Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall Wont turn on, nothing found with Rkill, Tdskill, Malwarebytes, Windows virus or Trend micro virus


  • Please log in to reply
17 replies to this topic

#1 krisla

krisla

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 14 November 2012 - 06:53 PM

Hi

I've tried everything I can to find the problem but I'm stumped. I've run just about ever anti malware virus scan that I can - maybe that is the problem?

Windows firewall is turned off. When I try to turn it on I see the message:

due to an unexpected problem, windows cannot display windows firewall settings

Help?

thanks

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:01 PM

Posted 14 November 2012 - 06:56 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 krisla

krisla
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 16 November 2012 - 11:42 AM

Hi

Thanks for your help!

I have run all the scans you suggested and none have found any threats. The only log created was by the AswMbr - here it is:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-14 19:12:06
-----------------------------
19:12:06.765 OS Version: Windows 5.1.2600 Service Pack 3
19:12:06.765 Number of processors: 2 586 0xF0D
19:12:06.765 ComputerName: AVONFSMLABRAKEK UserName: labrakek
19:12:07.468 Initialize success
19:18:18.390 AVAST engine defs: 12111401
19:19:13.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
19:19:13.890 Disk 0 Vendor: TOSHIBA_MK1665GSX GJ002D Size: 152627MB BusType: 3
19:19:14.218 Disk 0 MBR read successfully
19:19:14.234 Disk 0 MBR scan
19:19:14.281 Disk 0 Windows XP default MBR code
19:19:14.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
19:19:14.312 Disk 0 scanning sectors +312576705
19:19:14.406 Disk 0 scanning C:\WINDOWS\system32\drivers
19:19:24.203 Service scanning
19:19:47.156 Modules scanning
19:19:51.062 Disk 0 trace - called modules:
19:19:51.109 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
19:19:51.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aac7030]
19:19:51.140 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8aba3030]
19:19:51.781 AVAST engine scan C:\WINDOWS
19:20:10.953 AVAST engine scan C:\WINDOWS\system32
19:21:53.750 AVAST engine scan C:\WINDOWS\system32\drivers
19:22:09.265 AVAST engine scan C:\Documents and Settings\labrakek
19:23:32.656 AVAST engine scan C:\Documents and Settings\All Users
19:24:00.078 Scan finished successfully
19:24:31.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\labrakek\Desktop\MBR.dat"
19:24:31.281 The log file has been saved successfully to "C:\Documents and Settings\labrakek\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-16 09:56:25
-----------------------------
09:56:25.765 OS Version: Windows 5.1.2600 Service Pack 3
09:56:25.765 Number of processors: 2 586 0xF0D
09:56:25.765 ComputerName: AVONFSMLABRAKEK UserName: labrakek
09:56:26.625 Initialize success
09:59:15.578 AVAST engine defs: 12111600
10:00:35.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
10:00:35.015 Disk 0 Vendor: TOSHIBA_MK1665GSX GJ002D Size: 152627MB BusType: 3
10:00:35.046 Disk 0 MBR read successfully
10:00:35.046 Disk 0 MBR scan
10:00:35.125 Disk 0 Windows XP default MBR code
10:00:35.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
10:00:35.140 Disk 0 scanning sectors +312576705
10:00:35.218 Disk 0 scanning C:\WINDOWS\system32\drivers
10:01:06.359 Service scanning
10:01:27.453 Service MpKsld306886c c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A1FB83EE-4FE6-4EE6-868E-E9F1D8A38639}\MpKsld306886c.sys **LOCKED** 32
10:01:51.171 Modules scanning
10:01:58.656 Disk 0 trace - called modules:
10:01:58.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
10:01:58.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab12ab8]
10:01:58.687 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8abec880]
10:01:59.296 AVAST engine scan C:\WINDOWS
10:02:35.453 AVAST engine scan C:\WINDOWS\system32
10:07:44.703 AVAST engine scan C:\WINDOWS\system32\drivers
10:08:16.484 AVAST engine scan C:\Documents and Settings\labrakek
10:12:33.156 AVAST engine scan C:\Documents and Settings\All Users
10:14:06.531 Scan finished successfully
10:14:36.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\labrakek\Desktop\MBR.dat"
10:14:36.390 The log file has been saved successfully to "C:\Documents and Settings\labrakek\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:01 PM

Posted 16 November 2012 - 12:54 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 krisla

krisla
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 16 November 2012 - 04:05 PM

Here are the logs...

MalwareBytes:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.16.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
labrakek :: AVONFSMLABRAKEK [administrator]

11/16/2012 1:34:37 PM
mbam-log-2012-11-16 (13-34-37).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 277694
Time elapsed: 1 hour(s), 30 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Mini Toolbox:

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by labrakek (administrator) on 16-11-2012 at 15:21:56
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Cisco Systems VPN Adapter = Local Area Connection 3 (Disconnected)
Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
MAC Bridge Miniport = Network Bridge (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Network Bridge"

set address name="Network Bridge" source=static addr=192.168.0.1 mask=255.255.255.0
set dns name="Network Bridge" source=static addr=none register=PRIMARY
set wins name="Network Bridge" source=static addr=none


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : AvonFSMlabrakek

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.nh.comcast.net.



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : hsd1.nh.comcast.net.

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-1C-BF-1D-DF-86

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.137

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

192.168.1.1

Lease Obtained. . . . . . . . . . : Friday, November 16, 2012 1:31:47 PM

Lease Expires . . . . . . . . . . : Saturday, November 17, 2012 1:31:47 PM



Ethernet adapter Network Bridge:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : MAC Bridge Miniport

Physical Address. . . . . . . . . : E2-14-CA-5F-C6-6E

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.226.206, 74.125.226.198, 74.125.226.193, 74.125.226.199
74.125.226.201, 74.125.226.194, 74.125.226.197, 74.125.226.195, 74.125.226.196
74.125.226.200, 74.125.226.192



Pinging google.com [173.194.43.5] with 32 bytes of data:



Reply from 173.194.43.5: bytes=32 time=50ms TTL=54

Reply from 173.194.43.5: bytes=32 time=21ms TTL=54



Ping statistics for 173.194.43.5:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 21ms, Maximum = 50ms, Average = 35ms

Server: cdns01.comcast.net
Address: 75.75.75.75

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=165ms TTL=46

Reply from 98.139.183.24: bytes=32 time=88ms TTL=49



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 88ms, Maximum = 165ms, Average = 126ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1c bf 1d df 86 ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
0x10004 ...e2 14 ca 5f c6 6e ...... MAC Bridge Miniport - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.137 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.1 192.168.0.1 10
192.168.0.1 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.0.255 255.255.255.255 192.168.0.1 192.168.0.1 10
192.168.1.0 255.255.255.0 192.168.1.137 192.168.1.137 25
192.168.1.137 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.137 192.168.1.137 25
224.0.0.0 240.0.0.0 192.168.0.1 192.168.0.1 10
224.0.0.0 240.0.0.0 192.168.1.137 192.168.1.137 25
255.255.255.255 255.255.255.255 192.168.0.1 192.168.0.1 1
255.255.255.255 255.255.255.255 192.168.1.137 192.168.1.137 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Program Files\Neoteris\Secure Application Manager\samnsp.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Neoteris\Secure Application Manager\samnsp.dll [File Not found] ()
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/15/2012 06:45:17 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/11/15 18:45:17.796]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error

Error: (11/15/2012 03:06:53 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/11/15 15:06:53.187]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error

Error: (11/15/2012 03:06:18 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/11/15 15:06:18.687]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error

Error: (11/15/2012 03:05:44 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/11/15 15:05:44.187]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error

Error: (11/15/2012 03:05:09 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/11/15 15:05:09.687]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error

Error: (11/15/2012 03:04:35 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/11/15 15:04:35.187]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error

Error: (11/15/2012 03:04:00 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/11/15 15:04:00.687]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error

Error: (11/15/2012 03:03:26 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/11/15 15:03:26.187]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error

Error: (11/15/2012 03:02:51 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/11/15 15:02:51.687]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error

Error: (11/15/2012 03:02:17 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/11/15 15:02:17.187]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error


System errors:
=============
Error: (11/12/2012 10:19:16 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.137 for the Network Card with network address 001CBF1DDF86 has been
denied by the DHCP server 107.17.138.1 (The DHCP Server sent a DHCPNACK message).

Error: (11/12/2012 10:16:31 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================
Error: (11/15/2012 06:45:17 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/11/15 18:45:17.796]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error

Error: (11/15/2012 03:06:53 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/11/15 15:06:53.187]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error

Error: (11/15/2012 03:06:18 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/11/15 15:06:18.687]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error

Error: (11/15/2012 03:05:44 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/11/15 15:05:44.187]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error

Error: (11/15/2012 03:05:09 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/11/15 15:05:09.687]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error

Error: (11/15/2012 03:04:35 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/11/15 15:04:35.187]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error

Error: (11/15/2012 03:04:00 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/11/15 15:04:00.687]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error

Error: (11/15/2012 03:03:26 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/11/15 15:03:26.187]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error

Error: (11/15/2012 03:02:51 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/11/15 15:02:51.687]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error

Error: (11/15/2012 03:02:17 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2012/11/15 15:02:17.187]: [00000216]: GetDeviceIpAddress: GetAddressByName [BRW002258187C20] Error


=========================== Installed Programs ============================

Access Manager (Version: 1.24.0000)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Reader 8 (Version: 8.0.0)
Altiris Application Metering Agent (Version: 6.1.31)
Altiris Software Delivery Solution Agent (Version: 6.1.1016.0)
Altiris Task Synchronization Agent (Version: 6.1.1030.0)
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
Apple Software Update (Version: 2.0.0.21)
Bluetooth Stack for Windows by Toshiba (Version: v4.31.02.6(D))
Brother MFL-Pro Suite MFC-J410W (Version: 0.0.1.0)
Cassie1000 (Version: 3.0.0)
Cassie2000 (Version: 3.0.0)
CentraOne
Cisco Systems VPN Client 4.0.5 (D) (Version: 4.0)
Citrix ICA Web Client
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Conexant HDA D330 MDC V.92 Modem
Dell KACE Agent (Version: 5.3.53177)
Dell Touchpad (Version: 7.1.101.8)
ESET Online Scanner v3
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
GUI (Version: 4.20.0080)
Hello Tomorrow (Version: 1.03.10)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HitmanPro 3.6 (Version: 3.6.2.174)
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software (Version: 11.01.0000)
InterVideo WinDVD
Java™ 6 Update 3 (Version: 1.6.0.30)
join.me (Version: 1.5.2.225)
Juniper Networks Cache Cleaner 5.2.0 (Version: 5.2.0.9469)
Juniper Networks Secure Application Manager (Version: 7.1.0.20169)
Juniper Networks Secure Meeting 6.5.0 (Version: 6.5.0.14771)
Juniper Networks, Inc. Setup Client (Version: 7.1.6.17115)
Macromedia Shockwave Player (Version: 10.1.0.11)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
mCore (Version: 9.03.0000)
mDriver (Version: 9.03.0000)
mDrWiFi (Version: 9.03.0000)
mHlpDell (Version: 9.03.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office Live Meeting 2005 (Version: 7.2.1816.2)
Microsoft Office Professional Edition 2003 (Version: 11.0.7969.0)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA (Version: 9.03.0000)
mLogView (Version: 9.03.0000)
mMHouse (Version: 9.03.0000)
mPfMgr (Version: 9.03.0000)
mPfWiz (Version: 9.03.0000)
mProSafe (Version: 9.00.0000)
mSCfg (Version: 9.03.0000)
MSN Music Assistant
mSSO (Version: 9.03.0000)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
mWlsSafe (Version: 9.00.0000)
mWMI (Version: 9.03.0000)
mZConfig (Version: 9.03.0000)
OSCE_MSI_NT_CLIENT (Version: 7.3)
OZ776 SCR Driver V1.1.3.9 (Version: 1.1.3.9)
PDFCreator (Version: 1.5.0)
PMAC (Version: 1.4.57.0)
QuickSet (Version: 8.1.10)
QuickTime (Version: 7.2.0.240)
SigmaTel Audio (Version: 5.10.4820.0)
SMOC (Version: 1.4.57.0)
Sonic DLA (Version: 4.95)
Sonic RecordNow! Plus (Version: 7.3)
Sonic Update Manager (Version: 2.9)
Trend Micro OfficeScan Client (Version: 10.0.0.3071)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0036.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 2038.04 MB
Available physical RAM: 1153.64 MB
Total Pagefile: 3930.19 MB
Available Pagefile: 3193.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.29 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.05 GB) (Free:132.43 GB) NTFS

========================= Users: ========================================

User accounts for \\AVONFSMLABRAKEK

Administrator ASPNET avonwpc
Guest HelpAssistant labrakek
SUPPORT_388945a0

========================= Restore Points ==================================

23-10-2012 20:15:06 System Checkpoint
26-10-2012 12:20:25 System Checkpoint
29-10-2012 19:27:09 System Checkpoint
30-10-2012 22:17:50 System Checkpoint
01-11-2012 16:26:49 System Checkpoint
04-11-2012 00:22:54 System Checkpoint
05-11-2012 02:00:01 System Checkpoint
06-11-2012 03:08:38 System Checkpoint
07-11-2012 04:03:28 System Checkpoint
08-11-2012 23:34:57 System Checkpoint
10-11-2012 23:45:08 System Checkpoint
12-11-2012 17:10:17 Software Distribution Service 3.0
12-11-2012 17:11:32 Software Distribution Service 3.0
13-11-2012 16:51:38 Software Distribution Service 3.0
13-11-2012 17:58:35 Software Distribution Service 3.0
14-11-2012 23:13:37 Software Distribution Service 3.0
15-11-2012 23:59:20 Software Distribution Service 3.0
16-11-2012 12:02:48 Software Distribution Service 3.0
16-11-2012 13:10:12 Restore Operation
16-11-2012 13:17:36 Restore Operation
16-11-2012 13:23:30 Restore Operation
16-11-2012 14:04:15 Malwarebytes Anti-Rootkit Restore Point

**** End of log ****


Farber:

Farbar Service Scanner Version: 09-11-2012
Ran by labrakek (administrator) on 16-11-2012 at 15:36:30
Running from "C:\Documents and Settings\labrakek\Local Settings\Temporary Internet Files\Content.IE5\Z6VIGURE"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(14) Bridge(16) BridgeMP(15) DNE(13) Gpc(3) IPSec(5) NEOFLTR_520_9469(8) NEOFLTR_710_20169(17) NetBT(6) PSched(7) s24trans(10) Tcpip(4)
0x10000000050000000100000002000000030000000400000011000000080000000600000007000000090000000A0000000B0000000D0000000E0000000F00000010000000
IpSec Tag value is correct.

**** End of log ****

Adware Cleaner

# AdwCleaner v2.007 - Logfile created 11/16/2012 at 15:41:47
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : labrakek - AVONFSMLABRAKEK
# Boot Mode : Normal
# Running from : C:\Documents and Settings\labrakek\Local Settings\Temporary Internet Files\Content.IE5\F2W8LFGI\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\labrakek\Application Data\pdfforge

***** [Registry] *****

Key Deleted : HKLM\Software\Freeze.com

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\labrakek\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [909 octets] - [16/11/2012 15:41:47]

########## EOF - C:\AdwCleaner[S1].txt - [968 octets] ##########


Junkware Removal Tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.1.3 (11.16.2012)
OS: Microsoft Windows XP x86
Ran by labrakek on Fri 11/16/2012 at 15:49:31.18
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/16/2012 at 15:59:06.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:01 PM

Posted 16 November 2012 - 04:36 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 krisla

krisla
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 16 November 2012 - 07:28 PM

Farbar Service Scanner Version: 09-11-2012
Ran by labrakek (administrator) on 16-11-2012 at 19:26:53
Running from "C:\Documents and Settings\labrakek\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Google.com is offline
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(14) Bridge(16) BridgeMP(15) DNE(13) Gpc(3) IPSec(5) NEOFLTR_520_9469(8) NEOFLTR_710_20169(17) NetBT(6) PSched(7) s24trans(10) Tcpip(4)
0x10000000050000000100000002000000030000000400000011000000080000000600000007000000090000000A0000000B0000000D0000000E0000000F00000010000000
IpSec Tag value is correct.

**** End of log ****


running other scans and will post momentarily...

#8 krisla

krisla
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 16 November 2012 - 07:40 PM

Rkill log:

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/16/2012 07:30:21 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\stsystra.exe (PID: 2828) [WD-HEUR]
* C:\WINDOWS\system32\dla\tfswctrl.exe (PID: 3116) [WD-HEUR]
* C:\Documents and Settings\labrakek\Desktop\FSS.exe (PID: 3400) [UP-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

* SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\mqac.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 00:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB971032$\mqac.sys : 72,960 : 08/04/2004 00:00 AM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 02:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 02:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 11/16/2012 07:31:51 PM
Execution time: 0 hours(s), 1 minute(s), and 30 seconds(s)

#9 krisla

krisla
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 16 November 2012 - 07:40 PM

Rkill log:

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/16/2012 07:30:21 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\stsystra.exe (PID: 2828) [WD-HEUR]
* C:\WINDOWS\system32\dla\tfswctrl.exe (PID: 3116) [WD-HEUR]
* C:\Documents and Settings\labrakek\Desktop\FSS.exe (PID: 3400) [UP-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

* SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\mqac.sys [NoSig]
+-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 00:30 AM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]
+-> C:\WINDOWS\$NtUninstallKB971032$\mqac.sys : 72,960 : 08/04/2004 00:00 AM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl]
+-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/13/2008 02:39 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 02:48 AM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 11/16/2012 07:31:51 PM
Execution time: 0 hours(s), 1 minute(s), and 30 seconds(s)

#10 krisla

krisla
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 16 November 2012 - 07:46 PM

autoruns:

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit" "" "" ""
+ "C:\WINDOWS\System32\KUsrInit.exe" "KUsrInit Application" "Dell Inc." "c:\windows\system32\kusrinit.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AccessManager" "Access Manager Application" "MCI, Inc." "c:\program files\accessmanager\client\accessmgr.exe"
+ "AeXAgentLogon" "Altiris Agent" "Altiris, Inc." "c:\program files\altiris\altiris agent\aexagentactivate.exe"
+ "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\delltpad\apoint.exe"
+ "BGINFO" "BGInfo - Wallpaper text configurator" "Sysinternals" "c:\apps\bginfo\bginfo.exe"
+ "BrStsMon00" "Brother Status Monitor Application" "Brother Industries, Ltd." "c:\program files\browny02\brother\brstmonw.exe"
+ "ControlCenter3" "ControlCenter Program" "Brother Industries, Ltd." "c:\program files\brother\controlcenter3\brctrcen.exe"
+ "Dell QuickSet" "QuickSet" "Dell Inc" "c:\program files\dell\quickset\quickset.exe"
+ "dla" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfswctrl.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "IntelWireless" "Intel Framework MFC Application" "Intel Corporation" "c:\program files\intel\wireless\bin\ifrmewrk.exe"
+ "IntelZeroConfig" "ZeroCfgSvc MFC Application" "Intel Corporation" "c:\program files\intel\wireless\bin\zcfgsvc.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "OfficeScanNT Monitor" "Trend Micro OfficeScan Monitor" "Trend Micro Inc." "c:\program files\trend micro\officescan client\pccntmon.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "SigmatelSysTrayApp" "Sigmatel Audio system tray application" "SigmaTel, Inc." "c:\windows\stsystra.exe"
+ "SunJavaUpdateSched" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
+ "UpdateManager" "" "" "File not found: C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "Adobe Reader Speed Launch.lnk" "" "" "c:\documents and settings\all users\start menu\programs\startup\adobe reader speed launch.lnk"
+ "Adobe Reader Synchronizer.lnk" "" "" "c:\documents and settings\all users\start menu\programs\startup\adobe reader synchronizer.lnk"
+ "Bluetooth Manager.lnk" "" "" "c:\documents and settings\all users\start menu\programs\startup\bluetooth manager.lnk"
+ "VPN Client.lnk" "" "" "c:\documents and settings\all users\start menu\programs\startup\vpn client.lnk"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "OfficeScan NT" "libCNTTm Dynamic Link Library" "Trend Micro Inc." "c:\program files\trend micro\officescan client\tmdshell.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "OfficeScan NT" "libCNTTm Dynamic Link Library" "Trend Micro Inc." "c:\program files\trend micro\officescan client\tmdshell.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Reader Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
+ "DriveLetterAccess" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfswshx.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll"
+ "SSVHelper Class" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre1.6.0_03\bin\ssv.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Sun Java Console" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre1.6.0_03\bin\ssv.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "Microsoft Antimalware Scheduled Scan.job" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "MpIdleTask.job" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AeXNSClient" "Enables remote management and trouble shooting of the computer by Altiris Notification Server solutions" "Altiris, Inc." "c:\program files\altiris\altiris agent\aexnsagent.exe"
+ "AMBroker" "AMBroker" "MCI, Inc." "c:\program files\accessmanager\client\ambroker.exe"
+ "AMPAgent" "Manages connections between agent and server." "Dell Inc." "c:\program files\dell\kace\ampagent.exe"
+ "ASMAgent" "eSMART Agent" "Dell Inc" "c:\program files\esmart\asmagent.exe"
+ "BrYNSvc" "BrYNCSvc" "Brother Industries, Ltd." "c:\program files\browny02\brynsvc.exe"
+ "CVPND" "Cisco Systems VPN Client" "Cisco Systems, Inc." "c:\program files\cisco systems\vpn client\cvpnd.exe"
+ "DAPlugin" "DAPlugin Module" "MCI, Inc." "c:\program files\accessmanager\client\daplugin.exe"
+ "EvtEng" "Manages the event trace messages for all the components of Intel® PROSet/Wireless software." "Intel Corporation" "c:\program files\intel\wireless\bin\evteng.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "HitmanProScheduler" "HitmanPro Scheduler controls scheduled scans" "SurfRight B.V." "c:\program files\hitmanpro\hmpsched.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "MDM" "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly." "Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "ntrtscan" "Performs Real-time, Scheduled, and Manual scan on OfficeScan clients." "Trend Micro Inc." "c:\program files\trend micro\officescan client\ntrtscan.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "RegSrvc" "Intel® PROSet/Wireless Registry Service" "Intel Corporation" "c:\program files\intel\wireless\bin\regsrvc.exe"
+ "S24EventMonitor" "Wireless Management Service for Intel® PROSet/Wireless" "Intel Corporation " "c:\program files\intel\wireless\bin\s24evmon.exe"
+ "SP Software Installer" "Enables software updates and installations." "Smartpipes, Inc." "c:\program files\smartpipes\pmac\sp_swins.exe"
+ "sp_spi_da" "spi_da Module" "Smartpipes, Inc." "c:\program files\smartpipes\smoc\spi_da.exe"
+ "STacSV" "Manages SigmaTel Audio Universal Jack configurations." "SigmaTel, Inc." "c:\program files\sigmatel\c-major audio\wdm\stacsv.exe"
+ "Sygman" "SSA integration management services." "MCI, Inc." "c:\program files\accessmanager\client\sygman.exe"
+ "TMBMServer" "Manages the Trend Micro unauthorized change prevention feature" "Trend Micro Inc." "c:\program files\trend micro\bm\tmbmsrv.exe"
+ "tmlisten" "Receives commands and notifications from the OfficeScan server and facilitates communication from the client to the server." "Trend Micro Inc." "c:\program files\trend micro\officescan client\tmlisten.exe"
+ "TmProxy" "Scans network traffic before passing it to the target application." "Trend Micro Inc." "c:\program files\trend micro\officescan client\tmproxy.exe"
+ "WLANKEEPER" "Provides Single Sign On (SSO) functionality." "Intel® Corporation" "c:\program files\intel\wireless\bin\wlkeeper.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "aarich" "Adaptec hostRAID for Serial ATA" "Adaptec, Inc." "c:\windows\system32\drivers\aarich.sys"
+ "adpu320" "Adaptec Win2K/XP/Server2003 Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "AegisP" "AEGIS Protocol (IEEE 802.1x) v3.6.0.0" "Meetinghouse Data Communications" "c:\windows\system32\drivers\aegisp.sys"
+ "ApfiltrService" "Alps Touch Pad Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys"
+ "APPDRV" "App Support Driver" "Dell Inc" "c:\windows\system32\drivers\appdrv.sys"
+ "b57w2k" "Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57xp32.sys"
+ "BWNDIS5" "BW NDIS 5.0 Protocol Driver" "Fortis Software" "c:\windows\system32\bwndis5.sys"
+ "cercsr6" "DELL CERC SATA1.5/6ch Miniport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\cercsr6.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "CVirtA" "Cisco Systems VPN Adapter" "Cisco Systems, Inc." "c:\windows\system32\drivers\cvirta.sys"
+ "CVPNDRVA" "Cisco Systems VPN Client IPSec Driver" "Cisco Systems, Inc." "c:\windows\system32\drivers\cvpndrva.sys"
+ "DNE" "Deterministic Network Enhancer" "Deterministic Networks, Inc." "c:\windows\system32\drivers\dne2000.sys"
+ "drvmcdb" "Device Driver" "Sonic Solutions" "c:\windows\system32\drivers\drvmcdb.sys"
+ "drvnddm" "Device Driver Manager" "Sonic Solutions" "c:\windows\system32\drivers\drvnddm.sys"
+ "guardian2" "O2Micro USB CCID SmartCard Reader" "O2Micro" "c:\windows\system32\drivers\oz776.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dpv.sys"
+ "HSFHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwazl.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\igxpmp32.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "mdmxsdk" "Diagnostic Interface x86 Driver" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "megasas" "MEGASAS RAID Controller Driver for XP 32" "LSI Logic Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "NEOFLTR_520_9469" "NetBIOS Redirector" "Neoteris" "c:\windows\system32\drivers\neofltr_520_9469.sys"
+ "NEOFLTR_710_20169" "NetBIOS Redirector" "Juniper Networks" "c:\windows\system32\drivers\neofltr_710_20169.sys"
+ "NETw4x32" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw4x32.sys"
+ "ocpogi" "" "" "File not found: System32\drivers\gcbrn.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "s24trans" "WLAN Transport" "Intel Corporation" "c:\windows\system32\drivers\s24trans.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "sscdbhk5" "Shared Driver Component" "Sonic Solutions" "c:\windows\system32\drivers\sscdbhk5.sys"
+ "ssrtln" "Shared Driver Component" "Sonic Solutions" "c:\windows\system32\drivers\ssrtln.sys"
+ "STHDA" "NDRC" "SigmaTel, Inc." "c:\windows\system32\drivers\sthda.sys"
+ "tfsnboio" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsnboio.sys"
+ "tfsncofs" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsncofs.sys"
+ "tfsndrct" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsndrct.sys"
+ "tfsndres" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsndres.sys"
+ "tfsnifs" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsnifs.sys"
+ "tfsnopio" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsnopio.sys"
+ "tfsnpool" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsnpool.sys"
+ "tfsnudf" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsnudf.sys"
+ "tfsnudfa" "Drive Letter Access Component" "Sonic Solutions" "c:\windows\system32\dla\tfsnudfa.sys"
+ "tmactmon" "Trend Micro Activity Monitor Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmactmon.sys"
+ "tmcomm" "Trend Micro Common Engine Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmcomm.sys"
+ "tmevtmgr" "Trend Micro Event Manager Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmevtmgr.sys"
+ "TmFilter" "Post Filter For XP" "Trend Micro Inc." "c:\program files\trend micro\officescan client\tmxpflt.sys"
+ "TmPreFilter" "Pre-Filter For XP" "Trend Micro Inc." "c:\program files\trend micro\officescan client\tmpreflt.sys"
+ "tmtdi" "Trend Micro TDI Driver (i386-fre)" "Trend Micro Inc." "c:\windows\system32\drivers\tmtdi.sys"
+ "tosporte" "TOSHIBA Bluetooth Port Emulation Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tosporte.sys"
+ "tosrfbd" "Bluetooth RF Bus Driver" "TOSHIBA CORPORATION" "c:\windows\system32\drivers\tosrfbd.sys"
+ "tosrfbnp" "Bluetooth RFBNEP Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tosrfbnp.sys"
+ "Tosrfcom" "Bluetooth RFCOMM Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tosrfcom.sys"
+ "Tosrfhid" "Bluetooth HID Driver from TOSHIBA" "TOSHIBA Corporation." "c:\windows\system32\drivers\tosrfhid.sys"
+ "tosrfnds" "Bluetooth BNEP Driver" "TOSHIBA Corporation." "c:\windows\system32\drivers\tosrfnds.sys"
+ "Tosrfusb" "Bluetooth USB Miniport Driver" "TOSHIBA CORPORATION" "c:\windows\system32\drivers\tosrfusb.sys"
+ "VSApiNt" "VsapiNT " "Trend Micro Inc." "c:\program files\trend micro\officescan client\vsapint.sys"
+ "vsdatant" "TrueVector Device Driver" "Zone Labs Inc." "c:\windows\system32\vsdatant.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "InterVideo Audio Decoder" "IVIAUDIO" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviaudio.ax"
+ "InterVideo Audio Processor" "" "" "c:\program files\intervideo\common\bin\iviaudioprocess.ax"
+ "InterVideo Navigator" "IVINAV" "InterVideo Inc." "c:\program files\intervideo\common\bin\ivinav.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
+ "kwinhook" "KWinHook Dynamic Link Library" "Dell Inc." "c:\windows\system32\kwinhook.dll"
"HKCU\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop\Scrnsave.exe" "" "" ""
+ "avonsss.scr" "" "" "c:\windows\avonsss.scr"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "Juniper Secure DNS (Bottom)" "" "" "File not found: C:\Program Files\Neoteris\Secure Application Manager\samnsp.dll"
+ "Juniper Secure DNS (Top)" "" "" "File not found: C:\Program Files\Neoteris\Secure Application Manager\samnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "pdfcmon" "pdfcmon" "pdfforge GbR" "c:\windows\system32\pdfcmon.dll"
+ "Toshiba Bluetooth Monitor" "tbtmon98" "Toshiba America Business Solutions, Inc." "c:\windows\system32\tbtmon.dll"

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:01 PM

Posted 16 November 2012 - 07:48 PM

Download

UNHIDE

Run the tool and this should restore the hidden files


Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#12 krisla

krisla
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 16 November 2012 - 09:20 PM

Thank you so much, but I am still having problems.

I am unable to download the java, I first got a message saying it was corrupt, then when I tried a second time the message is that the installer is not working properly.

I turned off the system restore, then turned it back on then created a new restore point.

I have turned on the firewall, but it still feels like I may have a virus or malware lurking...

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:01 PM

Posted 16 November 2012 - 09:31 PM

I have turned on the firewall, but it still feels like I may have a virus or malware lurking...


Explain :)

#14 krisla

krisla
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 16 November 2012 - 09:40 PM

The issue with Java, not being able to download...is that a normal thing?

I still get errors about the program "access manager". First error says address book cannot be found, then I get an error that says it is unable to load properly. I am unable to update Microsoft Security essentials...the update took place but listed about ten items that couldn't be loaded then I try to delete microsoft security essentials so that I can download and use Avast, I get an error about doing that...

??

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:01 PM

Posted 16 November 2012 - 09:47 PM

The issue with Java, not being able to download...is that a normal thing?


which browser? did you try a different browser?

I still get errors about the program "access manager". First error says address book cannot be found, then I get an error that says it is unable to load properly.


Reinstall the software and see if it helps

am unable to update Microsoft Security essentials...the update took place but listed about ten items that couldn't be loaded then I try to delete microsoft security essentials so that I can download and use Avast, I get an error about doing that...


Uninstall microsoft security essentials using this fixit

http://go.microsoft.com/?linkid=9748340

or

Revo uninstaller

http://www.revouninstaller.com/revo_uninstaller_free_download.html

I have turned on the firewall, but it still feels like I may have a virus or malware lurking...


I'm not finding infections in your log.If you're still doubtful that system is infected you should back up your data and perform a clean install.

Edited by narenxp, 16 November 2012 - 09:48 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users