Solved Internet not working after AVG cleaned out Netbt.sys

Broni · Jun 4, 2012

Stay in Safe Mode with Networking.

Post new FSS log from there.

Next...

Please download MiniToolBox, save it to your desktop and run it.

Checkmark following boxes:

Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Devices (do NOT change any settings)
List Users, Partitions and Memory size
List Restore Points

Click Go and post the result.

Fudd0828 · Jun 4, 2012

Here is the FSS Safe Mode with networking

Farbar Service Scanner Version: 27-05-2012
Ran by Justin (administrator) on 04-06-2012 at 17:42:10
Running from "C:\Documents and Settings\Justin\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\System32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

**** End of log ****

Fudd0828 · Jun 4, 2012

Here is MinitoolBox Results

MiniToolBox by Farbar Version: 04-06-2012
Ran by Justin (administrator) on 04-06-2012 at 17:45:16
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Nerwork
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/04/2012 01:14:19 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (06/04/2012 00:58:38 PM) (Source: MsiInstaller) (User: Justin)Justin
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27007. CA_Error27007: Wait4StartWD(0xC0070426): Waiting for watchdog service start failed

Error: (06/04/2012 00:56:29 PM) (Source: MsiInstaller) (User: Justin)Justin
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallation(0xE0010057): Driver installation failed

Error: (06/04/2012 00:56:29 PM) (Source: MsiInstaller) (User: Justin)Justin
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed

Error: (06/04/2012 00:50:22 PM) (Source: MsiInstaller) (User: Justin)Justin
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27007. CA_Error27007: Wait4StartWD(0xC0070426): Waiting for watchdog service start failed

Error: (06/04/2012 00:46:35 PM) (Source: MsiInstaller) (User: Justin)Justin
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27041. CA_Error27041: FixDrvOrd(0xE001003D): Fix driver order failed

Error: (06/04/2012 01:06:14 AM) (Source: MsiInstaller) (User: Justin)Justin
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallation(0xE0010057): Driver installation failed

Error: (06/04/2012 01:06:13 AM) (Source: MsiInstaller) (User: Justin)Justin
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed

Error: (06/04/2012 00:50:28 AM) (Source: MsiInstaller) (User: Justin)Justin
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27041. CA_Error27041: FixDrvOrd(0xE001003D): Fix driver order failed

Error: (04/13/2012 08:24:19 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x0331bd00.
Processing media-specific event for [iexplore.exe!ws!]

System errors:
=============
Error: (06/04/2012 05:43:48 PM) (Source: DCOM) (User: Justin)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (06/04/2012 05:35:50 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (06/04/2012 05:35:42 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (06/04/2012 05:35:35 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (06/04/2012 05:35:28 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (06/04/2012 05:35:21 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (06/04/2012 05:35:13 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (06/04/2012 05:35:06 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (06/04/2012 05:34:59 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (06/04/2012 05:34:52 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Microsoft Office Sessions:
=========================
Error: (03/21/2012 07:23:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 270 seconds with 180 seconds of active time. This session ended with a crash.

Error: (03/21/2012 07:10:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 747 seconds with 480 seconds of active time. This session ended with a crash.

========================= Devices: ================================

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

========================= Memory info: ===================================

Percentage of memory in use: 9%
Total physical RAM: 3069.86 MB
Available physical RAM: 2778.23 MB
Total Pagefile: 4960.5 MB
Available Pagefile: 4870.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.8 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.82 GB) (Free:213.96 GB) NTFS

========================= Users: ========================================

User accounts for \\DESKTOP

Administrator ASPNET Guest
HelpAssistant Justin SUPPORT_388945a0

========================= Restore Points ==================================

19-03-2012 00:31:03 Restore Operation
19-03-2012 00:33:54 Restore Operation
31-05-2012 05:56:46 System Checkpoint
03-06-2012 21:44:19 System Checkpoint

**** End of log ****

Broni · Jun 4, 2012

You didn't check "List IP configuration".
Please re-run MiniToolbox with just that one item checkmarked.

Fudd0828 · Jun 4, 2012

Here you go

MiniToolBox by Farbar Version: 04-06-2012
Ran by Justin (administrator) on 04-06-2012 at 18:18:23
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Nerwork
***************************************************************************
========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=10.10.16.151 mask=255.255.255.0
set address name="Local Area Connection" gateway=10.10.16.1 gwmetric=0
set dns name="Local Area Connection" source=static addr=4.2.2.2 register=PRIMARY
set wins name="Local Area Connection" source=static addr=none

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Desktop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-1A-A0-02-0F-A3

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.10.16.151

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.10.16.1

DNS Servers . . . . . . . . . . . : 4.2.2.2

NetBIOS over Tcpip. . . . . . . . : Disabled

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 4.2.2.2

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host google.com. Please check the name and try again.

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 4.2.2.2

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host yahoo.com. Please check the name and try again.

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 4.2.2.2

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1a a0 02 0f a3 ...... Broadcom NetXtreme 57xx Gigabit Controller
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.10.16.1 10.10.16.151 10
10.10.16.0 255.255.255.0 10.10.16.151 10.10.16.151 10
10.10.16.151 255.255.255.255 127.0.0.1 127.0.0.1 10
10.255.255.255 255.255.255.255 10.10.16.151 10.10.16.151 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.10.16.151 10.10.16.151 10
255.255.255.255 255.255.255.255 10.10.16.151 10.10.16.151 1
Default Gateway: 10.10.16.1
===========================================================================
Persistent Routes:
None

**** End of log ****

Broni · Jun 4, 2012

Make sure, your settings are correct.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:

Make sure "DNS" tab looks like this:

Make sure "WINS" tab looks like this:

8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
If you made any changes OK your way out.
Restart computer.

If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"

Restart computer.

If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.

If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista and 7)
Restart computer, and check again.

If that doesn't work...
Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

Have XP CD available in case DAF needs a file. Likely not!

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here, one at a time, do the below:

Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking

Watch for any File not found or other errors and make note as this may lead to the fix!

Restart computer.

Fudd0828 · Jun 4, 2012

YES!!!! I have internet connection in safe mode now should I try in normal.

Fudd0828 · Jun 4, 2012

I restarted in normal mode and so far no BSOD but it is taking very long to load.

Broni · Jun 4, 2012

Very good news

Now....

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Fudd0828 · Jun 4, 2012

Here is the malware log.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.04.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Justin :: DESKTOP [administrator]
Protection: Enabled
6/4/2012 8:26:08 PM
mbam-log-2012-06-04 (20-42-18).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 426137
Time elapsed: 15 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\Software\Microsoft|adver_id (Malware.Trace) -> Data: 0 -> No action taken.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Documents and Settings\Justin\uidsave.dat (Malware.Trace) -> No action taken.
(end)

Broni · Jun 4, 2012

It says "No action taken".
Re-run it, FIX all issues and post new log.

Fudd0828 · Jun 5, 2012

Sorry here it is

alwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.04.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Justin :: DESKTOP [administrator]
Protection: Enabled
6/4/2012 8:26:08 PM
mbam-log-2012-06-04 (20-26-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 426137
Time elapsed: 15 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\Software\Microsoft|adver_id (Malware.Trace) -> Data: 0 -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Documents and Settings\Justin\uidsave.dat (Malware.Trace) -> Quarantined and deleted successfully.
(end)

Fudd0828 · Jun 5, 2012

Here is the GMER log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-06-04 21:02:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500AAJS-75M0A0 rev.02.03E02
Running: 0ku07dcu.exe; Driver: C:\DOCUME~1\Justin\LOCALS~1\Temp\fxddapoc.sys

---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A81B2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A81B2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A81B2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A81B2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A81B2C6
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----

Fudd0828 · Jun 5, 2012

Here is the DDS log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Justin at 21:07:33 on 2012-06-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2007 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [\\GDC2.gdc.local\EPSON Stylus C86 Series/ERICPA] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2r1.exe /p47 "\\gdc2.gdc.local\EPSON Stylus C86 Series/ERICPA" /O5 "LPT1:" /M "Stylus C86"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256181309562
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{9D105FAA-3EF2-43AA-8AC1-1C71D603FC0B} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E2FDB885-C33B-45A8-BEF8-BC07CD686C36} : DhcpNameServer = 192.168.1.1 68.238.64.12
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-11-5 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-4 654408]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-6-4 909152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-4 22344]
S2 AGV;Tfsnpool;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
S2 ccpwdsvc;Gdihook5;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
S2 DivisCTP;Meraksmtp;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-1-25 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S2 mcrdsvc;HssSrv;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
S2 mfeavfk;Cwafrmiregistry;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
S2 starwindservice;Awhost32;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
S2 symantecantibotagent;S3savagemx;c:\windows\system32\svchost.exe -k netsvcs [2003-7-16 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-13 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-7-31 341504]
S4 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-06-05 03:23:54 -------- d-----w- c:\documents and settings\justin\application data\Malwarebytes
2012-06-05 03:23:48 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-06-05 03:23:47 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-05 03:23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-04 19:48:00 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-06-04 19:47:51 -------- d-----w- c:\documents and settings\justin\application data\AVG Secure Search
2012-06-04 19:47:44 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-06-04 19:47:39 -------- d-----w- c:\program files\AVG Secure Search
2012-06-04 19:46:39 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-04 08:11:07 208896 ----a-w- c:\windows\MBR.exe
2012-06-04 08:11:06 98816 ----a-w- c:\windows\sed.exe
2012-06-04 08:11:06 518144 ----a-w- c:\windows\SWREG.exe
2012-06-04 08:11:06 256000 ----a-w- c:\windows\PEV.exe
2012-05-31 06:41:27 -------- d-----w- c:\windows\system32\NtmsData
2012-05-31 06:14:28 -------- d-----w- c:\windows\pss
2012-05-31 05:21:35 -------- d-----w- c:\documents and settings\justin\application data\Windows Search
.
==================== Find3M ====================
.
2012-06-05 02:41:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 02:41:07 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500AAJS-75M0A0 rev.02.03E02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A81B49F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a822740]; MOV EAX, [0x8a8228b4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x8AB51AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\00000067[0x8AB6B258]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x8AADED98]
\Driver\atapi[0x8AA81030] -> IRP_MJ_CREATE -> 0x8A81B49F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A81B2C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 21:09:02.70 ===============

Fudd0828 · Jun 5, 2012

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/21/2009 7:52:57 PM
System Uptime: 6/4/2012 8:14:58 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0UT225
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket M2 | 2204/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 213.803 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_01EC1028&REV_A3\3&2411E6FE&0&51
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_01EC1028&REV_A3\3&2411E6FE&0&51
Service:
.
==== System Restore Points ===================
.
RP472: 3/18/2012 5:31:03 PM - Restore Operation
RP473: 3/18/2012 5:33:54 PM - Restore Operation
RP474: 5/30/2012 10:56:46 PM - System Checkpoint
RP475: 6/3/2012 2:44:19 PM - System Checkpoint
RP476: 6/4/2012 7:57:07 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.6
AIO_Scan
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2012
Bonjour
Broadcom Gigabit Integrated Controller
BufferChm
Citrix Presentation Server Client
Copy
CRW_v10_ES360
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
eSupportQFolder
F4100
F4100_doccd
F4100_Help
Fujitsu COBOL Free Run-time
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2003
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WG111v3 wireless USB 2.0 adapter
PhoTags Express
PSSWCORE
QuickTime
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SigmaTel Audio
SolutionCenter
Status
Toolbox
TrayApp
Uninstall Dual Mode Camera
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VBA (2627.01)
VideoToolkit01
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Search 4.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
6/4/2012 9:12:06 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 480 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
6/4/2012 12:52:00 AM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
6/4/2012 12:51:59 AM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/4/2012 12:42:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/4/2012 12:42:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Avgldx86 Avgmfx86 Avgtdix Fips IPSec MRxSmb NetBIOS RasAcd Rdbss Tcpip WS2IFSL
6/4/2012 1:40:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Avgmfx86 Avgtdix Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
6/4/2012 1:40:42 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/4/2012 1:30:28 AM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
6/4/2012 1:23:31 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Avgmfx86 Fips
6/4/2012 1:06:08 AM, error: Service Control Manager [7000] - The AVG Anti-Rootkit Driver service failed to start due to the following error: The system cannot find the file specified.
6/4/2012 1:05:00 AM, error: Schedule [7901] - The At66.job command failed to start due to the following error: %%2147942402
6/4/2012 1:05:00 AM, error: Schedule [7901] - The At65.job command failed to start due to the following error: %%2147942402
6/4/2012 1:05:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
6/4/2012 1:05:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
6/4/2012 1:00:00 AM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
6/4/2012 1:00:00 AM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
6/3/2012 7:05:00 PM, error: Schedule [7901] - The At102.job command failed to start due to the following error: %%2147942402
6/3/2012 7:05:00 PM, error: Schedule [7901] - The At101.job command failed to start due to the following error: %%2147942402
6/3/2012 7:00:40 PM, error: Schedule [7901] - The At58.job command failed to start due to the following error: %%2147942402
6/3/2012 7:00:00 PM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402
6/3/2012 6:54:50 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The ZBackupAssistService service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The WmBEnum service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Wm service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Winvnc4 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Wandrv service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The W200mdfl service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Vpcnets2 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Videoacceleratorengine service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Vga service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Vetfddnt service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Vetefile service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The VCAM service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The VC6SecS service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The VC4CB104 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Usprserv service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Uscbs108 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Usbvm321 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The USBDongle service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The UimBus service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Tvicport service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Tsp service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Transarcafsdaemon service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The TPM service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Tpkmpsvc service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Tmxpflt service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Thkeys service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Tfsnpool service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Sysplant service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The SWMX00 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Svcwrsssdk service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The StickyMesger service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Ssm_mdfl service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Ss_mdfl service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The SQTECH9080 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The SQLAgent$ABBEYIIOFFLINE service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Spupdsvc service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The SprintRcAppSvc service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Sonywbms service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Snpstd service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Snapman380 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Sfhlp01 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The SetupSys service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Ser2pl service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Se59mgmt service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Se59bus service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Se58obex service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Sdcoreservice service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Sdbus service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Scsiaccess service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The ScFBPNT2 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Sagefserver service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The S716mdm service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The S3savagemx service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The S217mdfl service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Rwbackupsrv service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Rp32service service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Rnadirectory service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Rdpdd service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Rapapp service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Pxfhbus service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Prevxagent service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The PPPoEWin service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Phc600 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Pcscnsrv service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Pavfnsvr service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Pav_service service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Pacsptisvr service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Orbpvr service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Oracleservicesecinst service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The NWFILTER service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The NTSIM service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Ntpr_nic_service2 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Nm service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The NetTcpActivator service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The NETMDUSB service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Ncrc710 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Nchssvad service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Mwspollserver service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Mskservice service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Mqdmserd service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Mgisvr service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Mfetdik service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Meraksmtp service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Mcsysmon service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The MagicTune service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The LxdmCATSCustConnectService service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Lxcr_device service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The LVRS service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The LPCFilter service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Lp6nds35 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Ldlcserv service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Ldap service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Lanusb service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The KMW_USB service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Kbstuff service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The K750mdfl service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Iviregmgr service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The ISMBIOS service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Iksyssec service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The ICAM3NT5 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Iam service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The HssSrv service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The HSFHWALI service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The HPFECP20 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Hddsvc service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Hcmon service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Gdihook5 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Freebsd service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The FiltUSBEMPIA service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Fetnd5bv service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Fax service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Evteng service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The ErrDev service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The EPSON_EB_RPCV4_01 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Enxpsvr service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Emitray service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Elnkfwppservice service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The EL2000 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Ehrecvr service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Dlpwd service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Cxusb service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Cwafrmiregistry service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Ctxcpubal service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Ctljystk service terminated with the following error: The specified procedure could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Cpqfws2e service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The ClntMgmt.sys service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Cicssfs.scmmc223 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Centennialclientagent service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The CDRPDACC service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Ccflic0 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Camdrl service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Btwdins service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Bdss service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Battc service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Awhost32 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The AVerTV service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Automate6 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The ATWPKT2 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The ATSWPDRV service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Ati service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Asp.net_1.1.4322 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The AR5416 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Amoagent service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The Alertmanager service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7023] - The A4S2600 service terminated with the following error: The specified module could not be found.
6/3/2012 6:50:40 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LMIGuardianSvc service to connect.
6/3/2012 6:50:40 PM, error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT
6/3/2012 6:50:40 PM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: NetBT
6/3/2012 6:50:40 PM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the file specified.
6/3/2012 6:50:40 PM, error: Service Control Manager [7000] - The LMIGuardianSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/3/2012 6:05:00 PM, error: Schedule [7901] - The At99.job command failed to start due to the following error: %%2147942402
6/3/2012 6:05:00 PM, error: Schedule [7901] - The At100.job command failed to start due to the following error: %%2147942402
6/3/2012 6:00:25 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 240 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
6/3/2012 6:00:00 PM, error: Schedule [7901] - The At57.job command failed to start due to the following error: %%2147942402
6/3/2012 6:00:00 PM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
6/3/2012 5:05:00 PM, error: Schedule [7901] - The At98.job command failed to start due to the following error: %%2147942402
6/3/2012 5:05:00 PM, error: Schedule [7901] - The At97.job command failed to start due to the following error: %%2147942402
6/3/2012 5:00:00 PM, error: Schedule [7901] - The At56.job command failed to start due to the following error: %%2147942402
6/3/2012 5:00:00 PM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402
6/3/2012 4:05:00 PM, error: Schedule [7901] - The At96.job command failed to start due to the following error: %%2147942402
6/3/2012 4:05:00 PM, error: Schedule [7901] - The At95.job command failed to start due to the following error: %%2147942402
6/3/2012 4:00:24 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
6/3/2012 4:00:00 PM, error: Schedule [7901] - The At55.job command failed to start due to the following error: %%2147942402
6/3/2012 4:00:00 PM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402
6/3/2012 3:05:00 PM, error: Schedule [7901] - The At94.job command failed to start due to the following error: %%2147942402
6/3/2012 3:05:00 PM, error: Schedule [7901] - The At93.job command failed to start due to the following error: %%2147942402
6/3/2012 3:00:23 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
6/3/2012 3:00:00 PM, error: Schedule [7901] - The At54.job command failed to start due to the following error: %%2147942402
6/3/2012 3:00:00 PM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402
6/3/2012 2:30:23 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/30/2012 9:44:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/30/2012 9:19:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/30/2012 5:58:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Avgldx86 Avgmfx86 Avgtdix Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
5/30/2012 5:58:27 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
5/30/2012 5:58:27 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/30/2012 5:58:27 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/30/2012 5:58:27 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
5/30/2012 5:58:27 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/30/2012 5:58:27 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/30/2012 5:57:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/30/2012 11:05:00 PM, error: Schedule [7901] - The At110.job command failed to start due to the following error: %%2147942402
5/30/2012 11:05:00 PM, error: Schedule [7901] - The At109.job command failed to start due to the following error: %%2147942402
5/30/2012 11:00:00 PM, error: Schedule [7901] - The At62.job command failed to start due to the following error: %%2147942402
5/30/2012 11:00:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402
5/30/2012 10:05:00 PM, error: Schedule [7901] - The At108.job command failed to start due to the following error: %%2147942402
5/30/2012 10:05:00 PM, error: Schedule [7901] - The At107.job command failed to start due to the following error: %%2147942402
5/30/2012 10:00:00 PM, error: Schedule [7901] - The At61.job command failed to start due to the following error: %%2147942402
5/30/2012 10:00:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
.
==== End Of File ===========================

Broni · Jun 5, 2012

Good.

We have a rootkit there.
That's why your computer is sluggish.

My bed time is coming, so I'll check on you tomorrow morning.

If you still have time...

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Fudd0828 · Jun 5, 2012

22:10:23.0687 0236 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:10:24.0187 0236 ============================================================
22:10:24.0187 0236 Current date / time: 2012/06/04 22:10:24.0187
22:10:24.0187 0236 SystemInfo:
22:10:24.0187 0236
22:10:24.0187 0236 OS Version: 5.1.2600 ServicePack: 3.0
22:10:24.0187 0236 Product type: Workstation
22:10:24.0343 0236 ComputerName: DESKTOP
22:10:24.0343 0236 UserName: Justin
22:10:24.0343 0236 Windows directory: C:\WINDOWS
22:10:24.0343 0236 System windows directory: C:\WINDOWS
22:10:24.0343 0236 Processor architecture: Intel x86
22:10:24.0343 0236 Number of processors: 1
22:10:24.0343 0236 Page size: 0x1000
22:10:24.0343 0236 Boot type: Normal boot
22:10:24.0343 0236 ============================================================
22:10:26.0562 0236 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:10:26.0562 0236 ============================================================
22:10:26.0562 0236 \Device\Harddisk0\DR0:
22:10:26.0562 0236 MBR partitions:
22:10:26.0562 0236 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1A4F3A
22:10:26.0562 0236 ============================================================
22:10:26.0609 0236 C: <-> \Device\Harddisk0\DR0\Partition0
22:10:26.0609 0236 ============================================================
22:10:26.0609 0236 Initialize success
22:10:26.0609 0236 ============================================================
22:10:30.0140 3188 ============================================================
22:10:30.0140 3188 Scan started
22:10:30.0140 3188 Mode: Manual;
22:10:30.0140 3188 ============================================================
22:10:31.0015 3188 Abiosdsk - ok
22:10:31.0031 3188 abp480n5 - ok
22:10:31.0031 3188 acermemusagecheckservice - ok
22:10:31.0109 3188 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:10:31.0109 3188 ACPI - ok
22:10:31.0140 3188 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:10:31.0140 3188 ACPIEC - ok
22:10:31.0156 3188 AcronisOSSReinstallSvc - ok
22:10:31.0156 3188 acs - ok
22:10:31.0187 3188 addfiltr - ok
22:10:31.0250 3188 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:10:31.0250 3188 AdobeFlashPlayerUpdateSvc - ok
22:10:31.0265 3188 adpu160m - ok
22:10:31.0265 3188 adpu320 - ok
22:10:31.0328 3188 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:10:31.0328 3188 aec - ok
22:10:31.0390 3188 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:10:31.0390 3188 AegisP - ok
22:10:31.0406 3188 aexnsclienttransport - ok
22:10:31.0453 3188 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
22:10:31.0453 3188 AFD - ok
22:10:31.0468 3188 AFGMp50 - ok
22:10:31.0468 3188 AGV - ok
22:10:31.0484 3188 Aha154x - ok
22:10:31.0500 3188 aic78u2 - ok
22:10:31.0515 3188 aic78xx - ok
22:10:31.0562 3188 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:10:31.0578 3188 Alerter - ok
22:10:31.0609 3188 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:10:31.0609 3188 ALG - ok
22:10:31.0609 3188 aliadwdm - ok
22:10:31.0625 3188 AliIde - ok
22:10:31.0640 3188 Alpham2 - ok
22:10:31.0687 3188 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
22:10:31.0703 3188 AmdK8 - ok
22:10:31.0703 3188 amsint - ok
22:10:31.0843 3188 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:10:31.0859 3188 Apple Mobile Device - ok
22:10:31.0906 3188 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:10:31.0906 3188 AppMgmt - ok
22:10:31.0921 3188 asc - ok
22:10:31.0921 3188 asc3350p - ok
22:10:31.0937 3188 asc3550 - ok
22:10:32.0109 3188 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:10:32.0109 3188 aspnet_state - ok
22:10:32.0171 3188 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:10:32.0171 3188 AsyncMac - ok
22:10:32.0187 3188 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:10:32.0187 3188 atapi - ok
22:10:32.0203 3188 Atdisk - ok
22:10:32.0250 3188 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:10:32.0250 3188 Atmarpc - ok
22:10:32.0281 3188 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:10:32.0281 3188 AudioSrv - ok
22:10:32.0328 3188 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:10:32.0328 3188 audstub - ok
22:10:32.0343 3188 automate6 - ok
22:10:32.0671 3188 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
22:10:32.0703 3188 AVGIDSAgent - ok
22:10:32.0859 3188 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
22:10:32.0859 3188 AVGIDSDriver - ok
22:10:32.0906 3188 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
22:10:32.0906 3188 AVGIDSEH - ok
22:10:32.0937 3188 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
22:10:32.0937 3188 AVGIDSFilter - ok
22:10:32.0953 3188 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
22:10:32.0953 3188 AVGIDSShim - ok
22:10:33.0000 3188 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:10:33.0015 3188 Avgldx86 - ok
22:10:33.0046 3188 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:10:33.0046 3188 Avgmfx86 - ok
22:10:33.0078 3188 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:10:33.0078 3188 Avgrkx86 - ok
22:10:33.0109 3188 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:10:33.0109 3188 Avgtdix - ok
22:10:33.0234 3188 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
22:10:33.0234 3188 avgwd - ok
22:10:33.0281 3188 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:10:33.0281 3188 b57w2k - ok
22:10:33.0328 3188 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:10:33.0328 3188 Beep - ok
22:10:33.0390 3188 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:10:33.0406 3188 BITS - ok
22:10:33.0468 3188 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:10:33.0484 3188 Bonjour Service - ok
22:10:33.0531 3188 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:10:33.0531 3188 Browser - ok
22:10:33.0546 3188 bthenum - ok
22:10:33.0546 3188 btnetfilter - ok
22:10:33.0578 3188 catchme - ok
22:10:33.0609 3188 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:10:33.0609 3188 cbidf2k - ok
22:10:33.0640 3188 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:10:33.0640 3188 CCDECODE - ok
22:10:33.0656 3188 ccpwdsvc - ok
22:10:33.0671 3188 cd20xrnt - ok
22:10:33.0687 3188 CdaD10BA - ok
22:10:33.0750 3188 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:10:33.0765 3188 Cdaudio - ok
22:10:33.0812 3188 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:10:33.0812 3188 Cdfs - ok
22:10:33.0828 3188 cdmservice - ok
22:10:33.0843 3188 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:10:33.0843 3188 Cdrom - ok
22:10:33.0859 3188 Changer - ok
22:10:33.0859 3188 cicssfs.scmmc223 - ok
22:10:33.0921 3188 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:10:33.0921 3188 CiSvc - ok
22:10:33.0968 3188 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:10:33.0968 3188 ClipSrv - ok
22:10:34.0093 3188 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:10:34.0093 3188 clr_optimization_v2.0.50727_32 - ok
22:10:34.0109 3188 CmdIde - ok
22:10:34.0109 3188 COMSysApp - ok
22:10:34.0140 3188 Cpqarray - ok
22:10:34.0203 3188 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:10:34.0203 3188 CryptSvc - ok
22:10:34.0203 3188 crystaloutputfileserver - ok
22:10:34.0218 3188 CTDevice_Srv - ok
22:10:34.0234 3188 CTEDSPSY.DLL - ok
22:10:34.0250 3188 CTEXFIFX.DLL - ok
22:10:34.0265 3188 ctsfm2k - ok
22:10:34.0281 3188 dac2w2k - ok
22:10:34.0296 3188 dac960nt - ok
22:10:34.0312 3188 db2 - ok
22:10:34.0328 3188 DCFS2K - ok
22:10:34.0406 3188 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:10:34.0406 3188 DcomLaunch - ok
22:10:34.0421 3188 Dell1100_FUService - ok
22:10:34.0468 3188 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:10:34.0468 3188 Dhcp - ok
22:10:34.0484 3188 digictrl - ok
22:10:34.0484 3188 digisptiservice - ok
22:10:34.0546 3188 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:10:34.0546 3188 Disk - ok
22:10:34.0546 3188 DivisCTP - ok
22:10:34.0562 3188 dklogger - ok
22:10:34.0578 3188 dlaifs_m - ok
22:10:34.0625 3188 dlaudfam (c62f76344cd3a3a6314055b4929e529d) C:\WINDOWS\system32\BrSerIf.dll
22:10:34.0625 3188 dlaudfam - ok
22:10:34.0625 3188 dmadmin - ok
22:10:34.0687 3188 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:10:34.0718 3188 dmboot - ok
22:10:34.0718 3188 DMICall - ok
22:10:34.0734 3188 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:10:34.0750 3188 dmio - ok
22:10:34.0765 3188 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:10:34.0765 3188 dmload - ok
22:10:34.0796 3188 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:10:34.0796 3188 dmserver - ok
22:10:34.0812 3188 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:10:34.0812 3188 DMusic - ok
22:10:34.0859 3188 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:10:34.0859 3188 Dnscache - ok
22:10:34.0859 3188 dnserver32 - ok
22:10:34.0875 3188 dntus26 - ok
22:10:34.0921 3188 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:10:34.0921 3188 Dot3svc - ok
22:10:34.0968 3188 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
22:10:34.0984 3188 Dot4Scan - ok
22:10:34.0984 3188 dpti2o - ok
22:10:35.0046 3188 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:10:35.0046 3188 drmkaud - ok
22:10:35.0046 3188 dtsagntsvc - ok
22:10:35.0062 3188 dvd_2K - ok
22:10:35.0078 3188 dxdebug - ok
22:10:35.0109 3188 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:10:35.0109 3188 EapHost - ok
22:10:35.0140 3188 EAPPkt (c47e7c5e7410c7de98f7219e3008c23d) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
22:10:35.0156 3188 EAPPkt - ok
22:10:35.0156 3188 ec2007service - ok
22:10:35.0171 3188 elaunidr - ok
22:10:35.0187 3188 eloggersvc6 - ok
22:10:35.0203 3188 EMCFILT - ok
22:10:35.0218 3188 EPOWER - ok
22:10:35.0234 3188 erecoveryservice - ok
22:10:35.0265 3188 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:10:35.0281 3188 ERSvc - ok
22:10:35.0328 3188 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:10:35.0328 3188 Eventlog - ok
22:10:35.0390 3188 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:10:35.0406 3188 EventSystem - ok
22:10:35.0484 3188 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:10:35.0484 3188 Fastfat - ok
22:10:35.0531 3188 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:10:35.0531 3188 FastUserSwitchingCompatibility - ok
22:10:35.0546 3188 fcprintservice - ok
22:10:35.0578 3188 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:10:35.0578 3188 Fdc - ok
22:10:35.0578 3188 FET5X86V - ok
22:10:35.0593 3188 fetnd5bv - ok
22:10:35.0625 3188 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:10:35.0625 3188 Fips - ok
22:10:35.0656 3188 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:10:35.0656 3188 Flpydisk - ok
22:10:35.0703 3188 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:10:35.0703 3188 FltMgr - ok
22:10:35.0828 3188 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:10:35.0828 3188 FontCache3.0.0.0 - ok
22:10:35.0890 3188 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:10:35.0890 3188 Fs_Rec - ok
22:10:35.0906 3188 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:10:35.0921 3188 Ftdisk - ok
22:10:35.0968 3188 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:10:35.0984 3188 GEARAspiWDM - ok
22:10:36.0031 3188 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:10:36.0031 3188 Gpc - ok
22:10:36.0031 3188 grmnusb - ok
22:10:36.0187 3188 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:10:36.0187 3188 gupdate - ok
22:10:36.0203 3188 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:10:36.0203 3188 gupdatem - ok
22:10:36.0265 3188 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:10:36.0281 3188 gusvc - ok
22:10:36.0281 3188 ha20x2k - ok
22:10:36.0296 3188 hap17v2k - ok
22:10:36.0343 3188 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:10:36.0343 3188 HDAudBus - ok
22:10:36.0390 3188 helpsvc - ok
22:10:36.0437 3188 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:10:36.0437 3188 HidServ - ok
22:10:36.0500 3188 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:10:36.0500 3188 hidusb - ok
22:10:36.0546 3188 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:10:36.0546 3188 hkmsvc - ok
22:10:36.0546 3188 hmonitor - ok
22:10:36.0562 3188 hpn - ok
22:10:36.0671 3188 hpqcxs08 (58d4765ab87347db835d5693adf652c1) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:10:36.0687 3188 hpqcxs08 - ok
22:10:36.0718 3188 hpqddsvc (99ed733f614660eb32199bf889dfb7e2) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:10:36.0718 3188 hpqddsvc - ok
22:10:36.0781 3188 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:10:36.0781 3188 HPZid412 - ok
22:10:36.0828 3188 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:10:36.0828 3188 HPZipr12 - ok
22:10:36.0875 3188 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:10:36.0875 3188 HPZius12 - ok
22:10:36.0875 3188 HSFHWICH - ok
22:10:36.0890 3188 HssDrv - ok
22:10:36.0953 3188 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:10:36.0984 3188 HTTP - ok
22:10:37.0046 3188 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:10:37.0046 3188 HTTPFilter - ok
22:10:37.0062 3188 i2omgmt - ok
22:10:37.0062 3188 i2omp - ok
22:10:37.0125 3188 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
22:10:37.0125 3188 i8042prt - ok
22:10:37.0125 3188 iaimfp2 - ok
22:10:37.0281 3188 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:10:37.0312 3188 idsvc - ok
22:10:37.0312 3188 igateway - ok
22:10:37.0328 3188 iirsp - ok
22:10:37.0375 3188 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:10:37.0375 3188 Imapi - ok
22:10:37.0421 3188 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:10:37.0437 3188 ImapiService - ok
22:10:37.0437 3188 ini910u - ok
22:10:37.0468 3188 IntelIde - ok
22:10:37.0484 3188 iolodmv - ok
22:10:37.0500 3188 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:10:37.0515 3188 ip6fw - ok
22:10:37.0531 3188 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:10:37.0531 3188 IpFilterDriver - ok
22:10:37.0546 3188 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:10:37.0546 3188 IpInIp - ok
22:10:37.0578 3188 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:10:37.0593 3188 IpNat - ok
22:10:37.0703 3188 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
22:10:37.0718 3188 iPod Service - ok
22:10:37.0734 3188 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:10:37.0734 3188 IPSec - ok
22:10:37.0765 3188 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:10:37.0765 3188 IRENUM - ok
22:10:37.0796 3188 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:10:37.0796 3188 isapnp - ok
22:10:37.0796 3188 issvc - ok
22:10:37.0906 3188 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
22:10:37.0906 3188 JavaQuickStarterService - ok
22:10:37.0953 3188 JL2005C (efe9fdc54ba6d55dcefe045062ad5c3f) C:\WINDOWS\system32\Drivers\jl2005c.sys
22:10:37.0968 3188 JL2005C - ok
22:10:38.0015 3188 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:10:38.0015 3188 Kbdclass - ok
22:10:38.0031 3188 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:10:38.0031 3188 kbdhid - ok
22:10:38.0078 3188 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:10:38.0078 3188 kmixer - ok
22:10:38.0125 3188 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
22:10:38.0125 3188 KMWDFILTER - ok
22:10:38.0125 3188 kodakccs - ok
22:10:38.0156 3188 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:10:38.0156 3188 KSecDD - ok
22:10:38.0156 3188 L1e - ok
22:10:38.0203 3188 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:10:38.0203 3188 lanmanserver - ok
22:10:38.0265 3188 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:10:38.0265 3188 lanmanworkstation - ok
22:10:38.0265 3188 lbrtfdc - ok
22:10:38.0328 3188 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:10:38.0328 3188 LmHosts - ok
22:10:38.0421 3188 LMIGuardianSvc (6e7d0424132a7c2113f7f0912045b137) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
22:10:38.0437 3188 LMIGuardianSvc - ok
22:10:38.0437 3188 LMIInfo - ok
22:10:38.0500 3188 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
22:10:38.0500 3188 lmimirr - ok
22:10:38.0515 3188 LMIRfsClientNP - ok
22:10:38.0531 3188 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
22:10:38.0531 3188 LMIRfsDriver - ok
22:10:38.0546 3188 LMouFilt - ok
22:10:38.0546 3188 LMS - ok
22:10:38.0562 3188 LVPrcMon - ok
22:10:38.0578 3188 lxcccustomerconnect - ok
22:10:38.0609 3188 maya70docserver - ok
22:10:38.0640 3188 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
22:10:38.0640 3188 MBAMProtector - ok
22:10:38.0687 3188 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:10:38.0687 3188 MBAMService - ok
22:10:38.0703 3188 mcrdsvc - ok
22:10:38.0796 3188 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:10:38.0812 3188 MDM - ok
22:10:38.0812 3188 mdvrmng - ok
22:10:38.0843 3188 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:10:38.0859 3188 Messenger - ok
22:10:38.0859 3188 mfeavfk - ok
22:10:38.0906 3188 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:10:38.0906 3188 mnmdd - ok
22:10:38.0953 3188 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
22:10:38.0953 3188 mnmsrvc - ok
22:10:38.0984 3188 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:10:38.0984 3188 Modem - ok
22:10:39.0015 3188 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:10:39.0015 3188 Mouclass - ok
22:10:39.0078 3188 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:10:39.0078 3188 mouhid - ok
22:10:39.0125 3188 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:10:39.0125 3188 MountMgr - ok
22:10:39.0125 3188 mraid35x - ok
22:10:39.0140 3188 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:10:39.0140 3188 MRxDAV - ok
22:10:39.0203 3188 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:10:39.0218 3188 MRxSmb - ok
22:10:39.0218 3188 MSCamSvc - ok
22:10:39.0265 3188 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
22:10:39.0265 3188 MSDTC - ok
22:10:39.0281 3188 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:10:39.0281 3188 Msfs - ok
22:10:39.0296 3188 MSIServer - ok
22:10:39.0343 3188 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:10:39.0343 3188 MSKSSRV - ok
22:10:39.0343 3188 msmframework - ok
22:10:39.0359 3188 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:10:39.0359 3188 MSPCLOCK - ok
22:10:39.0375 3188 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:10:39.0375 3188 MSPQM - ok
22:10:39.0421 3188 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:10:39.0421 3188 mssmbios - ok
22:10:39.0437 3188 mssql$microsoftbcm - ok
22:10:39.0468 3188 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:10:39.0468 3188 MSTEE - ok
22:10:39.0484 3188 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:10:39.0484 3188 Mup - ok
22:10:39.0546 3188 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:10:39.0562 3188 NABTSFEC - ok
22:10:39.0562 3188 naimagent32 - ok
22:10:39.0609 3188 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:10:39.0625 3188 napagent - ok
22:10:39.0687 3188 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:10:39.0703 3188 NDIS - ok
22:10:39.0734 3188 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:10:39.0734 3188 NdisIP - ok
22:10:39.0734 3188 Ndismeetro - ok
22:10:39.0781 3188 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:10:39.0781 3188 NdisTapi - ok
22:10:39.0796 3188 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:10:39.0796 3188 Ndisuio - ok
22:10:39.0828 3188 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:10:39.0843 3188 NdisWan - ok
22:10:39.0890 3188 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:10:39.0890 3188 NDProxy - ok
22:10:39.0937 3188 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
22:10:39.0937 3188 Net Driver HPZ12 - ok
22:10:39.0953 3188 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:10:39.0953 3188 NetBIOS - ok
22:10:40.0000 3188 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\drivers\netbt.sys
22:10:40.0015 3188 NetBT - ok
22:10:40.0078 3188 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:10:40.0078 3188 NetDDE - ok
22:10:40.0078 3188 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:10:40.0093 3188 NetDDEdsdm - ok
22:10:40.0140 3188 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:10:40.0140 3188 Netlogon - ok
22:10:40.0203 3188 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:10:40.0203 3188 Netman - ok
22:10:40.0218 3188 netmnt - ok
22:10:40.0218 3188 netsvc - ok
22:10:40.0359 3188 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:10:40.0359 3188 NetTcpPortSharing - ok
22:10:40.0375 3188 NETw4v32 - ok
22:10:40.0375 3188 nhcDriverDevice - ok
22:10:40.0390 3188 nic1394 - ok
22:10:40.0406 3188 nimcrpcsu - ok
22:10:40.0484 3188 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:10:40.0484 3188 Nla - ok
22:10:40.0484 3188 NMSAccessU - ok
22:10:40.0546 3188 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:10:40.0546 3188 Npfs - ok
22:10:40.0562 3188 nsengine - ok
22:10:40.0562 3188 nsm1serd - ok
22:10:40.0578 3188 Nsynas32 - ok
22:10:40.0640 3188 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:10:40.0656 3188 Ntfs - ok
22:10:40.0656 3188 NTIDrvr - ok
22:10:40.0671 3188 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
22:10:40.0671 3188 NtLmSsp - ok
22:10:40.0734 3188 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:10:40.0750 3188 NtmsSvc - ok
22:10:40.0796 3188 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
22:10:40.0796 3188 NuidFltr - ok
22:10:40.0843 3188 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:10:40.0843 3188 Null - ok
22:10:40.0984 3188 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:10:41.0031 3188 nv - ok
22:10:41.0156 3188 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:10:41.0156 3188 NwlnkFlt - ok
22:10:41.0156 3188 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:10:41.0171 3188 NwlnkFwd - ok
22:10:41.0171 3188 obvious - ok
22:10:41.0281 3188 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:10:41.0296 3188 odserv - ok
22:10:41.0312 3188 OEM02Dev - ok
22:10:41.0312 3188 omniserv - ok
22:10:41.0390 3188 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:10:41.0406 3188 ose - ok
22:10:41.0421 3188 pageserver - ok
22:10:41.0484 3188 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:10:41.0484 3188 Parport - ok
22:10:41.0546 3188 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:10:41.0546 3188 PartMgr - ok
22:10:41.0593 3188 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:10:41.0593 3188 ParVdm - ok
22:10:41.0609 3188 pcampr5 - ok
22:10:41.0609 3188 PcdrNt - ok
22:10:41.0656 3188 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:10:41.0656 3188 PCI - ok
22:10:41.0671 3188 PCIDump - ok
22:10:41.0718 3188 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:10:41.0718 3188 PCIIde - ok
22:10:41.0750 3188 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:10:41.0750 3188 Pcmcia - ok
22:10:41.0765 3188 PDCOMP - ok
22:10:41.0765 3188 PDFRAME - ok
22:10:41.0781 3188 PDRELI - ok
22:10:41.0812 3188 PDRFRAME - ok
22:10:41.0828 3188 pepifilter - ok
22:10:41.0843 3188 perc2 - ok
22:10:41.0859 3188 perc2hib - ok
22:10:41.0906 3188 pinnaclesys.mediaserver - ok
22:10:41.0968 3188 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:10:41.0968 3188 PlugPlay - ok
22:10:42.0015 3188 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
22:10:42.0015 3188 Pml Driver HPZ12 - ok
22:10:42.0046 3188 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:10:42.0046 3188 PolicyAgent - ok
22:10:42.0109 3188 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:10:42.0125 3188 PptpMiniport - ok
22:10:42.0140 3188 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:10:42.0140 3188 Processor - ok
22:10:42.0140 3188 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:10:42.0140 3188 ProtectedStorage - ok
22:10:42.0156 3188 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:10:42.0156 3188 PSched - ok
22:10:42.0187 3188 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:10:42.0187 3188 Ptilink - ok
22:10:42.0187 3188 ql1080 - ok
22:10:42.0203 3188 Ql10wnt - ok
22:10:42.0218 3188 ql12160 - ok
22:10:42.0234 3188 ql1240 - ok
22:10:42.0250 3188 ql1280 - ok
22:10:42.0296 3188 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:10:42.0296 3188 RasAcd - ok
22:10:42.0343 3188 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:10:42.0359 3188 RasAuto - ok
22:10:42.0375 3188 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:10:42.0375 3188 Rasl2tp - ok
22:10:42.0437 3188 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:10:42.0437 3188 RasMan - ok
22:10:42.0437 3188 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:10:42.0437 3188 RasPppoe - ok
22:10:42.0453 3188 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:10:42.0453 3188 Raspti - ok
22:10:42.0468 3188 raysatxsi5_0server - ok
22:10:42.0484 3188 rca - ok
22:10:42.0515 3188 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:10:42.0515 3188 Rdbss - ok
22:10:42.0531 3188 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:10:42.0531 3188 RDPCDD - ok
22:10:42.0562 3188 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:10:42.0578 3188 rdpdr - ok
22:10:42.0625 3188 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:10:42.0625 3188 RDPWD - ok
22:10:42.0687 3188 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:10:42.0687 3188 RDSessMgr - ok
22:10:42.0734 3188 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:10:42.0734 3188 redbook - ok
22:10:42.0781 3188 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:10:42.0781 3188 RemoteAccess - ok
22:10:42.0781 3188 remotelyanywhere - ok
22:10:42.0843 3188 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:10:42.0859 3188 RemoteRegistry - ok
22:10:42.0859 3188 RivaTuner32 - ok
22:10:42.0875 3188 ROB_V - ok
22:10:42.0906 3188 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
22:10:42.0906 3188 RpcLocator - ok
22:10:42.0953 3188 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:10:42.0968 3188 RpcSs - ok
22:10:42.0968 3188 rsvchost - ok
22:10:43.0000 3188 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
22:10:43.0015 3188 RSVP - ok
22:10:43.0078 3188 RTL8187B (de4635e8b7975d2b5d961299469a7462) C:\WINDOWS\system32\DRIVERS\wg111v3.sys
22:10:43.0078 3188 RTL8187B - ok
22:10:43.0093 3188 s3psddr - ok
22:10:43.0093 3188 s3savagenb - ok
22:10:43.0125 3188 s3twistr - ok
22:10:43.0140 3188 SABProcEnum - ok
22:10:43.0156 3188 SaiH040B - ok
22:10:43.0171 3188 SaiU040B - ok
22:10:43.0234 3188 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:10:43.0234 3188 SamSs - ok
22:10:43.0265 3188 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:10:43.0265 3188 SCardSvr - ok
22:10:43.0296 3188 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:10:43.0296 3188 Schedule - ok
22:10:43.0312 3188 se27unic - ok
22:10:43.0328 3188 SE2Bbus - ok
22:10:43.0343 3188 SE2Bmdm - ok
22:10:43.0359 3188 se44mdm - ok
22:10:43.0390 3188 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:10:43.0390 3188 Secdrv - ok
22:10:43.0421 3188 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:10:43.0421 3188 seclogon - ok
22:10:43.0437 3188 SecureStorageService - ok
22:10:43.0437 3188 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:10:43.0437 3188 SENS - ok
22:10:43.0453 3188 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:10:43.0468 3188 serenum - ok
22:10:43.0484 3188 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:10:43.0484 3188 Serial - ok
22:10:43.0515 3188 servidor - ok
22:10:43.0593 3188 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:10:43.0593 3188 Sfloppy - ok
22:10:43.0593 3188 SGHIDI - ok
22:10:43.0640 3188 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:10:43.0656 3188 SharedAccess - ok
22:10:43.0687 3188 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:10:43.0687 3188 ShellHWDetection - ok
22:10:43.0703 3188 Simbad - ok
22:10:43.0703 3188 Sk99202k - ok
22:10:43.0765 3188 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:10:43.0765 3188 SLIP - ok
22:10:43.0781 3188 SNP2UVC - ok
22:10:43.0796 3188 Sparrow - ok
22:10:43.0828 3188 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:10:43.0828 3188 splitter - ok
22:10:43.0875 3188 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:10:43.0875 3188 Spooler - ok
22:10:43.0875 3188 sprtsvc_ddoctorv2 - ok
22:10:43.0906 3188 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:10:43.0906 3188 sr - ok
22:10:43.0968 3188 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:10:43.0968 3188 srservice - ok
22:10:44.0000 3188 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:10:44.0015 3188 Srv - ok
22:10:44.0062 3188 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:10:44.0062 3188 SSDPSRV - ok
22:10:44.0062 3188 stacsv - ok
22:10:44.0078 3188 starwindservice - ok
22:10:44.0187 3188 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
22:10:44.0203 3188 STHDA - ok
22:10:44.0265 3188 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:10:44.0281 3188 stisvc - ok
22:10:44.0328 3188 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:10:44.0328 3188 streamip - ok
22:10:44.0328 3188 superproserver - ok
22:10:44.0375 3188 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:10:44.0375 3188 swenum - ok
22:10:44.0390 3188 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:10:44.0390 3188 swmidi - ok
22:10:44.0406 3188 SwPrv - ok
22:10:44.0421 3188 symantecantibotagent - ok
22:10:44.0437 3188 symc810 - ok
22:10:44.0453 3188 symc8xx - ok
22:10:44.0500 3188 symidsco - ok
22:10:44.0500 3188 symproxysvc - ok
22:10:44.0515 3188 sym_hi - ok
22:10:44.0531 3188 sym_u3 - ok
22:10:44.0593 3188 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:10:44.0593 3188 sysaudio - ok
22:10:44.0656 3188 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:10:44.0656 3188 SysmonLog - ok
22:10:44.0656 3188 szserver - ok
22:10:44.0671 3188 tabletservice - ok
22:10:44.0718 3188 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:10:44.0718 3188 TapiSrv - ok
22:10:44.0734 3188 tbaspi - ok
22:10:44.0796 3188 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:10:44.0843 3188 Tcpip - ok
22:10:44.0843 3188 tcpip6 - ok
22:10:44.0890 3188 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:10:44.0890 3188 TDPIPE - ok
22:10:44.0921 3188 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:10:44.0921 3188 TDTCP - ok
22:10:44.0984 3188 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:10:44.0984 3188 TermDD - ok
22:10:45.0015 3188 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:10:45.0015 3188 TermService - ok
22:10:45.0015 3188 tga - ok
22:10:45.0093 3188 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:10:45.0093 3188 Themes - ok
22:10:45.0093 3188 thkeys - ok
22:10:45.0156 3188 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
22:10:45.0156 3188 TlntSvr - ok
22:10:45.0156 3188 TosIde - ok
22:10:45.0171 3188 tosrfnds - ok
22:10:45.0187 3188 TPM - ok
22:10:45.0218 3188 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:10:45.0218 3188 TrkWks - ok
22:10:45.0234 3188 truecrypt - ok
22:10:45.0281 3188 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:10:45.0281 3188 Udfs - ok
22:10:45.0296 3188 ultra - ok
22:10:45.0312 3188 umwdf - ok
22:10:45.0359 3188 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:10:45.0359 3188 Update - ok
22:10:45.0390 3188 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:10:45.0406 3188 upnphost - ok
22:10:45.0421 3188 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:10:45.0421 3188 UPS - ok
22:10:45.0437 3188 Usb20Scan - ok
22:10:45.0484 3188 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:10:45.0484 3188 USBAAPL - ok
22:10:45.0531 3188 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:10:45.0546 3188 usbccgp - ok
22:10:45.0562 3188 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:10:45.0562 3188 usbehci - ok
22:10:45.0609 3188 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:10:45.0625 3188 usbhub - ok
22:10:45.0625 3188 USBModem - ok
22:10:45.0656 3188 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:10:45.0656 3188 usbohci - ok
22:10:45.0703 3188 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:10:45.0703 3188 usbprint - ok
22:10:45.0750 3188 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:10:45.0750 3188 usbscan - ok
22:10:45.0796 3188 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:10:45.0796 3188 USBSTOR - ok
22:10:45.0796 3188 usb_rndisx - ok
22:10:45.0859 3188 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:10:45.0859 3188 VgaSave - ok
22:10:45.0875 3188 ViaIde - ok
22:10:45.0937 3188 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:10:45.0937 3188 VolSnap - ok
22:10:45.0953 3188 vpcbus - ok
22:10:45.0953 3188 vpcvmm - ok
22:10:46.0015 3188 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:10:46.0015 3188 VSS - ok
22:10:46.0031 3188 vstor2-ws60 - ok
22:10:46.0187 3188 vToolbarUpdater (49099f62da09c819ecc69e9d9267d3ac) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
22:10:46.0187 3188 vToolbarUpdater - ok
22:10:46.0203 3188 vvoice - ok
22:10:46.0203 3188 VX1000 - ok
22:10:46.0250 3188 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:10:46.0250 3188 W32Time - ok
22:10:46.0265 3188 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:10:46.0281 3188 Wanarp - ok
22:10:46.0281 3188 wap3gx - ok
22:10:46.0343 3188 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:10:46.0359 3188 Wdf01000 - ok
22:10:46.0359 3188 WDICA - ok
22:10:46.0421 3188 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:10:46.0421 3188 wdmaud - ok
22:10:46.0468 3188 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:10:46.0468 3188 WebClient - ok
22:10:46.0484 3188 wg5n - ok
22:10:46.0578 3188 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:10:46.0578 3188 winmgmt - ok
22:10:46.0656 3188 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:10:46.0656 3188 WmdmPmSN - ok
22:10:46.0718 3188 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:10:46.0718 3188 Wmi - ok
22:10:46.0765 3188 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:10:46.0765 3188 WmiApSrv - ok
22:10:46.0781 3188 wmp54gsvc - ok
22:10:46.0937 3188 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:10:46.0984 3188 WMPNetworkSvc - ok
22:10:47.0062 3188 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:10:47.0062 3188 WS2IFSL - ok
22:10:47.0109 3188 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:10:47.0109 3188 wscsvc - ok
22:10:47.0109 3188 WSearch - ok
22:10:47.0156 3188 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:10:47.0156 3188 WSTCODEC - ok
22:10:47.0187 3188 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:10:47.0187 3188 wuauserv - ok
22:10:47.0234 3188 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:10:47.0250 3188 WudfPf - ok
22:10:47.0281 3188 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:10:47.0281 3188 WudfRd - ok
22:10:47.0312 3188 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:10:47.0312 3188 WudfSvc - ok
22:10:47.0359 3188 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:10:47.0375 3188 WZCSVC - ok
22:10:47.0375 3188 x10nets - ok
22:10:47.0406 3188 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:10:47.0406 3188 xmlprov - ok
22:10:47.0421 3188 z800mdfl - ok
22:10:47.0421 3188 ZuneBusEnum - ok
22:10:47.0500 3188 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
22:10:47.0515 3188 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
22:10:47.0515 3188 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
22:10:47.0531 3188 Boot (0x1200) (c69a59da315f79c8c8f07664fdc162b5) \Device\Harddisk0\DR0\Partition0
22:10:47.0531 3188 \Device\Harddisk0\DR0\Partition0 - ok
22:10:47.0531 3188 ============================================================
22:10:47.0531 3188 Scan finished
22:10:47.0531 3188 ============================================================
22:10:47.0562 3936 Detected object count: 1
22:10:47.0562 3936 Actual detected object count: 1
22:11:22.0750 3936 \Device\Harddisk0\DR0\# - copied to quarantine
22:11:22.0750 3936 \Device\Harddisk0\DR0 - copied to quarantine
22:11:22.0828 3936 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
22:11:22.0843 3936 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:11:22.0843 3936 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
22:11:22.0843 3936 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
22:11:22.0859 3936 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
22:11:22.0859 3936 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
22:11:22.0859 3936 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
22:11:22.0890 3936 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
22:11:22.0890 3936 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
22:11:22.0906 3936 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
22:11:22.0937 3936 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
22:11:22.0937 3936 \Device\Harddisk0\DR0 - ok
22:11:22.0937 3936 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
22:11:44.0000 1788 Deinitialize success

Broni · Jun 5, 2012

Very good

Download Bootkit Remover to your desktop.

Unzip downloaded file to your Desktop.
Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
It will show a Black screen with some data on it.
Right click on the screen and click Select All.
Press CTRL+C
Open a Notepad and press CTRL+V
Post the output back here.

========================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Fudd0828 · Jun 5, 2012

Here is bootkit results

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com
Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

Fudd0828 · Jun 5, 2012

here is mbr

3ÀŽÐ¼ |ûPPü¾|¿PW¹åó¤Ë½¾±8n | uƒÅâôÍ‹õƒÆIt8,tö µ´‹ð¬< tü» ´ÍëòˆNèF s*þF€~t€~ t ¶uÒ€FƒFƒV
è! s ¶ë¼>þ}Uªt€~ tÈ ·ë©‹üW‹õË¿ ŠV ´Ír#ŠÁ$?˜ŠÞŠüC÷ã‹Ñ†Ö±ÒîB÷â9V
w#r9Fs¸» |‹N‹V ÍsQOtN2äŠV ÍëäŠV `»ªU´AÍr6ûUªu0öÁt+a`j j ÿv
ÿvj h |jj´B‹ôÍaasOt2äŠV ÍëÖaùÃInvalid partition table Error loading operating system Missing operating system ,Dcde € þÿÿ? :O Uª

Fudd0828 · Jun 5, 2012

okay so can I start clearing some of these programs from my desktop.

Broni · Jun 5, 2012

We're pretty far from being done.
For now I still need aswMBR log.

Fudd0828 · Jun 5, 2012

Here it is sorry

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-05 17:02:49
-----------------------------
17:02:49.343 OS Version: Windows 5.1.2600 Service Pack 3
17:02:49.343 Number of processors: 1 586 0x5F02
17:02:49.343 ComputerName: DESKTOP UserName: Justin
17:02:51.796 Initialize success
17:04:38.546 AVAST engine defs: 12060501
17:04:45.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:04:45.468 Disk 0 Vendor: WDC_WD2500AAJS-75M0A0 02.03E02 Size: 238418MB BusType: 3
17:04:45.500 Disk 0 MBR read successfully
17:04:45.500 Disk 0 MBR scan
17:04:45.593 Disk 0 Windows XP default MBR code
17:04:45.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238409 MB offset 63
17:04:45.687 Disk 0 scanning sectors +488263545
17:04:45.875 Disk 0 scanning C:\WINDOWS\system32\drivers
17:05:18.656 Service scanning
17:06:04.359 Modules scanning
17:06:27.968 Disk 0 trace - called modules:
17:06:27.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:06:27.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab42ab8]
17:06:27.984 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000068[0x8ab6bf18]
17:06:27.984 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aaa9940]
17:06:29.218 AVAST engine scan C:\WINDOWS
17:06:45.015 AVAST engine scan C:\WINDOWS\system32
17:13:13.546 AVAST engine scan C:\WINDOWS\system32\drivers
17:13:51.859 AVAST engine scan C:\Documents and Settings\Justin
17:17:30.515 AVAST engine scan C:\Documents and Settings\All Users
17:18:46.343 Scan finished successfully
17:25:39.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Justin\Desktop\MBR.dat"
17:25:39.515 The log file has been saved successfully to "C:\Documents and Settings\Justin\Desktop\aswMBR.txt"

Broni · Jun 5, 2012

Looks good.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Fudd0828 · Jun 5, 2012

ComboFix 12-06-05.04 - Justin 06/05/2012 20:11:12.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2350 [GMT -7:00]
Running from: c:\documents and settings\Justin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\AutoRun.inf
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2bafc65145f03497.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\npf.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))))
.
.
2012-06-04 19:46 . 2012-06-05 23:53 -------- d-----w- c:\windows\system32\drivers\AVG
2012-05-31 06:41 . 2012-05-31 06:43 -------- d-----w- c:\windows\system32\NtmsData
2012-05-31 05:21 . 2012-05-31 05:21 -------- d-----w- c:\documents and settings\Justin\Application Data\Windows Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-05 02:41 . 2012-04-14 01:22 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-05 02:41 . 2012-03-22 01:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-18 01:09 . 2012-04-18 01:09 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
.

Solved Internet not working after AVG cleaned out Netbt.sys

Posts: 56,041 +516

Posts: 49 +0

Posts: 49 +0

Posts: 56,041 +516

Posts: 49 +0

Posts: 56,041 +516

Posts: 49 +0

Posts: 49 +0

Posts: 56,041 +516

Posts: 49 +0

Posts: 56,041 +516

Posts: 49 +0

Posts: 49 +0

Posts: 49 +0

Posts: 49 +0

Posts: 56,041 +516

Posts: 49 +0

Posts: 56,041 +516

Posts: 49 +0

Posts: 49 +0

Posts: 49 +0

Posts: 56,041 +516

Posts: 49 +0

Posts: 56,041 +516

Posts: 49 +0

Similar threads