Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect problem


  • Please log in to reply
19 replies to this topic

#1 turkanator

turkanator

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Rings of Saturn
  • Local time:02:13 PM

Posted 22 July 2012 - 09:23 PM

I have a redirect issue, im being redirected to unwanted sites, i believe one is : 63.209.69.107, or scour or something to that effect. Im not sure what the infection is though a little research suggests that tdss is the problem, but im not sure. it doesn't show up anywhere, but I am most certainly being redirected. i have also tried hitman pro and the problem continues, any help would be greatly appreciated.:blink:

Edited by Orange Blossom, 22 July 2012 - 09:26 PM.
Moved to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:13 PM

Posted 22 July 2012 - 09:36 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 turkanator

turkanator
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Rings of Saturn
  • Local time:02:13 PM

Posted 22 July 2012 - 10:10 PM

Here is the Tdsskiller log:


22:02:35.0812 3936 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
22:02:36.0578 3936 ============================================================
22:02:36.0578 3936 Current date / time: 2012/07/22 22:02:36.0578
22:02:36.0578 3936 SystemInfo:
22:02:36.0578 3936
22:02:36.0578 3936 OS Version: 5.1.2600 ServicePack: 3.0
22:02:36.0578 3936 Product type: Workstation
22:02:36.0578 3936 ComputerName: USER-473F6598BC
22:02:36.0578 3936 UserName: user
22:02:36.0578 3936 Windows directory: C:\WINDOWS
22:02:36.0578 3936 System windows directory: C:\WINDOWS
22:02:36.0578 3936 Processor architecture: Intel x86
22:02:36.0578 3936 Number of processors: 1
22:02:36.0578 3936 Page size: 0x1000
22:02:36.0578 3936 Boot type: Normal boot
22:02:36.0578 3936 ============================================================
22:02:40.0578 3936 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:02:40.0578 3936 ============================================================
22:02:40.0578 3936 \Device\Harddisk0\DR0:
22:02:40.0578 3936 MBR partitions:
22:02:40.0578 3936 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3EC1, BlocksNum 0x4A8143F
22:02:40.0578 3936 ============================================================
22:02:40.0609 3936 C: <-> \Device\Harddisk0\DR0\Partition0
22:02:40.0609 3936 ============================================================
22:02:40.0609 3936 Initialize success
22:02:40.0609 3936 ============================================================
22:03:39.0281 2740 ============================================================
22:03:39.0281 2740 Scan started
22:03:39.0281 2740 Mode: Manual; TDLFS;
22:03:39.0281 2740 ============================================================
22:03:39.0531 2740 Abiosdsk - ok
22:03:39.0546 2740 abp480n5 - ok
22:03:39.0578 2740 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
22:03:39.0593 2740 ac97intc - ok
22:03:39.0656 2740 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:03:39.0671 2740 ACPI - ok
22:03:39.0718 2740 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:03:39.0718 2740 ACPIEC - ok
22:03:39.0828 2740 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:03:39.0843 2740 AdobeFlashPlayerUpdateSvc - ok
22:03:39.0843 2740 adpu160m - ok
22:03:40.0109 2740 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
22:03:40.0125 2740 AdvancedSystemCareService5 - ok
22:03:40.0187 2740 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:03:40.0203 2740 aec - ok
22:03:40.0250 2740 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:03:40.0250 2740 AegisP - ok
22:03:40.0312 2740 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:03:40.0312 2740 AFD - ok
22:03:40.0390 2740 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:03:40.0390 2740 agp440 - ok
22:03:40.0406 2740 Aha154x - ok
22:03:40.0406 2740 aic78u2 - ok
22:03:40.0421 2740 aic78xx - ok
22:03:40.0468 2740 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:03:40.0468 2740 Alerter - ok
22:03:40.0500 2740 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:03:40.0500 2740 ALG - ok
22:03:40.0500 2740 AliIde - ok
22:03:40.0515 2740 amsint - ok
22:03:40.0593 2740 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:03:40.0625 2740 AppMgmt - ok
22:03:40.0671 2740 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:03:40.0671 2740 Arp1394 - ok
22:03:40.0687 2740 asc - ok
22:03:40.0703 2740 asc3350p - ok
22:03:40.0718 2740 asc3550 - ok
22:03:40.0765 2740 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
22:03:40.0781 2740 ASPI32 - ok
22:03:40.0796 2740 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:03:40.0796 2740 AsyncMac - ok
22:03:40.0828 2740 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:03:40.0828 2740 atapi - ok
22:03:40.0843 2740 Atdisk - ok
22:03:40.0921 2740 Ati HotKey Poller (17ea1c7671dde20e32e7c9ffe842f46e) C:\WINDOWS\system32\Ati2evxx.exe
22:03:40.0937 2740 Ati HotKey Poller - ok
22:03:41.0062 2740 ati2mtag (8eb17cf829df300cc885651cfeaf931c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:03:41.0109 2740 ati2mtag - ok
22:03:41.0171 2740 atimtai (84a86a5d286afa48d4ee88ba869806dd) C:\WINDOWS\system32\DRIVERS\atimtai.sys
22:03:41.0171 2740 atimtai - ok
22:03:41.0234 2740 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:03:41.0234 2740 Atmarpc - ok
22:03:41.0265 2740 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:03:41.0281 2740 AudioSrv - ok
22:03:41.0296 2740 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:03:41.0296 2740 audstub - ok
22:03:41.0468 2740 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
22:03:41.0484 2740 AVG Security Toolbar Service - ok
22:03:41.0500 2740 Avgfwdx (8be661c16fbf84a73bcec84b6b4a9db5) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
22:03:41.0500 2740 Avgfwdx - ok
22:03:41.0515 2740 Avgfwfd (8be661c16fbf84a73bcec84b6b4a9db5) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
22:03:41.0515 2740 Avgfwfd - ok
22:03:41.0843 2740 avgfws (bd5d11cedbcde4fa97d2387e7069b1ff) C:\Program Files\AVG\AVG2012\avgfws.exe
22:03:41.0984 2740 avgfws - ok
22:03:42.0593 2740 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe
22:03:42.0890 2740 AVGIDSAgent - ok
22:03:43.0062 2740 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
22:03:43.0062 2740 AVGIDSDriver - ok
22:03:43.0078 2740 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
22:03:43.0078 2740 AVGIDSFilter - ok
22:03:43.0140 2740 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
22:03:43.0156 2740 AVGIDSHX - ok
22:03:43.0171 2740 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
22:03:43.0171 2740 AVGIDSShim - ok
22:03:43.0250 2740 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:03:43.0250 2740 Avgldx86 - ok
22:03:43.0265 2740 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:03:43.0265 2740 Avgmfx86 - ok
22:03:43.0296 2740 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:03:43.0296 2740 Avgrkx86 - ok
22:03:43.0359 2740 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:03:43.0359 2740 Avgtdix - ok
22:03:43.0515 2740 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
22:03:43.0531 2740 avgwd - ok
22:03:43.0640 2740 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:03:43.0640 2740 b57w2k - ok
22:03:43.0734 2740 BCM43XX (bf84c5cab6392bb4ef01248287f69388) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:03:43.0750 2740 BCM43XX - ok
22:03:43.0796 2740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:03:43.0796 2740 Beep - ok
22:03:43.0875 2740 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:03:43.0890 2740 BITS - ok
22:03:43.0953 2740 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:03:43.0953 2740 Browser - ok
22:03:44.0015 2740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:03:44.0015 2740 cbidf2k - ok
22:03:44.0031 2740 cd20xrnt - ok
22:03:44.0046 2740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:03:44.0062 2740 Cdaudio - ok
22:03:44.0109 2740 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:03:44.0125 2740 Cdfs - ok
22:03:44.0140 2740 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:03:44.0156 2740 Cdrom - ok
22:03:44.0203 2740 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
22:03:44.0203 2740 cercsr6 - ok
22:03:44.0218 2740 Changer - ok
22:03:44.0265 2740 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:03:44.0265 2740 CiSvc - ok
22:03:44.0281 2740 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:03:44.0281 2740 ClipSrv - ok
22:03:44.0296 2740 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:03:44.0312 2740 CmBatt - ok
22:03:44.0312 2740 CmdIde - ok
22:03:44.0343 2740 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:03:44.0343 2740 Compbatt - ok
22:03:44.0359 2740 COMSysApp - ok
22:03:44.0375 2740 Cpqarray - ok
22:03:44.0406 2740 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:03:44.0406 2740 CryptSvc - ok
22:03:44.0421 2740 dac2w2k - ok
22:03:44.0421 2740 dac960nt - ok
22:03:44.0500 2740 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:03:44.0515 2740 DcomLaunch - ok
22:03:44.0593 2740 DevUpper (913938a5382bfb2487aacaea408a14d2) C:\WINDOWS\system32\DRIVERS\tiumflt.sys
22:03:44.0593 2740 DevUpper - ok
22:03:44.0671 2740 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:03:44.0671 2740 Dhcp - ok
22:03:44.0687 2740 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:03:44.0687 2740 Disk - ok
22:03:44.0703 2740 dmadmin - ok
22:03:44.0843 2740 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:03:44.0890 2740 dmboot - ok
22:03:45.0000 2740 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:03:45.0000 2740 dmio - ok
22:03:45.0031 2740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:03:45.0031 2740 dmload - ok
22:03:45.0078 2740 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:03:45.0078 2740 dmserver - ok
22:03:45.0109 2740 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:03:45.0109 2740 DMusic - ok
22:03:45.0156 2740 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:03:45.0156 2740 Dnscache - ok
22:03:45.0234 2740 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:03:45.0234 2740 Dot3svc - ok
22:03:45.0250 2740 dpti2o - ok
22:03:45.0281 2740 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:03:45.0281 2740 drmkaud - ok
22:03:45.0312 2740 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:03:45.0312 2740 EapHost - ok
22:03:45.0328 2740 EL3C589 - ok
22:03:45.0375 2740 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
22:03:45.0390 2740 EL90XBC - ok
22:03:45.0437 2740 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:03:45.0453 2740 ERSvc - ok
22:03:45.0500 2740 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:03:45.0500 2740 Eventlog - ok
22:03:45.0578 2740 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:03:45.0640 2740 EventSystem - ok
22:03:45.0656 2740 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:03:45.0671 2740 Fastfat - ok
22:03:45.0718 2740 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:03:45.0718 2740 FastUserSwitchingCompatibility - ok
22:03:45.0750 2740 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:03:45.0750 2740 Fdc - ok
22:03:45.0796 2740 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:03:45.0796 2740 Fips - ok
22:03:45.0843 2740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:03:45.0843 2740 Flpydisk - ok
22:03:45.0875 2740 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:03:45.0875 2740 FltMgr - ok
22:03:45.0921 2740 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:03:45.0921 2740 Fs_Rec - ok
22:03:45.0953 2740 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:03:45.0968 2740 Ftdisk - ok
22:03:46.0015 2740 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:03:46.0015 2740 Gpc - ok
22:03:46.0062 2740 GTICARD (5ccb2f5cd9f8b6a7dfd57e5346ee5796) C:\WINDOWS\system32\DRIVERS\gticard.sys
22:03:46.0078 2740 GTICARD - ok
22:03:46.0140 2740 GTIPCI21 (b6b1f53f585b41091eb3586f8297a379) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
22:03:46.0140 2740 GTIPCI21 - ok
22:03:46.0250 2740 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:03:46.0250 2740 helpsvc - ok
22:03:46.0265 2740 HidServ - ok
22:03:46.0296 2740 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:03:46.0312 2740 HidUsb - ok
22:03:46.0359 2740 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:03:46.0359 2740 hkmsvc - ok
22:03:46.0375 2740 hpn - ok
22:03:46.0437 2740 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
22:03:46.0437 2740 HSFHWICH - ok
22:03:46.0546 2740 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
22:03:46.0578 2740 HSF_DPV - ok
22:03:46.0671 2740 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:03:46.0687 2740 HTTP - ok
22:03:46.0734 2740 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:03:46.0750 2740 HTTPFilter - ok
22:03:46.0750 2740 i2omgmt - ok
22:03:46.0765 2740 i2omp - ok
22:03:46.0843 2740 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:03:46.0843 2740 i8042prt - ok
22:03:47.0000 2740 ialm (643162fbc619e35d3f1a90a095a5bb42) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:03:47.0031 2740 ialm - ok
22:03:47.0093 2740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:03:47.0093 2740 Imapi - ok
22:03:47.0171 2740 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:03:47.0171 2740 ImapiService - ok
22:03:47.0187 2740 ini910u - ok
22:03:47.0234 2740 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:03:47.0234 2740 IntelIde - ok
22:03:47.0265 2740 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:03:47.0281 2740 intelppm - ok
22:03:47.0312 2740 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:03:47.0312 2740 Ip6Fw - ok
22:03:47.0343 2740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:03:47.0343 2740 IpFilterDriver - ok
22:03:47.0359 2740 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:03:47.0375 2740 IpInIp - ok
22:03:47.0406 2740 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:03:47.0421 2740 IpNat - ok
22:03:47.0468 2740 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:03:47.0484 2740 IPSec - ok
22:03:47.0500 2740 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:03:47.0515 2740 IRENUM - ok
22:03:47.0562 2740 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:03:47.0562 2740 isapnp - ok
22:03:47.0781 2740 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
22:03:47.0781 2740 JavaQuickStarterService - ok
22:03:47.0812 2740 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:03:47.0812 2740 Kbdclass - ok
22:03:47.0875 2740 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:03:47.0875 2740 kmixer - ok
22:03:47.0921 2740 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:03:47.0937 2740 KSecDD - ok
22:03:47.0984 2740 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:03:47.0984 2740 lanmanserver - ok
22:03:48.0062 2740 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:03:48.0062 2740 lanmanworkstation - ok
22:03:48.0078 2740 lbrtfdc - ok
22:03:48.0140 2740 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:03:48.0156 2740 LmHosts - ok
22:03:48.0250 2740 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
22:03:48.0265 2740 ltmodem5 - ok
22:03:48.0296 2740 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
22:03:48.0312 2740 MBAMProtector - ok
22:03:48.0484 2740 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:03:48.0500 2740 MBAMService - ok
22:03:48.0562 2740 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:03:48.0562 2740 mdmxsdk - ok
22:03:48.0625 2740 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:03:48.0625 2740 Messenger - ok
22:03:48.0734 2740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:03:48.0734 2740 mnmdd - ok
22:03:48.0796 2740 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:03:48.0796 2740 mnmsrvc - ok
22:03:48.0875 2740 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:03:48.0875 2740 Modem - ok
22:03:48.0937 2740 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:03:48.0937 2740 MODEMCSA - ok
22:03:48.0953 2740 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:03:48.0953 2740 Mouclass - ok
22:03:48.0984 2740 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:03:48.0984 2740 MountMgr - ok
22:03:49.0000 2740 mraid35x - ok
22:03:49.0031 2740 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:03:49.0031 2740 MRxDAV - ok
22:03:49.0109 2740 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:03:49.0125 2740 MRxSmb - ok
22:03:49.0171 2740 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:03:49.0187 2740 MSDTC - ok
22:03:49.0218 2740 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:03:49.0218 2740 Msfs - ok
22:03:49.0234 2740 MSIServer - ok
22:03:49.0265 2740 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:03:49.0265 2740 MSKSSRV - ok
22:03:49.0281 2740 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:03:49.0281 2740 MSPCLOCK - ok
22:03:49.0281 2740 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:03:49.0296 2740 MSPQM - ok
22:03:49.0328 2740 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:03:49.0343 2740 mssmbios - ok
22:03:49.0390 2740 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:03:49.0390 2740 Mup - ok
22:03:49.0437 2740 NAL (ebbef7d3ddeb24239ab8d067f3a27ccf) C:\WINDOWS\system32\Drivers\iqvw32.sys
22:03:49.0437 2740 NAL - ok
22:03:49.0515 2740 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:03:49.0531 2740 napagent - ok
22:03:49.0593 2740 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:03:49.0609 2740 NDIS - ok
22:03:49.0718 2740 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:03:49.0718 2740 NdisTapi - ok
22:03:49.0781 2740 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:03:49.0781 2740 Ndisuio - ok
22:03:49.0796 2740 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:03:49.0796 2740 NdisWan - ok
22:03:49.0859 2740 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:03:49.0859 2740 NDProxy - ok
22:03:49.0906 2740 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:03:49.0906 2740 NetBIOS - ok
22:03:49.0953 2740 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:03:49.0953 2740 NetBT - ok
22:03:50.0015 2740 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:03:50.0015 2740 NetDDE - ok
22:03:50.0031 2740 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:03:50.0031 2740 NetDDEdsdm - ok
22:03:50.0093 2740 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:03:50.0109 2740 Netlogon - ok
22:03:50.0140 2740 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:03:50.0156 2740 Netman - ok
22:03:50.0375 2740 NetSvc (25d4fd2151185172b6643c94f34f36be) C:\Program Files\Intel\NCS\Sync\NetSvc.exe
22:03:50.0375 2740 NetSvc - ok
22:03:50.0421 2740 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:03:50.0421 2740 NIC1394 - ok
22:03:50.0484 2740 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:03:50.0484 2740 Nla - ok
22:03:50.0531 2740 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:03:50.0546 2740 Npfs - ok
22:03:50.0625 2740 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:03:50.0671 2740 Ntfs - ok
22:03:50.0671 2740 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:03:50.0687 2740 NtLmSsp - ok
22:03:50.0765 2740 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:03:50.0781 2740 NtmsSvc - ok
22:03:50.0843 2740 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:03:50.0843 2740 Null - ok
22:03:50.0890 2740 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:03:50.0890 2740 NwlnkFlt - ok
22:03:50.0906 2740 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:03:50.0906 2740 NwlnkFwd - ok
22:03:50.0953 2740 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:03:50.0953 2740 ohci1394 - ok
22:03:51.0046 2740 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:03:51.0046 2740 ose - ok
22:03:51.0093 2740 OZSCR (ab2b07ac4afd38f574d903eaf9e98a60) C:\WINDOWS\system32\DRIVERS\ozscr.sys
22:03:51.0109 2740 OZSCR - ok
22:03:51.0156 2740 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
22:03:51.0171 2740 P3 - ok
22:03:51.0203 2740 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:03:51.0203 2740 Parport - ok
22:03:51.0234 2740 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:03:51.0234 2740 PartMgr - ok
22:03:51.0281 2740 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:03:51.0281 2740 ParVdm - ok
22:03:51.0296 2740 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:03:51.0312 2740 PCI - ok
22:03:51.0328 2740 PCIDump - ok
22:03:51.0343 2740 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
22:03:51.0343 2740 PCIIde - ok
22:03:51.0375 2740 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:03:51.0375 2740 Pcmcia - ok
22:03:51.0406 2740 PDCOMP - ok
22:03:51.0421 2740 PDFRAME - ok
22:03:51.0437 2740 PDRELI - ok
22:03:51.0437 2740 PDRFRAME - ok
22:03:51.0453 2740 perc2 - ok
22:03:51.0468 2740 perc2hib - ok
22:03:51.0531 2740 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:03:51.0546 2740 PlugPlay - ok
22:03:51.0546 2740 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:03:51.0546 2740 PolicyAgent - ok
22:03:51.0593 2740 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:03:51.0593 2740 PptpMiniport - ok
22:03:51.0609 2740 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:03:51.0609 2740 ProtectedStorage - ok
22:03:51.0625 2740 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:03:51.0625 2740 PSched - ok
22:03:51.0671 2740 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:03:51.0687 2740 Ptilink - ok
22:03:51.0734 2740 Ptserial (546dca98beffb92f887e10d7f299d308) C:\WINDOWS\system32\DRIVERS\ptserial.sys
22:03:51.0734 2740 Ptserial - ok
22:03:51.0734 2740 ql1080 - ok
22:03:51.0750 2740 Ql10wnt - ok
22:03:51.0750 2740 ql12160 - ok
22:03:51.0765 2740 ql1240 - ok
22:03:51.0765 2740 ql1280 - ok
22:03:51.0796 2740 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:03:51.0796 2740 RasAcd - ok
22:03:51.0843 2740 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:03:51.0843 2740 RasAuto - ok
22:03:51.0875 2740 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:03:51.0875 2740 Rasl2tp - ok
22:03:51.0937 2740 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:03:51.0937 2740 RasMan - ok
22:03:51.0953 2740 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:03:51.0953 2740 RasPppoe - ok
22:03:51.0968 2740 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:03:51.0968 2740 Raspti - ok
22:03:52.0031 2740 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:03:52.0031 2740 Rdbss - ok
22:03:52.0046 2740 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:03:52.0046 2740 RDPCDD - ok
22:03:52.0093 2740 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:03:52.0093 2740 rdpdr - ok
22:03:52.0156 2740 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
22:03:52.0156 2740 RDPWD - ok
22:03:52.0218 2740 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:03:52.0218 2740 RDSessMgr - ok
22:03:52.0250 2740 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:03:52.0265 2740 redbook - ok
22:03:52.0312 2740 RegSrvc (06b6e4cc67dd02434f8ff80ccb922909) C:\WINDOWS\system32\RegSrvc.exe
22:03:52.0312 2740 RegSrvc - ok
22:03:52.0359 2740 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:03:52.0359 2740 RemoteAccess - ok
22:03:52.0406 2740 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:03:52.0406 2740 RemoteRegistry - ok
22:03:52.0484 2740 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:03:52.0484 2740 RpcLocator - ok
22:03:52.0625 2740 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:03:52.0625 2740 RpcSs - ok
22:03:52.0703 2740 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:03:52.0703 2740 RSVP - ok
22:03:52.0781 2740 S24EventMonitor (672cf74e8fa09e6ce6f49ab9a272d562) C:\WINDOWS\system32\S24EvMon.exe
22:03:52.0796 2740 S24EventMonitor - ok
22:03:52.0843 2740 s24trans (423ae506c8d55bba9e429eeeec035a40) C:\WINDOWS\system32\DRIVERS\s24trans.sys
22:03:52.0843 2740 s24trans - ok
22:03:52.0906 2740 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:03:52.0906 2740 SamSs - ok
22:03:52.0968 2740 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:03:52.0984 2740 SCardSvr - ok
22:03:53.0046 2740 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:03:53.0062 2740 Schedule - ok
22:03:53.0125 2740 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:03:53.0125 2740 Secdrv - ok
22:03:53.0156 2740 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:03:53.0156 2740 seclogon - ok
22:03:53.0203 2740 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:03:53.0203 2740 SENS - ok
22:03:53.0234 2740 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:03:53.0250 2740 serenum - ok
22:03:53.0265 2740 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:03:53.0265 2740 Serial - ok
22:03:53.0281 2740 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:03:53.0281 2740 Sfloppy - ok
22:03:53.0375 2740 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:03:53.0390 2740 SharedAccess - ok
22:03:53.0437 2740 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:03:53.0437 2740 ShellHWDetection - ok
22:03:53.0468 2740 Simbad - ok
22:03:53.0484 2740 Sparrow - ok
22:03:53.0531 2740 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:03:53.0531 2740 splitter - ok
22:03:53.0625 2740 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:03:53.0625 2740 Spooler - ok
22:03:53.0671 2740 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:03:53.0687 2740 sr - ok
22:03:53.0750 2740 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:03:53.0765 2740 srservice - ok
22:03:53.0843 2740 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:03:53.0859 2740 Srv - ok
22:03:53.0921 2740 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:03:53.0921 2740 SSDPSRV - ok
22:03:54.0000 2740 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\stac97.sys
22:03:54.0000 2740 STAC97 - ok
22:03:54.0093 2740 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:03:54.0109 2740 stisvc - ok
22:03:54.0156 2740 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:03:54.0156 2740 swenum - ok
22:03:54.0187 2740 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:03:54.0187 2740 swmidi - ok
22:03:54.0203 2740 SwPrv - ok
22:03:54.0218 2740 symc810 - ok
22:03:54.0234 2740 symc8xx - ok
22:03:54.0250 2740 sym_hi - ok
22:03:54.0265 2740 sym_u3 - ok
22:03:54.0296 2740 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:03:54.0296 2740 sysaudio - ok
22:03:54.0359 2740 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:03:54.0359 2740 SysmonLog - ok
22:03:54.0406 2740 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:03:54.0421 2740 TapiSrv - ok
22:03:54.0515 2740 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:03:54.0515 2740 Tcpip - ok
22:03:54.0578 2740 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:03:54.0578 2740 TDPIPE - ok
22:03:54.0609 2740 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:03:54.0625 2740 TDTCP - ok
22:03:54.0656 2740 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:03:54.0656 2740 TermDD - ok
22:03:54.0828 2740 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:03:54.0843 2740 TermService - ok
22:03:54.0906 2740 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:03:54.0906 2740 Themes - ok
22:03:54.0968 2740 tiumfwl (7ed11f79540ff1bc2ac12d2ae489474a) C:\WINDOWS\system32\drivers\tiumfwl.sys
22:03:54.0968 2740 tiumfwl - ok
22:03:55.0031 2740 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
22:03:55.0031 2740 TlntSvr - ok
22:03:55.0046 2740 TosIde - ok
22:03:55.0109 2740 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:03:55.0109 2740 TrkWks - ok
22:03:55.0156 2740 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:03:55.0156 2740 Udfs - ok
22:03:55.0171 2740 UIUSys - ok
22:03:55.0187 2740 ultra - ok
22:03:55.0234 2740 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:03:55.0250 2740 Update - ok
22:03:55.0328 2740 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:03:55.0343 2740 upnphost - ok
22:03:55.0359 2740 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:03:55.0375 2740 UPS - ok
22:03:55.0421 2740 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:03:55.0421 2740 usbaudio - ok
22:03:55.0437 2740 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:03:55.0437 2740 usbccgp - ok
22:03:55.0468 2740 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:03:55.0484 2740 usbehci - ok
22:03:55.0546 2740 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:03:55.0546 2740 usbhub - ok
22:03:55.0609 2740 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:03:55.0609 2740 USBSTOR - ok
22:03:55.0640 2740 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:03:55.0640 2740 usbuhci - ok
22:03:55.0656 2740 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:03:55.0656 2740 VgaSave - ok
22:03:55.0671 2740 ViaIde - ok
22:03:55.0812 2740 Vmodem (308532ac80be7f676ec58b423c6c5c84) C:\WINDOWS\system32\DRIVERS\vmodem.sys
22:03:55.0828 2740 Vmodem - ok
22:03:55.0843 2740 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:03:55.0859 2740 VolSnap - ok
22:03:55.0906 2740 Vpctcom (cc040a11bb7bcec2e90f1425b46dc38d) C:\WINDOWS\system32\DRIVERS\vpctcom.sys
22:03:55.0921 2740 Vpctcom - ok
22:03:56.0015 2740 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:03:56.0031 2740 VSS - ok
22:03:56.0218 2740 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
22:03:56.0234 2740 vToolbarUpdater11.2.0 - ok
22:03:56.0328 2740 Vvoice (5065d56c6829c4546b007384e9fc8812) C:\WINDOWS\system32\DRIVERS\vvoice.sys
22:03:56.0328 2740 Vvoice - ok
22:03:56.0812 2740 w29n51 (9ee38ffcb4cbe5bee6c305700ddc4725) C:\WINDOWS\system32\DRIVERS\w29n51.sys
22:03:57.0031 2740 w29n51 - ok
22:03:57.0187 2740 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:03:57.0187 2740 W32Time - ok
22:03:57.0328 2740 w70n51 (fb4d7a34ef3b49c2b5439e330b785313) C:\WINDOWS\system32\DRIVERS\w70n51.sys
22:03:57.0343 2740 w70n51 - ok
22:03:57.0406 2740 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:03:57.0406 2740 Wanarp - ok
22:03:57.0421 2740 WDICA - ok
22:03:57.0484 2740 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:03:57.0484 2740 wdmaud - ok
22:03:57.0546 2740 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:03:57.0546 2740 WebClient - ok
22:03:57.0796 2740 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:03:57.0828 2740 winachsf - ok
22:03:57.0921 2740 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:03:57.0937 2740 winmgmt - ok
22:03:57.0968 2740 wltrysvc - ok
22:03:58.0015 2740 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:03:58.0015 2740 WmdmPmSN - ok
22:03:58.0125 2740 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:03:58.0140 2740 Wmi - ok
22:03:58.0203 2740 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:03:58.0203 2740 WmiApSrv - ok
22:03:58.0421 2740 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:03:58.0437 2740 WMPNetworkSvc - ok
22:03:58.0484 2740 WRkrn - ok
22:03:58.0500 2740 WRSVC - ok
22:03:58.0562 2740 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:03:58.0562 2740 wscsvc - ok
22:03:58.0578 2740 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:03:58.0593 2740 wuauserv - ok
22:03:58.0640 2740 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:03:58.0656 2740 WudfPf - ok
22:03:58.0703 2740 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:03:58.0703 2740 WudfRd - ok
22:03:58.0796 2740 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:03:58.0796 2740 WudfSvc - ok
22:03:58.0921 2740 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:03:58.0937 2740 WZCSVC - ok
22:03:59.0000 2740 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:03:59.0015 2740 xmlprov - ok
22:03:59.0109 2740 MBR (0x1B8) (d1ad4c53eadd115593e05fa56d6b9dea) \Device\Harddisk0\DR0
22:03:59.0828 2740 \Device\Harddisk0\DR0 - ok
22:03:59.0828 2740 Boot (0x1200) (78c6a55bfe5fcfcadef28a9d494ef4b4) \Device\Harddisk0\DR0\Partition0
22:03:59.0828 2740 \Device\Harddisk0\DR0\Partition0 - ok
22:03:59.0843 2740 ============================================================
22:03:59.0843 2740 Scan finished
22:03:59.0843 2740 ============================================================
22:03:59.0875 0276 Detected object count: 0
22:03:59.0875 0276 Actual detected object count: 0
22:04:32.0000 0812 Deinitialize success






#4 turkanator

turkanator
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Rings of Saturn
  • Local time:02:13 PM

Posted 22 July 2012 - 10:28 PM

Here is the aswMBR Log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-22 22:11:28
-----------------------------
22:11:28.484 OS Version: Windows 5.1.2600 Service Pack 3
22:11:28.484 Number of processors: 1 586 0xD08
22:11:28.484 ComputerName: USER-473F6598BC UserName: user
22:11:30.750 Initialize success
22:17:34.093 AVAST engine defs: 12072201
22:18:31.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:18:31.734 Disk 0 Vendor: HTS424040M9AT00 MA2OA71A Size: 38154MB BusType: 3
22:18:31.750 Disk 0 MBR read successfully
22:18:31.750 Disk 0 MBR scan
22:18:31.859 Disk 0 unknown MBR code
22:18:31.859 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38146 MB offset 16065
22:18:31.875 Disk 0 scanning sectors +78140160
22:18:32.203 Disk 0 scanning C:\WINDOWS\system32\drivers
22:19:00.625 Service scanning
22:19:36.609 Modules scanning
22:19:54.593 Disk 0 trace - called modules:
22:19:54.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
22:19:54.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ce9ab8]
22:19:54.671 3 CLASSPNP.SYS[f7527fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d68d98]
22:19:55.171 AVAST engine scan C:\WINDOWS
22:20:06.359 AVAST engine scan C:\WINDOWS\system32
22:22:52.796 AVAST engine scan C:\WINDOWS\system32\drivers
22:23:13.265 AVAST engine scan C:\Documents and Settings\user
22:24:19.140 AVAST engine scan C:\Documents and Settings\All Users
22:25:17.406 Scan finished successfully
22:25:47.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\My Documents\MBR.dat"
22:25:47.640 The log file has been saved successfully to "C:\Documents and Settings\user\My Documents\aswMBR.txt"






#5 turkanator

turkanator
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Rings of Saturn
  • Local time:02:13 PM

Posted 22 July 2012 - 11:48 PM

It says no threats found on the Eset scanner and no way to make a log



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:13 PM

Posted 22 July 2012 - 11:59 PM

Which browser has redirects?

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Create a restore point before trying this

Download

adware cleaner

Launch it click on Delete

post the generated log

#7 turkanator

turkanator
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Rings of Saturn
  • Local time:02:13 PM

Posted 23 July 2012 - 10:25 AM

I am running IE 8, here is the Mini tool box log:


MiniToolBox by Farbar Version: 22-07-2012
Ran by user (administrator) on 23-07-2012 at 10:20:26
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



127.0.0.1 localhost
127.0.0.1 mpa.one.microsoft.com

========================= IP Configuration: ================================

Dell Wireless 1470 Dual Band WLAN Mini-PCI Card = Wireless Network Connection 4 (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 4"

set address name="Wireless Network Connection 4" source=dhcp
set dns name="Wireless Network Connection 4" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 4" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : user-473f6598bc

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Belkin



Ethernet adapter Wireless Network Connection 4:



Connection-specific DNS Suffix . : Belkin

Description . . . . . . . . . . . : Dell Wireless 1470 Dual Band WLAN Mini-PCI Card

Physical Address. . . . . . . . . : 00-14-A5-5F-EF-34

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Monday, July 23, 2012 9:51:34 AM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-14-22-D4-4F-0F

Server:
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.227.6, 74.125.227.7, 74.125.227.8, 74.125.227.9
74.125.227.14, 74.125.227.0, 74.125.227.1, 74.125.227.2, 74.125.227.3
74.125.227.4, 74.125.227.5



Pinging google.com [74.125.227.136] with 32 bytes of data:



Reply from 74.125.227.136: bytes=32 time=58ms TTL=52

Reply from 74.125.227.136: bytes=32 time=57ms TTL=52



Ping statistics for 74.125.227.136:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 57ms, Maximum = 58ms, Average = 57ms

Server:
Address: 192.168.2.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=46ms TTL=51

Reply from 209.191.122.70: bytes=32 time=49ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 49ms, Average = 47ms

Server:
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 14 a5 5f ef 34 ...... Dell Wireless 1470 Dual Band WLAN Mini-PCI Card - Packet Scheduler Miniport
0x3 ...00 14 22 d4 4f 0f ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.3 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.3 192.168.2.3 25
192.168.2.3 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.2.255 255.255.255.255 192.168.2.3 192.168.2.3 25
224.0.0.0 240.0.0.0 192.168.2.3 192.168.2.3 25
255.255.255.255 255.255.255.255 192.168.2.3 3 1
255.255.255.255 255.255.255.255 192.168.2.3 192.168.2.3 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/22/2012 09:37:22 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (07/22/2012 09:37:07 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/21/2012 01:01:14 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/21/2012 00:59:45 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/21/2012 00:58:47 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (07/21/2012 00:57:00 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/21/2012 00:56:39 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/21/2012 00:56:18 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (07/21/2012 00:56:13 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (07/21/2012 00:54:28 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (07/23/2012 09:46:57 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
WRkrn

Error: (07/23/2012 09:46:52 AM) (Source: Service Control Manager) (User: )
Description: The WRSVC service failed to start due to the following error:
%%3

Error: (07/23/2012 00:39:44 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
WRkrn

Error: (07/23/2012 00:39:41 AM) (Source: Service Control Manager) (User: )
Description: The WRSVC service failed to start due to the following error:
%%3

Error: (07/22/2012 11:09:54 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
WRkrn

Error: (07/22/2012 11:09:50 AM) (Source: Service Control Manager) (User: )
Description: The WRSVC service failed to start due to the following error:
%%3

Error: (07/21/2012 11:10:59 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
WRkrn

Error: (07/21/2012 11:10:55 PM) (Source: Service Control Manager) (User: )
Description: The WRSVC service failed to start due to the following error:
%%3

Error: (07/21/2012 10:58:24 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
WRkrn

Error: (07/21/2012 10:58:19 PM) (Source: Service Control Manager) (User: )
Description: The WRSVC service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (07/22/2012 09:37:22 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (07/22/2012 09:37:07 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (07/21/2012 01:01:14 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/21/2012 00:59:45 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/21/2012 00:58:47 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (07/21/2012 00:57:00 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/21/2012 00:56:39 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/21/2012 00:56:18 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (07/21/2012 00:56:13 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe server name or address could not be resolved

Error: (07/21/2012 00:54:28 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Advanced SystemCare 5 (Version: 5.3.0)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Control Panel (Version: 6.14.10.5173)
ATI Display Driver (Version: 8.063.2.1.1-050111a-020427C-Dell)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
Broadcom Gigabit Integrated Controller (Version: 9.02.06)
C-Major Audio (Version: 42xx)
Conexant D110 MDC V.92 Modem
Dell Wireless WLAN Card (Version: 4.10.47.3)
ESET Online Scanner v3
HitmanPro 3.6 (Version: 3.6.0.160)
Intel® Graphics Media Accelerator Driver for Mobile (Version: 6.14.10.4693)
Intel® PROSet (Version: 6.08.2100)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
magicJack (Version: 2.0.6073.4413)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mavis Beacon Teaches Typing 8.0.1
MediaPlayerLite 0.3 (Version: 0.3)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Nero Suite
O2Micro Smartcard Driver (Version: 2.26.0000)
PCTEL 2304WT V.92 MDC Modem Drivers
PowerDVD
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinZip 16.0 (Version: 16.0.9715)
XviD & MP3 Codec Pack (remove only)
Xvid Video Codec (Version: 1.3.2)

========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 1015.36 MB
Available physical RAM: 537.1 MB
Total Pagefile: 3990.09 MB
Available Pagefile: 3389.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.03 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:37.25 GB) (Free:23.98 GB) NTFS

========================= Users: ========================================

User accounts for \\USER-473F6598BC

Administrator Guest HelpAssistant
SUPPORT_388945a0 user


**** End of log ****




#8 turkanator

turkanator
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Rings of Saturn
  • Local time:02:13 PM

Posted 23 July 2012 - 10:32 AM

FSS Log:

Farbar Service Scanner Version: 22-07-2012
Ran by user (administrator) on 23-07-2012 at 10:30:29
Running from "C:\Documents and Settings\user\My Documents\My Videos"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) Avgfwfd(12) Avgtdix(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) s24trans(8) Tcpip(4)
0x0C00000005000000010000000200000003000000040000000B0000000C0000000A00000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****




#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:13 PM

Posted 23 July 2012 - 10:41 AM

Adwcleaner log?

#10 turkanator

turkanator
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Rings of Saturn
  • Local time:02:13 PM

Posted 23 July 2012 - 10:49 AM

# AdwCleaner v1.703 - Logfile created 07/23/2012 at 10:41:07
# Updated 20/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : user - USER-473F6598BC
# Running from : C:\Documents and Settings\user\My Documents\My Videos\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : vToolbarUpdater11.2.0

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\user\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\user\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\user\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\DOCUME~1\user\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\DOCUME~1\user\LOCALS~1\Temp\BabylonToolbar
Folder Deleted : C:\Documents and Settings\user\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\user\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\user\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\Smartbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [6531 octets] - [23/07/2012 10:41:07]

########## EOF - C:\AdwCleaner[S1].txt - [6659 octets] ##########




#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:13 PM

Posted 23 July 2012 - 10:52 AM

Malwarebytes log?

Reset Internet explorer

http://support.microsoft.com/kb/923737

Let me know if you still have redirects

#12 turkanator

turkanator
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Rings of Saturn
  • Local time:02:13 PM

Posted 23 July 2012 - 11:11 AM

Malwarebytes log : I am still being redirected


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.22.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
user :: USER-473F6598BC [administrator]

Protection: Enabled

7/23/2012 1:49:25 AM
mbam-log-2012-07-23 (01-49-25).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225621
Time elapsed: 53 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:13 PM

Posted 23 July 2012 - 11:17 AM

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#14 turkanator

turkanator
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Rings of Saturn
  • Local time:02:13 PM

Posted 23 July 2012 - 11:46 AM

Autoruns.txt Log:


"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "ATIPTA" "ATI Desktop Control Panel" "ATI Technologies, Inc." "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgtray.exe"
+ "Broadcom Wireless Manager UI" "Dell Wireless WLAN Card Wireless Network Tray Applet" "Dell Inc." "c:\windows\system32\wltray.exe"
+ "Freecorder FLV Service" "" "" "File not found: C:\Program Files\Freecorder\FLVSrvc.exe"
+ "HF_G_Jul" "" "" "File not found: C:\Program Files\AVG Secure Search\HF_G_Jul.exe"
+ "igfxhkcmd" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "igfxpers" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "igfxtray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "Malwarebytes' Anti-Malware" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamgui.exe"
+ "NeroFilterCheck" "NeroCheck" "Ahead Software Gmbh" "c:\windows\system32\nerocheck.exe"
+ "PCTVOICE" "pctvoice MFC Application" "" "c:\windows\system32\pctspk.exe"
+ "PRONoMgr.exe" "PRONotifyMgr Module" "Intel® Corporation" "c:\program files\intel\ncs\proset\pronomgr.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "vProt" "" "" "File not found: C:\Program Files\AVG Secure Search\vprot.exe"
+ "ZCfgSvc.exe" "ZeroCfgSvc MFC Application" "Intel Corporation" "c:\windows\system32\zcfgsvc.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "WinZip Quick Pick.lnk" "WinZip Executable" "WinZip Computing, S.L." "c:\program files\winzip\wzqkpick32.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Advanced SystemCare 5" "Advanced SystemCare 5 Tray" "IObit" "c:\program files\iobit\advanced systemcare 5\asctray.exe"
+ "cdloader" "magicJack (cdloader2)" "magicJack L.P." "c:\documents and settings\user\application data\mjusbsp\cdloader2.exe"
+ "magicJack" "Database Wizard DLL" "Microsoft Corporation" "c:\documents and settings\user\local settings\application data\winzip\magicjack\jqjsvyzea.dll"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgpp.dll"
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Advanced SystemCare" "ASCv5ExtMenu Module" "" "c:\program files\iobit\advanced systemcare 5\ascv5extmenu.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "Advanced SystemCare" "ASCv5ExtMenu Module" "" "c:\program files\iobit\advanced systemcare 5\ascv5extmenu.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Webroot Toolbar" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\WRData\pkg\LPBar.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.3 r300" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "RealUpgradeLogonTaskS-1-5-21-1078081533-1677128483-854245398-1003.job" "" "" "File not found: C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck"
+ "RealUpgradeScheduledTaskS-1-5-21-1078081533-1677128483-854245398-1003.job" "" "" "File not found: C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AdvancedSystemCareService5" "Advanced SystemCare Service" "IObit" "c:\program files\iobit\advanced systemcare 5\ascservice.exe"
+ "Ati HotKey Poller" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "AVG Security Toolbar Service" "ToolbarB Application" "" "c:\program files\avg\avg10\toolbar\toolbarbroker.exe"
+ "avgfws" "AVG Firewall Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgfws.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgwdsvc.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "NetSvc" "NetSvc Module" "Intel® Corporation" "c:\program files\intel\ncs\sync\netsvc.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "RegSrvc" "RegSrvc Module" "Intel Corporation" "c:\windows\system32\regsrvc.exe"
+ "S24EventMonitor" "Event Monitor - Supports driver extensions to NIC Driver for wireless adapters." "Intel Corporation " "c:\windows\system32\s24evmon.exe"
+ "wltrysvc" "Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant." "" "c:\windows\system32\wltrysvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "WRSVC" "" "" "File not found: C:\Program Files\Webroot\WRSA.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ac97intc" "Intel® Integrated Controller Hub Audio Driver" "Intel Corporation" "c:\windows\system32\drivers\ac97intc.sys"
+ "AegisP" "AEGIS Protocol (IEEE 802.1x) v3.2.0.3" "Meetinghouse Data Communications" "c:\windows\system32\drivers\aegisp.sys"
+ "ASPI32" "ASPI for WIN32 Kernel Driver" "Adaptec" "c:\windows\system32\drivers\aspi32.sys"
+ "ati2mtag" "ATI Radeon WindowsNT Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mtag.sys"
+ "atimtai" "M3 Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atimtai.sys"
+ "Avgfwdx" "AVG Firewall intermediate miniport driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgfwdx.sys"
+ "Avgfwfd" "AVG Firewall intermediate miniport driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgfwdx.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdriverx.sys"
+ "AVGIDSFilter" "AVG Technologies IDS Application Activity Monitor Filter Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsfilterx.sys"
+ "AVGIDSHX" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidshx.sys"
+ "AVGIDSShim" "AVG Technologies IDS Application Activity Monitor Shim Loader Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsshimx.sys"
+ "Avgldx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "Avgmfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "Avgrkx86" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx86.sys"
+ "Avgtdix" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdix.sys"
+ "b57w2k" "Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57xp32.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl5.sys"
+ "cercsr6" "DELL CERC SATA1.5/6ch Miniport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\cercsr6.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "DevUpper" "tiumflt.sys" "Texas Instruments Inc." "c:\windows\system32\drivers\tiumflt.sys"
+ "EL3C589" "" "" "File not found: system32\DRIVERS\el589nd5.sys"
+ "EL90XBC" "3Com EtherLink PCI Driver" "3Com Corporation" "c:\windows\system32\drivers\el90xbc5.sys"
+ "GTICARD" "Texas Instruments GemCore IFD Handler" "Texas Instruments" "c:\windows\system32\drivers\gticard.sys"
+ "GTIPCI21" "Texas Instruments PCI GemCore IFD Handler" "Texas Instruments" "c:\windows\system32\drivers\gtipci21.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dpv.sys"
+ "HSFHWICH" "HSFHWICH WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwich.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\ialmnt5.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "ltmodem5" "LT Windows Modem" "LT" "c:\windows\system32\drivers\ltmdmnt.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "mdmxsdk" "Diagnostic Interface DRIVER" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "NAL" "Intel® Network Adapter Diagnostic Driver" "Intel Corporation " "c:\windows\system32\drivers\iqvw32.sys"
+ "OZSCR" "OZSCR" "O2Micro" "c:\windows\system32\drivers\ozscr.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "Ptserial" "HSP Modem Serial Device Driver for NT 5.0" "PCTEL, INC." "c:\windows\system32\drivers\ptserial.sys"
+ "s24trans" "WLAN Transport" "Intel Corporation" "c:\windows\system32\drivers\s24trans.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "STAC97" "SigmaTel Audio Driver (WDM)" "SigmaTel, Inc." "c:\windows\system32\drivers\stac97.sys"
+ "tiumfwl" "tiumfwl.sys" "Texas Instruments Inc." "c:\windows\system32\drivers\tiumfwl.sys"
+ "UIUSys" "" "" "File not found: system32\drivers\UIUSys.sys"
+ "Vmodem" "HSP Modem Modem Device Driver" "PCTEL, INC." "c:\windows\system32\drivers\vmodem.sys"
+ "Vpctcom" "HSP Modem Virtual Control Device" "PCtel, Inc." "c:\windows\system32\drivers\vpctcom.sys"
+ "Vvoice" "HSP Modem device driver" "PCtel, Inc." "c:\windows\system32\drivers\vvoice.sys"
+ "w29n51" "Intel® Wireless LAN Driver" "Intel® Corporation" "c:\windows\system32\drivers\w29n51.sys"
+ "w70n51" "Intel® PRO/Wireless LAN Driver" "Intel® Corporation" "c:\windows\system32\drivers\w70n51.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
+ "WRkrn" "" "" "File not found: System32\drivers\WRkrn.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecp.acm"
+ "msacm.lameacm" "Lame MP3 codec engine" "http://www.mp3dev.org/" "c:\windows\system32\lameacm.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd\claudfx.ax"
+ "CyberLink DxVA Filter 2" "" "" "c:\program files\cyberlink\powerdvd\cldxva.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\clvsd.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo Video ® 5.1 Progressive Download Source" "Intel Indeo® video IVF Source Filter 5.10" "Intel Corporation" "c:\windows\system32\ivfsrc.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Nero Audio CD Filter" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio Processor" "Nero Audio Processor" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudioconv.ax"
+ "Nero Audio Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Digital Audio Decoder" "Nero Audio Decoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudio.ax"
+ "Nero Digital AVC Audio Encoder" "AAC LC/HE Audio Encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendaud.ax"
+ "Nero Digital AVC File Writer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Muxer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Null Renderer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital Parser" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero DV Splitter" "DV Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvsplitter.ax"
+ "Nero DVD Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero DVD Navigator" "DVD Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvd.ax"
+ "Nero ES Video Reader" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero File Source" "Nero SVCD source filter" "Nero AG " "c:\program files\common files\ahead\dsfilter\nefilesrc.ax"
+ "Nero File Source (Async.)" "NeFileSourceAsync" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nefilesourceasync.ax"
+ "Nero File Source / Splitter" "Push Mode VOB Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nefsource.ax"
+ "Nero Format Converter" "Frame rate / Color space converter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neroformatconv.ax"
+ "Nero Frame Capture" "Direct Show frame grabber filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\necapture.ax"
+ "Nero Mpeg2 Encoder" "MPEG 1/2 Video Encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcr.ax"
+ "Nero Photo Source" "NePhotoSource" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nephotosource.ax"
+ "Nero PS Muxer" "" "" "c:\program files\common files\ahead\dsfilter\nepsmuxer.ax"
+ "Nero QuickTime™ Audio Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero QuickTime™ Video Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero Resize" "Nero Resizing Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neresize.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Splitter" "Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesplitter.ax"
+ "Nero Vcd Navigator" "Nero Vcd Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcd.ax"
+ "Nero Video Analyzer" "Nero Video Analyzer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideoanalyzer.ax"
+ "Nero Video Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero Video Processor" "" "" "c:\program files\common files\ahead\dsfilter\nerovideoproc.ax"
+ "Nero Video Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "TrueMotion 2.0 Decompressor" "TrueMotion 2.0 Decompressor" "The Duck Corporation" "c:\windows\system32\tm20dec.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "XviD MPEG-4 Video Decoder" "" "" "c:\windows\system32\xvid.ax"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgrsx.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "AtiExtEvent" "ATI External Event Utility DLL Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.dll"
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
+ "Sebring" "LogonNotify DLL" "Intel Corporation" "c:\windows\system32\lgnotify.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "BCMLogon" "Dell Wireless WLAN Card Logon Provider" "Broadcom Corporation" "c:\windows\system32\bcmlogon.dll"

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:13 PM

Posted 23 July 2012 - 12:04 PM

Download process explorer

process explorer

Extract and launch procexp.exe

Now launch browser and search normally,if you get redirected search for rundll32.exe process running under EXPLORER.EXE

Hover your mouse over it and note down the location of the DLL file



Posted Image


You should find something like this.Location of DLL file which is causing redirect is shown here

Post the exact location of dll file here

Edited by narenxp, 23 July 2012 - 12:05 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users