpydisk.sys : 20,480 : 04/13/2008 02:40 PM : 9d27e7b80bfcdf1cdd9b555862d5e7f0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fltMgr.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\fltmgr.sys : 129,792 : 04/13/2008 02:32 PM : b2cf4b0786f8212cb92ed2b50c6db6b0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fs_rec.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\fs_rec.sys : 7,936 : 08/23/2001 03:00 PM : 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\fsvga.sys [NoSig]
 
 * C:\WINDOWS\System32\drivers\ftdisk.sys [NoSig]
 
 * C:\WINDOWS\System32\drivers\hidclass.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\hidclass.sys : 36,864 : 04/13/2008 02:45 PM : 1af592532532a402ed7c060f6954004f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\hidparse.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\hidparse.sys : 24,960 : 04/13/2008 02:45 PM : 96eccf28fdbf1b2cc12725818a63628d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\hidusb.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\hidusb.sys : 10,368 : 04/13/2008 02:45 PM : ccf82c5ec8a7326c3066de870c06daf1 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\hidusb.sys : 10,368 : 04/13/2008 02:45 PM : ccf82c5ec8a7326c3066de870c06daf1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\http.sys [NoSig]
 +-> C:\WINDOWS\Driver Cache\i386\http.sys : 265,728 : 10/20/2009 02:20 AM : f80a415ef82cd06ffaf0d971528ead38 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\http.sys : 264,832 : 04/13/2008 02:53 PM : f6aacf5bce2893e0c1754afeb672e5c9 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\http.sys : 265,728 : 10/20/2009 02:20 AM : f80a415ef82cd06ffaf0d971528ead38 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\i8042prt.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys : 52,480 : 04/13/2008 03:18 PM : 4a0b06aa8943c1e332520f7440c0aa30 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\i8042prt.sys : 52,736 : 08/04/2004 00:14 AM : 5502b58eef7486ee6f93f3f164dcb808 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\imapi.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\imapi.sys : 42,112 : 04/13/2008 02:40 PM : 083a052659f5310dd8b6a6cb05edcf8e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\intelide.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\intelide.sys : 5,504 : 04/13/2008 02:40 PM : b5466a9250342a7aa0cd1fba13420678 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\intelppm.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\intelppm.sys : 36,352 : 04/13/2008 02:31 PM : 8c953733d8f36eb2133f5bb58808b66b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ip6fw.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys : 36,608 : 04/13/2008 02:53 PM : 3bb22519a194418d5fec05d800a19ad0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ipfltdrv.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ipfltdrv.sys : 32,896 : 08/23/2001 03:00 PM : 731f22ba402ee4b62748adaf6363c182 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ipinip.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\ipinip.sys : 20,864 : 04/13/2008 02:57 PM : b87ab476dcf76e72010632b5550955f5 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ipnat.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\ipnat.sys : 152,832 : 04/13/2008 02:57 PM : cc748ea12c6effde940ee98098bf96bb [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ipsec.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\ipsec.sys : 75,264 : 04/13/2008 03:19 PM : 23c74d75e36e7158768dd63d92789a91 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\irenum.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\irenum.sys : 11,264 : 04/13/2008 02:54 PM : c93c9ff7b04d772627a3646d89f7bf89 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\isapnp.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\isapnp.sys : 37,248 : 04/13/2008 02:36 PM : 05a299ec56e52649b1cf2fc52d20f2d7 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\kbdclass.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\kbdclass.sys : 24,576 : 04/13/2008 02:39 PM : 463c1ec80cd17420a542b7f36a36f128 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\kmixer.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\kmixer.sys : 172,416 : 04/13/2008 02:45 PM : 692bcf44383d056aed41b045a323d378 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ksecdd.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\ksecdd.sys : 92,288 : 04/13/2008 02:31 PM : 1705745d900dabf2d89f90ebaddc7517 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ksecdd.sys : 92,928 : 06/24/2009 02:18 AM : b467646c54cc746128904e1654c750c1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ks.sys [NoSig]
 +-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ks.sys : 130,304 : 12/11/2002 11:14 PM : dc197a88746a55ae60d1c81d45cd1b4a [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ks.sys : 141,056 : 04/13/2008 03:16 PM : 0753515f78df7f271a5e61c20bcd36a1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mcd.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mcd.sys : 7,680 : 08/23/2001 03:00 PM : d1f8be91ed4ddb671d42e473e3fe71ab [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mf.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\mf.sys : 63,744 : 04/13/2008 02:36 PM : a7da20ab18a1bdae28b0f349e57da0d1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mnmdd.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\mnmdd.sys : 4,224 : 08/23/2001 03:00 PM : 4ae068242760a1fb6e1a44bf4e16afa6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\modem.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\modem.sys : 30,080 : 04/13/2008 03:00 PM : dfcbad3cec1c5f964962ae10e0bcc8e1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mouclass.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\mouclass.sys : 23,040 : 04/13/2008 02:39 PM : 35c9e97194c8cfb8430125f8dbc34d04 [Pos Repl]
 +-> C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\mouclass.sys : 23,040 : 08/04/2004 00:58 AM : 34e1f0031153e491910e12551400192c [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mountmgr.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\mountmgr.sys : 42,368 : 04/13/2008 02:39 PM : a80b9a0bad1b73637dbcbba7df72d3fd [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mqac.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 02:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mrxdav.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\mrxdav.sys : 180,608 : 04/13/2008 02:32 PM : 11d42bb6206f33fbb3ba0288d3ef81bd [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\msfs.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\msfs.sys : 19,072 : 04/13/2008 02:32 PM : c941ea2454ba8350021d774daf0f1027 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\msgpc.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\msgpc.sys : 35,072 : 04/13/2008 02:56 PM : 0a02c63c8b144bd8c86b103dee7c86a2 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\MSKSSRV.sys [NoSig]
 +-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mskssrv.sys : 7,424 : 12/11/2002 11:14 PM : 85736f804191cb420a31aca2a7f0674f [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mskssrv.sys : 7,552 : 04/13/2008 02:39 PM : d1575e71568f4d9e14ca56b7b0453bf1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\MSPCLOCK.sys [NoSig]
 +-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mspclock.sys : 5,248 : 12/11/2002 11:14 PM : e943adb93d83c5cbc0ca3f53f53b48cc [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mspclock.sys : 5,376 : 04/13/2008 02:39 PM : 325bb26842fc7ccc1fcce2c457317f3e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\MSPQM.sys [NoSig]
 +-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mspqm.sys : 4,608 : 08/23/2001 02:00 AM : f6a726b8832db1f88326b8be98b11981 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mspqm.sys : 4,992 : 04/13/2008 02:39 PM : bad59648ba099da4a17680b39730cb3d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\mssmbios.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\mssmbios.sys : 15,488 : 04/13/2008 02:36 PM : af5f4f3f14a8ea2c26de30f7a1e17136 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ndis.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\ndis.sys : 182,656 : 04/13/2008 03:20 PM : 1df7f42665c94b825322fae71721130d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ndisuio.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\ndisuio.sys : 14,592 : 04/13/2008 02:55 PM : f927a4434c5028758a842943ef1a3849 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ndiswan.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\ndiswan.sys : 91,520 : 04/13/2008 03:20 PM : edc1531a49c80614b2cfda43ca8659ab [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ndproxy.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\ndproxy.sys : 40,576 : 04/13/2008 02:57 PM : 6215023940cfd3702b46abc304e1d45a [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\ndproxy.sys : 40,960 : 11/02/2010 02:17 AM : 9282bd12dfb069d3889eb3fcc1000a9b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\netbios.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\netbios.sys : 34,688 : 04/13/2008 02:56 PM : 5d81cf9a2f1a3a756b66cf684911cdf0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\netbt.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\netbt.sys : 162,816 : 04/13/2008 03:21 PM : 74b2b2f5bea5e9a3dc021d685551bd3d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nic1394.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\nic1394.sys : 61,824 : 04/13/2008 02:51 PM : e9e47cfb2d461fa0fc75b7a74c6383ea [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nikedrv.sys [NoSig]
 
 * C:\WINDOWS\System32\drivers\nmnt.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\nmnt.sys : 40,320 : 04/13/2008 02:53 PM : 1e421a6bcf2203cc61b821ada9de878b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\npfs.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\npfs.sys : 30,848 : 04/13/2008 02:32 PM : 3182d64ae053d6fb034f44b6def8034a [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ntfs.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\ntfs.sys : 574,976 : 04/13/2008 03:15 PM : 78a08dd6a8d65e697c18e1db01c5cdca [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\null.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\null.sys : 2,944 : 08/23/2001 03:00 PM : 73c1e1f395918bc2c6dd67af7591a3ad [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nwlnkflt.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nwlnkflt.sys : 12,416 : 08/23/2001 03:00 PM : b305f3fad35083837ef46a0bbce2fc57 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nwlnkfwd.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nwlnkfwd.sys : 32,512 : 08/23/2001 03:00 PM : c99b3415198d1aab7227f2c88fd664b9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nwlnkipx.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\nwlnkipx.sys : 88,320 : 04/13/2008 02:56 PM : 8b8b1be2dba4025da6786c645f77f123 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nwlnknb.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nwlnknb.sys : 63,232 : 08/23/2001 03:00 PM : 56d34a67c05e94e16377c60609741ff8 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nwlnkspx.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\nwlnkspx.sys : 55,936 : 08/23/2001 03:00 PM : c0bb7d1615e1acbdc99757f6ceaf8cf0 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\nwrdr.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\nwrdr.sys : 163,584 : 04/13/2008 02:34 PM : 36b9b950e3d2e100970a48d8bad86740 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\p3.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\p3.sys : 42,752 : 04/13/2008 02:31 PM : c90018bafdc7098619a4a95b046b30f3 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\parport.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\parport.sys : 80,128 : 04/13/2008 02:40 PM : 5575faf8f97ce5e713d108c2a58d7c7c [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\partmgr.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\partmgr.sys : 19,712 : 04/13/2008 02:40 PM : beb3ba25197665d82ec7065b724171c6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\parvdm.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\parvdm.sys : 6,784 : 08/23/2001 03:00 PM : 70e98b3fd8e963a6a46a2e6247e0bea1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\pciidex.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\pciidex.sys : 24,960 : 04/13/2008 02:40 PM : 52e60f29221d0d1ac16737e8dbf7c3e9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\pci.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\pci.sys : 68,224 : 04/13/2008 02:36 PM : a219903ccf74233761d92bef471a07b1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\pcmcia.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\pcmcia.sys : 120,192 : 04/13/2008 02:36 PM : 9e89ef60e9ee05e3f2eef2da7397f1c1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\portcls.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\portcls.sys : 146,048 : 04/13/2008 03:19 PM : e82a496c3961efc6828b508c310ce98f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\processr.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\processr.sys : 35,840 : 04/13/2008 02:31 PM : a32bebaf723557681bfc6bd93e98bd26 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\psched.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\psched.sys : 69,120 : 04/13/2008 02:56 PM : 09298ec810b07e5d582cb3a3f9255424 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ptilink.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ptilink.sys : 17,792 : 08/23/2001 03:00 PM : 80d317bd1c3dbc5d4fe7b1678c60cadd [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rasacd.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rasacd.sys : 8,832 : 08/23/2001 03:00 PM : fe0d99d6f31e4fad8159f690d68ded9c [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rasl2tp.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\rasl2tp.sys : 51,328 : 04/13/2008 03:19 PM : 11b4a627bc9614b885c4969bfa5ff8a6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\raspppoe.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\raspppoe.sys : 41,472 : 04/13/2008 02:57 PM : 5bc962f2654137c9909c3d4603587dee [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\raspptp.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\raspptp.sys : 48,384 : 04/13/2008 03:19 PM : efeec01b1d3cf84f16ddd24d9d9d8f99 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\raspti.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\raspti.sys : 16,512 : 08/23/2001 03:00 PM : fdbb1d60066fcfbb7452fd8f9829b242 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rawwan.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rawwan.sys : 34,432 : 08/23/2001 03:00 PM : 01524cd237223b18adbb48f70083f101 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rdbss.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\rdbss.sys : 175,744 : 04/13/2008 03:28 PM : 7ad224ad1a1437fe28d89cf22b17780a [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rdpcdd.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rdpcdd.sys : 4,224 : 08/23/2001 03:00 PM : 4912d5b403614ce99c28420f75353332 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rdpdr.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\rdpdr.sys : 196,224 : 04/13/2008 02:32 PM : 15cabd0f7c00c47c70124907916af3f1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\redbook.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\redbook.sys : 57,600 : 04/13/2008 02:40 PM : f828dd7e1419b6653894a8f97a0094c5 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rmcast.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\rmcast.sys : 202,624 : 04/13/2008 02:55 PM : ecff394d65671efde5a872eb9ef4f2d5 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\rmcast.sys : 203,136 : 05/08/2008 02:02 AM : 96f7a9a7bf0c9c0440a967440065d33c [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rndismp.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\rndismp.sys : 30,592 : 04/13/2008 02:56 PM : 601844cbcf617ff8c868130ca5b2039d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\rootmdm.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\rootmdm.sys : 5,888 : 08/23/2001 03:00 PM : d8b0b4ade32574b2d9c5cc34dc0dbbe7 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\scsiport.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\scsiport.sys : 96,384 : 04/13/2008 02:40 PM : 76c465f570e90c28942d52ccb2580a10 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sdbus.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\sdbus.sys : 79,232 : 04/13/2008 02:36 PM : 8d04819a3ce51b9eb47e5689b44d43c4 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\serenum.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\serenum.sys : 15,744 : 04/13/2008 02:40 PM : 0f29512ccd6bead730039fb4bd2c85ce [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\serial.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\serial.sys : 64,512 : 04/13/2008 03:15 PM : cca207a8896d4c6a0c9ce29a4ae411a7 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sffdisk.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\sffdisk.sys : 11,904 : 04/13/2008 02:40 PM : 0fa803c64df0914b41f807ea276bf2a6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sffp_sd.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\sffp_sd.sys : 11,008 : 04/13/2008 02:40 PM : c17c331e435ed8737525c86a7557b3ac [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sfloppy.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys : 11,392 : 04/13/2008 02:40 PM : 8e6b8c671615d126fdc553d1e2de5562 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\smclib.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\smclib.sys : 14,592 : 08/23/2001 03:00 PM : 017daecf0ed3aa731313433601ec40fa [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sonydcam.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\sonydcam.sys : 25,344 : 04/13/2008 02:46 PM : 489703624dac94ed943c2abda022a1cd [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\splitter.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\splitter.sys : 6,272 : 04/13/2008 02:45 PM : ab8b92451ecb048a4d1de7c3ffcb4a9f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sr.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\sr.sys : 73,472 : 04/13/2008 02:36 PM : 76bb022c2fb6902fd5bdd4f78fc13a5d [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\stream.sys [NoSig]
 +-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\stream.sys : 45,696 : 12/11/2002 11:14 PM : d5ecbe98cceda4507fa9168e8d932088 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\stream.sys : 49,408 : 04/13/2008 02:45 PM : 3e5d89099ded9e86e5639f411693218f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\swenum.sys [NoSig]
 +-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\swenum.sys : 4,096 : 12/11/2002 11:14 PM : 616a013d3ea068b6dee83d905e92ee9f [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\swenum.sys : 4,352 : 04/13/2008 02:39 PM : 3941d127aef12e93addf6fe6ee027e0f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\swmidi.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\swmidi.sys : 56,576 : 04/13/2008 02:45 PM : 8ce882bcc6cf8a62f2b2323d95cb3d01 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\sysaudio.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\sysaudio.sys : 60,800 : 04/13/2008 03:15 PM : 8b83f3ed0f1688b4958f77cd6d2bf290 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\tape.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\tape.sys : 14,976 : 04/13/2008 02:40 PM : fd6093e3decd925f1cffc8a0dd539d72 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\tcpip6.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\tcpip6.sys : 225,664 : 04/13/2008 03:00 PM : aa7a55536096d646dc7ab0ac5641e9e8 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\tcpip6.sys : 226,880 : 02/11/2010 03:02 AM : 4e53bbcc4be37d7a4bd6ef1098c89ff7 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\tdi.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\tdi.sys : 19,072 : 04/13/2008 03:00 PM : 0539d5e53587f82d1b4fd74c5be205cf [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\tdpipe.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys : 12,040 : 04/13/2008 08:13 PM : 6471a66807f5e104e4885f5b67349397 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\tdtcp.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys : 21,896 : 04/13/2008 08:13 PM : c56b6d0402371cf3700eb322ef3aaf61 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\termdd.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\termdd.sys : 40,840 : 04/13/2008 08:13 PM : 88155247177638048422893737429d9e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\tosdvd.sys [NoSig]
 
 * C:\WINDOWS\System32\drivers\tunmp.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\tunmp.sys : 12,288 : 04/13/2008 02:56 PM : 8f861eda21c05857eb8197300a92501c [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\udfs.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\udfs.sys : 66,048 : 04/13/2008 02:32 PM : 5787b80c2e3c5e2f56c2a233d91fa2c9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\update.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\update.sys : 384,768 : 04/13/2008 02:39 PM : 402ddc88356b1bac0ee3dd1580c76a31 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbcamd2.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\usbcamd2.sys : 25,728 : 04/13/2008 02:45 PM : ce97845d2e3f0d274b8bac1ed07c6149 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbcamd.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\usbcamd.sys : 25,600 : 04/13/2008 02:45 PM : 1c1a47b40c23358245aa8d0443b6935e [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbccgp.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\usbccgp.sys : 32,128 : 04/13/2008 02:45 PM : 173f317ce0db8e21322e71b7e60a27e8 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\usbccgp.sys : 32,128 : 04/13/2008 02:45 PM : 173f317ce0db8e21322e71b7e60a27e8 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbd.sys [NoSig]
 
 * C:\WINDOWS\System32\drivers\usbehci.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\usbehci.sys : 30,208 : 04/13/2008 02:45 PM : 65dcf09d0e37d4c6b11b5b0b76d470a7 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbhub.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\usbhub.sys : 59,520 : 04/13/2008 02:45 PM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbintel.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\usbintel.sys : 15,872 : 04/13/2008 02:45 PM : 290913dc4f1125e5a82de52579a44c43 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbport.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\usbport.sys : 143,872 : 04/13/2008 02:45 PM : 791912e524cc2cc6f50b5f2b52d1eb71 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\USBSTOR.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\usbstor.sys : 26,368 : 04/13/2008 02:45 PM : a32426d9b14a089eaa1d922e0c5801a9 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\usbstor.sys : 26,368 : 04/13/2008 02:45 PM : a32426d9b14a089eaa1d922e0c5801a9 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\usbuhci.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\usbuhci.sys : 20,608 : 04/13/2008 02:45 PM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\vga.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\vga.sys : 20,992 : 04/13/2008 02:44 PM : 0d3a8fafceacd8b7625cd549757a7df1 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\videoprt.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\videoprt.sys : 81,664 : 04/13/2008 02:44 PM : e28726b72c46821a28830e077d39a55b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\volsnap.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\volsnap.sys : 52,352 : 04/13/2008 02:41 PM : 4c8fcb5cc53aab716d810740fe59d025 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\wanarp.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\wanarp.sys : 34,560 : 04/13/2008 02:57 PM : e20b95baedb550f32dd489265c1da1f6 [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\wdmaud.sys [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\wdmaud.sys : 83,072 : 04/13/2008 03:17 PM : 6768acf64b18196494413695f0c3a00f [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\wmilib.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\wmilib.sys : 4,352 : 08/23/2001 03:00 PM : 2f31b7f954bed437f2c75026c65caf7b [Pos Repl]
 
 * C:\WINDOWS\System32\drivers\ws2ifsl.sys [NoSig]
 +-> C:\WINDOWS\system32\dllcache\ws2ifsl.sys : 12,032 : 08/23/2001 03:00 PM : 6abe6e225adb5a751622a9cc3bc19ce8 [Pos Repl]
 
 * C:\WINDOWS\System32\dsound.dll [NoSig]
 +-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll : 336,384 : 12/11/2002 11:14 PM : beabcd2da4fd90b44600e21f37a59fbc [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\dsound.dll : 367,616 : 04/13/2008 08:11 PM : 4d83ed8bddec431fc8ad907b47cfb6e3 [Pos Repl]
 
 * C:\WINDOWS\System32\dssenh.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\dssenh.dll : 138,752 : 04/13/2008 01:37 PM : fede68bf80052bad393afd5c2e60dcb0 [Pos Repl]
 
 * C:\WINDOWS\System32\es.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\es.dll : 246,272 : 04/13/2008 08:11 PM : 19a799805b24990867b00c120d300c3a [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\es.dll : 253,952 : 07/07/2008 04:26 PM : d4991d98f2db73c60d042f1aef79efae [Pos Repl]
 
 * C:\WINDOWS\System32\eventlog.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\eventlog.dll : 56,320 : 04/13/2008 08:11 PM : 6d4feb43ee538fc5428cc7f0565aa656 [Pos Repl]
 
 * C:\WINDOWS\System32\hid.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\hid.dll : 20,992 : 04/13/2008 08:11 PM : 8973122796e3b5d6b5900fc186e55fea [Pos Repl]
 
 * C:\WINDOWS\System32\hnetcfg.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\hnetcfg.dll : 344,064 : 04/13/2008 08:11 PM : 3cb32d3b8cbe79899d63280bb7a83cd9 [Pos Repl]
 
 * C:\WINDOWS\System32\imm32.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\imm32.dll : 110,080 : 04/13/2008 08:11 PM : 0da85218e92526972a821587e6a8bf8f [Pos Repl]
 
 * C:\WINDOWS\System32\ipsecsvc.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\ipsecsvc.dll : 183,808 : 04/13/2008 08:11 PM : 332760fba1655fcfd35bd6f4fd871300 [Pos Repl]
 
 * C:\WINDOWS\System32\ksuser.dll [NoSig]
 +-> C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll : 4,096 : 12/11/2002 11:14 PM : 15914e0bf4dda56cf797993dccb637d1 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\ksuser.dll : 4,096 : 04/13/2008 08:11 PM : 9b9f1c38d559047b8ac0dba2d5febde9 [Pos Repl]
 
 * C:\WINDOWS\System32\linkinfo.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll : 19,968 : 04/13/2008 08:11 PM : 2dc5a8019e2387987905f77c664e4be2 [Pos Repl]
 
 * C:\WINDOWS\System32\lpk.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\lpk.dll : 22,016 : 04/13/2008 08:11 PM : 012df358cebaa23acb26d82077820817 [Pos Repl]
 
 * C:\WINDOWS\System32\lsass.exe [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\lsass.exe : 13,312 : 04/13/2008 08:12 PM : bf2466b3e18e970d8a976fb95fc1ca85 [Pos Repl]
 
 * C:\WINDOWS\System32\mfc40u.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\mfc40u.dll : 927,504 : 04/13/2008 08:11 PM : cddd4416b2b4c7295fe3fdb6dde57e4e [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mfc40u.dll : 953,856 : 09/18/2010 08:53 AM : e76a5c202e68af5a322d16b5a78f48b9 [Pos Repl]
 
 * C:\WINDOWS\System32\midimap.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\midimap.dll : 18,944 : 04/13/2008 08:11 PM : 5c12660a97822f6e61576943b49aaad6 [Pos Repl]
 
 * C:\WINDOWS\System32\msgsvc.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\msgsvc.dll : 33,792 : 04/13/2008 08:11 PM : 986b1ff5814366d71e0ac5755c88f2d3 [Pos Repl]
 
 * C:\WINDOWS\System32\msimg32.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\msimg32.dll : 4,608 : 04/13/2008 08:11 PM : affc87e2501fce8f09d4c10ba6421ccf [Pos Repl]
 
 * C:\WINDOWS\System32\mspmsnsv.dll [NoSig]
 +-> C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll : 25,088 : 01/28/2005 08:44 AM : 140ef97b64f560fd78643cae2cdad838 [Pos Repl]
 +-> C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll : 52,224 : 08/04/2004 05:56 AM : c086483e3dba8c1c0a687ec8d5b3d4c1 [Pos Repl]
 +-> C:\WINDOWS\ServicePackFiles\i386\mspmsnsv.dll : 52,224 : 08/04/2004 08:56 AM : c086483e3dba8c1c0a687ec8d5b3d4c1 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\mspmsnsv.dll : 25,088 : 01/28/2005 08:44 AM : 140ef97b64f560fd78643cae2cdad838 [Pos Repl]
 
 * C:\WINDOWS\System32\msprivs.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\msprivs.dll : 48,128 : 04/13/2008 08:23 AM : c6bb1d1500db4a0e224cb65e6c7e8a80 [Pos Repl]
 
 * C:\WINDOWS\System32\msvcrt.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\msvcrt.dll : 343,040 : 04/13/2008 08:12 PM : 355edbb4d412b01f1740c17e3f50fa00 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll : 322,560 : 08/23/2001 03:00 PM : 4200be3808f6406dbe45a7b88dae5035 [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll : 323,072 : 08/29/2002 03:41 AM : 70630cad245477f8db02b79d9a92834c [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll : 343,040 : 08/04/2004 03:57 AM : 98ec447e00229afd88d5161a25d065da [Pos Repl]
 +-> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll : 343,040 : 04/13/2008 08:12 PM : d7075e95aa599ee77b7a89d39296bd3d [Pos Repl]
 
 * C:\WINDOWS\System32\netlogon.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\netlogon.dll : 407,040 : 04/13/2008 08:12 PM : 1b7f071c51b77c272875c3a23e1e4550 [Pos Repl]
 
 * C:\WINDOWS\System32\netman.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\netman.dll : 198,144 : 04/13/2008 08:12 PM : 13e67b55b3abd7bf3fe7aae5a0f9a9de [Pos Repl]
 
 * C:\WINDOWS\System32\ntmssvc.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll : 435,200 : 04/13/2008 08:12 PM : 156f64a3345bd23c600655fb4d10bc08 [Pos Repl]
 
 * C:\WINDOWS\System32\oakley.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\oakley.dll : 270,336 : 04/13/2008 08:12 PM : 33ceb89b62589e8b12aee9e2d523dade [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\oakley.dll : 270,336 : 10/13/2009 08:30 AM : c5ff8682eada5b3b27a865f1c3ef9270 [Pos Repl]
 
 * C:\WINDOWS\System32\olepro32.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\olepro32.dll : 84,992 : 04/13/2008 08:12 PM : 5652f6ce1d9e9d8068b9d29bc21b5409 [Pos Repl]
 
 * C:\WINDOWS\System32\perfctrs.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\perfctrs.dll : 39,936 : 04/13/2008 08:12 PM : dbe2b62353660ecca0d75ea307a717e9 [Pos Repl]
 
 * C:\WINDOWS\System32\powrprof.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\powrprof.dll : 17,408 : 04/13/2008 08:12 PM : 50a166237a0fa771261275a405646cc0 [Pos Repl]
 
 * C:\WINDOWS\System32\psbase.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\psbase.dll : 96,768 : 04/13/2008 08:12 PM : 22d89d84e8e081cda529dbf8c0255a38 [Pos Repl]
 
 * C:\WINDOWS\System32\pstorsvc.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\pstorsvc.dll : 34,304 : 04/13/2008 08:12 PM : 853d0d0c6f02d7bfdf1cf99dd7553732 [Pos Repl]
 
 * C:\WINDOWS\System32\qmgr.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\qmgr.dll : 409,088 : 04/13/2008 08:12 PM : 574738f61fca2935f5265dc4e5691314 [Pos Repl]
 +-> C:\WINDOWS\system32\bits\qmgr.dll : 409,088 : 04/13/2008 08:12 PM : 574738f61fca2935f5265dc4e5691314 [Pos Repl]
 
 * C:\WINDOWS\System32\rasadhlp.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\rasadhlp.dll : 7,680 : 04/13/2008 08:12 PM : 6f9bef24c578d5d6740e080bedd6a448 [Pos Repl]
 
 * C:\WINDOWS\System32\regsvc.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\regsvc.dll : 59,904 : 04/13/2008 08:12 PM : 5b19b557b0c188210a56a6b699d90b8f [Pos Repl]
 
 * C:\WINDOWS\System32\rpcss.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\rpcss.dll : 399,360 : 04/13/2008 08:12 PM : 2589fe6015a316c0f5d5112b4da7b509 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\rpcss.dll : 401,408 : 02/09/2009 08:10 AM : 6b27a5c03dfb94b4245739065431322c [Pos Repl]
 
 * C:\WINDOWS\System32\scecli.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\scecli.dll : 181,248 : 04/13/2008 08:12 PM : a86bb5e61bf3e39b62ab4c7e7085a084 [Pos Repl]
 
 * C:\WINDOWS\System32\schedsvc.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\schedsvc.dll : 192,512 : 04/13/2008 08:12 PM : 0a9a7365a1ca4319aa7c1d6cd8e4eafa [Pos Repl]
 
 * C:\WINDOWS\System32\services.exe [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\services.exe : 108,544 : 04/13/2008 08:12 PM : 0e776ed5f7cc9f94299e70461b7b8185 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\services.exe : 110,592 : 02/06/2009 08:11 AM : 65df52f5b8b6e9bbd183505225c37315 [Pos Repl]
 
 * C:\WINDOWS\System32\setupapi.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\setupapi.dll : 985,088 : 04/14/2008 08:42 AM : 24192246760e0e64435522e246b1d6c2 [Pos Repl]
 
 * C:\WINDOWS\System32\sfc.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\sfc.dll : 5,120 : 04/13/2008 08:12 PM : 96e1c926f22ee1bfbae82901a35f6bf3 [Pos Repl]
 
 * C:\WINDOWS\System32\sfcfiles.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll : 1,614,848 : 04/13/2008 08:12 PM : 9dd07af82244867ca36681ea2d29ce79 [Pos Repl]
 
 * C:\WINDOWS\System32\shsvcs.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\shsvcs.dll : 135,168 : 04/13/2008 08:12 PM : 1926899bf9ffe2602b63074971700412 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\shsvcs.dll : 135,168 : 07/27/2009 07:17 PM : 99bc0b50f511924348be19c7c7313bbf [Pos Repl]
 
 * C:\WINDOWS\System32\smss.exe [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\smss.exe : 50,688 : 04/13/2008 08:12 PM : 5f816c1f539266d2d4c78694239da0b5 [Pos Repl]
 
 * C:\WINDOWS\System32\spoolsv.exe [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe : 57,856 : 04/13/2008 08:12 PM : d8e14a61acc1d4a6cd0d38aebac7fa3b [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\spoolsv.exe : 58,880 : 08/17/2010 08:17 AM : 60784f891563fb1b767f70117fc2428f [Pos Repl]
 
 * C:\WINDOWS\System32\srsvc.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\srsvc.dll : 171,008 : 04/13/2008 08:12 PM : 3805df0ac4296a34ba4bf93b346cc378 [Pos Repl]
 
 * C:\WINDOWS\System32\ssdpsrv.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\ssdpsrv.dll : 71,680 : 04/13/2008 08:12 PM : 0a5679b3714edab99e357057ee88fca6 [Pos Repl]
 
 * C:\WINDOWS\System32\svchost.exe [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\svchost.exe : 14,336 : 04/13/2008 08:12 PM : 27c6d03bcdb8cfeb96b716f3d8be3e18 [Pos Repl]
 
 * C:\WINDOWS\System32\tapisrv.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\tapisrv.dll : 249,856 : 04/13/2008 08:12 PM : 3cb78c17bb664637787c9a1c98f79c38 [Pos Repl]
 
 * C:\WINDOWS\System32\termsrv.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\termsrv.dll : 295,424 : 04/13/2008 08:12 PM : ff3477c03be7201c294c35f684b3479f [Pos Repl]
 
 * C:\WINDOWS\System32\upnphost.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\upnphost.dll : 185,856 : 04/13/2008 08:12 PM : 1ebafeb9a3fbdc41b8d9c7f0f687ad91 [Pos Repl]
 
 * C:\WINDOWS\System32\user32.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\user32.dll : 578,560 : 04/13/2008 08:12 PM : b26b135ff1b9f60c9388b4a7d16f600b [Pos Repl]
 
 * C:\WINDOWS\System32\userinit.exe [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\userinit.exe : 26,112 : 04/13/2008 08:12 PM : a93aee1928a9d7ce3e16d24ec7380f89 [Pos Repl]
 
 * C:\WINDOWS\System32\usp10.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\usp10.dll : 406,016 : 04/13/2008 08:12 PM : 7d7d8501f3cb45d0408cdefa08cdaeff [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\usp10.dll : 406,016 : 04/16/2010 08:36 AM : 9e03dc5ab51cfd0190541ce2038d819d [Pos Repl]
 
 * C:\WINDOWS\System32\UxTheme.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\uxtheme.dll : 218,624 : 04/13/2008 08:12 PM : 7a2cc3719b255e6b5d74396183b7715b [Pos Repl]
 
 * C:\WINDOWS\System32\version.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\version.dll : 18,944 : 04/13/2008 08:12 PM : c7ce131408739b0b3a318be2d0032719 [Pos Repl]
 
 * C:\WINDOWS\System32\w32time.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\w32time.dll : 175,104 : 04/13/2008 08:12 PM : 54af4b1d5459500ef0937f6d33b1914f [Pos Repl]
 
 * C:\WINDOWS\System32\wbem\wmiprvse.exe [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe : 218,112 : 04/13/2008 08:12 PM : 0ffae66e6d5b1c87cbd22d1f3b6079fd [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\wmiprvse.exe : 227,840 : 02/06/2009 08:10 AM : 798a9e6828997eef4517ada8a2259831 [Pos Repl]
 
 * C:\WINDOWS\System32\wdigest.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\wdigest.dll : 49,152 : 04/13/2008 08:12 PM : cefcc6a64983eb8119f3a07a0c1ede30 [Pos Repl]
 +-> C:\WINDOWS\system32\dllcache\wdigest.dll : 54,272 : 06/25/2009 08:25 AM : 3aaf9b35939ff9e58ccd18d41655c2fc [Pos Repl]
 
 * C:\WINDOWS\System32\wiaservc.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\wiaservc.dll : 333,824 : 04/13/2008 08:12 PM : 8bad69cbac032d4bbacfce0306174c30 [Pos Repl]
 
 * C:\WINDOWS\System32\winlogon.exe [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\winlogon.exe : 507,904 : 04/13/2008 08:12 PM : ed0ef0a136dec83df69f04118870003e [Pos Repl]
 
 * C:\WINDOWS\System32\ws2_32.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll : 82,432 : 04/13/2008 08:12 PM : 2ccc474eb85ceaa3e1fa1726580a3e5a [Pos Repl]
 
 * C:\WINDOWS\System32\ws2help.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\ws2help.dll : 19,968 : 04/13/2008 08:12 PM : 9789e95e1d88eeb4b922bf3ea7779c28 [Pos Repl]
 
 * C:\WINDOWS\System32\wscntfy.exe [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe : 13,824 : 04/13/2008 08:12 PM : f92e1076c42fcd6db3d72d8cfe9816d5 [Pos Repl]
 
 * C:\WINDOWS\System32\xmlprov.dll [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll : 129,024 : 04/13/2008 08:12 PM : 295d21f14c335b53cb8154e5b1f892b9 [Pos Repl]
 
 * C:\WINDOWS\explorer.exe [NoSig]
 +-> C:\WINDOWS\ServicePackFiles\i386\explorer.exe : 1,033,728 : 04/13/2008 08:12 PM : 12896823fb95bfb3dc9b46bcaedc9923 [Pos Repl]
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 04/04/2013 02:39:24 PM
Execution time: 0 hours(s), 12 minute(s), and 54 seconds(s)
 
 
 

ESET log

None, nothing detected.

 

 

Junkware removal tool log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.2 (04.04.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Fri 04/05/2013 at  0:10:35.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0eedb912-c5fa-486f-8334-57288578c627}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/05/2013 at  1:05:10.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:30 PM

Posted 05 April 2013 - 01:06 AM

Malwarebytes

Please download Malwarebytes Anti-Malware and save it to your desktop. If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

Farbar's MiniToolBox


  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================

Farbar's Service Scanner

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================

AdwCleaner by Xplode - Search for Adware

  • Please download AdwCleaner by Xplode onto your desktop.
  • Security softwares may flag it as malicious.This is a false positive and can be ignored.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • Click YES if you receive a warning for reboot
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================

Autoruns
 

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply



  • Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Autoruns log


#7 P233MHZ

P233MHZ
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:30 PM

Posted 05 April 2013 - 02:33 AM

I rebooted the computer after the previous set of instructions was complete (after running JRT). The red x on the Panda icon remains.

 

Malwarebytes log

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.04.05.03
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: AMP [administrator]
 
4/5/2013 2:15:15 AM
mbam-log-2013-04-05 (02-15-15).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193997
Time elapsed: 25 minute(s), 
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 

MiniToolBox log

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by Administrator (administrator) on 05-04-2013 at 03:00:00
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Intel® PRO/100+ Management Adapter = Local Area Connection 3 (Connected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection 3"
 
set address name="Local Area Connection 3" source=dhcp 
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : amp
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Unknown
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Local Area Connection 3:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : Intel® PRO/100+ Management Adapter
 
        Physical Address. . . . . . . . . : 00-D0-B7-4C-96-53
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.1.102
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.1.1
 
        DHCP Server . . . . . . . . . . . : 192.168.1.1
 
        DNS Servers . . . . . . . . . . . : 192.168.1.1
 
        Lease Obtained. . . . . . . . . . : Friday, April 05, 2013 1:26:45 AM
 
        Lease Expires . . . . . . . . . . : Monday, January 18, 2038 11:14:07 PM
 
Server:  TH-WSO
Address:  192.168.1.1
 
Name:    google.com
Addresses:  173.194.43.46, 173.194.43.33, 173.194.43.32, 173.194.43.38
 173.194.43.41, 173.194.43.39, 173.194.43.40, 173.194.43.35, 173.194.43.34
 173.194.43.37, 173.194.43.36
 
 
 
Pinging google.com [173.194.43.36] with 32 bytes of data:
 
 
 
Reply from 173.194.43.36: bytes=32 time=30ms TTL=54
 
Reply from 173.194.43.36: bytes=32 time=32ms TTL=54
 
 
 
Ping statistics for 173.194.43.36:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 30ms, Maximum = 32ms, Average = 31ms
 
Server:  TH-WSO
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.183.24
 
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
 
 
 
Reply from 98.139.183.24: bytes=32 time=67ms TTL=51
 
Reply from 98.139.183.24: bytes=32 time=77ms TTL=51
 
 
 
Ping statistics for 98.139.183.24:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 67ms, Maximum = 77ms, Average = 72ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 d0 b7 4c 96 53 ...... Intel® PRO/100+ Management Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.102  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      192.168.1.0    255.255.255.0    192.168.1.102   192.168.1.102  20
    192.168.1.102  255.255.255.255        127.0.0.1       127.0.0.1  20
    192.168.1.255  255.255.255.255    192.168.1.102   192.168.1.102  20
        224.0.0.0        240.0.0.0    192.168.1.102   192.168.1.102  20
  255.255.255.255  255.255.255.255    192.168.1.102   192.168.1.102  1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/04/2013 04:57:04 PM) (Source: Acronis Scheduler) (User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".
 
Error: (04/03/2013 04:57:01 PM) (Source: Acronis Scheduler) (User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".
 
Error: (04/02/2013 04:57:02 PM) (Source: Acronis Scheduler) (User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".
 
Error: (04/01/2013 04:57:03 PM) (Source: Acronis Scheduler) (User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".
 
Error: (03/31/2013 04:57:17 PM) (Source: Acronis Scheduler) (User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".
 
Error: (03/30/2013 04:57:04 PM) (Source: Acronis Scheduler) (User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".
 
Error: (03/30/2013 03:22:43 AM) (Source: Acronis True Image Enterprise Server) (User: )
Description: Failed to read data from the disk.
A possible reason might be bad sectors on the disk.: None
 
Error: (03/29/2013 04:57:05 PM) (Source: Acronis Scheduler) (User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".
 
Error: (03/28/2013 04:57:12 PM) (Source: Acronis Scheduler) (User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".
 
Error: (03/27/2013 04:57:01 PM) (Source: Acronis Scheduler) (User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".
 
 
System errors:
=============
Error: (04/05/2013 02:21:19 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/05/2013 02:21:16 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/05/2013 02:21:16 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/05/2013 02:21:16 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/05/2013 02:21:13 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/05/2013 01:31:16 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
FltMgr
 
Error: (04/05/2013 01:28:57 AM) (Source: Service Control Manager) (User: )
Description: The PDFSFilter service depends on the FltMgr service which failed to start because of the following error: 
%%31
 
Error: (04/05/2013 01:28:57 AM) (Source: Service Control Manager) (User: )
Description: The PSINProc service depends on the FltMgr service which failed to start because of the following error: 
%%31
 
Error: (04/05/2013 01:28:57 AM) (Source: Service Control Manager) (User: )
Description: The PSINFile service depends on the FltMgr service which failed to start because of the following error: 
%%31
 
Error: (04/05/2013 01:14:17 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
 
Microsoft Office Sessions:
=========================
Error: (04/04/2013 04:57:04 PM) (Source: Acronis Scheduler)(User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".Error code: 2The system cannot find the file specified.
 
Error: (04/03/2013 04:57:01 PM) (Source: Acronis Scheduler)(User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".Error code: 2The system cannot find the file specified.
 
Error: (04/02/2013 04:57:02 PM) (Source: Acronis Scheduler)(User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".Error code: 2The system cannot find the file specified.
 
Error: (04/01/2013 04:57:03 PM) (Source: Acronis Scheduler)(User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".Error code: 2The system cannot find the file specified.
 
Error: (03/31/2013 04:57:17 PM) (Source: Acronis Scheduler)(User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".Error code: 2The system cannot find the file specified.
 
Error: (03/30/2013 04:57:04 PM) (Source: Acronis Scheduler)(User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".Error code: 2The system cannot find the file specified.
 
Error: (03/30/2013 03:22:43 AM) (Source: Acronis True Image Enterprise Server)(User: )
Description: Failed to read data from the disk.
A possible reason might be bad sectors on the disk.: None
 
Error: (03/29/2013 04:57:05 PM) (Source: Acronis Scheduler)(User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".Error code: 2The system cannot find the file specified.
 
Error: (03/28/2013 04:57:12 PM) (Source: Acronis Scheduler)(User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".Error code: 2The system cannot find the file specified.
 
Error: (03/27/2013 04:57:01 PM) (Source: Acronis Scheduler)(User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".Error code: 2The system cannot find the file specified.
 
 
=========================== Installed Programs ============================
 
             (Version: 1.9.5.2802)
Acronis True Image Enterprise Server (Version: 9.1.3854)
Acronis True Image Management Console (Version: 9.1.3854)
Acronis True Image Agent (Version: 9.1.3854)
Acronis Universal Restore for Acronis True Image Enterprise Server (Version: 9.1.3854)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
AutoMate 6 (Version: 6.0.5.0)
Bulk Rename Utility 2, 2, 8, 1 (Version: 2, 2, 8, 1)
CCleaner (Version: 4.00)
CPUID HWMonitor 1.19
dMC AccurateRip
Dropbox (Version: 1.6.16)
DynDNS Updater 3.1 (Version: 3.1)
ESET Online Scanner v3
Exact Audio Copy 0.99pb5 (Version: 0.99pb5)
FileZilla Client 3.6.0 (Version: 3.6.0)
Firebird 2.0.1
GEAR Software Drivers
GoodSync (Version: 8.1.4.4)
Google Chrome (Version: 26.0.1410.43)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (Version: 1.1.1905.1)
ImgBurn (Version: 2.5.7.0)
Intel® PRO Network Adapters and Drivers
IPCheck Server Monitor (Version: 5)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
JetSuite Pro for the HP LaserJet 3100
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Data Access Components KB870669
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Windows Journal Viewer (Version: 1.5.2315.3)
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Music Manager
Panda Cloud Antivirus (Version: 02.01.01.0000)
Panda Cloud Antivirus (Version: 5.03.00.0000)
PerfectDisk 12.5 Server (Version: 12.05.312)
Sentinel System Driver
SequoiaView
Syncrify (Version: 3.3.0.0)
TaskInfo 7.0.8.216 (Version: 7.0.8.216)
Tweak UI
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB972636) (Version: 1)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
VS10RuntimeWin32 (Version: 1.0.0)
WD Diagnostics (Version: 1.09.0002)
WebFldrs XP (Version: 9.50.5318)
Windows Defender Signatures (Version: 1.20.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 7 (Version: 20061027.150806)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation (Version: 3.0.6920.0)
winLAME prerelease4 (Version: 0.0.4.0)
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Detect
 
========================= Devices: ================================
 
Name: NETGEAR FA311 Fast Ethernet Adapter - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: NT Apm/Legacy Interface Node
Description: NT Apm/Legacy Interface Node
Class Guid: {D45B1C18-C8FA-11D1-9F77-0000F805F530}
Manufacturer: Microsoft
Service: NtApm
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Hewlett-Packard HP LaserJet 3100
Description: Hewlett-Packard HP LaserJet 3100
Class Guid: {4D36E979-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 61%
Total physical RAM: 383.54 MB
Available physical RAM: 148.08 MB
Total Pagefile: 1371.05 MB
Available Pagefile: 1004 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.59 MB
 
========================= Partitions: =====================================
 
2 Drive c: (WD 120G) (Fixed) (Total:14.13 GB) (Free:4.94 GB) NTFS
3 Drive d: (WD 120G) (Fixed) (Total:97.65 GB) (Free:38.03 GB) NTFS
4 Drive e: (WD 120G) (Fixed) (Total:111.79 GB) (Free:33.72 GB) NTFS
5 Drive f: (BACKUP) (Fixed) (Total:232.88 GB) (Free:75.52 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\AMP
 
Administrator            ASPNET                   Chris                    
Guest                    HelpAssistant            SUPPORT_388945a0         
 
 
**** End of log ****
 
 

Farbar's Service Scanner log

 

Farbar Service Scanner Version: 03-03-2013
Ran by Administrator (administrator) on 05-04-2013 at 03:11:41
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\System32\srsvc.dll".
 
sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\System32\DRIVERS\sr.sys".
 
 
System Restore Disabled Policy: 
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1
 
 
Security Center:
============
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2002-11-05 17:04] - [2008-04-13 20:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A
 
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2001-08-23 15:00] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315
 
 
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x0E00000005000000010000000200000003000000040000000C0000000D0000000E000000060000000900000008000000070000000A0000000B000000
IpSec Tag value is correct.
 
**** End of log ****
 
 

AdwCleaner log (requested a reboot when done, which I did)

 

# AdwCleaner v2.200 - Logfile created 04/05/2013 at 03:16:27
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - AMP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v19.0.2 (en-US)
 
File : C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\am30cuwh.default\prefs.js
 
[OK] File is clean.
 
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gv5pp3pr.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v26.0.1410.43
 
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [1047 octets] - [05/04/2013 03:16:27]
 
########## EOF - C:\AdwCleaner[S1].txt - [1107 octets] ##########
 

 

 

Autoruns log

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "3/15/2013 2:03 PM"
+ "STARTRIGHT" "StartRight" "www.joejoesoft.com" "c:\program files\startright\startright.exe" "6/19/1992 6:22 PM"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" "" "" "" "3/15/2013 2:03 PM"
+ "STARTRIGHT" "StartRight" "www.joejoesoft.com" "c:\program files\startright\startright.exe" "6/19/1992 6:22 PM"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" "" "11/4/2002 1:00 AM"
+ "0" "" "" "File not found: About:Home" ""
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "1/9/2011 3:36 PM"
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.17.dll" "10/22/2012 11:05 PM"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "4/23/2002 10:01 PM"
+ "UAContextMenu" "Shell extension " "Panda Security, S.L." "c:\program files\panda security\panda cloud antivirus\psuashell.dll" "1/27/2013 3:51 PM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "12/26/2004 11:34 AM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "10/18/2004 11:33 AM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll" "12/14/2012 4:52 PM"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "1/9/2011 3:36 PM"
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.17.dll" "10/22/2012 11:05 PM"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "4/27/2002 12:50 AM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "12/26/2004 11:34 AM"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "4/27/2002 12:50 AM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "12/26/2004 11:34 AM"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "1/9/2011 3:36 PM"
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.17.dll" "10/22/2012 11:05 PM"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "4/24/2002 2:21 AM"
+ "UAContextMenu" "Shell extension " "Panda Security, S.L." "c:\program files\panda security\panda cloud antivirus\psuashell.dll" "1/27/2013 3:51 PM"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "4/24/2002 2:22 AM"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll" "12/18/2012 2:06 PM"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "4/24/2002 2:22 AM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll" "12/14/2012 4:52 PM"
+ "UAContextMenu" "Shell extension " "Panda Security, S.L." "c:\program files\panda security\panda cloud antivirus\psuashell.dll" "1/27/2013 3:51 PM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "12/26/2004 11:34 AM"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "4/24/2002 2:22 AM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "12/26/2004 11:34 AM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "11/9/2010 4:38 PM"
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.17.dll" "10/22/2012 11:05 PM"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.17.dll" "10/22/2012 11:05 PM"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.17.dll" "10/22/2012 11:05 PM"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.17.dll" "10/22/2012 11:05 PM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "11/9/2010 4:38 PM"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll" "9/23/2012 10:24 PM"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll" "3/1/2013 9:51 AM"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll" "3/1/2013 9:50 AM"
"Task Scheduler" "" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.6 r602" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe" "2/28/2013 10:40 PM"
+ "GoogleUpdateTaskUserS-1-5-21-1708537768-1343024091-839522115-500Core.job" "Google Installer" "Google Inc." "c:\documents and settings\administrator\local settings\application data\google\update\googleupdate.exe" "2/15/2012 10:43 PM"
+ "GoogleUpdateTaskUserS-1-5-21-1708537768-1343024091-839522115-500UA.job" "Google Installer" "Google Inc." "c:\documents and settings\administrator\local settings\application data\google\update\googleupdate.exe" "2/15/2012 10:43 PM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "3/7/2013 6:54 PM"
+ "AcronisAgent" "Allows Acronis products to remotely manage this computer" "Acronis" "c:\program files\common files\acronis\agent\agent.exe" "11/15/2006 3:31 AM"
+ "AcrSch2Svc" "Provides task scheduling for Acronis applications." "Acronis" "c:\program files\common files\acronis\schedule2\schedul2.exe" "11/14/2006 10:53 AM"
X "ADInsightSvc" "InsightSvc Service" "" "c:\windows\system32\adinsightsvc.exe" "1/25/2005 3:52 PM"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe" "2/28/2013 10:40 PM"
+ "Apache2.4" "Apache/2.4.3 (Win32) OpenSSL/0.9.8x" "Apache Software Foundation" "c:\program files\apache software foundation\apache\bin\httpd.exe" "8/20/2012 8:18 AM"
+ "AutoMate6" "Enables tasks created using AutoMate to trigger automatically on this computer. If this service is stopped, AutoMate tasks will not be run at their scheduled times.  " "Network Automation, Inc." "c:\program files\automate 6\amts.exe" "9/26/2005 1:36 PM"
+ "DynDNS_Updater_Service" "Allow monitoring and updating your IP address into dynamic dns service provider" "Kana Solution" "c:\program files\dyndns updater\dyndns.exe" "6/19/1992 6:22 PM"
+ "FirebirdGuardianDefaultInstance" "Firebird Server Guardian - www.firebirdsql.org" "FirebirdSQL Project" "c:\program files\ipcheck server monitor 5\firebird\bin\fbguard.exe" "3/2/2007 9:05 AM"
+ "FirebirdServerDefaultInstance" "Firebird Database Server - www.firebirdsql.org" "FirebirdSQL Project" "c:\program files\ipcheck server monitor 5\firebird\bin\fbserver.exe" "3/2/2007 9:05 AM"
+ "IPCProbeService" "IPCheck Probe" "Paessler AG" "c:\program files\ipcheck server monitor 5\ipcheckprobe.exe" "6/19/1992 6:22 PM"
+ "IPCServerService" "IPCheck Server Monitor 5" "Paessler AG" "c:\program files\ipcheck server monitor 5\ipcheckserver.exe" "6/19/1992 6:22 PM"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\java\jre7\bin\jqs.exe" "3/1/2013 9:45 AM"
+ "jsdaemon" "JetFax NT MFP Daemon Service" "JetFax, Inc." "c:\jetsuite\jsdaemon.exe" "6/1/1998 4:54 PM"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe" "3/7/2013 8:32 AM"
+ "NanoServiceMain" "Panda Cloud Antivirus Service" "Panda Security, S.L." "c:\program files\panda security\panda cloud antivirus\psanhost.exe" "1/27/2013 1:52 PM"
+ "PDAgent" "This service controls PerfectDisk's scheduling and remote communication." "Raxco Software, Inc." "c:\program files\raxco\perfectdisk\pdagent.exe" "10/4/2012 5:24 PM"
+ "PDEngine" "PerfectDisk's defrag engine" "Raxco Software, Inc." "c:\program files\common files\raxco\shared\pdengine.exe" "10/4/2012 5:23 PM"
+ "PSUAService" "Panda Product Service" "Panda Security, S.L." "c:\program files\panda security\panda cloud antivirus\psuaservice.exe" "1/27/2013 3:50 PM"
+ "Syncrify" "Commons Daemon Service Runner" "Apache Software Foundation" "c:\syncrify\syncrify.exe" "2/23/2012 5:01 AM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "3/7/2013 6:54 PM"
+ "a347bus" "Plug and Play BIOS Extension" " " "c:\windows\system32\drivers\a347bus.sys" "8/23/2004 6:20 AM"
+ "a347scsi" "SCSI miniport" " " "c:\windows\system32\drivers\a347scsi.sys" "4/30/2004 2:32 AM"
+ "asapiW2k" "ASAPI" "VOB Computersysteme GmbH" "c:\windows\system32\drivers\asapiw2k.sys" "4/17/2002 2:27 PM"
+ "asuskbnt" "ASUS Hot-Key filter driver." "ASUSTeK COMPUTER INC." "c:\windows\system32\drivers\asuskbnt.sys" "4/23/2003 11:28 PM"
+ "ati2mpad" "ATI2MPAD Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mpad.sys" "2/18/2002 10:36 AM"
+ "atirage3" "ATIRAGE3 Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atimpae.sys" "6/13/2001 7:41 PM"
+ "DefragFS" "Defragmentation Support Driver" "Raxco Software, Inc." "c:\windows\system32\drivers\defragfs.sys" "9/11/2012 3:24 PM"
+ "E100B" "Intel® PRO/100 Adapter NDIS 5.1 driver" "Intel Corporation" "c:\windows\system32\drivers\e100b325.sys" "11/16/2007 2:53 PM"
+ "FA312" "NETGEAR FA312 Fast Ethernet NDIS 5.0 Miniport Driver" "NETGEAR Corp." "c:\windows\system32\drivers\fa312nd5.sys" "2/9/2001 3:29 PM"
+ "GearAspiWDM" "CDRom Class Filter Driver" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys" "7/23/2004 5:25 PM"
+ "giveio" "" "" "c:\windows\system32\giveio.sys" "4/3/1996 10:33 PM"
+ "js1284" "JetFax NT 1284 Layer" "JetFax, Inc." "c:\windows\system32\drivers\js1284.sys" "6/1/1998 4:54 PM"
+ "jsfax" "JetFax NT Fax Client" "JetFax, Inc." "c:\windows\system32\drivers\jsfax.sys" "6/1/1998 4:54 PM"
+ "jsmux" "JetFax NT Mux" "JetFax, Inc." "c:\windows\system32\drivers\jsmux.sys" "6/1/1998 4:54 PM"
+ "jspclcap" "JetFax NT PCL Capture" "JetFax, Inc." "c:\windows\system32\drivers\jspclcap.sys" "6/1/1998 4:54 PM"
+ "jsscan" "JetFax NT Scan Client" "JetFax, Inc." "c:\windows\system32\drivers\jsscan.sys" "6/1/1998 4:54 PM"
X "kvpndev" "kvpndrv.sys" "Kerio Technologies" "c:\windows\system32\drivers\kvpndrv.sys" "2/1/2005 5:58 AM"
+ "l100" "Linksys LNE100TX Fast Ethernet NDIS5 Driver                           " "The Linksys Group.                                                             " "c:\windows\system32\drivers\lne100tx.sys" "2/5/2000 7:36 PM"
+ "ltmodem5" "LT Windows Modem" "LT" "c:\windows\system32\drivers\ltmdmnt.sys" "10/25/2001 5:05 PM"
+ "NNSALPC" "Application Layer Protocol Colorizer" "Panda Security, S.L." "c:\windows\system32\drivers\nnsalpc.sys" "11/26/2012 8:34 AM"
+ "NNSHTTP" "Http Parser" "Panda Security, S.L." "c:\windows\system32\drivers\nnshttp.sys" "11/26/2012 8:44 AM"
+ "NNSHTTPS" "Https Parser" "Panda Security, S.L." "c:\windows\system32\drivers\nnshttps.sys" "1/9/2013 4:34 PM"
+ "NNSIDS" "Intrusion Detection System" "Panda Security, S.L." "c:\windows\system32\drivers\nnsids.sys" "11/26/2012 8:59 AM"
+ "NNSNAHS" "Network Activity Hook Server" "Panda Security, S.L." "c:\windows\system32\drivers\nnsnahs.sys" "10/22/2012 5:42 AM"
+ "NNSPICC" "Process Info Colorizer Client" "Panda Security, S.L." "c:\windows\system32\drivers\nnspicc.sys" "11/26/2012 8:50 AM"
+ "NNSPOP3" "Pop3 Parser" "Panda Security, S.L." "c:\windows\system32\drivers\nnspop3.sys" "11/26/2012 9:05 AM"
+ "NNSPROT" "Network Protector" "Panda Security, S.L." "c:\windows\system32\drivers\nnsprot.sys" "11/26/2012 8:53 AM"
+ "NNSPRV" "Network Provider" "Panda Security, S.L." "c:\windows\system32\drivers\nnsprv.sys" "11/26/2012 8:31 AM"
+ "NNSSMTP" "Smtp Parser" "Panda Security, S.L." "c:\windows\system32\drivers\nnssmtp.sys" "11/26/2012 9:12 AM"
+ "NNSSTRM" "Streamer" "Panda Security, S.L." "c:\windows\system32\drivers\nnsstrm.sys" "11/28/2012 8:42 AM"
+ "NNSTLSC" "Transport Layer Session Colorizer" "Panda Security, S.L." "c:\windows\system32\drivers\nnstlsc.sys" "11/26/2012 8:36 AM"
+ "nv3" "RIVA 128/RIVA 128 ZX Windows 2000 Miniport Driver, Version 3.43 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv3.sys" "7/31/2001 6:12 PM"
+ "PDFSFilter" "Raxco File System Minifilter Driver" "Raxco Software, Inc." "c:\windows\system32\drivers\pdfsfilter.sys" "8/23/2012 5:56 PM"
+ "pnicII" "Linksys Lne100tx Fast Ethernet Adapter NDIS5 Driver  " "The Linksts Group " "c:\windows\system32\drivers\lne100.sys" "5/9/2001 10:42 PM"
+ "Pnp680" "DMA capable ATA miniport driver" "Silicon Image, Inc." "c:\windows\system32\drivers\pnp680.sys" "11/15/2006 12:34 PM"
+ "PSINAflt" "PSINAflt Driver" "Panda Security, S.L." "c:\windows\system32\drivers\psinaflt.sys" "11/9/2012 1:40 PM"
+ "PSINFile" "PSINFile Mini-Filter Driver" "Panda Security, S.L." "c:\windows\system32\drivers\psinfile.sys" "11/9/2012 1:41 PM"
+ "PSINKNC" "PSINKNC Kernel Controller for XP32" "Panda Security, S.L." "c:\windows\system32\drivers\psinknc.sys" "11/9/2012 1:39 PM"
+ "PSINProc" "PSINProc Filter Driver" "Panda Security, S.L." "c:\windows\system32\drivers\psinproc.sys" "11/9/2012 1:42 PM"
+ "PSINProt" "PSINProt Driver" "Panda Security, S.L." "c:\windows\system32\drivers\psinprot.sys" "11/9/2012 1:42 PM"
+ "PSKMAD" "Panda Kernel Memory Access Driver (x86)" "Panda Security, S.L." "c:\windows\system32\drivers\pskmad.sys" "11/7/2012 3:55 AM"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys" "8/17/2001 4:49 PM"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys" "5/2/2003 1:51 PM"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" "9/13/2006 9:18 AM"
+ "Sentinel" "Sentinel System Driver (NT Parallel driver)" "Rainbow Technologies, Inc." "c:\windows\system32\drivers\sentinel.sys" "9/26/2002 1:47 AM"
+ "snapman" "Acronis Snapshot API" "Acronis" "c:\windows\system32\drivers\snapman.sys" "3/30/2006 8:03 AM"
+ "Sntnlusb" "Rainbow Technologies Sentinel Device Driver" "Rainbow Technologies Inc." "c:\windows\system32\drivers\sntnlusb.sys" "8/1/2002 1:02 AM"
+ "tifsfilter" "Acronis True Image File System Filter" "Acronis" "c:\windows\system32\drivers\tifsfilt.sys" "11/8/2006 8:52 AM"
+ "timounter" "Acronis True Image Backup Archive Explorer" "Acronis" "c:\windows\system32\drivers\timntr.sys" "11/8/2006 9:49 AM"
+ "TSKNF700.SYS" "TSKNF700 Kernel Driver" "Igor Arsenin" "c:\windows\system32\drivers\tsknf700.sys" "10/22/2006 12:06 PM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "4/5/2013 3:21 AM"
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax" "4/13/2008 8:09 PM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "1/29/2010 10:43 AM"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm" "4/13/2008 8:11 PM"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm" "8/18/2001 1:35 AM"
+ "SENTINEL" "Sentinel Driver Setup DLL" "Rainbow Technologies, Inc." "c:\windows\system32\snti386.dll" "9/26/2002 1:47 AM"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll" "6/17/2010 10:03 AM"
+ "VIDC.HFYU" "Huffyuv lossless video codec" "Disappearing Inc." "c:\windows\system32\huffyuv.dll" "12/8/2001 3:20 PM"
+ "VIDC.I263" "Intel I.263 Video Driver 2.55.016" "Intel Corporation" "c:\windows\system32\i263_32.drv" "8/27/1997 12:53 PM"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll" "8/18/2001 1:33 AM"
+ "vidc.iv32" ""


I rebooted the computer after the previous set of instructions was complete (after running JRT). The red x on the Panda icon remains.

 

Malwarebytes log

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.04.05.03
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: AMP [administrator]
 
4/5/2013 2:15:15 AM
mbam-log-2013-04-05 (02-15-15).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193997
Time elapsed: 25 minute(s), 
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 

MiniToolBox log

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by Administrator (administrator) on 05-04-2013 at 03:00:00
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Intel® PRO/100+ Management Adapter = Local Area Connection 3 (Connected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection 3"
 
set address name="Local Area Connection 3" source=dhcp 
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : amp
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Unknown
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Local Area Connection 3:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : Intel® PRO/100+ Management Adapter
 
        Physical Address. . . . . . . . . : 00-D0-B7-4C-96-53
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.1.102
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.1.1
 
        DHCP Server . . . . . . . . . . . : 192.168.1.1
 
        DNS Servers . . . . . . . . . . . : 192.168.1.1
 
        Lease Obtained. . . . . . . . . . : Friday, April 05, 2013 1:26:45 AM
 
        Lease Expires . . . . . . . . . . : Monday, January 18, 2038 11:14:07 PM
 
Server:  TH-WSO
Address:  192.168.1.1
 
Name:    google.com
Addresses:  173.194.43.46, 173.194.43.33, 173.194.43.32, 173.194.43.38
 173.194.43.41, 173.194.43.39, 173.194.43.40, 173.194.43.35, 173.194.43.34
 173.194.43.37, 173.194.43.36
 
 
 
Pinging google.com [173.194.43.36] with 32 bytes of data:
 
 
 
Reply from 173.194.43.36: bytes=32 time=30ms TTL=54
 
Reply from 173.194.43.36: bytes=32 time=32ms TTL=54
 
 
 
Ping statistics for 173.194.43.36:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 30ms, Maximum = 32ms, Average = 31ms
 
Server:  TH-WSO
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.183.24
 
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
 
 
 
Reply from 98.139.183.24: bytes=32 time=67ms TTL=51
 
Reply from 98.139.183.24: bytes=32 time=77ms TTL=51
 
 
 
Ping statistics for 98.139.183.24:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 67ms, Maximum = 77ms, Average = 72ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 d0 b7 4c 96 53 ...... Intel® PRO/100+ Management Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.102  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      192.168.1.0    255.255.255.0    192.168.1.102   192.168.1.102  20
    192.168.1.102  255.255.255.255        127.0.0.1       127.0.0.1  20
    192.168.1.255  255.255.255.255    192.168.1.102   192.168.1.102  20
        224.0.0.0        240.0.0.0    192.168.1.102   192.168.1.102  20
  255.255.255.255  255.255.255.255    192.168.1.102   192.168.1.102  1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/04/2013 04:57:04 PM) (Source: Acronis Scheduler) (User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".
 
Error: (04/03/2013 04:57:01 PM) (Source: Acronis Scheduler) (User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".
 
Error: (04/02/2013 04:57:02 PM) (Source: Acronis Scheduler) (User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".
 
Error: (04/01/2013 04:57:03 PM) (Source: Acronis Scheduler) (User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".
 
Error: (03/31/2013 04:57:17 PM) (Source: Acronis Scheduler) (User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".
 
Error: (03/30/2013 04:57:04 PM) (Source: Acronis Scheduler) (User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".
 
Error: (03/30/2013 03:22:43 AM) (Source: Acronis True Image Enterprise Server) (User: )
Description: Failed to read data from the disk.
A possible reason might be bad sectors on the disk.: None
 
Error: (03/29/2013 04:57:05 PM) (Source: Acronis Scheduler) (User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".
 
Error: (03/28/2013 04:57:12 PM) (Source: Acronis Scheduler) (User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".
 
Error: (03/27/2013 04:57:01 PM) (Source: Acronis Scheduler) (User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".
 
 
System errors:
=============
Error: (04/05/2013 02:21:19 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/05/2013 02:21:16 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/05/2013 02:21:16 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/05/2013 02:21:16 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/05/2013 02:21:13 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (04/05/2013 01:31:16 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
FltMgr
 
Error: (04/05/2013 01:28:57 AM) (Source: Service Control Manager) (User: )
Description: The PDFSFilter service depends on the FltMgr service which failed to start because of the following error: 
%%31
 
Error: (04/05/2013 01:28:57 AM) (Source: Service Control Manager) (User: )
Description: The PSINProc service depends on the FltMgr service which failed to start because of the following error: 
%%31
 
Error: (04/05/2013 01:28:57 AM) (Source: Service Control Manager) (User: )
Description: The PSINFile service depends on the FltMgr service which failed to start because of the following error: 
%%31
 
Error: (04/05/2013 01:14:17 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
 
Microsoft Office Sessions:
=========================
Error: (04/04/2013 04:57:04 PM) (Source: Acronis Scheduler)(User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".Error code: 2The system cannot find the file specified.
 
Error: (04/03/2013 04:57:01 PM) (Source: Acronis Scheduler)(User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".Error code: 2The system cannot find the file specified.
 
Error: (04/02/2013 04:57:02 PM) (Source: Acronis Scheduler)(User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".Error code: 2The system cannot find the file specified.
 
Error: (04/01/2013 04:57:03 PM) (Source: Acronis Scheduler)(User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".Error code: 2The system cannot find the file specified.
 
Error: (03/31/2013 04:57:17 PM) (Source: Acronis Scheduler)(User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".Error code: 2The system cannot find the file specified.
 
Error: (03/30/2013 04:57:04 PM) (Source: Acronis Scheduler)(User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".Error code: 2The system cannot find the file specified.
 
Error: (03/30/2013 03:22:43 AM) (Source: Acronis True Image Enterprise Server)(User: )
Description: Failed to read data from the disk.
A possible reason might be bad sectors on the disk.: None
 
Error: (03/29/2013 04:57:05 PM) (Source: Acronis Scheduler)(User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".Error code: 2The system cannot find the file specified.
 
Error: (03/28/2013 04:57:12 PM) (Source: Acronis Scheduler)(User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".Error code: 2The system cannot find the file specified.
 
Error: (03/27/2013 04:57:01 PM) (Source: Acronis Scheduler)(User: AMP)
Description: Scheduler can not run task with GUID "1768560C-D537-47B9-ACA3-6973B7351CE4" and command "".Error code: 2The system cannot find the file specified.
 
 
=========================== Installed Programs ============================
 
             (Version: 1.9.5.2802)
Acronis True Image Enterprise Server (Version: 9.1.3854)
Acronis True Image Management Console (Version: 9.1.3854)
Acronis True Image Agent (Version: 9.1.3854)
Acronis Universal Restore for Acronis True Image Enterprise Server (Version: 9.1.3854)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
AutoMate 6 (Version: 6.0.5.0)
Bulk Rename Utility 2, 2, 8, 1 (Version: 2, 2, 8, 1)
CCleaner (Version: 4.00)
CPUID HWMonitor 1.19
dMC AccurateRip
Dropbox (Version: 1.6.16)
DynDNS Updater 3.1 (Version: 3.1)
ESET Online Scanner v3
Exact Audio Copy 0.99pb5 (Version: 0.99pb5)
FileZilla Client 3.6.0 (Version: 3.6.0)
Firebird 2.0.1
GEAR Software Drivers
GoodSync (Version: 8.1.4.4)
Google Chrome (Version: 26.0.1410.43)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (Version: 1.1.1905.1)
ImgBurn (Version: 2.5.7.0)
Intel® PRO Network Adapters and Drivers
IPCheck Server Monitor (Version: 5)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
JetSuite Pro for the HP LaserJet 3100
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Data Access Components KB870669
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Windows Journal Viewer (Version: 1.5.2315.3)
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Music Manager
Panda Cloud Antivirus (Version: 02.01.01.0000)
Panda Cloud Antivirus (Version: 5.03.00.0000)
PerfectDisk 12.5 Server (Version: 12.05.312)
Sentinel System Driver
SequoiaView
Syncrify (Version: 3.3.0.0)
TaskInfo 7.0.8.216 (Version: 7.0.8.216)
Tweak UI
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB972636) (Version: 1)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
VS10RuntimeWin32 (Version: 1.0.0)
WD Diagnostics (Version: 1.09.0002)
WebFldrs XP (Version: 9.50.5318)
Windows Defender Signatures (Version: 1.20.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 7 (Version: 20061027.150806)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation (Version: 3.0.6920.0)
winLAME prerelease4 (Version: 0.0.4.0)
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Detect
 
========================= Devices: ================================
 
Name: NETGEAR FA311 Fast Ethernet Adapter - Packet Scheduler Miniport
Description: Packet Scheduler Miniport
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: PSched
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: NT Apm/Legacy Interface Node
Description: NT Apm/Legacy Interface Node
Class Guid: {D45B1C18-C8FA-11D1-9F77-0000F805F530}
Manufacturer: Microsoft
Service: NtApm
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Hewlett-Packard HP LaserJet 3100
Description: Hewlett-Packard HP LaserJet 3100
Class Guid: {4D36E979-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 61%
Total physical RAM: 383.54 MB
Available physical RAM: 148.08 MB
Total Pagefile: 1371.05 MB
Available Pagefile: 1004 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.59 MB
 
========================= Partitions: =====================================
 
2 Drive c: (WD 120G) (Fixed) (Total:14.13 GB) (Free:4.94 GB) NTFS
3 Drive d: (WD 120G) (Fixed) (Total:97.65 GB) (Free:38.03 GB) NTFS
4 Drive e: (WD 120G) (Fixed) (Total:111.79 GB) (Free:33.72 GB) NTFS
5 Drive f: (BACKUP) (Fixed) (Total:232.88 GB) (Free:75.52 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\AMP
 
Administrator            ASPNET                   Chris                    
Guest                    HelpAssistant            SUPPORT_388945a0         
 
 
**** End of log ****
 
 

Farbar's Service Scanner log

 

Farbar Service Scanner Version: 03-03-2013
Ran by Administrator (administrator) on 05-04-2013 at 03:11:41
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\System32\srsvc.dll".
 
sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\System32\DRIVERS\sr.sys".
 
 
System Restore Disabled Policy: 
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1
 
 
Security Center:
============
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2002-11-05 17:04] - [2008-04-13 20:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A
 
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2001-08-23 15:00] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315
 
 
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x0E00000005000000010000000200000003000000040000000C0000000D0000000E000000060000000900000008000000070000000A0000000B000000
IpSec Tag value is correct.
 
**** End of log ****
 
 

AdwCleaner log (requested a reboot when done, which I did)

 

# AdwCleaner v2.200 - Logfile created 04/05/2013 at 03:16:27
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - AMP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v19.0.2 (en-US)
 
File : C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\am30cuwh.default\prefs.js
 
[OK] File is clean.
 
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gv5pp3pr.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v26.0.1410.43
 
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [1047 octets] - [05/04/2013 03:16:27]
 
########## EOF - C:\AdwCleaner[S1].txt - [1107 octets] ##########
 

 

 

Autoruns log

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" "3/15/2013 2:03 PM"
+ "STARTRIGHT" "StartRight" "www.joejoesoft.com" "c:\program files\startright\startright.exe" "6/19/1992 6:22 PM"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" "" "" "" "3/15/2013 2:03 PM"
+ "STARTRIGHT" "StartRight" "www.joejoesoft.com" "c:\program files\startright\startright.exe" "6/19/1992 6:22 PM"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" "" "11/4/2002 1:00 AM"
+ "0" "" "" "File not found: About:Home" ""
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "1/9/2011 3:36 PM"
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.17.dll" "10/22/2012 11:05 PM"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" "4/23/2002 10:01 PM"
+ "UAContextMenu" "Shell extension " "Panda Security, S.L." "c:\program files\panda security\panda cloud antivirus\psuashell.dll" "1/27/2013 3:51 PM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "12/26/2004 11:34 AM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" "" "10/18/2004 11:33 AM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll" "12/14/2012 4:52 PM"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "1/9/2011 3:36 PM"
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.17.dll" "10/22/2012 11:05 PM"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" "4/27/2002 12:50 AM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "12/26/2004 11:34 AM"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" "" "4/27/2002 12:50 AM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "12/26/2004 11:34 AM"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "1/9/2011 3:36 PM"
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.17.dll" "10/22/2012 11:05 PM"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" "4/24/2002 2:21 AM"
+ "UAContextMenu" "Shell extension " "Panda Security, S.L." "c:\program files\panda security\panda cloud antivirus\psuashell.dll" "1/27/2013 3:51 PM"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" "" "4/24/2002 2:22 AM"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll" "12/18/2012 2:06 PM"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" "4/24/2002 2:22 AM"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll" "12/14/2012 4:52 PM"
+ "UAContextMenu" "Shell extension " "Panda Security, S.L." "c:\program files\panda security\panda cloud antivirus\psuashell.dll" "1/27/2013 3:51 PM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "12/26/2004 11:34 AM"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" "4/24/2002 2:22 AM"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "12/26/2004 11:34 AM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" "" "11/9/2010 4:38 PM"
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.17.dll" "10/22/2012 11:05 PM"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.17.dll" "10/22/2012 11:05 PM"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.17.dll" "10/22/2012 11:05 PM"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\administrator\application data\dropbox\bin\dropboxext.17.dll" "10/22/2012 11:05 PM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" "" "11/9/2010 4:38 PM"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll" "9/23/2012 10:24 PM"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll" "3/1/2013 9:51 AM"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll" "3/1/2013 9:50 AM"
"Task Scheduler" "" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.6 r602" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe" "2/28/2013 10:40 PM"
+ "GoogleUpdateTaskUserS-1-5-21-1708537768-1343024091-839522115-500Core.job" "Google Installer" "Google Inc." "c:\documents and settings\administrator\local settings\application data\google\update\googleupdate.exe" "2/15/2012 10:43 PM"
+ "GoogleUpdateTaskUserS-1-5-21-1708537768-1343024091-839522115-500UA.job" "Google Installer" "Google Inc." "c:\documents and settings\administrator\local settings\application data\google\update\googleupdate.exe" "2/15/2012 10:43 PM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "3/7/2013 6:54 PM"
+ "AcronisAgent" "Allows Acronis products to remotely manage this computer" "Acronis" "c:\program files\common files\acronis\agent\agent.exe" "11/15/2006 3:31 AM"
+ "AcrSch2Svc" "Provides task scheduling for Acronis applications." "Acronis" "c:\program files\common files\acronis\schedule2\schedul2.exe" "11/14/2006 10:53 AM"
X "ADInsightSvc" "InsightSvc Service" "" "c:\windows\system32\adinsightsvc.exe" "1/25/2005 3:52 PM"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe" "2/28/2013 10:40 PM"
+ "Apache2.4" "Apache/2.4.3 (Win32) OpenSSL/0.9.8x" "Apache Software Foundation" "c:\program files\apache software foundation\apache\bin\httpd.exe" "8/20/2012 8:18 AM"
+ "AutoMate6" "Enables tasks created using AutoMate to trigger automatically on this computer. If this service is stopped, AutoMate tasks will not be run at their scheduled times.  " "Network Automation, Inc." "c:\program files\automate 6\amts.exe" "9/26/2005 1:36 PM"
+ "DynDNS_Updater_Service" "Allow monitoring and updating your IP address into dynamic dns service provider" "Kana Solution" "c:\program files\dyndns updater\dyndns.exe" "6/19/1992 6:22 PM"
+ "FirebirdGuardianDefaultInstance" "Firebird Server Guardian - www.firebirdsql.org" "FirebirdSQL Project" "c:\program files\ipcheck server monitor 5\firebird\bin\fbguard.exe" "3/2/2007 9:05 AM"
+ "FirebirdServerDefaultInstance" "Firebird Database Server - www.firebirdsql.org" "FirebirdSQL Project" "c:\program files\ipcheck server monitor 5\firebird\bin\fbserver.exe" "3/2/2007 9:05 AM"
+ "IPCProbeService" "IPCheck Probe" "Paessler AG" "c:\program files\ipcheck server monitor 5\ipcheckprobe.exe" "6/19/1992 6:22 PM"
+ "IPCServerService" "IPCheck Server Monitor 5" "Paessler AG" "c:\program files\ipcheck server monitor 5\ipcheckserver.exe" "6/19/1992 6:22 PM"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\java\jre7\bin\jqs.exe" "3/1/2013 9:45 AM"
+ "jsdaemon" "JetFax NT MFP Daemon Service" "JetFax, Inc." "c:\jetsuite\jsdaemon.exe" "6/1/1998 4:54 PM"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe" "3/7/2013 8:32 AM"
+ "NanoServiceMain" "Panda Cloud Antivirus Service" "Panda Security, S.L." "c:\program files\panda security\panda cloud antivirus\psanhost.exe" "1/27/2013 1:52 PM"
+ "PDAgent" "This service controls PerfectDisk's scheduling and remote communication." "Raxco Software, Inc." "c:\program files\raxco\perfectdisk\pdagent.exe" "10/4/2012 5:24 PM"
+ "PDEngine" "PerfectDisk's defrag engine" "Raxco Software, Inc." "c:\program files\common files\raxco\shared\pdengine.exe" "10/4/2012 5:23 PM"
+ "PSUAService" "Panda Product Service" "Panda Security, S.L." "c:\program files\panda security\panda cloud antivirus\psuaservice.exe" "1/27/2013 3:50 PM"
+ "Syncrify" "Commons Daemon Service Runner" "Apache Software Foundation" "c:\syncrify\syncrify.exe" "2/23/2012 5:01 AM"
"HKLM\System\CurrentControlSet\Services" "" "" "" "3/7/2013 6:54 PM"
+ "a347bus" "Plug and Play BIOS Extension" " " "c:\windows\system32\drivers\a347bus.sys" "8/23/2004 6:20 AM"
+ "a347scsi" "SCSI miniport" " " "c:\windows\system32\drivers\a347scsi.sys" "4/30/2004 2:32 AM"
+ "asapiW2k" "ASAPI" "VOB Computersysteme GmbH" "c:\windows\system32\drivers\asapiw2k.sys" "4/17/2002 2:27 PM"
+ "asuskbnt" "ASUS Hot-Key filter driver." "ASUSTeK COMPUTER INC." "c:\windows\system32\drivers\asuskbnt.sys" "4/23/2003 11:28 PM"
+ "ati2mpad" "ATI2MPAD Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mpad.sys" "2/18/2002 10:36 AM"
+ "atirage3" "ATIRAGE3 Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atimpae.sys" "6/13/2001 7:41 PM"
+ "DefragFS" "Defragmentation Support Driver" "Raxco Software, Inc." "c:\windows\system32\drivers\defragfs.sys" "9/11/2012 3:24 PM"
+ "E100B" "Intel® PRO/100 Adapter NDIS 5.1 driver" "Intel Corporation" "c:\windows\system32\drivers\e100b325.sys" "11/16/2007 2:53 PM"
+ "FA312" "NETGEAR FA312 Fast Ethernet NDIS 5.0 Miniport Driver" "NETGEAR Corp." "c:\windows\system32\drivers\fa312nd5.sys" "2/9/2001 3:29 PM"
+ "GearAspiWDM" "CDRom Class Filter Driver" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys" "7/23/2004 5:25 PM"
+ "giveio" "" "" "c:\windows\system32\giveio.sys" "4/3/1996 10:33 PM"
+ "js1284" "JetFax NT 1284 Layer" "JetFax, Inc." "c:\windows\system32\drivers\js1284.sys" "6/1/1998 4:54 PM"
+ "jsfax" "JetFax NT Fax Client" "JetFax, Inc." "c:\windows\system32\drivers\jsfax.sys" "6/1/1998 4:54 PM"
+ "jsmux" "JetFax NT Mux" "JetFax, Inc." "c:\windows\system32\drivers\jsmux.sys" "6/1/1998 4:54 PM"
+ "jspclcap" "JetFax NT PCL Capture" "JetFax, Inc." "c:\windows\system32\drivers\jspclcap.sys" "6/1/1998 4:54 PM"
+ "jsscan" "JetFax NT Scan Client" "JetFax, Inc." "c:\windows\system32\drivers\jsscan.sys" "6/1/1998 4:54 PM"
X "kvpndev" "kvpndrv.sys" "Kerio Technologies" "c:\windows\system32\drivers\kvpndrv.sys" "2/1/2005 5:58 AM"
+ "l100" "Linksys LNE100TX Fast Ethernet NDIS5 Driver                           " "The Linksys Group.                                                             " "c:\windows\system32\drivers\lne100tx.sys" "2/5/2000 7:36 PM"
+ "ltmodem5" "LT Windows Modem" "LT" "c:\windows\system32\drivers\ltmdmnt.sys" "10/25/2001 5:05 PM"
+ "NNSALPC" "Application Layer Protocol Colorizer" "Panda Security, S.L." "c:\windows\system32\drivers\nnsalpc.sys" "11/26/2012 8:34 AM"
+ "NNSHTTP" "Http Parser" "Panda Security, S.L." "c:\windows\system32\drivers\nnshttp.sys" "11/26/2012 8:44 AM"
+ "NNSHTTPS" "Https Parser" "Panda Security, S.L." "c:\windows\system32\drivers\nnshttps.sys" "1/9/2013 4:34 PM"
+ "NNSIDS" "Intrusion Detection System" "Panda Security, S.L." "c:\windows\system32\drivers\nnsids.sys" "11/26/2012 8:59 AM"
+ "NNSNAHS" "Network Activity Hook Server" "Panda Security, S.L." "c:\windows\system32\drivers\nnsnahs.sys" "10/22/2012 5:42 AM"
+ "NNSPICC" "Process Info Colorizer Client" "Panda Security, S.L." "c:\windows\system32\drivers\nnspicc.sys" "11/26/2012 8:50 AM"
+ "NNSPOP3" "Pop3 Parser" "Panda Security, S.L." "c:\windows\system32\drivers\nnspop3.sys" "11/26/2012 9:05 AM"
+ "NNSPROT" "Network Protector" "Panda Security, S.L." "c:\windows\system32\drivers\nnsprot.sys" "11/26/2012 8:53 AM"
+ "NNSPRV" "Network Provider" "Panda Security, S.L." "c:\windows\system32\drivers\nnsprv.sys" "11/26/2012 8:31 AM"
+ "NNSSMTP" "Smtp Parser" "Panda Security, S.L." "c:\windows\system32\drivers\nnssmtp.sys" "11/26/2012 9:12 AM"
+ "NNSSTRM" "Streamer" "Panda Security, S.L." "c:\windows\system32\drivers\nnsstrm.sys" "11/28/2012 8:42 AM"
+ "NNSTLSC" "Transport Layer Session Colorizer" "Panda Security, S.L." "c:\windows\system32\drivers\nnstlsc.sys" "11/26/2012 8:36 AM"
+ "nv3" "RIVA 128/RIVA 128 ZX Windows 2000 Miniport Driver, Version 3.43 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv3.sys" "7/31/2001 6:12 PM"
+ "PDFSFilter" "Raxco File System Minifilter Driver" "Raxco Software, Inc." "c:\windows\system32\drivers\pdfsfilter.sys" "8/23/2012 5:56 PM"
+ "pnicII" "Linksys Lne100tx Fast Ethernet Adapter NDIS5 Driver  " "The Linksts Group " "c:\windows\system32\drivers\lne100.sys" "5/9/2001 10:42 PM"
+ "Pnp680" "DMA capable ATA miniport driver" "Silicon Image, Inc." "c:\windows\system32\drivers\pnp680.sys" "11/15/2006 12:34 PM"
+ "PSINAflt" "PSINAflt Driver" "Panda Security, S.L." "c:\windows\system32\drivers\psinaflt.sys" "11/9/2012 1:40 PM"
+ "PSINFile" "PSINFile Mini-Filter Driver" "Panda Security, S.L." "c:\windows\system32\drivers\psinfile.sys" "11/9/2012 1:41 PM"
+ "PSINKNC" "PSINKNC Kernel Controller for XP32" "Panda Security, S.L." "c:\windows\system32\drivers\psinknc.sys" "11/9/2012 1:39 PM"
+ "PSINProc" "PSINProc Filter Driver" "Panda Security, S.L." "c:\windows\system32\drivers\psinproc.sys" "11/9/2012 1:42 PM"
+ "PSINProt" "PSINProt Driver" "Panda Security, S.L." "c:\windows\system32\drivers\psinprot.sys" "11/9/2012 1:42 PM"
+ "PSKMAD" "Panda Kernel Memory Access Driver (x86)" "Panda Security, S.L." "c:\windows\system32\drivers\pskmad.sys" "11/7/2012 3:55 AM"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys" "8/17/2001 4:49 PM"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys" "5/2/2003 1:51 PM"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" "9/13/2006 9:18 AM"
+ "Sentinel" "Sentinel System Driver (NT Parallel driver)" "Rainbow Technologies, Inc." "c:\windows\system32\drivers\sentinel.sys" "9/26/2002 1:47 AM"
+ "snapman" "Acronis Snapshot API" "Acronis" "c:\windows\system32\drivers\snapman.sys" "3/30/2006 8:03 AM"
+ "Sntnlusb" "Rainbow Technologies Sentinel Device Driver" "Rainbow Technologies Inc." "c:\windows\system32\drivers\sntnlusb.sys" "8/1/2002 1:02 AM"
+ "tifsfilter" "Acronis True Image File System Filter" "Acronis" "c:\windows\system32\drivers\tifsfilt.sys" "11/8/2006 8:52 AM"
+ "timounter" "Acronis True Image Backup Archive Explorer" "Acronis" "c:\windows\system32\drivers\timntr.sys" "11/8/2006 9:49 AM"
+ "TSKNF700.SYS" "TSKNF700 Kernel Driver" "Igor Arsenin" "c:\windows\system32\drivers\tsknf700.sys" "10/22/2006 12:06 PM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "4/5/2013 3:21 AM"
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax" "4/13/2008 8:09 PM"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "1/29/2010 10:43 AM"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm" "4/13/2008 8:11 PM"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm" "8/18/2001 1:35 AM"
+ "SENTINEL" "Sentinel Driver Setup DLL" "Rainbow Technologies, Inc." "c:\windows\system32\snti386.dll" "9/26/2002 1:47 AM"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll" "6/17/2010 10:03 AM"
+ "VIDC.HFYU" "Huffyuv lossless video codec" "Disappearing Inc." "c:\windows\system32\huffyuv.dll" "12/8/2001 3:20 PM"
+ "VIDC.I263" "Intel I.263 Video Driver 2.55.016" "Intel Corporation" "c:\windows\system32\i263_32.drv" "8/27/1997 12:53 PM"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll" "8/18/2001 1:33 AM"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll" "8/18/2001 1:33 AM"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "4/13/2008 8:10 PM"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll" "4/13/2008 8:10 PM"
+ "VIDC.VIFP" "堀 浩行" "" "c:\windows\system32\vfcodec.dll" "6/19/1992 6:22 PM"
"HKLM\Software\Classes\Filter" "" "" "" "4/5/2013 2:11 AM"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "4/13/2008 8:10 PM"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "4/13/2008 8:10 PM"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "4/13/2008 8:10 PM"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax" "4/13/2008 8:10 PM"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "10/18/2004 11:33 AM"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax" "8/18/2001 1:35 AM"
+ "Indeo Video ® 5.1 Progressive Download Source" "Intel Indeo® video IVF Source Filter 5.10" "Intel Corporation" "c:\windows\system32\ivfsrc.ax" "4/13/2008 8:10 PM"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax" "4/13/2008 8:09 PM"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll" "4/13/2008 8:10 PM"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll" "4/13/2008 8:10 PM"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax" "6/15/2010 12:17 PM"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax" "8/18/2001 1:35 AM"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" "" "4/5/2013 3:20 AM"
+ "PDBoot.exe" "PerfectDisk Boot Time Defragmentation" "Raxco Software, Inc." "c:\windows\system32\pdboot.exe" "10/4/2012 5:23 PM"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "4/5/2013 3:21 AM"
+ "HP Master Monitor" "Win32 Master Monitor" "Hewlett-Packard" "c:\windows\system32\hpbmmon.dll" "8/20/2002 12:50 AM"
+ "HPLJ3100 Port" "Port Monitor DLL" "JetFax Inc." "c:\windows\system32\jsmuxmon.dll" "6/2/1998 7:08 PM"
+ "JetFax Language Monitor" "Port Monitor DLL" "JetFax Inc." "c:\windows\system32\jsmuxmon.dll" "6/2/1998 7:08 PM"
+ "Microsoft Shared Fax Monitor" "" "" "File not found: FXSMON.DLL" ""


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:30 PM

Posted 05 April 2013 - 08:32 AM

Current issues?



#9 P233MHZ

P233MHZ
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:30 PM

Posted 05 April 2013 - 10:43 AM

Same issue that I started with, no real time antivirus programs work. Please see first post again. You didn't find anything strange in the logs?

 

These seem to indicate a possible reason real time protection doesn't work:

 

Error: (04/05/2013 01:31:16 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
FltMgr


Error: (04/05/2013 01:28:57 AM) (Source: Service Control Manager) (User: )
Description: The PDFSFilter service depends on the FltMgr service which failed to start because of the following error: 
%%31


Error: (04/05/2013 01:28:57 AM) (Source: Service Control Manager) (User: )
Description: The PSINProc service depends on the FltMgr service which failed to start because of the following error: 
%%31


Error: (04/05/2013 01:28:57 AM) (Source: Service Control Manager) (User: )
Description: The PSINFile service depends on the FltMgr service which failed to start because of the following error: 
%%31 
Do you agree?
 
Do you see anything else I should investigate or anything else I should do to simply to clean things up? I've done a lot of clean up already but I'm sure there are things I've missed. Thank you again.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:30 PM

Posted 05 April 2013 - 10:47 AM

Click on startmenu and type

 

cmd

 

Right click on it and select run as administrator and run this command

 

sfc /scannow

 

After scan completes,restart the PC.Launch command prompt once in using run as administrator and run this command

 

findstr /C:"[SR] Cannot repair member file" %windir%\logs\cbs\cbs.log >%userprofile%\desktop\sfcdetails.txt

 

Post the contents of sfcdetails.txt located on your desktop in your reply



#11 P233MHZ

P233MHZ
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:30 PM

Posted 05 April 2013 - 11:47 AM

I run this computer as user Administrator already. That is how I log in, unconventional, I know. So, I run the sfc /scannow command and it did run for a while. I rebooted and ran your next command, but it couldn't find the log file:

 

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.


C:\Documents and Settings\Administrator>findstr /C:"[SR] Cannot repair member file" %windir%\logs\cbs\cbs.log >%userprofile%\desktop\sfcdetails.txt
FINDSTR: Cannot open C:\WINDOWS\logs\cbs\cbs.log
FINDSTR: Cannot open and
FINDSTR: Cannot open Settings\Administrator\desktop\sfcdetails.txt


C:\Documents and Settings\Administrator> 

 

C:\WINDOWS\logs\ is on this machine, but that directory is empty. I poked around some other places but couldn't locate cbs.log. I have the search service turned off so I couldn't simply search for the cbs.log file. Maybe there is a simple command line that I could use to search the entire drive for cbs.log, I don't know if off hand? Thank you.



#12 P233MHZ

P233MHZ
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:30 PM

Posted 05 April 2013 - 12:27 PM

I used a simple file finder program and cbs.log doesn't seem to be anywhere on the computer.



#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:30 PM

Posted 05 April 2013 - 11:44 PM

Oh..XP!!

 

Launch Farbar service scanner and type

 

FltMgr  and click on Export service and post the generated log.

 

Press Windows+R key and type

 

cmd and click ok and run this command

 

chkdsk /f

 

Press Y and  <ENTER>.Restart the PC and allow chkdsk to run.Let me know if that helps.

 

What antiviruses have you tried?

 

Create a new user account and let me know if real time scanners work in the new account.


Edited by narenxp, 05 April 2013 - 11:45 PM.


#14 P233MHZ

P233MHZ
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:30 PM

Posted 08 April 2013 - 04:48 PM

Just to be clear, when I say Panda I'm talking about Panda Cloud Antivirus FREE. I also know that Panda has a patch which was supposed to fix this problem. I've applied the patch and it never would fix the issue. That is why I moved on to trying other anti virus program and eventually came back to Panda just to give it a second change.
 
Farbar log
 
 

 

Note: The export is in "Windows Registry Editor Version 5.00" format.




================== Result for "FltMgr" ==================




[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\FltMgr]
"Description"="File System Filter Manager Driver"
"DisplayName"="FltMgr"
"ErrorControl"=dword:00000001
"Group"="FSFilter Infrastructure"
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
  72,00,69,00,76,00,65,00,72,00,73,00,5c,00,66,00,6c,00,74,00,6d,00,67,00,72,\
  00,2e,00,73,00,79,00,73,00,00,00
"Start"=dword:00000000
"Type"=dword:00000002
"Tag"=dword:00000001
"AttachWhenLoaded"=dword:00000001




[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\FltMgr\Enum]
"0"="Root\\LEGACY_FLTMGR\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001




[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FltMgr]
"NextInstance"=dword:00000001




[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FltMgr\0000]
"Service"="FltMgr"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="FltMgr"


================== End Of Export =============
 

 

 
chkdsk /f and reboot didn't help. Panda real time antivirus still fails (red x on icon).
 
 
The real time protection doesn't work on the following 3 that I have tried:
 
Panda
Microsoft Security Essentials
Immunet
 
I haven't tried any others since this problem started and would rather not. I think a pattern is established that something is wrong on my machine and this isn't a problem with the anti-virus software itself.
 
I use this computer exclusively while logged in via the user "Administrator" which is a system account. You can make this account available at the login prompt using the Microsoft utility TweakUI. I'm sure there are other way to as well.
 
As you requested, I created a new user account. XP forced me to make this an administrator style account, I named it "Realtime". When I logged in using that new user the real time protection of Panda was still not working.
 
Since it forced me to make my Realtime user an administrator style account I decided to log back in as the actual user "Administrator" (like I usually do) and create another account so that this time it could be a limited user account, which I think was the point of your the test.
 
So, I created user Test123, set a password for it, logged out and then logged back in as Test123. This time the Panda icon didn't show up on the system tray, so I assume because it was installed while running as user "Administrator" the user "Test123" isn't set to start Panda automatically?
 
I decided to start Panda using the shortcut in the start menu. Panda did start up but it had the red x. Just to test it out I opened the Panda application and tried to turn real time on again, and once again it just turned right back off after about 8 seconds. During those 8 seconds the red x from the icon did go away.
 
For reference, when I boot up the box I notice that the red x on the Panda icon doesn't show up until networking has initiated. This is true no matter what user is logging in.


#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:30 PM

Posted 09 April 2013 - 10:01 AM

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users