Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of 'Your computer is locked by metropolitan police' ukash virus


  • Please log in to reply
18 replies to this topic

#1 at2867

at2867

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 31 July 2012 - 07:39 AM

Hi, this virus has locked my laptop. I am able to get onto the internet by disabling it at start up. I have tried quite a few solutions i found online but so far the virus remains and it has 2 processes that i can see on task manager that linger and when i try to end them it says 'This is a critical process, task manager can't delete'

So far i have run full scans with both malwarebytes and AVG in safe mode which deleted several trojans but the 'Your computer is locked' message remains.

Any help with this is greatly appreciated. thanks

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:45 PM

Posted 31 July 2012 - 07:40 AM

Boot into safemode with networking


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 at2867

at2867
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 31 July 2012 - 08:00 AM

Should i post the logs as each one finishes? or just put them all in one reply as the TDSSKiller is done but still waiting on the aswMBR and i haven't got to the ESET yet? thanks

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:45 PM

Posted 31 July 2012 - 08:16 AM

Please post logs together

#5 at2867

at2867
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 31 July 2012 - 08:45 AM

Here are the logs

13:46:58.0892 1352 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:46:59.0443 1352 ============================================================
13:46:59.0443 1352 Current date / time: 2012/07/31 13:46:59.0443
13:46:59.0443 1352 SystemInfo:
13:46:59.0443 1352
13:46:59.0453 1352 OS Version: 5.1.2600 ServicePack: 3.0
13:46:59.0453 1352 Product type: Workstation
13:46:59.0453 1352 ComputerName: COMPAQ-3D3C5CF5
13:46:59.0453 1352 UserName: Administrator
13:46:59.0453 1352 Windows directory: C:\WINDOWS
13:46:59.0453 1352 System windows directory: C:\WINDOWS
13:46:59.0453 1352 Processor architecture: Intel x86
13:46:59.0453 1352 Number of processors: 1
13:46:59.0453 1352 Page size: 0x1000
13:46:59.0453 1352 Boot type: Safe boot with network
13:46:59.0453 1352 ============================================================
13:47:03.0508 1352 Drive \Device\Harddisk0\DR0 - Size: 0x6FC7C8000 (27.95 Gb), SectorSize: 0x200, Cylinders: 0xF24, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
13:47:03.0508 1352 ============================================================
13:47:03.0508 1352 \Device\Harddisk0\DR0:
13:47:03.0508 1352 MBR partitions:
13:47:03.0508 1352 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37E02F1
13:47:03.0508 1352 ============================================================
13:47:03.0548 1352 C: <-> \Device\Harddisk0\DR0\Partition0
13:47:03.0548 1352 ============================================================
13:47:03.0548 1352 Initialize success
13:47:03.0548 1352 ============================================================
13:47:41.0493 1532 ============================================================
13:47:41.0493 1532 Scan started
13:47:41.0493 1532 Mode: Manual; TDLFS;
13:47:41.0493 1532 ============================================================
13:47:42.0875 1532 Abiosdsk - ok
13:47:42.0915 1532 abp480n5 - ok
13:47:42.0995 1532 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:47:42.0995 1532 ACPI - ok
13:47:43.0035 1532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:47:43.0035 1532 ACPIEC - ok
13:47:43.0175 1532 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:47:43.0175 1532 AdobeFlashPlayerUpdateSvc - ok
13:47:43.0185 1532 adpu160m - ok
13:47:43.0436 1532 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
13:47:43.0436 1532 aeaudio - ok
13:47:43.0486 1532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:47:43.0486 1532 aec - ok
13:47:43.0546 1532 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:47:43.0546 1532 AFD - ok
13:47:43.0656 1532 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
13:47:43.0696 1532 AgereSoftModem - ok
13:47:43.0756 1532 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:47:43.0756 1532 agp440 - ok
13:47:43.0776 1532 Aha154x - ok
13:47:43.0816 1532 aic78u2 - ok
13:47:43.0856 1532 aic78xx - ok
13:47:43.0917 1532 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:47:43.0927 1532 Alerter - ok
13:47:43.0977 1532 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:47:43.0977 1532 ALG - ok
13:47:43.0997 1532 AliIde - ok
13:47:44.0037 1532 amsint - ok
13:47:44.0127 1532 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
13:47:44.0127 1532 AppMgmt - ok
13:47:44.0207 1532 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:47:44.0207 1532 Arp1394 - ok
13:47:44.0227 1532 asc - ok
13:47:44.0267 1532 asc3350p - ok
13:47:44.0307 1532 asc3550 - ok
13:47:44.0357 1532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:47:44.0357 1532 AsyncMac - ok
13:47:44.0407 1532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:47:44.0417 1532 atapi - ok
13:47:44.0457 1532 Atdisk - ok
13:47:44.0547 1532 Ati HotKey Poller (6a3521709fee27f59db5a7467e11fdb2) C:\WINDOWS\system32\Ati2evxx.exe
13:47:44.0557 1532 Ati HotKey Poller - ok
13:47:44.0658 1532 ati2mtag (dd3802e25a9ef4e55eee9a0fc2151611) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:47:44.0688 1532 ati2mtag - ok
13:47:44.0848 1532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:47:44.0848 1532 Atmarpc - ok
13:47:44.0928 1532 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:47:44.0938 1532 AudioSrv - ok
13:47:45.0028 1532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:47:45.0038 1532 audstub - ok
13:47:45.0579 1532 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe
13:47:46.0050 1532 AVGIDSAgent - ok
13:47:46.0230 1532 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
13:47:46.0230 1532 AVGIDSDriver - ok
13:47:46.0370 1532 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
13:47:46.0430 1532 AVGIDSFilter - ok
13:47:46.0590 1532 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
13:47:46.0590 1532 AVGIDSHX - ok
13:47:46.0640 1532 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
13:47:46.0650 1532 AVGIDSShim - ok
13:47:46.0701 1532 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
13:47:46.0721 1532 Avgldx86 - ok
13:47:46.0751 1532 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
13:47:46.0761 1532 Avgmfx86 - ok
13:47:46.0811 1532 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
13:47:46.0811 1532 Avgrkx86 - ok
13:47:46.0881 1532 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
13:47:46.0891 1532 Avgtdix - ok
13:47:47.0452 1532 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
13:47:47.0512 1532 avgwd - ok
13:47:47.0582 1532 b57w2k (9948740f9043aca23b8fddf8b9651160) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
13:47:47.0582 1532 b57w2k - ok
13:47:47.0642 1532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:47:47.0642 1532 Beep - ok
13:47:47.0712 1532 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:47:47.0722 1532 BITS - ok
13:47:47.0792 1532 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:47:47.0802 1532 Browser - ok
13:47:47.0842 1532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:47:47.0842 1532 cbidf2k - ok
13:47:47.0862 1532 cd20xrnt - ok
13:47:47.0922 1532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:47:47.0922 1532 Cdaudio - ok
13:47:47.0992 1532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:47:47.0992 1532 Cdfs - ok
13:47:48.0263 1532 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:47:48.0283 1532 Cdrom - ok
13:47:48.0363 1532 Changer - ok
13:47:48.0413 1532 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:47:48.0423 1532 CiSvc - ok
13:47:48.0463 1532 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:47:48.0463 1532 ClipSrv - ok
13:47:48.0513 1532 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:47:48.0513 1532 CmBatt - ok
13:47:48.0533 1532 CmdIde - ok
13:47:48.0583 1532 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:47:48.0593 1532 Compbatt - ok
13:47:48.0623 1532 COMSysApp - ok
13:47:49.0034 1532 CONAN (32b0ac2449d9ef70b719bfaf631f998a) C:\WINDOWS\system32\drivers\o2mmb.sys
13:47:49.0034 1532 CONAN - ok
13:47:49.0084 1532 Cpqarray - ok
13:47:49.0154 1532 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:47:49.0154 1532 CryptSvc - ok
13:47:49.0174 1532 dac2w2k - ok
13:47:49.0204 1532 dac960nt - ok
13:47:49.0575 1532 DcomLaunch (9222562d44021b988b9f9f62207fb6f2) C:\WINDOWS\system32\rpcss.dll
13:47:49.0585 1532 DcomLaunch - ok
13:47:49.0665 1532 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:47:49.0665 1532 Dhcp - ok
13:47:49.0695 1532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:47:49.0695 1532 Disk - ok
13:47:49.0705 1532 dmadmin - ok
13:47:49.0835 1532 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:47:49.0885 1532 dmboot - ok
13:47:49.0925 1532 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:47:49.0925 1532 dmio - ok
13:47:49.0985 1532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:47:49.0985 1532 dmload - ok
13:47:50.0035 1532 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:47:50.0035 1532 dmserver - ok
13:47:50.0065 1532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:47:50.0065 1532 DMusic - ok
13:47:50.0095 1532 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:47:50.0105 1532 Dnscache - ok
13:47:50.0216 1532 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:47:50.0226 1532 Dot3svc - ok
13:47:50.0236 1532 dpti2o - ok
13:47:50.0286 1532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:47:50.0286 1532 drmkaud - ok
13:47:50.0336 1532 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
13:47:50.0336 1532 eabfiltr - ok
13:47:50.0366 1532 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
13:47:50.0366 1532 eabusb - ok
13:47:50.0436 1532 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:47:50.0436 1532 EapHost - ok
13:47:50.0496 1532 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:47:50.0546 1532 ERSvc - ok
13:47:50.0726 1532 Eventlog (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe
13:47:50.0816 1532 Eventlog - ok
13:47:51.0027 1532 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:47:51.0027 1532 EventSystem - ok
13:47:51.0067 1532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:47:51.0067 1532 Fastfat - ok
13:47:51.0137 1532 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:47:51.0137 1532 FastUserSwitchingCompatibility - ok
13:47:51.0177 1532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:47:51.0177 1532 Fdc - ok
13:47:51.0237 1532 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:47:51.0237 1532 Fips - ok
13:47:51.0257 1532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:47:51.0257 1532 Flpydisk - ok
13:47:51.0568 1532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:47:51.0578 1532 FltMgr - ok
13:47:51.0608 1532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:47:51.0608 1532 Fs_Rec - ok
13:47:51.0658 1532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:47:51.0658 1532 Ftdisk - ok
13:47:51.0698 1532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:47:51.0698 1532 Gpc - ok
13:47:51.0828 1532 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:47:51.0828 1532 helpsvc - ok
13:47:51.0848 1532 HidServ - ok
13:47:51.0998 1532 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:47:51.0998 1532 HidUsb - ok
13:47:52.0238 1532 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:47:52.0279 1532 hkmsvc - ok
13:47:52.0339 1532 hpn - ok
13:47:52.0449 1532 hpqwmi (61556fa814f907bced618b64da66212a) C:\Program Files\HPQ\SHARED\HPQWMI.exe
13:47:52.0449 1532 hpqwmi - ok
13:47:52.0509 1532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:47:52.0519 1532 HTTP - ok
13:47:52.0569 1532 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:47:52.0569 1532 HTTPFilter - ok
13:47:52.0599 1532 i2omgmt - ok
13:47:52.0629 1532 i2omp - ok
13:47:52.0679 1532 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:47:52.0679 1532 i8042prt - ok
13:47:52.0719 1532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:47:52.0729 1532 Imapi - ok
13:47:52.0839 1532 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:47:52.0839 1532 ImapiService - ok
13:47:52.0919 1532 ini910u - ok
13:47:53.0000 1532 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:47:53.0000 1532 IntelIde - ok
13:47:53.0050 1532 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:47:53.0050 1532 intelppm - ok
13:47:53.0110 1532 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:47:53.0110 1532 Ip6Fw - ok
13:47:53.0190 1532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:47:53.0200 1532 IpFilterDriver - ok
13:47:53.0250 1532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:47:53.0260 1532 IpInIp - ok
13:47:53.0330 1532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:47:53.0340 1532 IpNat - ok
13:47:53.0390 1532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:47:53.0390 1532 IPSec - ok
13:47:53.0480 1532 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
13:47:53.0480 1532 irda - ok
13:47:53.0530 1532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:47:53.0530 1532 IRENUM - ok
13:47:53.0610 1532 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
13:47:53.0610 1532 Irmon - ok
13:47:53.0731 1532 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:47:53.0731 1532 isapnp - ok
13:47:54.0061 1532 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
13:47:54.0071 1532 JavaQuickStarterService - ok
13:47:54.0121 1532 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:47:54.0121 1532 Kbdclass - ok
13:47:54.0191 1532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:47:54.0191 1532 kmixer - ok
13:47:54.0261 1532 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
13:47:54.0271 1532 KSecDD - ok
13:47:54.0342 1532 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:47:54.0342 1532 lanmanserver - ok
13:47:54.0422 1532 lanmanworkstation (3b9324d60dd321bab7bf6f77931d3fd1) C:\WINDOWS\System32\wkssvc.dll
13:47:54.0432 1532 lanmanworkstation - ok
13:47:54.0472 1532 lbrtfdc - ok
13:47:54.0572 1532 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:47:54.0572 1532 LmHosts - ok
13:47:54.0652 1532 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
13:47:54.0652 1532 MBAMSwissArmy - ok
13:47:54.0732 1532 MbxStby (4c32b247524f91db486d21dcb84d9c23) C:\WINDOWS\system32\drivers\MbxStby.sys
13:47:54.0732 1532 MbxStby - ok
13:47:54.0812 1532 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:47:54.0832 1532 Messenger - ok
13:47:54.0902 1532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:47:54.0902 1532 mnmdd - ok
13:47:55.0012 1532 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:47:55.0022 1532 mnmsrvc - ok
13:47:55.0123 1532 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:47:55.0123 1532 Modem - ok
13:47:55.0173 1532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:47:55.0173 1532 Mouclass - ok
13:47:55.0223 1532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:47:55.0223 1532 MountMgr - ok
13:47:55.0363 1532 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:47:55.0363 1532 MozillaMaintenance - ok
13:47:55.0403 1532 mraid35x - ok
13:47:55.0453 1532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:47:55.0453 1532 MRxDAV - ok
13:47:55.0553 1532 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:47:55.0563 1532 MRxSmb - ok
13:47:55.0643 1532 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:47:55.0643 1532 MSDTC - ok
13:47:55.0693 1532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:47:55.0693 1532 Msfs - ok
13:47:55.0734 1532 MSIServer - ok
13:47:55.0834 1532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:47:55.0844 1532 MSKSSRV - ok
13:47:55.0864 1532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:47:55.0884 1532 MSPCLOCK - ok
13:47:55.0934 1532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:47:55.0934 1532 MSPQM - ok
13:47:55.0994 1532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:47:55.0994 1532 mssmbios - ok
13:47:56.0074 1532 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:47:56.0074 1532 Mup - ok
13:47:56.0194 1532 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:47:56.0194 1532 napagent - ok
13:47:56.0244 1532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:47:56.0244 1532 NDIS - ok
13:47:56.0394 1532 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:47:56.0394 1532 NdisTapi - ok
13:47:56.0435 1532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:47:56.0445 1532 Ndisuio - ok
13:47:56.0485 1532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:47:56.0495 1532 NdisWan - ok
13:47:56.0595 1532 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:47:56.0595 1532 NDProxy - ok
13:47:56.0625 1532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:47:56.0625 1532 NetBIOS - ok
13:47:56.0675 1532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:47:56.0685 1532 NetBT - ok
13:47:56.0995 1532 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:47:57.0005 1532 NetDDE - ok
13:47:57.0015 1532 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:47:57.0015 1532 NetDDEdsdm - ok
13:47:57.0065 1532 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:47:57.0065 1532 Netlogon - ok
13:47:57.0095 1532 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:47:57.0105 1532 Netman - ok
13:47:57.0146 1532 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:47:57.0156 1532 NIC1394 - ok
13:47:57.0196 1532 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:47:57.0206 1532 Nla - ok
13:47:57.0246 1532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:47:57.0246 1532 Npfs - ok
13:47:57.0286 1532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:47:57.0306 1532 Ntfs - ok
13:47:57.0316 1532 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:47:57.0316 1532 NtLmSsp - ok
13:47:57.0386 1532 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:47:57.0406 1532 NtmsSvc - ok
13:47:57.0436 1532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:47:57.0436 1532 Null - ok
13:47:57.0506 1532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:47:57.0506 1532 NwlnkFlt - ok
13:47:57.0516 1532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:47:57.0516 1532 NwlnkFwd - ok
13:47:57.0696 1532 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:47:57.0706 1532 ohci1394 - ok
13:47:57.0796 1532 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:47:57.0806 1532 Parport - ok
13:47:57.0867 1532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:47:57.0867 1532 PartMgr - ok
13:47:57.0917 1532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:47:57.0917 1532 ParVdm - ok
13:47:58.0007 1532 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:47:58.0007 1532 PCI - ok
13:47:58.0027 1532 PCIDump - ok
13:47:58.0087 1532 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
13:47:58.0087 1532 PCIIde - ok
13:47:58.0457 1532 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
13:47:58.0457 1532 Pcmcia - ok
13:47:58.0477 1532 PDCOMP - ok
13:47:58.0518 1532 PDFRAME - ok
13:47:58.0568 1532 PDRELI - ok
13:47:58.0608 1532 PDRFRAME - ok
13:47:58.0648 1532 perc2 - ok
13:47:58.0688 1532 perc2hib - ok
13:47:58.0848 1532 PlugPlay (020ceaaedc8eb655b6506b8c70d53bb6) C:\WINDOWS\system32\services.exe
13:47:58.0848 1532 PlugPlay - ok
13:47:58.0898 1532 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:47:58.0898 1532 PolicyAgent - ok
13:47:58.0978 1532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:47:58.0978 1532 PptpMiniport - ok
13:47:59.0018 1532 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:47:59.0018 1532 ProtectedStorage - ok
13:47:59.0068 1532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:47:59.0088 1532 PSched - ok
13:47:59.0158 1532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:47:59.0158 1532 Ptilink - ok
13:47:59.0259 1532 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:47:59.0269 1532 PxHelp20 - ok
13:47:59.0319 1532 ql1080 - ok
13:47:59.0359 1532 Ql10wnt - ok
13:47:59.0399 1532 ql12160 - ok
13:47:59.0439 1532 ql1240 - ok
13:47:59.0479 1532 ql1280 - ok
13:47:59.0539 1532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:47:59.0549 1532 RasAcd - ok
13:47:59.0609 1532 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:47:59.0609 1532 RasAuto - ok
13:47:59.0639 1532 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
13:47:59.0639 1532 Rasirda - ok
13:47:59.0699 1532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:47:59.0699 1532 Rasl2tp - ok
13:47:59.0819 1532 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:47:59.0829 1532 RasMan - ok
13:47:59.0869 1532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:47:59.0869 1532 RasPppoe - ok
13:47:59.0930 1532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:47:59.0930 1532 Raspti - ok
13:48:00.0030 1532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:48:00.0030 1532 Rdbss - ok
13:48:00.0090 1532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:48:00.0090 1532 RDPCDD - ok
13:48:00.0160 1532 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:48:00.0160 1532 rdpdr - ok
13:48:00.0270 1532 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
13:48:00.0270 1532 RDPWD - ok
13:48:00.0370 1532 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:48:00.0370 1532 RDSessMgr - ok
13:48:00.0440 1532 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:48:00.0440 1532 redbook - ok
13:48:00.0530 1532 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:48:00.0530 1532 RemoteAccess - ok
13:48:00.0621 1532 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
13:48:00.0621 1532 RemoteRegistry - ok
13:48:00.0701 1532 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
13:48:00.0711 1532 RimUsb - ok
13:48:00.0831 1532 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:48:00.0831 1532 RpcLocator - ok
13:48:00.0941 1532 RpcSs (9222562d44021b988b9f9f62207fb6f2) C:\WINDOWS\system32\rpcss.dll
13:48:00.0951 1532 RpcSs - ok
13:48:01.0011 1532 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:48:01.0011 1532 RSVP - ok
13:48:01.0101 1532 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:48:01.0101 1532 SamSs - ok
13:48:01.0181 1532 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:48:01.0191 1532 SCardSvr - ok
13:48:01.0271 1532 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:48:01.0281 1532 Schedule - ok
13:48:01.0392 1532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:48:01.0392 1532 Secdrv - ok
13:48:01.0452 1532 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:48:01.0452 1532 seclogon - ok
13:48:01.0512 1532 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:48:01.0512 1532 SENS - ok
13:48:01.0592 1532 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:48:01.0602 1532 serenum - ok
13:48:01.0642 1532 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:48:01.0642 1532 Serial - ok
13:48:01.0742 1532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:48:01.0742 1532 Sfloppy - ok
13:48:01.0852 1532 SharedAccess (a43f36201f68c96da6cb7b1b0b788c60) C:\WINDOWS\System32\ipnathlp.dll
13:48:01.0862 1532 SharedAccess - ok
13:48:01.0932 1532 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:48:01.0932 1532 ShellHWDetection - ok
13:48:02.0003 1532 Simbad - ok
13:48:02.0073 1532 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
13:48:02.0083 1532 SMCIRDA - ok
13:48:02.0173 1532 smwdm (972b66c19c6625d7e3d8d81f9c85598d) C:\WINDOWS\system32\drivers\smwdm.sys
13:48:02.0183 1532 smwdm - ok
13:48:02.0283 1532 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
13:48:02.0293 1532 SoundMAX Agent Service (default) - ok
13:48:02.0313 1532 Sparrow - ok
13:48:02.0373 1532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:48:02.0373 1532 splitter - ok
13:48:02.0423 1532 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:48:02.0423 1532 Spooler - ok
13:48:02.0483 1532 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:48:02.0483 1532 sr - ok
13:48:02.0573 1532 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:48:02.0573 1532 srservice - ok
13:48:02.0673 1532 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:48:02.0683 1532 Srv - ok
13:48:02.0734 1532 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:48:02.0734 1532 SSDPSRV - ok
13:48:02.0864 1532 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:48:02.0874 1532 stisvc - ok
13:48:02.0954 1532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:48:02.0954 1532 swenum - ok
13:48:03.0014 1532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:48:03.0014 1532 swmidi - ok
13:48:03.0074 1532 SwPrv - ok
13:48:03.0134 1532 symc810 - ok
13:48:03.0174 1532 symc8xx - ok
13:48:03.0224 1532 sym_hi - ok
13:48:03.0264 1532 sym_u3 - ok
13:48:03.0334 1532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:48:03.0334 1532 sysaudio - ok
13:48:03.0385 1532 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:48:03.0395 1532 SysmonLog - ok
13:48:03.0485 1532 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:48:03.0495 1532 TapiSrv - ok
13:48:03.0605 1532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:48:03.0615 1532 Tcpip - ok
13:48:03.0705 1532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:48:03.0705 1532 TDPIPE - ok
13:48:03.0785 1532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:48:03.0785 1532 TDTCP - ok
13:48:03.0835 1532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:48:03.0845 1532 TermDD - ok
13:48:03.0995 1532 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:48:03.0995 1532 TermService - ok
13:48:04.0096 1532 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:48:04.0096 1532 Themes - ok
13:48:04.0156 1532 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
13:48:04.0166 1532 TlntSvr - ok
13:48:04.0206 1532 TosIde - ok
13:48:04.0296 1532 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:48:04.0296 1532 TrkWks - ok
13:48:04.0416 1532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:48:04.0416 1532 Udfs - ok
13:48:04.0466 1532 ultra - ok
13:48:04.0536 1532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:48:04.0546 1532 Update - ok
13:48:04.0636 1532 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:48:04.0656 1532 upnphost - ok
13:48:04.0726 1532 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:48:04.0726 1532 UPS - ok
13:48:04.0807 1532 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:48:04.0807 1532 usbccgp - ok
13:48:04.0867 1532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:48:04.0867 1532 usbehci - ok
13:48:04.0947 1532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:48:04.0957 1532 usbhub - ok
13:48:05.0067 1532 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:48:05.0067 1532 usbscan - ok
13:48:05.0157 1532 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:48:05.0157 1532 USBSTOR - ok
13:48:05.0247 1532 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:48:05.0247 1532 usbuhci - ok
13:48:05.0287 1532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:48:05.0287 1532 VgaSave - ok
13:48:05.0327 1532 ViaIde - ok
13:48:05.0387 1532 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:48:05.0387 1532 VolSnap - ok
13:48:05.0467 1532 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:48:05.0478 1532 VSS - ok
13:48:05.0578 1532 W32Time (f1c4d960c707610eb33b7473db0181dc) C:\WINDOWS\system32\w32time.dll
13:48:05.0588 1532 W32Time - ok
13:48:05.0668 1532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:48:05.0668 1532 Wanarp - ok
13:48:05.0708 1532 WDICA - ok
13:48:05.0758 1532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:48:05.0798 1532 wdmaud - ok
13:48:05.0868 1532 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:48:05.0868 1532 WebClient - ok
13:48:05.0988 1532 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:48:05.0998 1532 winmgmt - ok
13:48:06.0148 1532 WLAN_400_500_SERVICE (3d769924a07c00f5bb4b890f3934cd1e) C:\WINDOWS\system32\DRIVERS\ar5211.sys
13:48:06.0158 1532 WLAN_400_500_SERVICE - ok
13:48:06.0239 1532 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
13:48:06.0249 1532 WmdmPmSN - ok
13:48:06.0359 1532 Wmi (c8a6c82f90b055149925dc7526b2d78c) C:\WINDOWS\System32\advapi32.dll
13:48:06.0369 1532 Wmi - ok
13:48:06.0449 1532 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:48:06.0449 1532 WmiAcpi - ok
13:48:06.0609 1532 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:48:06.0619 1532 WmiApSrv - ok
13:48:06.0719 1532 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:48:06.0719 1532 wscsvc - ok
13:48:06.0829 1532 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:48:06.0829 1532 wuauserv - ok
13:48:06.0930 1532 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:48:06.0940 1532 WZCSVC - ok
13:48:07.0120 1532 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:48:07.0120 1532 xmlprov - ok
13:48:07.0290 1532 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:48:07.0931 1532 \Device\Harddisk0\DR0 - ok
13:48:07.0971 1532 Boot (0x1200) (4ee7d738189b6e31a74fd8076cefc718) \Device\Harddisk0\DR0\Partition0
13:48:07.0981 1532 \Device\Harddisk0\DR0\Partition0 - ok
13:48:07.0991 1532 ============================================================
13:48:07.0991 1532 Scan finished
13:48:07.0991 1532 ============================================================
13:48:08.0061 1524 Detected object count: 0
13:48:08.0061 1524 Actual detected object count: 0






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-31 13:49:28
-----------------------------
13:49:28.106 OS Version: Windows 5.1.2600 Service Pack 3
13:49:28.106 Number of processors: 1 586 0xD06
13:49:28.106 ComputerName: COMPAQ-3D3C5CF5 UserName: Administrator
13:49:28.897 Initialize success
13:56:26.578 AVAST engine defs: 12073101
13:56:36.072 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
13:56:36.122 Disk 0 Vendor: HITACHI_DK23DA-30 00J1A0A3 Size: 28615MB BusType: 3
13:56:36.162 Disk 0 MBR read successfully
13:56:36.192 Disk 0 MBR scan
13:56:36.392 Disk 0 Windows XP default MBR code
13:56:36.422 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 28608 MB offset 63
13:56:36.452 Disk 0 scanning sectors +58590000
13:56:36.763 Disk 0 scanning C:\WINDOWS\system32\drivers
13:56:55.129 Service scanning
13:57:38.902 Modules scanning
13:57:54.054 Disk 0 trace - called modules:
13:57:54.084 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
13:57:54.084 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82379ab8]
13:57:54.104 3 CLASSPNP.SYS[f8595fd7] -> nt!IofCallDriver -> \Device\00000083[0x82356030]
13:57:54.104 5 ACPI.sys[f84ec620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82393940]
13:57:55.306 AVAST engine scan C:\WINDOWS
13:58:03.217 AVAST engine scan C:\WINDOWS\system32
14:01:53.769 AVAST engine scan C:\WINDOWS\system32\drivers
14:02:13.467 AVAST engine scan C:\Documents and Settings\Administrator
14:03:48.834 AVAST engine scan C:\Documents and Settings\All Users
14:03:50.426 File: C:\Documents and Settings\All Users\Application Data\aofupzxa.exe **INFECTED** Win32:Rootkit-gen [Rtk]
14:04:30.023 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
14:04:30.063 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
14:05:07.097 Scan finished successfully
14:05:29.979 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
14:05:30.019 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"


ESET Scanner:

C:\Documents and Settings\Administrator\0.5365282308160474.exe a variant of Win32/Kryptik.AJEJ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\nkdhejyn.dll Win32/Kryptik.AJDT.Gen trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\VLC_32.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\aofupzxa.exe a variant of Win32/Kryptik.AJCS trojan cleaned by deleting - quarantined
C:\Program Files\1ClickDownload\ocmainpack.exe Win32/Adware.1ClickDownload.E application cleaned by deleting - quarantined

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:45 PM

Posted 31 July 2012 - 08:46 AM

Reboot into normal mode

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#7 at2867

at2867
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 31 July 2012 - 08:58 AM

Okay i will do that now. Just got this message on startup in normal mode which i haven't had before:

Error loading C:/Documents and Setttings/Administrator/Local Settings/Application Data/Microsoft/nkdhejyn.dll

The specified module could not be found

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:45 PM

Posted 31 July 2012 - 08:59 AM

Error loading C:/Documents and Setttings/Administrator/Local Settings/Application Data/Microsoft/nkdhejyn.dll

The specified module could not be found


We can remove the startup error after scans :thumbup2:

#9 at2867

at2867
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 31 July 2012 - 10:34 AM

MBAM didn't find any infections on full scan



here are the logs:







MiniToolBox by Farbar Version: 23-07-2012
Ran by Administrator (administrator) on 31-07-2012 at 16:17:49
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
HP WLAN 802.11b/g W400 = Wireless Network Connection (Connected)
Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : compaq-3d3c5cf5

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Home



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet

Physical Address. . . . . . . . . : 00-11-85-85-55-AE



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : Home

Description . . . . . . . . . . . : HP WLAN 802.11b/g W400

Physical Address. . . . . . . . . : 00-11-0A-80-CB-C8

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.3

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : 31 July 2012 14:50:16

Lease Expires . . . . . . . . . . : 01 August 2012 14:50:16

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 173.194.41.110, 173.194.41.96, 173.194.41.97, 173.194.41.98
173.194.41.99, 173.194.41.100, 173.194.41.101, 173.194.41.102, 173.194.41.103
173.194.41.104, 173.194.41.105



Pinging google.com [173.194.41.110] with 32 bytes of data:



Reply from 173.194.41.110: bytes=32 time=27ms TTL=57

Reply from 173.194.41.110: bytes=32 time=26ms TTL=57



Ping statistics for 173.194.41.110:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 26ms, Maximum = 27ms, Average = 26ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=144ms TTL=51

Reply from 209.191.122.70: bytes=32 time=155ms TTL=52



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 144ms, Maximum = 155ms, Average = 149ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 85 85 55 ae ...... Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler Miniport
0x3 ...00 11 0a 80 cb c8 ...... HP WLAN 802.11b/g W400 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.3 192.168.0.3 25
192.168.0.3 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.3 192.168.0.3 25
224.0.0.0 240.0.0.0 192.168.0.3 192.168.0.3 25
255.255.255.255 255.255.255.255 192.168.0.3 2 1
255.255.255.255 255.255.255.255 192.168.0.3 192.168.0.3 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/31/2012 01:41:21 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.62.0.87, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/30/2012 09:47:45 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.62.0.87, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/30/2012 08:52:38 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/30/2012 07:25:17 PM) (Source: ESENT) (User: )
Description: svchost (1488) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/30/2012 07:25:16 PM) (Source: ESENT) (User: )
Description: svchost (1488) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/30/2012 07:25:14 PM) (Source: ESENT) (User: )
Description: svchost (1488) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/30/2012 07:25:13 PM) (Source: ESENT) (User: )
Description: svchost (1488) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/30/2012 07:25:10 PM) (Source: ESENT) (User: )
Description: svchost (1488) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/30/2012 07:25:09 PM) (Source: ESENT) (User: )
Description: svchost (1488) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/30/2012 07:25:08 PM) (Source: ESENT) (User: )
Description: svchost (1488) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (07/31/2012 02:48:26 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/31/2012 02:42:21 PM) (Source: DCOM) (User: COMPAQ-3D3C5CF5)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/31/2012 02:04:24 PM) (Source: DCOM) (User: COMPAQ-3D3C5CF5)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/31/2012 01:48:15 PM) (Source: DCOM) (User: COMPAQ-3D3C5CF5)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/31/2012 01:45:57 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx86
Avgmfx86
eabfiltr
Fips
intelppm

Error: (07/31/2012 01:44:45 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/30/2012 05:17:39 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PCIIde

Error: (07/30/2012 05:17:13 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (07/30/2012 05:15:08 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/30/2012 04:59:50 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx86
Avgmfx86
eabfiltr
Fips
intelppm


Microsoft Office Sessions:
=========================
Error: (07/31/2012 01:41:21 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.62.0.87hungapp0.0.0.000000000

Error: (07/30/2012 09:47:45 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.62.0.87hungapp0.0.0.000000000

Error: (07/30/2012 08:52:38 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (07/30/2012 07:25:17 PM) (Source: ESENT)(User: )
Description: svchost1488C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (07/30/2012 07:25:16 PM) (Source: ESENT)(User: )
Description: svchost1488C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (07/30/2012 07:25:14 PM) (Source: ESENT)(User: )
Description: svchost1488C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (07/30/2012 07:25:13 PM) (Source: ESENT)(User: )
Description: svchost1488C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (07/30/2012 07:25:10 PM) (Source: ESENT)(User: )
Description: svchost1488C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (07/30/2012 07:25:09 PM) (Source: ESENT)(User: )
Description: svchost1488C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (07/30/2012 07:25:08 PM) (Source: ESENT)(User: )
Description: svchost1488C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.3.300.268)
Adobe Flash Player 11 Plugin (Version: 11.3.300.268)
Adobe Reader X (Version: 10.0.0)
Agere Systems AC'97 Modem
ATI - Software Uninstall Utility (Version: 6.14.10.1012)
ATI Control Panel (Version: 6.14.10.5155)
ATI Display Driver (Version: 8.143-050607a-020515C)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
BitTorrent (Version: 7.6.1)
Broadcom NetXtreme Ethernet Controller (Version: 8.06.01)
CCleaner (Version: 3.20)
DivX Setup (Version: 2.6.1.8)
Download Updater (AOL LLC)
ESET Online Scanner v3
HP Integrated Wireless LAN W400-W500 Driver
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 32 (Version: 6.0.320)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
O2Micro MemoryCardBus Windows Driver (Version: 1.30.0000)
OpenOffice.org 3.0 (Version: 3.0.9379)
PowerDVD
Quick Launch Buttons 5.10 B5 (Version: 5.10 B5)
SoundMAX (Version: 5.12.01.3920)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951618-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB958752) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 1.1.7 (Version: 1.1.7)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Hotfix - KB895181
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
Word XP Introduction Training by Training A

========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 511.36 MB
Available physical RAM: 331.42 MB
Total Pagefile: 1249.84 MB
Available Pagefile: 920.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.71 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:27.94 GB) (Free:2.52 GB) NTFS

========================= Users: ========================================

User accounts for \\COMPAQ-3D3C5CF5

Administrator Guest HelpAssistant
SUPPORT_388945a0


**** End of log ****





Farbar Service Scanner Version: 26-07-2012
Ran by Administrator (administrator) on 31-07-2012 at 16:19:44
Running from "C:\Documents and Settings\Administrator\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall value. The value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 13:00] - [2008-04-21 19:44] - 0330752 ____A (Microsoft Corporation) A43F36201F68C96DA6CB7B1B0B788C60

C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2004-08-04 13:00] - [2009-02-09 11:56] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINDOWS\system32\services.exe
[2004-08-04 13:00] - [2009-02-06 12:06] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6


Extra List:
=======
Avgtdix(9) Gpc(4) IPSec(6) irda(3) NetBT(7) PSched(8) Tcpip(5)
0x09000000060000000100000002000000030000000400000005000000090000000700000008000000
IpSec Tag value is correct.

**** End of log ****






# AdwCleaner v1.703 - Logfile created 07/31/2012 at 16:24:54
# Updated 20/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - COMPAQ-3D3C5CF5
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g84natoy.default\prefs.js

Deleted : user_pref("extensions.crossriderapp435.435.active", true);
Deleted : user_pref("extensions.crossriderapp435.435.affid", "0");
Deleted : user_pref("extensions.crossriderapp435.435.backgroundjs", "\nfunction buttonClick() { \n \n [...]
Deleted : user_pref("extensions.crossriderapp435.435.backgroundver", 8);
Deleted : user_pref("extensions.crossriderapp435.435.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp435.435.description", "Premiumplay Codec check");
Deleted : user_pref("extensions.crossriderapp435.435.domain", "");
Deleted : user_pref("extensions.crossriderapp435.435.emailsig", "");
Deleted : user_pref("extensions.crossriderapp435.435.exposesites", "");
Deleted : user_pref("extensions.crossriderapp435.435.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp435.435.group", 0);
Deleted : user_pref("extensions.crossriderapp435.435.homepage", "");
Deleted : user_pref("extensions.crossriderapp435.435.iframe", false);
Deleted : user_pref("extensions.crossriderapp435.435.js", "\n//------------------ PLUGIN app_435_specific STA[...]
Deleted : user_pref("extensions.crossriderapp435.435.name", "Codec-V");
Deleted : user_pref("extensions.crossriderapp435.435.premium", true);
Deleted : user_pref("extensions.crossriderapp435.435.publisher", "Premiumplay");
Deleted : user_pref("extensions.crossriderapp435.435.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp435.435.thankyou", "");
Deleted : user_pref("extensions.crossriderapp435.435.ver", 57);
Deleted : user_pref("extensions.crossriderapp435.apps", "435");
Deleted : user_pref("extensions.crossriderapp435.bic", "132ea8365a6a7dfcb892132b42b5f6de");
Deleted : user_pref("extensions.crossriderapp435.cid", 435);
Deleted : user_pref("extensions.crossriderapp435.firstrun", false);
Deleted : user_pref("extensions.crossriderapp435.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp435.installationdate", 1343748277);
Deleted : user_pref("extensions.crossriderapp435.jsver", 3);
Deleted : user_pref("extensions.crossriderapp435.lastcheck", 22395805);
Deleted : user_pref("extensions.crossriderapp435.lastcheckitem", 22395805);

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [321 octets] - [31/07/2012 16:20:55]
AdwCleaner[S2].txt - [8821 octets] - [31/07/2012 16:22:12]
AdwCleaner[S3].txt - [3286 octets] - [31/07/2012 16:24:54]

########## EOF - C:\AdwCleaner[S3].txt - [3414 octets] ##########

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:45 PM

Posted 31 July 2012 - 12:33 PM

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#11 at2867

at2867
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 31 July 2012 - 01:41 PM

I am trying to post the Autoruns log but it keeps saying the reply is too long?

#12 at2867

at2867
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 31 July 2012 - 01:47 PM

Done it now. Forgot to save it as txt :)

Here are the contents:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 10.0\reader\reader_sl.exe"
+ "AGRSMMSG" "SoftModem Messaging Applet" "Agere Systems" "c:\windows\agrsmmsg.exe"
+ "ATIPTA" "ATI Desktop Control Panel" "ATI Technologies, Inc." "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgtray.exe"
+ "eabconfg.cpl" "Quick Launch Buttons" "Hewlett-Packard " "c:\program files\hpq\quick launch buttons\eabservr.exe"
+ "SunJavaUpdateSched" "" "" "File not found: C:\Program Files\Java\jre6\bin\jusched.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Microsoft" "" "" "File not found: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\nkdhejyn.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgpp.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "Sun Microsystems, Inc." "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgdtiex.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgssie.dll"
+ "DivX Plus Web Player HTML5 <video>" "DivX Plus Web Player HTML5 <video> version 2.1.2.145" "DivX, LLC" "c:\program files\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "SSVHelper Class" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.3 r300" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Ati HotKey Poller" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgwdsvc.exe"
+ "hpqwmi" "hpqwmi Module" "Hewlett-Packard Development Company, L.P." "c:\program files\hpq\shared\hpqwmi.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "SoundMAX Agent Service (default)" "SoundMAX service agent component" "Analog Devices, Inc." "c:\program files\analog devices\soundmax\smagent.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "aeaudio" "Andrea Audio Noise Cancellation Driver" "Andrea Electronics Corporation" "c:\windows\system32\drivers\aeaudio.sys"
+ "AgereSoftModem" "SoftModem Device Driver" "Agere Systems" "c:\windows\system32\drivers\agrsm.sys"
+ "ati2mtag" "ATI Radeon WindowsNT Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mtag.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdriverx.sys"
+ "AVGIDSFilter" "AVG Technologies IDS Application Activity Monitor Filter Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsfilterx.sys"
+ "AVGIDSHX" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidshx.sys"
+ "AVGIDSShim" "AVG Technologies IDS Application Activity Monitor Shim Loader Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsshimx.sys"
+ "Avgldx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "Avgmfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "Avgrkx86" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx86.sys"
+ "Avgtdix" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdix.sys"
+ "b57w2k" "Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57xp32.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "CONAN" "o2mmb" "O2 Micro " "c:\windows\system32\drivers\o2mmb.sys"
+ "eabfiltr" "QLB PS/2 Keyboard filter driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\eabfiltr.sys"
+ "eabusb" "QLB USB Keyboard filter driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\eabusb.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MbxStby" "O2Micro MemoryCardBus Slot Manager" "O2 Micro" "c:\windows\system32\drivers\mbxstby.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "RimUsb" "BlackBerry Device Driver" "Research In Motion Limited" "c:\windows\system32\drivers\rimusb.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SMCIRDA" "SMC IrCC NDIS 5.0 IrDA FIR Device Driver" "SMC" "c:\windows\system32\drivers\smcirda.sys"
+ "smwdm" "SoundMAX Integrated Digital Audio " "Analog Devices, Inc." "c:\windows\system32\drivers\smwdm.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "WLAN_400_500_SERVICE" "Driver for Atheros AR5001 Wireless Network Adapter" "Atheros Communications, Inc." "c:\windows\system32\drivers\ar5211.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd\claudfx.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\clnav.ax"
+ "CyberLink DxVA Filter 2" "" "" "c:\program files\cyberlink\powerdvd\cldxva.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\clvsd.ax"
+ "DivX AAC Decoder" "AAC audio decoder filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files\divx\divx codec\divxdec.ax"
+ "DivX Demux Filter" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX Demux Filter (Unrestricted Edition)" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\divxdech264.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgrsx.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "AtiExtEvent" "ATI External Event Utility DLL Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.dll"

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:45 PM

Posted 31 July 2012 - 01:48 PM

Just post Half the content

#14 at2867

at2867
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 31 July 2012 - 01:56 PM

Here is all the content:


"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 10.0\reader\reader_sl.exe"
+ "AGRSMMSG" "SoftModem Messaging Applet" "Agere Systems" "c:\windows\agrsmmsg.exe"
+ "ATIPTA" "ATI Desktop Control Panel" "ATI Technologies, Inc." "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgtray.exe"
+ "eabconfg.cpl" "Quick Launch Buttons" "Hewlett-Packard " "c:\program files\hpq\quick launch buttons\eabservr.exe"
+ "SunJavaUpdateSched" "" "" "File not found: C:\Program Files\Java\jre6\bin\jusched.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Microsoft" "" "" "File not found: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\nkdhejyn.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgpp.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "Sun Microsystems, Inc." "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgdtiex.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgssie.dll"
+ "DivX Plus Web Player HTML5 <video>" "DivX Plus Web Player HTML5 <video> version 2.1.2.145" "DivX, LLC" "c:\program files\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "SSVHelper Class" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.3 r300" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Ati HotKey Poller" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgwdsvc.exe"
+ "hpqwmi" "hpqwmi Module" "Hewlett-Packard Development Company, L.P." "c:\program files\hpq\shared\hpqwmi.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "SoundMAX Agent Service (default)" "SoundMAX service agent component" "Analog Devices, Inc." "c:\program files\analog devices\soundmax\smagent.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "aeaudio" "Andrea Audio Noise Cancellation Driver" "Andrea Electronics Corporation" "c:\windows\system32\drivers\aeaudio.sys"
+ "AgereSoftModem" "SoftModem Device Driver" "Agere Systems" "c:\windows\system32\drivers\agrsm.sys"
+ "ati2mtag" "ATI Radeon WindowsNT Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mtag.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdriverx.sys"
+ "AVGIDSFilter" "AVG Technologies IDS Application Activity Monitor Filter Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsfilterx.sys"
+ "AVGIDSHX" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidshx.sys"
+ "AVGIDSShim" "AVG Technologies IDS Application Activity Monitor Shim Loader Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsshimx.sys"
+ "Avgldx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "Avgmfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "Avgrkx86" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx86.sys"
+ "Avgtdix" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdix.sys"
+ "b57w2k" "Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57xp32.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "CONAN" "o2mmb" "O2 Micro " "c:\windows\system32\drivers\o2mmb.sys"
+ "eabfiltr" "QLB PS/2 Keyboard filter driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\eabfiltr.sys"
+ "eabusb" "QLB USB Keyboard filter driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\eabusb.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MbxStby" "O2Micro MemoryCardBus Slot Manager" "O2 Micro" "c:\windows\system32\drivers\mbxstby.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "RimUsb" "BlackBerry Device Driver" "Research In Motion Limited" "c:\windows\system32\drivers\rimusb.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SMCIRDA" "SMC IrCC NDIS 5.0 IrDA FIR Device Driver" "SMC" "c:\windows\system32\drivers\smcirda.sys"
+ "smwdm" "SoundMAX Integrated Digital Audio " "Analog Devices, Inc." "c:\windows\system32\drivers\smwdm.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "WLAN_400_500_SERVICE" "Driver for Atheros AR5001 Wireless Network Adapter" "Atheros Communications, Inc." "c:\windows\system32\drivers\ar5211.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd\claudfx.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\clnav.ax"
+ "CyberLink DxVA Filter 2" "" "" "c:\program files\cyberlink\powerdvd\cldxva.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd\clvsd.ax"
+ "DivX AAC Decoder" "AAC audio decoder filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files\divx\divx codec\divxdec.ax"
+ "DivX Demux Filter" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX Demux Filter (Unrestricted Edition)" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\divxdech264.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgrsx.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "AtiExtEvent" "ATI External Event Utility DLL Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.dll"



#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:45 PM

Posted 31 July 2012 - 02:06 PM

Launch autoruns and uncheck this entry
HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Microsoft" "" "" "File not found: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\nkdhejyn.dll"

Any current issues before we wrap up




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users