Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing Searchnu.com/410 malware


  • This topic is locked This topic is locked
11 replies to this topic

#1 jjvanb

jjvanb

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 21 July 2012 - 07:48 PM

I could use some help, I am experiencing the following:

* google chrome redirects to the searchnu.com/410 webpage
* internet explorer gets closed as soon as it opens
* quick launch and desktop icons are non responsive. (I can launch google chrome using the start menu)

What I have done so far:
* removed Searchqu from the program list using add/remove programs
* reset google chrome to use google as homepage and removed searchnu as preferred search engine.
* ran malwarebytes, avast anti-virus, and spyware doctor. (malwarebytes found 5 infected files, but the problem persists)

I am running Windows XP

Thank you for any help

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:47 AM

Posted 21 July 2012 - 08:26 PM

Hello and Welcome -
We will try to help you with your problems, and see how infected you are - Please tell me if you cannot load or run any of these programs -
First:
Please download MiniToolBox, Save it to your desktop and run it.

Checkmark the following boxes:

•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files


Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Next:
Please download Farbar Service Scanner to desktop and run it on the computer with the issue.
•Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
•Press "Scan".
•It will create a log (FSS.txt) in the same directory the tool is run.
•Please copy and paste the log to your reply.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Download Security Check from HERE, and Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

As you have Malwarebytes Anti-Malware installed, please try to Update it and run a Full Scan, then post the scan log here.

Download SuperantiSpyware Free and run a Full Scan, then post any results back here -

Thank You -
Spelling edit -

Edited by noknojon, 21 July 2012 - 08:27 PM.


#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:47 AM

Posted 21 July 2012 - 09:40 PM

Extra -
If any programs will not load to the infected computer, please transfer them with a "cleaned" USB Flash drive from a clean computer -

Also: Download TDSS Killer

Launch it.
Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report (log file should be in your C drive)

EDIT - Please click on WATCH TOPIC above so that you will be notified when a new reply is posted and use the ADD REPLY Tab when you are answering

Edited by noknojon, 21 July 2012 - 09:44 PM.


#4 jjvanb

jjvanb
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 21 July 2012 - 11:22 PM

MiniToolBox by Farbar Version: 15-07-2012
Ran by Owner (administrator) on 21-07-2012 at 21:46:28
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

NETGEAR WNA1100 Wireless-N 150 USB Adapter = Wireless Network Connection (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : home-4f83a0c567

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-11-11-45-16-08



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : NETGEAR WNA1100 Wireless-N 150 USB Adapter

Physical Address. . . . . . . . . : E0-91-F5-4D-93-55

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.65

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Saturday, July 21, 2012 3:48:08 PM

Lease Expires . . . . . . . . . . : Sunday, July 22, 2012 3:48:08 PM

Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.37.5, 173.194.37.6, 173.194.37.7, 173.194.37.8
173.194.37.9, 173.194.37.14, 173.194.37.0, 173.194.37.1, 173.194.37.2
173.194.37.3, 173.194.37.4



Pinging google.com [173.194.37.6] with 32 bytes of data:



Reply from 173.194.37.6: bytes=32 time=33ms TTL=49

Reply from 173.194.37.6: bytes=32 time=31ms TTL=49



Ping statistics for 173.194.37.6:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 31ms, Maximum = 33ms, Average = 32ms

Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=90ms TTL=39

Reply from 209.191.122.70: bytes=32 time=89ms TTL=39



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 89ms, Maximum = 90ms, Average = 89ms

Server: homeportal
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 45 16 08 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x10004 ...e0 91 f5 4d 93 55 ...... NETGEAR WNA1100 Wireless-N 150 USB Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.65 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.65 192.168.1.65 20
192.168.1.0 255.255.255.0 192.168.1.65 192.168.1.65 25
192.168.1.65 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.65 192.168.1.65 25
224.0.0.0 240.0.0.0 192.168.1.65 192.168.1.65 25
255.255.255.255 255.255.255.255 192.168.1.65 2 1
255.255.255.255 255.255.255.255 192.168.1.65 192.168.1.65 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/13/2012 08:53:11 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module msxml3.dll, version 8.100.1053.0, fault address 0x000a1465.
Processing media-specific event for [iexplore.exe!ws!]

Error: (07/09/2012 06:22:11 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module msxml3.dll, version 8.100.1052.0, fault address 0x000a1425.
Processing media-specific event for [iexplore.exe!ws!]

Error: (07/04/2012 11:02:22 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/04/2012 11:01:45 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/01/2012 06:13:11 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module msxml3.dll, version 8.100.1052.0, fault address 0x000a1425.
Processing media-specific event for [iexplore.exe!ws!]

Error: (06/24/2012 11:00:40 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module msxml3.dll, version 8.100.1052.0, fault address 0x000a1425.
Processing media-specific event for [iexplore.exe!ws!]

Error: (06/19/2012 02:21:25 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module msxml3.dll, version 8.100.1052.0, fault address 0x000a1425.
Processing media-specific event for [iexplore.exe!ws!]

Error: (06/14/2012 02:07:00 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (06/14/2012 00:27:19 AM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The
Error code is the first DWORD in Data section.

Error: (06/14/2012 00:27:19 AM) (Source: LoadPerf) (User: )
Description: Unable to update the performance counter strings of the 009 language ID.
The Win32 status returned by the call is the first DWORD in Data section.


System errors:
=============
Error: (07/21/2012 07:51:39 PM) (Source: 0) (User: )
Description: @5647

Error: (07/21/2012 03:48:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PCIIde

Error: (07/21/2012 03:47:50 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (07/21/2012 08:32:26 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (07/21/2012 08:32:25 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (07/21/2012 08:32:25 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (07/21/2012 08:32:25 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (07/21/2012 08:32:25 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (07/21/2012 08:32:25 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (07/21/2012 08:32:25 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (07/13/2012 08:53:11 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702msxml3.dll8.100.1053.0000a1465

Error: (07/09/2012 06:22:11 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702msxml3.dll8.100.1052.0000a1425

Error: (07/04/2012 11:02:22 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (07/04/2012 11:01:45 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (07/01/2012 06:13:11 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702msxml3.dll8.100.1052.0000a1425

Error: (06/24/2012 11:00:40 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702msxml3.dll8.100.1052.0000a1425

Error: (06/19/2012 02:21:25 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702msxml3.dll8.100.1052.0000a1425

Error: (06/14/2012 02:07:00 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (06/14/2012 00:27:19 AM) (Source: LoadPerf)(User: )
Description: aspnet_stateASP.NET State Service

Error: (06/14/2012 00:27:19 AM) (Source: LoadPerf)(User: )
Description: 009


=========================== Installed Programs ============================

2600 (Version: 47.0.1.000)
2600_Help (Version: 47.0.1.000)
2600Trb (Version: 47.0.1.000)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Reader X (10.1.3) (Version: 10.1.3)
AiO_Scan (Version: 47.0.1.000)
AiOSoftware (Version: 47.0.1.000)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Control Panel (Version: 6.14.10.5183)
ATI Display Driver (Version: 8.23-060209a1-030546C-Dell)
avast! Free Antivirus (Version: 7.0.1456.0)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit Integrated Controller (Version: 7.53.02)
Browser Guard 4.0 (Version: 4.0.0.1588)
BufferChm (Version: 45.4.157.000)
CCleaner (Version: 3.20)
Copy (Version: 45.4.157.000)
CP_AtenaShokunin1Config (Version: 45.4.131.000)
cp_dwShrek2Albums1 (Version: 45.4.157.000)
cp_dwShrek2Cards1 (Version: 45.4.157.000)
Creative MediaSource
CreativeProjects (Version: 45.4.157.000)
CreativeProjectsTemplates (Version: 45.4.157.000)
CueTour (Version: 45.4.157.000)
Defraggler (Version: 2.10)
Destinations (Version: 45.4.157.000)
Director (Version: 45.4.157.000)
DocProc (Version: 4.5.0.0)
DocumentViewer (Version: 45.4.157.000)
EverQuest
Fax (Version: 47.0.1.000)
Google Chrome (Version: 17.0.963.78)
HP Extended Capabilities 4.7 (Version: 4.7)
HP Image Zone 4.7 (Version: 4.7)
HP Product Assistant (Version: 2.0.0.0)
HP PSC & OfficeJet 4.7
HP Software Update (Version: 3.0.2.991)
HPSystemDiagnostics (Version: 1.6.0.0)
InstantShare (Version: 45.4.157.000)
Intel® 537EP V9x DF PCI Modem
iTunes (Version: 10.6.1.7)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarketResearch (Version: 45.4.158.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Excel 97
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Word 97
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NETGEAR WNA1100 wireless USB 2.0 adapter (Version: 1.0.0.133)
NetWaiting (Version: 2.5.12)
PanoStandAlone (Version: 45.4.157.000)
PC Tools Spyware Doctor 9.0 (Version: 9.0)
PhotoGallery (Version: 45.4.157.000)
ProductContext (Version: 47.1.14.000)
QFolder (Version: 1.00.0000)
Readme (Version: 47.0.1.000)
Scan (Version: 4.5.0.0)
ScannerCopy (Version: 4.5.0.0)
SkinsHP1 (Version: 45.4.157.000)
Sound Blaster Live! 24-bit
SoundMAX (Version: 5.12.01.5246)
TrayApp (Version: 45.4.157.000)
Unload (Version: 4.5.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Ventrilo Client (Version: 3.0.8)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 45.4.157.000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 3070.09 MB
Available physical RAM: 2229.69 MB
Total Pagefile: 4960.81 MB
Available Pagefile: 4136.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.28 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.75 GB) (Free:428.87 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME-4F83A0C567

Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

Farbar Service Scanner Version: 19-07-2012
Ran by Owner (administrator) on 21-07-2012 at 21:51:52
Running from "C:\Documents and Settings\Owner\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall value. The value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(10) Gpc(3) IPSec(5) JSWSCIMD(9) NetBT(6) PSched(7) Tcpip(4) WSIMD(8)
0x0A00000005000000010000000200000003000000040000000A00000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****


Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:

PC Tools Spyware Doctor 9.0
CCleaner
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````




Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.21.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: HOME-4F83A0C567 [administrator]

7/21/2012 10:45:04 PM
mbam-log-2012-07-21 (22-45-04).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223031
Time elapsed: 26 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/22/2012 at 00:11 AM

Application Version : 5.5.1012

Core Rules Database Version : 8939
Trace Rules Database Version: 6751

Scan type : Complete Scan
Total Scan Time : 00:28:35

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 488
Memory threats detected : 0
Registry items scanned : 32647
Registry threats detected : 15
File items scanned : 24326
File threats detected : 103

Adware.Zugo
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ProgID
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\Programmable
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
HKU\S-1-5-21-839522115-790525478-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{9D425283-D487-4337-BAB6-AB8354A81457}
HKCR\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
HKCR\SearchToolbarLib.CSearchToolbarImpl.1
HKCR\SearchToolbarLib.CSearchToolbarImpl.1\CLSID
HKCR\SearchToolbarLib.CSearchToolbarImpl
HKCR\SearchToolbarLib.CSearchToolbarImpl\CLSID
HKCR\SearchToolbarLib.CSearchToolbarImpl\CurVer
HKU\S-1-5-21-839522115-790525478-1417001333-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{9D425283-D487-4337-BAB6-AB8354A81457}

Adware.Tracking Cookie
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6B3KVE85 ]
core.saymedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6B3KVE85 ]
statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.saymedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lioncountrysafari.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lioncountrysafari.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lioncountrysafari.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.steelhousemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.steelhousemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{672B21AF-30BF-478F-94EE-08B0C5D34CBE}\RP211\A0036423.EXE



23:25:25.0953 5780 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
23:25:26.0281 5780 ============================================================
23:25:26.0281 5780 Current date / time: 2012/07/21 23:25:26.0281
23:25:26.0281 5780 SystemInfo:
23:25:26.0281 5780
23:25:26.0281 5780 OS Version: 5.1.2600 ServicePack: 3.0
23:25:26.0281 5780 Product type: Workstation
23:25:26.0281 5780 ComputerName: HOME-4F83A0C567
23:25:26.0281 5780 UserName: Owner
23:25:26.0281 5780 Windows directory: C:\WINDOWS
23:25:26.0281 5780 System windows directory: C:\WINDOWS
23:25:26.0281 5780 Processor architecture: Intel x86
23:25:26.0281 5780 Number of processors: 1
23:25:26.0281 5780 Page size: 0x1000
23:25:26.0281 5780 Boot type: Normal boot
23:25:26.0281 5780 ============================================================
23:25:28.0375 5780 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:25:28.0406 5780 ============================================================
23:25:28.0406 5780 \Device\Harddisk0\DR0:
23:25:28.0406 5780 MBR partitions:
23:25:28.0406 5780 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
23:25:28.0406 5780 ============================================================
23:25:28.0437 5780 C: <-> \Device\Harddisk0\DR0\Partition0
23:25:28.0437 5780 ============================================================
23:25:28.0437 5780 Initialize success
23:25:28.0437 5780 ============================================================
23:26:09.0109 5916 ============================================================
23:26:09.0109 5916 Scan started
23:26:09.0109 5916 Mode: Manual; TDLFS;
23:26:09.0109 5916 ============================================================
23:26:09.0453 5916 Aavmker4 (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
23:26:09.0453 5916 Aavmker4 - ok
23:26:09.0453 5916 Abiosdsk - ok
23:26:09.0468 5916 abp480n5 - ok
23:26:09.0515 5916 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:26:09.0515 5916 ACPI - ok
23:26:09.0562 5916 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:26:09.0562 5916 ACPIEC - ok
23:26:09.0609 5916 ACS (4acf9052a6355d1530cf782e0919c5b4) C:\WINDOWS\system32\acs.exe
23:26:09.0625 5916 ACS - ok
23:26:09.0671 5916 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:26:09.0687 5916 AdobeFlashPlayerUpdateSvc - ok
23:26:09.0687 5916 adpu160m - ok
23:26:09.0734 5916 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:26:09.0734 5916 aec - ok
23:26:09.0796 5916 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:26:09.0796 5916 AFD - ok
23:26:09.0796 5916 Aha154x - ok
23:26:09.0812 5916 aic78u2 - ok
23:26:09.0812 5916 aic78xx - ok
23:26:09.0843 5916 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
23:26:09.0843 5916 Alerter - ok
23:26:09.0875 5916 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
23:26:09.0875 5916 ALG - ok
23:26:09.0875 5916 AliIde - ok
23:26:09.0890 5916 amsint - ok
23:26:09.0968 5916 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:26:09.0984 5916 Apple Mobile Device - ok
23:26:09.0984 5916 AppMgmt - ok
23:26:10.0078 5916 AR9271 (b24b2a1d5dbeccc294c713da19d21881) C:\WINDOWS\system32\DRIVERS\athuw.sys
23:26:10.0093 5916 AR9271 - ok
23:26:10.0125 5916 asc - ok
23:26:10.0125 5916 asc3350p - ok
23:26:10.0140 5916 asc3550 - ok
23:26:10.0265 5916 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:26:10.0265 5916 aspnet_state - ok
23:26:10.0296 5916 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:26:10.0296 5916 aswFsBlk - ok
23:26:10.0312 5916 aswMon2 (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
23:26:10.0312 5916 aswMon2 - ok
23:26:10.0328 5916 aswRdr (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\aswRdr.sys
23:26:10.0328 5916 aswRdr - ok
23:26:10.0375 5916 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
23:26:10.0375 5916 aswSnx - ok
23:26:10.0406 5916 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
23:26:10.0406 5916 aswSP - ok
23:26:10.0421 5916 aswTdi (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
23:26:10.0421 5916 aswTdi - ok
23:26:10.0468 5916 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:26:10.0468 5916 AsyncMac - ok
23:26:10.0500 5916 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:26:10.0500 5916 atapi - ok
23:26:10.0500 5916 Atdisk - ok
23:26:10.0562 5916 Ati HotKey Poller (40f02b8460ac817ea0cea2e0cab4c2ed) C:\WINDOWS\system32\Ati2evxx.exe
23:26:10.0562 5916 Ati HotKey Poller - ok
23:26:10.0593 5916 ATI Smart (d41eb535e2b2d8872463e5f59f215d4e) C:\WINDOWS\system32\ati2sgag.exe
23:26:10.0593 5916 ATI Smart - ok
23:26:10.0656 5916 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:26:10.0671 5916 ati2mtag - ok
23:26:10.0703 5916 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:26:10.0703 5916 Atmarpc - ok
23:26:10.0734 5916 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
23:26:10.0734 5916 AudioSrv - ok
23:26:10.0781 5916 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:26:10.0781 5916 audstub - ok
23:26:10.0875 5916 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:26:10.0875 5916 avast! Antivirus - ok
23:26:10.0921 5916 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
23:26:10.0921 5916 b57w2k - ok
23:26:10.0968 5916 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:26:10.0968 5916 Beep - ok
23:26:11.0031 5916 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
23:26:11.0046 5916 BITS - ok
23:26:11.0109 5916 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
23:26:11.0109 5916 Bonjour Service - ok
23:26:11.0171 5916 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
23:26:11.0171 5916 Browser - ok
23:26:11.0203 5916 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:26:11.0203 5916 cbidf2k - ok
23:26:11.0203 5916 cd20xrnt - ok
23:26:11.0218 5916 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:26:11.0218 5916 Cdaudio - ok
23:26:11.0265 5916 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:26:11.0265 5916 Cdfs - ok
23:26:11.0281 5916 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:26:11.0281 5916 Cdrom - ok
23:26:11.0296 5916 Changer - ok
23:26:11.0312 5916 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
23:26:11.0312 5916 CiSvc - ok
23:26:11.0343 5916 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
23:26:11.0343 5916 ClipSrv - ok
23:26:11.0468 5916 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:26:11.0468 5916 clr_optimization_v2.0.50727_32 - ok
23:26:11.0500 5916 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:26:11.0515 5916 clr_optimization_v4.0.30319_32 - ok
23:26:11.0515 5916 CmdIde - ok
23:26:11.0531 5916 COMSysApp - ok
23:26:11.0531 5916 Cpqarray - ok
23:26:11.0578 5916 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.EXE
23:26:11.0578 5916 Creative Service for CDROM Access - ok
23:26:11.0625 5916 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
23:26:11.0625 5916 CryptSvc - ok
23:26:11.0640 5916 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
23:26:11.0640 5916 ctsfm2k - ok
23:26:11.0656 5916 dac2w2k - ok
23:26:11.0656 5916 dac960nt - ok
23:26:11.0718 5916 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:26:11.0734 5916 DcomLaunch - ok
23:26:11.0796 5916 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
23:26:11.0796 5916 Dhcp - ok
23:26:11.0843 5916 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:26:11.0843 5916 Disk - ok
23:26:11.0859 5916 dmadmin - ok
23:26:11.0906 5916 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:26:11.0906 5916 dmboot - ok
23:26:11.0937 5916 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:26:11.0937 5916 dmio - ok
23:26:11.0968 5916 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:26:11.0968 5916 dmload - ok
23:26:12.0000 5916 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
23:26:12.0000 5916 dmserver - ok
23:26:12.0046 5916 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:26:12.0046 5916 DMusic - ok
23:26:12.0093 5916 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
23:26:12.0093 5916 Dnscache - ok
23:26:12.0125 5916 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
23:26:12.0140 5916 Dot3svc - ok
23:26:12.0140 5916 dpti2o - ok
23:26:12.0171 5916 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:26:12.0171 5916 drmkaud - ok
23:26:12.0203 5916 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
23:26:12.0203 5916 EapHost - ok
23:26:12.0218 5916 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
23:26:12.0234 5916 ERSvc - ok
23:26:12.0281 5916 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:26:12.0296 5916 Eventlog - ok
23:26:12.0312 5916 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
23:26:12.0312 5916 EventSystem - ok
23:26:12.0343 5916 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:26:12.0343 5916 Fastfat - ok
23:26:12.0375 5916 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:26:12.0390 5916 FastUserSwitchingCompatibility - ok
23:26:12.0421 5916 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:26:12.0421 5916 Fdc - ok
23:26:12.0437 5916 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:26:12.0437 5916 Fips - ok
23:26:12.0453 5916 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:26:12.0453 5916 Flpydisk - ok
23:26:12.0500 5916 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:26:12.0500 5916 FltMgr - ok
23:26:12.0609 5916 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:26:12.0609 5916 FontCache3.0.0.0 - ok
23:26:12.0640 5916 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:26:12.0640 5916 Fs_Rec - ok
23:26:12.0671 5916 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:26:12.0671 5916 Ftdisk - ok
23:26:12.0718 5916 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:26:12.0718 5916 GEARAspiWDM - ok
23:26:12.0718 5916 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:26:12.0718 5916 Gpc - ok
23:26:12.0781 5916 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:26:12.0781 5916 helpsvc - ok
23:26:12.0781 5916 HidServ - ok
23:26:12.0828 5916 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:26:12.0828 5916 hidusb - ok
23:26:12.0875 5916 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
23:26:12.0875 5916 hkmsvc - ok
23:26:12.0875 5916 hpn - ok
23:26:12.0921 5916 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
23:26:12.0921 5916 HPZid412 - ok
23:26:12.0921 5916 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
23:26:12.0937 5916 HPZipr12 - ok
23:26:12.0937 5916 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
23:26:12.0937 5916 HPZius12 - ok
23:26:13.0000 5916 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:26:13.0000 5916 HTTP - ok
23:26:13.0015 5916 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
23:26:13.0031 5916 HTTPFilter - ok
23:26:13.0046 5916 i2omgmt - ok
23:26:13.0046 5916 i2omp - ok
23:26:13.0078 5916 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:26:13.0093 5916 i8042prt - ok
23:26:13.0156 5916 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:26:13.0171 5916 idsvc - ok
23:26:13.0187 5916 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:26:13.0187 5916 Imapi - ok
23:26:13.0234 5916 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
23:26:13.0234 5916 ImapiService - ok
23:26:13.0250 5916 ini910u - ok
23:26:13.0328 5916 IntelC51 (fcab28ffd3a8964581e16455efaf81c8) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
23:26:13.0343 5916 IntelC51 - ok
23:26:13.0375 5916 IntelC52 (a288e7e3a6255255b9066686d860fbc5) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
23:26:13.0375 5916 IntelC52 - ok
23:26:13.0390 5916 IntelC53 (d5e5a1abf6bdba7ca49941a044f04598) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
23:26:13.0390 5916 IntelC53 - ok
23:26:13.0437 5916 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:26:13.0437 5916 IntelIde - ok
23:26:13.0437 5916 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:26:13.0437 5916 intelppm - ok
23:26:13.0468 5916 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:26:13.0468 5916 Ip6Fw - ok
23:26:13.0500 5916 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:26:13.0500 5916 IpFilterDriver - ok
23:26:13.0515 5916 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:26:13.0515 5916 IpInIp - ok
23:26:13.0546 5916 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:26:13.0546 5916 IpNat - ok
23:26:13.0640 5916 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
23:26:13.0656 5916 iPod Service - ok
23:26:13.0671 5916 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:26:13.0687 5916 IPSec - ok
23:26:13.0734 5916 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:26:13.0734 5916 IRENUM - ok
23:26:13.0750 5916 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:26:13.0750 5916 isapnp - ok
23:26:13.0859 5916 jswpsapi (ad7c73c72480eecb7675c90eb565e7cb) C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
23:26:13.0875 5916 jswpsapi - ok
23:26:13.0906 5916 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
23:26:13.0906 5916 JSWSCIMD - ok
23:26:13.0921 5916 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:26:13.0921 5916 Kbdclass - ok
23:26:13.0937 5916 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:26:13.0937 5916 kbdhid - ok
23:26:13.0984 5916 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:26:13.0984 5916 kmixer - ok
23:26:14.0031 5916 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:26:14.0031 5916 KSecDD - ok
23:26:14.0078 5916 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
23:26:14.0093 5916 LanmanServer - ok
23:26:14.0140 5916 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
23:26:14.0156 5916 lanmanworkstation - ok
23:26:14.0156 5916 lbrtfdc - ok
23:26:14.0203 5916 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
23:26:14.0203 5916 LmHosts - ok
23:26:14.0218 5916 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
23:26:14.0234 5916 Messenger - ok
23:26:14.0265 5916 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:26:14.0265 5916 mnmdd - ok
23:26:14.0296 5916 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
23:26:14.0312 5916 mnmsrvc - ok
23:26:14.0343 5916 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:26:14.0343 5916 Modem - ok
23:26:14.0390 5916 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
23:26:14.0390 5916 MODEMCSA - ok
23:26:14.0406 5916 mohfilt (c6a08c4f34b3048a73bbb2951150f98d) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
23:26:14.0406 5916 mohfilt - ok
23:26:14.0421 5916 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:26:14.0421 5916 Mouclass - ok
23:26:14.0437 5916 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:26:14.0437 5916 mouhid - ok
23:26:14.0453 5916 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:26:14.0453 5916 MountMgr - ok
23:26:14.0468 5916 mraid35x - ok
23:26:14.0500 5916 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:26:14.0500 5916 MRxDAV - ok
23:26:14.0546 5916 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:26:14.0546 5916 MRxSmb - ok
23:26:14.0609 5916 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
23:26:14.0609 5916 MSDTC - ok
23:26:14.0625 5916 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:26:14.0625 5916 Msfs - ok
23:26:14.0640 5916 MSIServer - ok
23:26:14.0671 5916 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:26:14.0671 5916 MSKSSRV - ok
23:26:14.0687 5916 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:26:14.0687 5916 MSPCLOCK - ok
23:26:14.0687 5916 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:26:14.0687 5916 MSPQM - ok
23:26:14.0734 5916 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:26:14.0734 5916 mssmbios - ok
23:26:14.0765 5916 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:26:14.0765 5916 Mup - ok
23:26:14.0796 5916 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
23:26:14.0812 5916 napagent - ok
23:26:14.0828 5916 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:26:14.0828 5916 NDIS - ok
23:26:14.0859 5916 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:26:14.0859 5916 NdisTapi - ok
23:26:14.0906 5916 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:26:14.0906 5916 Ndisuio - ok
23:26:14.0937 5916 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:26:14.0937 5916 NdisWan - ok
23:26:14.0968 5916 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:26:14.0968 5916 NDProxy - ok
23:26:14.0968 5916 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:26:14.0984 5916 NetBIOS - ok
23:26:15.0015 5916 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:26:15.0015 5916 NetBT - ok
23:26:15.0046 5916 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:26:15.0046 5916 NetDDE - ok
23:26:15.0062 5916 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
23:26:15.0062 5916 NetDDEdsdm - ok
23:26:15.0109 5916 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:26:15.0109 5916 Netlogon - ok
23:26:15.0125 5916 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
23:26:15.0140 5916 Netman - ok
23:26:15.0234 5916 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:26:15.0234 5916 NetTcpPortSharing - ok
23:26:15.0281 5916 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
23:26:15.0296 5916 Nla - ok
23:26:15.0312 5916 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:26:15.0312 5916 Npfs - ok
23:26:15.0328 5916 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:26:15.0343 5916 Ntfs - ok
23:26:15.0343 5916 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:26:15.0343 5916 NtLmSsp - ok
23:26:15.0390 5916 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
23:26:15.0406 5916 NtmsSvc - ok
23:26:15.0453 5916 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:26:15.0453 5916 Null - ok
23:26:15.0500 5916 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:26:15.0500 5916 NwlnkFlt - ok
23:26:15.0500 5916 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:26:15.0500 5916 NwlnkFwd - ok
23:26:15.0546 5916 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
23:26:15.0546 5916 ossrv - ok
23:26:15.0578 5916 P17 (3a7290f2c423b80ba95becae015b9b1b) C:\WINDOWS\system32\drivers\P17.sys
23:26:15.0593 5916 P17 - ok
23:26:15.0609 5916 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
23:26:15.0609 5916 Parport - ok
23:26:15.0625 5916 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:26:15.0625 5916 PartMgr - ok
23:26:15.0640 5916 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:26:15.0640 5916 ParVdm - ok
23:26:15.0671 5916 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:26:15.0671 5916 PCI - ok
23:26:15.0671 5916 PCIDump - ok
23:26:15.0687 5916 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
23:26:15.0687 5916 PCIIde - ok
23:26:15.0703 5916 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:26:15.0703 5916 Pcmcia - ok
23:26:15.0718 5916 PDCOMP - ok
23:26:15.0718 5916 PDFRAME - ok
23:26:15.0734 5916 PDRELI - ok
23:26:15.0734 5916 PDRFRAME - ok
23:26:15.0750 5916 perc2 - ok
23:26:15.0750 5916 perc2hib - ok
23:26:15.0812 5916 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
23:26:15.0812 5916 PfModNT - ok
23:26:15.0859 5916 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
23:26:15.0875 5916 PlugPlay - ok
23:26:15.0921 5916 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
23:26:15.0921 5916 Pml Driver HPZ12 - ok
23:26:15.0937 5916 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:26:15.0937 5916 PolicyAgent - ok
23:26:15.0984 5916 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:26:15.0984 5916 PptpMiniport - ok
23:26:15.0984 5916 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:26:16.0000 5916 ProtectedStorage - ok
23:26:16.0000 5916 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:26:16.0000 5916 PSched - ok
23:26:16.0031 5916 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:26:16.0031 5916 Ptilink - ok
23:26:16.0046 5916 ql1080 - ok
23:26:16.0046 5916 Ql10wnt - ok
23:26:16.0046 5916 ql12160 - ok
23:26:16.0062 5916 ql1240 - ok
23:26:16.0062 5916 ql1280 - ok
23:26:16.0078 5916 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:26:16.0078 5916 RasAcd - ok
23:26:16.0109 5916 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
23:26:16.0125 5916 RasAuto - ok
23:26:16.0140 5916 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:26:16.0140 5916 Rasl2tp - ok
23:26:16.0187 5916 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
23:26:16.0187 5916 RasMan - ok
23:26:16.0203 5916 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:26:16.0203 5916 RasPppoe - ok
23:26:16.0203 5916 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:26:16.0218 5916 Raspti - ok
23:26:16.0265 5916 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:26:16.0265 5916 Rdbss - ok
23:26:16.0281 5916 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:26:16.0281 5916 RDPCDD - ok
23:26:16.0328 5916 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
23:26:16.0328 5916 RDPWD - ok
23:26:16.0375 5916 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
23:26:16.0375 5916 RDSessMgr - ok
23:26:16.0406 5916 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:26:16.0406 5916 redbook - ok
23:26:16.0453 5916 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
23:26:16.0453 5916 RemoteAccess - ok
23:26:16.0468 5916 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
23:26:16.0484 5916 RpcLocator - ok
23:26:16.0531 5916 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
23:26:16.0546 5916 RpcSs - ok
23:26:16.0593 5916 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
23:26:16.0593 5916 RSVP - ok
23:26:16.0625 5916 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
23:26:16.0640 5916 SamSs - ok
23:26:16.0671 5916 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
23:26:16.0671 5916 SCardSvr - ok
23:26:16.0718 5916 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
23:26:16.0734 5916 Schedule - ok
23:26:16.0750 5916 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:26:16.0765 5916 Secdrv - ok
23:26:16.0765 5916 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
23:26:16.0781 5916 seclogon - ok
23:26:16.0843 5916 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
23:26:16.0843 5916 senfilt - ok
23:26:16.0875 5916 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
23:26:16.0890 5916 SENS - ok
23:26:16.0906 5916 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:26:16.0906 5916 serenum - ok
23:26:16.0937 5916 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
23:26:16.0937 5916 Serial - ok
23:26:17.0015 5916 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:26:17.0015 5916 Sfloppy - ok
23:26:17.0062 5916 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
23:26:17.0078 5916 SharedAccess - ok
23:26:17.0125 5916 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:26:17.0125 5916 ShellHWDetection - ok
23:26:17.0140 5916 Simbad - ok
23:26:17.0203 5916 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
23:26:17.0203 5916 smwdm - ok
23:26:17.0218 5916 Sparrow - ok
23:26:17.0234 5916 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:26:17.0234 5916 splitter - ok
23:26:17.0265 5916 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:26:17.0281 5916 Spooler - ok
23:26:17.0328 5916 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:26:17.0328 5916 sr - ok
23:26:17.0359 5916 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
23:26:17.0375 5916 srservice - ok
23:26:17.0406 5916 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:26:17.0406 5916 Srv - ok
23:26:17.0484 5916 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
23:26:17.0500 5916 SSDPSRV - ok
23:26:17.0515 5916 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
23:26:17.0531 5916 stisvc - ok
23:26:17.0578 5916 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:26:17.0578 5916 swenum - ok
23:26:17.0625 5916 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:26:17.0625 5916 swmidi - ok
23:26:17.0625 5916 SwPrv - ok
23:26:17.0640 5916 symc810 - ok
23:26:17.0640 5916 symc8xx - ok
23:26:17.0656 5916 sym_hi - ok
23:26:17.0656 5916 sym_u3 - ok
23:26:17.0671 5916 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:26:17.0671 5916 sysaudio - ok
23:26:17.0703 5916 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
23:26:17.0718 5916 SysmonLog - ok
23:26:17.0750 5916 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
23:26:17.0750 5916 TapiSrv - ok
23:26:17.0812 5916 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:26:17.0812 5916 Tcpip - ok
23:26:17.0859 5916 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:26:17.0859 5916 TDPIPE - ok
23:26:17.0875 5916 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:26:17.0875 5916 TDTCP - ok
23:26:17.0906 5916 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:26:17.0906 5916 TermDD - ok
23:26:17.0937 5916 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
23:26:17.0937 5916 TermService - ok
23:26:17.0984 5916 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
23:26:18.0000 5916 Themes - ok
23:26:18.0000 5916 TosIde - ok
23:26:18.0046 5916 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
23:26:18.0062 5916 TrkWks - ok
23:26:18.0109 5916 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:26:18.0109 5916 Udfs - ok
23:26:18.0125 5916 ultra - ok
23:26:18.0140 5916 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:26:18.0156 5916 Update - ok
23:26:18.0187 5916 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
23:26:18.0203 5916 upnphost - ok
23:26:18.0234 5916 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
23:26:18.0234 5916 UPS - ok
23:26:18.0265 5916 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:26:18.0265 5916 USBAAPL - ok
23:26:18.0296 5916 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:26:18.0296 5916 usbccgp - ok
23:26:18.0312 5916 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:26:18.0312 5916 usbehci - ok
23:26:18.0328 5916 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:26:18.0328 5916 usbhub - ok
23:26:18.0375 5916 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:26:18.0375 5916 usbprint - ok
23:26:18.0406 5916 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:26:18.0406 5916 usbscan - ok
23:26:18.0421 5916 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:26:18.0421 5916 USBSTOR - ok
23:26:18.0437 5916 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:26:18.0437 5916 usbuhci - ok
23:26:18.0468 5916 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:26:18.0468 5916 VgaSave - ok
23:26:18.0484 5916 ViaIde - ok
23:26:18.0531 5916 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:26:18.0531 5916 VolSnap - ok
23:26:18.0578 5916 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
23:26:18.0593 5916 VSS - ok
23:26:18.0640 5916 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
23:26:18.0640 5916 W32Time - ok
23:26:18.0671 5916 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:26:18.0671 5916 Wanarp - ok
23:26:18.0671 5916 WDICA - ok
23:26:18.0718 5916 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:26:18.0718 5916 wdmaud - ok
23:26:18.0750 5916 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
23:26:18.0750 5916 WebClient - ok
23:26:18.0843 5916 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:26:18.0843 5916 winmgmt - ok
23:26:18.0906 5916 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\system32\MsPMSPSv.exe
23:26:18.0921 5916 WMDM PMSP Service - ok
23:26:18.0953 5916 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:26:18.0953 5916 WmdmPmSN - ok
23:26:18.0984 5916 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:26:18.0984 5916 WmiApSrv - ok
23:26:19.0062 5916 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
23:26:19.0078 5916 WMPNetworkSvc - ok
23:26:19.0156 5916 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:26:19.0171 5916 WPFFontCache_v0400 - ok
23:26:19.0250 5916 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:26:19.0250 5916 WS2IFSL - ok
23:26:19.0296 5916 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
23:26:19.0296 5916 wscsvc - ok
23:26:19.0312 5916 WSearch - ok
23:26:19.0343 5916 WSIMD (7a36f3083e28405d6c5ecdb942513c3b) C:\WINDOWS\system32\DRIVERS\wsimd.sys
23:26:19.0359 5916 WSIMD - ok
23:26:19.0406 5916 WSWNA1100 (fa09e0d44e35def68a56e0a2fa35e427) C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
23:26:19.0421 5916 WSWNA1100 - ok
23:26:19.0468 5916 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
23:26:19.0468 5916 wuauserv - ok
23:26:19.0515 5916 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:26:19.0515 5916 WudfPf - ok
23:26:19.0531 5916 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:26:19.0531 5916 WudfRd - ok
23:26:19.0562 5916 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:26:19.0562 5916 WudfSvc - ok
23:26:19.0609 5916 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
23:26:19.0625 5916 WZCSVC - ok
23:26:19.0671 5916 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
23:26:19.0671 5916 xmlprov - ok
23:26:19.0703 5916 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:26:20.0203 5916 \Device\Harddisk0\DR0 - ok
23:26:20.0234 5916 Boot (0x1200) (29a8dbfc90088b2a670af2b55b675f30) \Device\Harddisk0\DR0\Partition0
23:26:20.0250 5916 \Device\Harddisk0\DR0\Partition0 - ok
23:26:20.0250 5916 ============================================================
23:26:20.0250 5916 Scan finished
23:26:20.0250 5916 ============================================================
23:26:20.0265 6040 Detected object count: 0
23:26:20.0265 6040 Actual detected object count: 0
23:28:36.0187 4348 Deinitialize success

#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:47 AM

Posted 22 July 2012 - 12:25 AM

Hi -

If your web browser starts with Searchnu.com rather than Google etc., then you've probably installed some sort of freeware
Following THIS GUIDE usually helps, and you seem to have used some of these methods. Always a good read on resetting your browsers -
Don't !! Repeat Don't download any of the scanners they recommend !!

Uninstall PC Tools Spyware Doctor 9.0 from Add / Remove or from its own uninstaller - It can conflict with a few other tools

S.A.S seems to have detected several of the problems that you had. Is the system running any better yet ??

Thank You -
EDIT - I hope you removed all found items from S.A.S and rebooted - If not rescan and do it -

Edited by noknojon, 22 July 2012 - 12:29 AM.


#6 jjvanb

jjvanb
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 22 July 2012 - 02:18 PM

It looks like most of the problem has been fixed, I removed the issues found in SAS, and rebooted. I can get IE to launch again and have removed the incorrect homepage and search references.

Problems I still have:

* The quick launch bar disappears when I reboot
* I have to right click in order to launch any program from the following icons: quick launch, desktop shortcuts, start menu programs.

programs or files installed directly to the desktop seem to launch fine with a double click.

Thanks

#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:47 AM

Posted 22 July 2012 - 03:08 PM

"The quick launch bar disappears when I reboot" <<
If you "Hover" / Hold the mouse over where the bar should be, will it appear as if normal ? This just means the bar is unchecked

"I have to right click in order to launch any program from the following icons: quick launch, desktop shortcuts, start menu programs" << We need to check the Mouse settings in Control Panel

First check -
Open Control Panel > Click on Mouse > Make sure the box Top Left is not ticked -

#8 jjvanb

jjvanb
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 22 July 2012 - 06:07 PM

It's not the actual bar that disappears, just the icons. Sorry I guess I didn't describe it well. Each time I reboot all the quick launch icon go away, and I need to recheck the toolbar to make them come back each time.

The box in the control panel for the mouse was not checked.

#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:47 AM

Posted 22 July 2012 - 08:11 PM

I need to recheck the toolbar to make them come back each time. << Not unusual after this infection -

Download aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here




#10 jjvanb

jjvanb
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 22 July 2012 - 09:32 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-22 22:16:52
-----------------------------
22:16:52.609 OS Version: Windows 5.1.2600 Service Pack 3
22:16:52.609 Number of processors: 1 586 0x304
22:16:52.609 ComputerName: HOME-4F83A0C567 UserName: Owner
22:16:53.718 Initialize success
22:16:53.859 AVAST engine defs: 12072201
22:17:22.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:17:22.109 Disk 0 Vendor: ST500DM002-1BC142 JC4B Size: 476940MB BusType: 3
22:17:22.125 Disk 0 MBR read successfully
22:17:22.125 Disk 0 MBR scan
22:17:22.125 Disk 0 Windows XP default MBR code
22:17:22.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
22:17:22.125 Disk 0 scanning sectors +976752000
22:17:22.203 Disk 0 scanning C:\WINDOWS\system32\drivers
22:17:29.687 Service scanning
22:17:39.890 Modules scanning
22:17:43.781 Disk 0 trace - called modules:
22:17:43.796 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
22:17:43.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a194ab8]
22:17:44.125 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a18cb00]
22:17:44.937 AVAST engine scan C:\WINDOWS
22:17:48.375 AVAST engine scan C:\WINDOWS\system32
22:20:08.109 AVAST engine scan C:\WINDOWS\system32\drivers
22:20:32.546 AVAST engine scan C:\Documents and Settings\Owner
22:26:08.781 AVAST engine scan C:\Documents and Settings\All Users
22:26:26.593 Scan finished successfully
22:31:43.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
22:31:43.625 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:47 AM

Posted 23 July 2012 - 03:10 PM

Hello -
As I have used a Tool that I am not permitted to use in this area of the forum, I must ask you to follow these directions for more help -

Please follow the instructions in ==>This Guide<== from steps 4 to 10 and post the requested logs if you can
I am sorry for this but I can no longer help you here. The Malware Removal / Clean up team will finish your topic.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

I hope you understand as I broke a helping rule here, an Expert may reply, or you can follow the directions above if the problem is not yet solved

Thank You for your understanding -

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:47 PM

Posted 24 July 2012 - 12:11 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic462151.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users