Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus.


  • Please log in to reply
3 replies to this topic

#1 StopRedirecting

StopRedirecting

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 13 August 2012 - 12:15 PM

Hello,

I've been looking around at some of the other links and threads and finally decided it would be safest to ask you guys about this.

I've ran malwarebytes and TDSSkiller already.

Malwarebytes no longer picks up anything (it originally picked up a trojan.bho, which I deleted, and a few redirect links. Quar'd and killed).

TDSSkiller picked up a rootkit, which I deleted. I ran it to detect TDLFS files as well, which found a few things to skip over.

I still get redirected if I click a link 2-3 times, I have turned system restore on and off to scan, but will do it again if asked to. In fact, I think that'd be better, so just disregard this.

Getting really annoyed. Thanks for any help.

Here are the TDSS logs:

13:10:16.0625 2552 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:10:17.0093 2552 ============================================================
13:10:17.0093 2552 Current date / time: 2012/08/13 13:10:17.0093
13:10:17.0093 2552 SystemInfo:
13:10:17.0093 2552
13:10:17.0093 2552 OS Version: 5.1.2600 ServicePack: 3.0
13:10:17.0093 2552 Product type: Workstation
13:10:17.0093 2552 ComputerName: RATAN-410E11E12
13:10:17.0093 2552 UserName: Hello
13:10:17.0093 2552 Windows directory: C:\WINDOWS
13:10:17.0093 2552 System windows directory: C:\WINDOWS
13:10:17.0093 2552 Processor architecture: Intel x86
13:10:17.0093 2552 Number of processors: 2
13:10:17.0093 2552 Page size: 0x1000
13:10:17.0093 2552 Boot type: Normal boot
13:10:17.0093 2552 ============================================================
13:10:21.0203 2552 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:10:21.0265 2552 ============================================================
13:10:21.0265 2552 \Device\Harddisk0\DR0:
13:10:21.0375 2552 MBR partitions:
13:10:21.0375 2552 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
13:10:21.0375 2552 ============================================================
13:10:21.0625 2552 C: <-> \Device\Harddisk0\DR0\Partition0
13:10:21.0625 2552 ============================================================
13:10:21.0625 2552 Initialize success
13:10:21.0625 2552 ============================================================
13:11:18.0125 3236 ============================================================
13:11:18.0125 3236 Scan started
13:11:18.0125 3236 Mode: Manual; TDLFS;
13:11:18.0125 3236 ============================================================
13:11:18.0656 3236 Abiosdsk - ok
13:11:18.0656 3236 abp480n5 - ok
13:11:18.0796 3236 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:11:18.0796 3236 ACPI - ok
13:11:18.0828 3236 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:11:18.0828 3236 ACPIEC - ok
13:11:18.0843 3236 adpu160m - ok
13:11:19.0046 3236 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:11:19.0078 3236 aec - ok
13:11:19.0125 3236 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
13:11:19.0125 3236 AegisP - ok
13:11:19.0187 3236 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:11:19.0218 3236 AFD - ok
13:11:19.0218 3236 Aha154x - ok
13:11:19.0234 3236 aic78u2 - ok
13:11:19.0234 3236 aic78xx - ok
13:11:19.0265 3236 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:11:19.0265 3236 Alerter - ok
13:11:19.0296 3236 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:11:19.0296 3236 ALG - ok
13:11:19.0296 3236 AliIde - ok
13:11:19.0312 3236 amsint - ok
13:11:19.0531 3236 Apple Mobile Device (b8e865d24f2753a35cc2a9a6a3ce1ad4) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
13:11:19.0546 3236 Apple Mobile Device - ok
13:11:19.0609 3236 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
13:11:19.0609 3236 AppMgmt - ok
13:11:19.0640 3236 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:11:19.0640 3236 Arp1394 - ok
13:11:19.0640 3236 asc - ok
13:11:19.0656 3236 asc3350p - ok
13:11:19.0656 3236 asc3550 - ok
13:11:19.0984 3236 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:11:20.0000 3236 aspnet_state - ok
13:11:20.0046 3236 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:11:20.0046 3236 AsyncMac - ok
13:11:20.0156 3236 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:11:20.0156 3236 atapi - ok
13:11:20.0156 3236 Atdisk - ok
13:11:20.0281 3236 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:11:20.0281 3236 Atmarpc - ok
13:11:20.0328 3236 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:11:20.0328 3236 AudioSrv - ok
13:11:20.0390 3236 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:11:20.0390 3236 audstub - ok
13:11:20.0453 3236 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:11:20.0453 3236 Beep - ok
13:11:20.0546 3236 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:11:20.0656 3236 BITS - ok
13:11:20.0781 3236 Bonjour Service (9efe4236f8670846b6e7c5b0eff6e715) C:\Program Files\Bonjour\mDNSResponder.exe
13:11:20.0781 3236 Bonjour Service - ok
13:11:20.0875 3236 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:11:20.0875 3236 Browser - ok
13:11:20.0906 3236 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:11:20.0906 3236 cbidf2k - ok
13:11:21.0000 3236 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:11:21.0015 3236 CCDECODE - ok
13:11:21.0015 3236 cd20xrnt - ok
13:11:21.0140 3236 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:11:21.0140 3236 Cdaudio - ok
13:11:21.0234 3236 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:11:21.0296 3236 Cdfs - ok
13:11:21.0296 3236 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:11:21.0312 3236 Cdrom - ok
13:11:21.0312 3236 Changer - ok
13:11:21.0359 3236 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:11:21.0359 3236 CiSvc - ok
13:11:21.0375 3236 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:11:21.0375 3236 ClipSrv - ok
13:11:21.0500 3236 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:11:21.0578 3236 clr_optimization_v2.0.50727_32 - ok
13:11:21.0765 3236 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:11:21.0843 3236 clr_optimization_v4.0.30319_32 - ok
13:11:21.0921 3236 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:11:21.0921 3236 CmBatt - ok
13:11:21.0937 3236 CmdIde - ok
13:11:22.0015 3236 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:11:22.0046 3236 Compbatt - ok
13:11:22.0046 3236 COMSysApp - ok
13:11:22.0046 3236 Cpqarray - ok
13:11:22.0171 3236 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:11:22.0171 3236 CryptSvc - ok
13:11:22.0171 3236 dac2w2k - ok
13:11:22.0187 3236 dac960nt - ok
13:11:22.0281 3236 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:11:22.0281 3236 DcomLaunch - ok
13:11:22.0359 3236 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:11:22.0359 3236 Dhcp - ok
13:11:22.0375 3236 dieajslv - ok
13:11:22.0437 3236 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:11:22.0453 3236 Disk - ok
13:11:22.0453 3236 dmadmin - ok
13:11:22.0593 3236 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:11:22.0640 3236 dmboot - ok
13:11:22.0671 3236 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:11:22.0671 3236 dmio - ok
13:11:22.0687 3236 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:11:22.0687 3236 dmload - ok
13:11:22.0750 3236 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:11:22.0750 3236 dmserver - ok
13:11:22.0796 3236 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:11:22.0828 3236 DMusic - ok
13:11:22.0875 3236 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:11:22.0875 3236 Dnscache - ok
13:11:22.0984 3236 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:11:23.0000 3236 Dot3svc - ok
13:11:23.0000 3236 dpti2o - ok
13:11:23.0031 3236 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:11:23.0046 3236 drmkaud - ok
13:11:23.0046 3236 EagleNT - ok
13:11:23.0062 3236 EagleXNt - ok
13:11:23.0109 3236 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:11:23.0109 3236 EapHost - ok
13:11:23.0281 3236 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
13:11:23.0343 3236 ehRecvr - ok
13:11:23.0406 3236 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
13:11:23.0421 3236 ehSched - ok
13:11:23.0531 3236 EraserUtilRebootDrv - ok
13:11:23.0640 3236 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:11:23.0640 3236 ERSvc - ok
13:11:23.0718 3236 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:11:23.0718 3236 Eventlog - ok
13:11:23.0796 3236 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:11:23.0812 3236 EventSystem - ok
13:11:23.0921 3236 EvtEng (2b1284c4ec97cc204f8430f5ccc2992f) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
13:11:23.0953 3236 EvtEng - ok
13:11:24.0234 3236 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:11:24.0265 3236 Fastfat - ok
13:11:24.0312 3236 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:11:24.0328 3236 FastUserSwitchingCompatibility - ok
13:11:24.0375 3236 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:11:24.0375 3236 Fdc - ok
13:11:24.0406 3236 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:11:24.0406 3236 Fips - ok
13:11:24.0421 3236 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:11:24.0421 3236 Flpydisk - ok
13:11:24.0468 3236 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:11:24.0468 3236 FltMgr - ok
13:11:24.0671 3236 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:11:24.0671 3236 FontCache3.0.0.0 - ok
13:11:24.0687 3236 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:11:24.0687 3236 Fs_Rec - ok
13:11:24.0906 3236 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:11:24.0921 3236 Ftdisk - ok
13:11:24.0953 3236 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:11:24.0953 3236 GEARAspiWDM - ok
13:11:25.0046 3236 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:11:25.0046 3236 Gpc - ok
13:11:25.0093 3236 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
13:11:25.0093 3236 hamachi - ok
13:11:25.0328 3236 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:11:25.0343 3236 HDAudBus - ok
13:11:25.0468 3236 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:11:25.0468 3236 helpsvc - ok
13:11:25.0531 3236 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:11:25.0531 3236 HidServ - ok
13:11:25.0562 3236 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:11:25.0562 3236 HidUsb - ok
13:11:25.0593 3236 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:11:25.0593 3236 hkmsvc - ok
13:11:25.0609 3236 hpn - ok
13:11:25.0781 3236 HSFHWAZL (be0a81f4337367ce94bb20e65b3d57c8) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
13:11:25.0781 3236 HSFHWAZL - ok
13:11:26.0031 3236 HSF_DPV (b46aa158f25ccbf03b12971b4c7f4723) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
13:11:26.0062 3236 HSF_DPV - ok
13:11:26.0265 3236 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:11:26.0265 3236 HTTP - ok
13:11:26.0343 3236 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:11:26.0343 3236 HTTPFilter - ok
13:11:26.0359 3236 i2omgmt - ok
13:11:26.0359 3236 i2omp - ok
13:11:26.0421 3236 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:11:26.0421 3236 i8042prt - ok
13:11:26.0734 3236 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:11:26.0765 3236 ialm - ok
13:11:27.0046 3236 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:11:27.0093 3236 idsvc - ok
13:11:27.0406 3236 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:11:27.0406 3236 Imapi - ok
13:11:27.0671 3236 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:11:27.0687 3236 ImapiService - ok
13:11:27.0687 3236 ini910u - ok
13:11:29.0406 3236 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:11:29.0625 3236 IntcAzAudAddService - ok
13:11:30.0203 3236 IntelIde - ok
13:11:30.0265 3236 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:11:30.0265 3236 intelppm - ok
13:11:30.0359 3236 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:11:30.0375 3236 Ip6Fw - ok
13:11:30.0406 3236 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:11:30.0406 3236 IpFilterDriver - ok
13:11:30.0468 3236 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:11:30.0468 3236 IpInIp - ok
13:11:30.0500 3236 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:11:30.0515 3236 IpNat - ok
13:11:30.0656 3236 iPod Service (d2e8efb8af35fcf5a7af22f5a0ce1a82) C:\Program Files\iPod\bin\iPodService.exe
13:11:30.0906 3236 iPod Service - ok
13:11:30.0937 3236 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:11:30.0953 3236 IPSec - ok
13:11:31.0000 3236 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:11:31.0000 3236 IRENUM - ok
13:11:31.0046 3236 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:11:31.0078 3236 isapnp - ok
13:11:31.0109 3236 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:11:31.0109 3236 Kbdclass - ok
13:11:31.0156 3236 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:11:31.0156 3236 kbdhid - ok
13:11:31.0250 3236 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:11:31.0281 3236 kmixer - ok
13:11:31.0343 3236 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:11:31.0359 3236 KSecDD - ok
13:11:31.0765 3236 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:11:31.0765 3236 lanmanserver - ok
13:11:32.0046 3236 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:11:32.0078 3236 lanmanworkstation - ok
13:11:32.0078 3236 lbrtfdc - ok
13:11:32.0125 3236 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:11:32.0156 3236 LmHosts - ok
13:11:32.0250 3236 maxD20081102 - ok
13:11:32.0328 3236 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
13:11:32.0343 3236 MBAMProtector - ok
13:11:32.0562 3236 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:11:32.0593 3236 MBAMService - ok
13:11:32.0625 3236 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
13:11:32.0625 3236 MBAMSwissArmy - ok
13:11:32.0687 3236 McComponentHostService (0e0a5217b2268008442381df67a69ac0) C:\Program Files\McAfee Security Scan\3.0.250\McCHSvc.exe
13:11:32.0734 3236 McComponentHostService - ok
13:11:32.0843 3236 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
13:11:32.0906 3236 McrdSvc - ok
13:11:32.0968 3236 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:11:32.0984 3236 mdmxsdk - ok
13:11:33.0031 3236 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:11:33.0046 3236 Messenger - ok
13:11:33.0078 3236 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
13:11:33.0078 3236 MHN - ok
13:11:33.0125 3236 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
13:11:33.0125 3236 MHNDRV - ok
13:11:33.0125 3236 mlmda - ok
13:11:33.0234 3236 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:11:33.0234 3236 mnmdd - ok
13:11:33.0281 3236 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:11:33.0281 3236 mnmsrvc - ok
13:11:33.0312 3236 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:11:33.0312 3236 Modem - ok
13:11:33.0328 3236 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:11:33.0328 3236 Mouclass - ok
13:11:33.0359 3236 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:11:33.0390 3236 mouhid - ok
13:11:33.0421 3236 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:11:33.0437 3236 MountMgr - ok
13:11:33.0437 3236 mraid35x - ok
13:11:33.0593 3236 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:11:33.0609 3236 MRxDAV - ok
13:11:33.0718 3236 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:11:33.0765 3236 MRxSmb - ok
13:11:33.0828 3236 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:11:33.0828 3236 MSDTC - ok
13:11:33.0859 3236 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:11:33.0859 3236 Msfs - ok
13:11:33.0859 3236 MSIServer - ok
13:11:33.0875 3236 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:11:33.0875 3236 MSKSSRV - ok
13:11:33.0906 3236 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys
13:11:33.0906 3236 msloop - ok
13:11:33.0921 3236 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:11:33.0921 3236 MSPCLOCK - ok
13:11:33.0921 3236 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:11:33.0921 3236 MSPQM - ok
13:11:34.0000 3236 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:11:34.0000 3236 mssmbios - ok
13:11:34.0046 3236 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:11:34.0046 3236 MSTEE - ok
13:11:34.0093 3236 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:11:34.0140 3236 Mup - ok
13:11:35.0109 3236 MyBotDriver - ok
13:11:35.0406 3236 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:11:35.0406 3236 NABTSFEC - ok
13:11:35.0531 3236 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:11:35.0531 3236 napagent - ok
13:11:35.0593 3236 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:11:35.0593 3236 NDIS - ok
13:11:35.0625 3236 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:11:35.0625 3236 NdisIP - ok
13:11:35.0671 3236 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:11:35.0671 3236 NdisTapi - ok
13:11:35.0734 3236 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:11:35.0734 3236 Ndisuio - ok
13:11:35.0765 3236 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:11:35.0765 3236 NdisWan - ok
13:11:35.0812 3236 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:11:35.0812 3236 NDProxy - ok
13:11:35.0843 3236 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:11:35.0843 3236 NetBIOS - ok
13:11:35.0890 3236 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:11:35.0906 3236 NetBT - ok
13:11:36.0015 3236 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:11:36.0046 3236 NetDDE - ok
13:11:36.0046 3236 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:11:36.0046 3236 NetDDEdsdm - ok
13:11:36.0125 3236 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:11:36.0156 3236 Netlogon - ok
13:11:36.0234 3236 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:11:36.0250 3236 Netman - ok
13:11:36.0406 3236 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:11:36.0437 3236 NetTcpPortSharing - ok
13:11:36.0890 3236 NETw3x32 (f886500c285af271fdd33bf8ba7b32ef) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
13:11:36.0968 3236 NETw3x32 - ok
13:11:37.0312 3236 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:11:37.0312 3236 NIC1394 - ok
13:11:37.0484 3236 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:11:37.0515 3236 Nla - ok
13:11:37.0625 3236 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:11:37.0625 3236 Npfs - ok
13:11:37.0625 3236 npggsvc - ok
13:11:37.0796 3236 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:11:37.0875 3236 Ntfs - ok
13:11:37.0937 3236 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:11:37.0937 3236 NtLmSsp - ok
13:11:38.0125 3236 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:11:38.0140 3236 NtmsSvc - ok
13:11:38.0187 3236 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:11:38.0187 3236 Null - ok
13:11:38.0250 3236 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:11:38.0250 3236 NwlnkFlt - ok
13:11:38.0281 3236 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:11:38.0281 3236 NwlnkFwd - ok
13:11:38.0296 3236 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:11:38.0296 3236 ohci1394 - ok
13:11:38.0562 3236 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
13:11:38.0562 3236 Parport - ok
13:11:38.0562 3236 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:11:38.0562 3236 PartMgr - ok
13:11:38.0578 3236 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:11:38.0578 3236 ParVdm - ok
13:11:38.0609 3236 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:11:38.0671 3236 PCI - ok
13:11:38.0671 3236 PCIDump - ok
13:11:38.0718 3236 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:11:38.0750 3236 PCIIde - ok
13:11:38.0812 3236 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
13:11:38.0812 3236 Pcmcia - ok
13:11:38.0828 3236 PDCOMP - ok
13:11:38.0828 3236 PDFRAME - ok
13:11:38.0828 3236 PDRELI - ok
13:11:38.0828 3236 PDRFRAME - ok
13:11:38.0843 3236 perc2 - ok
13:11:38.0843 3236 perc2hib - ok
13:11:39.0015 3236 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:11:39.0015 3236 PlugPlay - ok
13:11:39.0062 3236 Point32 (5c71f7cdd1b4ba5f00b87ca05e414aea) C:\WINDOWS\system32\DRIVERS\point32.sys
13:11:39.0093 3236 Point32 - ok
13:11:39.0093 3236 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:11:39.0093 3236 PolicyAgent - ok
13:11:39.0234 3236 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:11:39.0234 3236 PptpMiniport - ok
13:11:39.0234 3236 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:11:39.0234 3236 ProtectedStorage - ok
13:11:39.0281 3236 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:11:39.0281 3236 PSched - ok
13:11:39.0296 3236 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:11:39.0296 3236 Ptilink - ok
13:11:39.0328 3236 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:11:39.0343 3236 PxHelp20 - ok
13:11:39.0375 3236 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
13:11:39.0375 3236 QCDonner - ok
13:11:39.0375 3236 ql1080 - ok
13:11:39.0375 3236 Ql10wnt - ok
13:11:39.0375 3236 ql12160 - ok
13:11:39.0390 3236 ql1240 - ok
13:11:39.0390 3236 ql1280 - ok
13:11:39.0406 3236 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:11:39.0406 3236 RasAcd - ok
13:11:39.0453 3236 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:11:39.0453 3236 RasAuto - ok
13:11:39.0484 3236 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:11:39.0484 3236 Rasl2tp - ok
13:11:39.0656 3236 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:11:39.0671 3236 RasMan - ok
13:11:39.0671 3236 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:11:39.0671 3236 RasPppoe - ok
13:11:39.0703 3236 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:11:39.0703 3236 Raspti - ok
13:11:40.0062 3236 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:11:40.0062 3236 Rdbss - ok
13:11:40.0062 3236 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:11:40.0062 3236 RDPCDD - ok
13:11:40.0218 3236 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:11:40.0234 3236 rdpdr - ok
13:11:40.0343 3236 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
13:11:40.0343 3236 RDPWD - ok
13:11:40.0375 3236 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:11:40.0390 3236 RDSessMgr - ok
13:11:40.0437 3236 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:11:40.0437 3236 redbook - ok
13:11:40.0765 3236 RegSrvc (c35ec743558ed20fbc99c47616f9415e) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
13:11:40.0812 3236 RegSrvc - ok
13:11:40.0843 3236 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:11:40.0875 3236 RemoteAccess - ok
13:11:41.0015 3236 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
13:11:41.0031 3236 RemoteRegistry - ok
13:11:41.0078 3236 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:11:41.0078 3236 RpcLocator - ok
13:11:41.0406 3236 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:11:41.0421 3236 RpcSs - ok
13:11:41.0546 3236 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:11:41.0562 3236 RSVP - ok
13:11:41.0765 3236 S24EventMonitor (d72566c2e6a9ee9ba5b0d1f855af74cf) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
13:11:41.0828 3236 S24EventMonitor - ok
13:11:41.0984 3236 s24trans (d4661148e44816b6501be8f4466d65b0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
13:11:41.0984 3236 s24trans - ok
13:11:42.0078 3236 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:11:42.0078 3236 SamSs - ok
13:11:42.0234 3236 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:11:42.0234 3236 SCardSvr - ok
13:11:42.0312 3236 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:11:42.0312 3236 Schedule - ok
13:11:42.0375 3236 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:11:42.0390 3236 Secdrv - ok
13:11:42.0453 3236 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:11:42.0468 3236 seclogon - ok
13:11:42.0515 3236 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:11:42.0531 3236 SENS - ok
13:11:42.0562 3236 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
13:11:42.0562 3236 Serial - ok
13:11:42.0640 3236 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:11:42.0640 3236 Sfloppy - ok
13:11:42.0750 3236 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:11:42.0765 3236 SharedAccess - ok
13:11:43.0234 3236 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:11:43.0234 3236 ShellHWDetection - ok
13:11:43.0250 3236 Simbad - ok
13:11:43.0281 3236 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:11:43.0281 3236 SLIP - ok
13:11:43.0437 3236 SNC (1a992c8136c015453e82041c35b299da) C:\WINDOWS\system32\DRIVERS\SonyNC.sys
13:11:43.0437 3236 SNC - ok
13:11:43.0437 3236 Sparrow - ok
13:11:43.0500 3236 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:11:43.0500 3236 splitter - ok
13:11:43.0546 3236 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:11:43.0562 3236 Spooler - ok
13:11:43.0656 3236 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:11:43.0656 3236 sr - ok
13:11:43.0734 3236 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:11:43.0750 3236 srservice - ok
13:11:43.0875 3236 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:11:43.0890 3236 Srv - ok
13:11:44.0015 3236 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:11:44.0031 3236 SSDPSRV - ok
13:11:44.0250 3236 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:11:44.0281 3236 stisvc - ok
13:11:44.0453 3236 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:11:44.0468 3236 streamip - ok
13:11:44.0531 3236 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:11:44.0531 3236 swenum - ok
13:11:44.0812 3236 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:11:44.0812 3236 swmidi - ok
13:11:44.0812 3236 SwPrv - ok
13:11:45.0062 3236 Symantec Core LC (438fafe708c93b2236fc26b6f2bd5fd0) C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
13:11:45.0109 3236 Symantec Core LC - ok
13:11:45.0125 3236 symc810 - ok
13:11:45.0140 3236 symc8xx - ok
13:11:45.0140 3236 SymIM - ok
13:11:45.0140 3236 sym_hi - ok
13:11:45.0156 3236 sym_u3 - ok
13:11:45.0203 3236 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:11:45.0203 3236 sysaudio - ok
13:11:45.0390 3236 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:11:45.0406 3236 SysmonLog - ok
13:11:45.0515 3236 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:11:45.0546 3236 TapiSrv - ok
13:11:45.0640 3236 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:11:45.0656 3236 Tcpip - ok
13:11:45.0671 3236 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:11:45.0671 3236 TDPIPE - ok
13:11:45.0718 3236 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:11:45.0718 3236 TDTCP - ok
13:11:45.0765 3236 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:11:45.0781 3236 TermDD - ok
13:11:45.0843 3236 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:11:45.0875 3236 TermService - ok
13:11:46.0031 3236 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:11:46.0031 3236 Themes - ok
13:11:46.0328 3236 ti21sony (3106074a87bd5a16e2a3af6902bb6d91) C:\WINDOWS\system32\drivers\ti21sony.sys
13:11:46.0343 3236 ti21sony - ok
13:11:46.0390 3236 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
13:11:46.0390 3236 TlntSvr - ok
13:11:46.0390 3236 TosIde - ok
13:11:46.0453 3236 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:11:46.0468 3236 TrkWks - ok
13:11:46.0531 3236 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:11:46.0562 3236 Udfs - ok
13:11:46.0562 3236 ultra - ok
13:11:46.0796 3236 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:11:46.0796 3236 Update - ok
13:11:46.0937 3236 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:11:46.0937 3236 upnphost - ok
13:11:47.0015 3236 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:11:47.0031 3236 UPS - ok
13:11:47.0140 3236 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:11:47.0140 3236 USBAAPL - ok
13:11:47.0218 3236 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:11:47.0218 3236 usbaudio - ok
13:11:47.0265 3236 usbbus (af9388e736af0c325067f05edc350010) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
13:11:47.0296 3236 usbbus - ok
13:11:47.0390 3236 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:11:47.0390 3236 usbccgp - ok
13:11:47.0531 3236 UsbDiag (ae30ea96e60e823c7b525da356283ae8) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
13:11:47.0562 3236 UsbDiag - ok
13:11:47.0593 3236 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:11:47.0593 3236 usbehci - ok
13:11:47.0625 3236 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:11:47.0625 3236 usbhub - ok
13:11:47.0656 3236 USBModem (46ac66df3d6efe81f69bea823a53aab5) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
13:11:47.0656 3236 USBModem - ok
13:11:47.0718 3236 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:11:47.0718 3236 usbprint - ok
13:11:47.0781 3236 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:11:47.0781 3236 usbscan - ok
13:11:47.0828 3236 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:11:47.0828 3236 USBSTOR - ok
13:11:47.0890 3236 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:11:47.0890 3236 usbuhci - ok
13:11:47.0921 3236 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:11:47.0921 3236 usbvideo - ok
13:11:47.0937 3236 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:11:47.0937 3236 VgaSave - ok
13:11:47.0937 3236 ViaIde - ok
13:11:47.0953 3236 VMnetAdapter - ok
13:11:48.0046 3236 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:11:48.0046 3236 VolSnap - ok
13:11:48.0484 3236 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:11:48.0500 3236 VSS - ok
13:11:48.0578 3236 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:11:48.0578 3236 W32Time - ok
13:11:48.0656 3236 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:11:48.0656 3236 Wanarp - ok
13:11:48.0656 3236 WDICA - ok
13:11:48.0687 3236 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:11:48.0687 3236 wdmaud - ok
13:11:48.0750 3236 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:11:48.0750 3236 WebClient - ok
13:11:48.0968 3236 winachsf (317dc24899ad7a06e3430bf45f292989) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:11:49.0000 3236 winachsf - ok
13:11:49.0140 3236 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:11:49.0156 3236 winmgmt - ok
13:11:49.0218 3236 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
13:11:49.0234 3236 WmdmPmSN - ok
13:11:49.0562 3236 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
13:11:49.0562 3236 Wmi - ok
13:11:49.0609 3236 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:11:49.0640 3236 WmiApSrv - ok
13:11:49.0968 3236 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:11:50.0000 3236 WMPNetworkSvc - ok
13:11:50.0203 3236 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:11:50.0312 3236 WPFFontCache_v0400 - ok
13:11:50.0562 3236 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:11:50.0562 3236 WS2IFSL - ok
13:11:50.0609 3236 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:11:50.0625 3236 wscsvc - ok
13:11:50.0687 3236 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:11:50.0687 3236 WSTCODEC - ok
13:11:50.0750 3236 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:11:50.0750 3236 wuauserv - ok
13:11:50.0812 3236 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:11:50.0812 3236 WudfPf - ok
13:11:50.0828 3236 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:11:50.0843 3236 WudfRd - ok
13:11:50.0875 3236 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:11:50.0890 3236 WudfSvc - ok
13:11:51.0093 3236 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:11:51.0109 3236 WZCSVC - ok
13:11:51.0171 3236 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:11:51.0203 3236 xmlprov - ok
13:11:51.0406 3236 yukonwxp (228d0403f0210d6d67a9acf907597efe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
13:11:51.0406 3236 yukonwxp - ok
13:11:51.0453 3236 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:11:52.0296 3236 \Device\Harddisk0\DR0 - ok
13:11:52.0296 3236 Boot (0x1200) (3db060831c059c878d961905b43aa2a3) \Device\Harddisk0\DR0\Partition0
13:11:52.0296 3236 \Device\Harddisk0\DR0\Partition0 - ok
13:11:52.0296 3236 ============================================================
13:11:52.0296 3236 Scan finished
13:11:52.0296 3236 ============================================================
13:11:52.0312 0576 Detected object count: 0
13:11:52.0312 0576 Actual detected object count: 0

Here are the malwarebytes logs from a quick scan:


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Hello :: RATAN-410E11E12 [administrator]

8/13/2012 12:57:52 PM
mbam-log-2012-08-13 (12-57-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246846
Time elapsed: 16 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by StopRedirecting, 13 August 2012 - 12:17 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:08 AM

Posted 13 August 2012 - 12:16 PM

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

Edited by narenxp, 13 August 2012 - 12:16 PM.


#3 StopRedirecting

StopRedirecting
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 13 August 2012 - 12:35 PM

EDIT*******************: Finished them all. Thanks.


Thank you so much! They all seem to have done the job, 20+ links and no redirect!
Anything else you feel I should do?

If not, thanks again! Do I need to delete them, or can I keep them? If not, you can close this.
Again, thank you soooo much!

---------------------------------------------------------------------------------------------

Will upload rest by editing as they finish.

If it helps, I'm using google chrome and it is primarily google searches. After all this is done I'll reboot and try.

Minitoolbox.exe:


MiniToolBox by Farbar Version: 23-07-2012
Ran by Hello (administrator) on 13-08-2012 at 13:34:09
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : ratan-410e11e12

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-18-DE-8C-4D-5D

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.105

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Monday, August 13, 2012 12:56:53 PM

Lease Expires . . . . . . . . . . : Monday, August 13, 2012 3:56:53 PM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller

Physical Address. . . . . . . . . : 00-13-A9-7F-C5-A1

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.45.139, 74.125.45.100, 74.125.45.101, 74.125.45.102
74.125.45.113, 74.125.45.138



Pinging google.com [74.125.45.101] with 32 bytes of data:



Reply from 74.125.45.101: bytes=32 time=62ms TTL=52

Reply from 74.125.45.101: bytes=32 time=62ms TTL=52



Ping statistics for 74.125.45.101:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 62ms, Maximum = 62ms, Average = 62ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=73ms TTL=55

Reply from 209.191.122.70: bytes=32 time=75ms TTL=55



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 73ms, Maximum = 75ms, Average = 74ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 de 8c 4d 5d ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
0x3 ...00 13 a9 7f c5 a1 ...... Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.105 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.105 192.168.0.105 20
192.168.0.0 255.255.255.0 192.168.0.105 192.168.0.105 25
192.168.0.105 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.105 192.168.0.105 25
224.0.0.0 240.0.0.0 192.168.0.105 192.168.0.105 25
255.255.255.255 255.255.255.255 192.168.0.105 3 1
255.255.255.255 255.255.255.255 192.168.0.105 192.168.0.105 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/11/2012 06:37:04 PM) (Source: Application Error) (User: )
Description: Faulting application wlcomm.exe, version 14.0.8117.416, faulting module unknown, version 0.0.0.0, fault address 0x6e69575c.
Processing media-specific event for [wlcomm.exe!ws!]

Error: (08/11/2012 01:51:33 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (08/11/2012 00:36:21 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (08/10/2012 10:40:28 PM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/10/2012 10:40:28 PM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/10/2012 10:40:27 PM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/10/2012 10:40:27 PM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/10/2012 10:38:08 PM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/10/2012 10:38:08 PM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (08/10/2012 10:38:08 PM) (Source: Userenv) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.


System errors:
=============
Error: (08/13/2012 01:11:55 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 30 minutes.
NtpClient has no source of accurate time.

Error: (08/13/2012 01:11:55 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer ',0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (08/13/2012 00:56:55 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (08/13/2012 00:56:55 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer ',0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (08/13/2012 00:53:43 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 30 minutes.
NtpClient has no source of accurate time.

Error: (08/13/2012 00:53:43 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer ',0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (08/13/2012 00:38:43 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (08/13/2012 00:38:43 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer ',0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (08/13/2012 00:38:40 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (08/13/2012 00:38:40 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer ',0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)


Microsoft Office Sessions:
=========================
Error: (08/11/2012 06:37:04 PM) (Source: Application Error)(User: )
Description: wlcomm.exe14.0.8117.416unknown0.0.0.06e69575c

Error: (08/11/2012 01:51:33 AM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp448007043C

Error: (08/11/2012 00:36:21 AM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp448007043C

Error: (08/10/2012 10:40:28 PM) (Source: Userenv)(User: NT AUTHORITY)NT AUTHORITY
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (08/10/2012 10:40:28 PM) (Source: Userenv)(User: NT AUTHORITY)NT AUTHORITY
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (08/10/2012 10:40:27 PM) (Source: Userenv)(User: NT AUTHORITY)NT AUTHORITY
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (08/10/2012 10:40:27 PM) (Source: Userenv)(User: NT AUTHORITY)NT AUTHORITY
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (08/10/2012 10:38:08 PM) (Source: Userenv)(User: NT AUTHORITY)NT AUTHORITY
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (08/10/2012 10:38:08 PM) (Source: Userenv)(User: NT AUTHORITY)NT AUTHORITY
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (08/10/2012 10:38:08 PM) (Source: Userenv)(User: NT AUTHORITY)NT AUTHORITY
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}


=========================== Installed Programs ============================

Adobe AIR (Version: 3.2.0.2070)
Adobe Download Assistant (Version: 1.2)
Adobe Flash Player 10 ActiveX (Version: 10.0.12.36)
Adobe Shockwave Player (Version: 11)
Apple Mobile Device Support (Version: 2.1.1.13)
Apple Software Update (Version: 2.1.1.116)
Bonjour (Version: 1.0.105)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
Fraps
Google Chrome (Version: 21.0.1180.75)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HyperCam 2 (Version: 2.27.00)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4543)
iTunes (Version: 8.0.1.11)
Java™ 6 Update 7 (Version: 1.6.0.70)
LG United Mobile Drivers (Version: 3.3.0.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MapleStory
McAfee Security Scan Plus (Version: 3.0.250.5)
mCore (Version: 7.00.0000)
mDriver (Version: 7.00.0000)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliPoint 6.01 (Version: 6.01.250.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
mMHouse (Version: 7.00.0000)
mPfMgr (Version: 7.00.0000)
mProSafe (Version: 9.00.0000)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
mWlsSafe (Version: 9.00.0000)
mXML (Version: 7.00.0000)
Nexon Game Manager
Norton Internet Security (Symantec Corporation) (Version: 15.5.0.23)
Paint.NET v3.36 (Version: 3.36.0)
Pando Media Booster (Version: 2.6.0.1)
QuickTime (Version: 7.55.90.70)
Realtek High Definition Audio Driver (Version: 5.10.0.5268)
Segoe UI (Version: 14.0.4327.805)
Skype™ 5.5 (Version: 5.5.124)
Soft Data Fax Modem with SmartCP
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Intel Corporation (ialm) Display (03/23/2006 6.14.10.4543) (Version: 03/23/2006 6.14.10.4543)
Windows Driver Package - Marvell (yukonwxp) Net (05/23/2006 8.56.1.3) (Version: 05/23/2006 8.56.1.3)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0036.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 75%
Total physical RAM: 1014.11 MB
Available physical RAM: 245.76 MB
Total Pagefile: 2441.87 MB
Available Pagefile: 1779.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.98 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.78 GB) (Free:70.73 GB) NTFS

========================= Users: ========================================

User accounts for \\RATAN-410E11E12

Administrator ASPNET Guest
HelpAssistant Hello SUPPORT_388945a0


**** End of log ****



-------------------------------------------------------------------------------------------

Edit: ----------------------

FSS.exe:

Farbar Service Scanner Version: 06-08-2012
Ran by Hello (administrator) on 13-08-2012 at 13:36:32
Running from "C:\Documents and Settings\Hello\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) s24trans(8) Tcpip(4)
0x0B00000005000000010000000200000003000000040000000A000000060000000700000008000000090000000B000000
IpSec Tag value is correct.

**** End of log ****



------------------------------------------------------------------------------------------------------------------

Edit 2:--------------------------------------------------------------------

ASWMBR/Avast scan:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-13 13:34:16
-----------------------------
13:34:16.281 OS Version: Windows 5.1.2600 Service Pack 3
13:34:16.281 Number of processors: 2 586 0xE08
13:34:16.281 ComputerName: RATAN-410E11E12 UserName: Hello
13:34:23.109 Initialize success
13:53:18.453 AVAST engine defs: 12081300
13:53:28.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
13:53:28.687 Disk 0 Vendor: WDC_WD1200BEVS-60LAT0 01.06M01 Size: 114473MB BusType: 3
13:53:28.687 Disk 1 \Device\Harddisk1\DR2 -> \Device\00000081
13:53:28.687 Disk 1 Vendor: ( Size: 114473MB BusType: 0
13:53:28.687 Disk 2 \Device\Harddisk2\DR3 -> \Device\00000082
13:53:28.687 Disk 2 Vendor: ( Size: 114473MB BusType: 0
13:53:28.765 Disk 0 MBR read successfully
13:53:28.765 Disk 0 MBR scan
13:53:28.875 Disk 0 Windows XP default MBR code
13:53:28.875 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114463 MB offset 63
13:53:28.890 Disk 0 scanning sectors +234420480
13:53:29.015 Disk 0 scanning C:\WINDOWS\system32\drivers
13:53:45.750 Service scanning
13:54:12.328 Modules scanning
13:54:23.531 Disk 0 trace - called modules:
13:54:23.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:54:23.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f01ab8]
13:54:23.562 3 CLASSPNP.SYS[f755efd7] -> nt!IofCallDriver -> \Device\0000007e[0x86fe12f8]
13:54:23.562 5 ACPI.sys[f73d5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86f674d0]
13:54:24.156 AVAST engine scan C:\WINDOWS
13:54:42.921 AVAST engine scan C:\WINDOWS\system32
13:58:52.015 AVAST engine scan C:\WINDOWS\system32\drivers
13:59:25.359 AVAST engine scan C:\Documents and Settings\Hello
14:03:08.171 File: C:\Documents and Settings\Hello\Local Settings\Application
14:20:04.062 AVAST engine scan C:\Documents and Settings\All Users
14:20:49.390 Scan finished successfully
14:21:52.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Hello\Desktop\MBR.dat"
14:21:52.359 The log file has been saved successfully to "C:\Documents and Settings\Hello\Desktop\aswMBR.txt"



-------------------------------------------------------------------------------------------------------------

Edit 3:------------------------------------------------------------------------------

Did you want the whole file? That would be massive.
ESET scanner virus/threats:

C:\Documents and Settings\Hello\Local Settings\Application Data\Microsoft\Messenger\xxxxxxxxx@hotmail.com\Sharing Folders\xxxxxxxxx@hotmail.com\New Folder\bizarrotrainer.dll probably a variant of Win32/Agent.ELENFRU trojan cleaned by deleting - quarantined
C:\Documents and Settings\Hello\Local Settings\Temp\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Documents and Settings\Hello\Local Settings\Temp\Soft32_Stub_5741.exe Win32/InstallMonetizer.AB application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.08.2012_12.30.33\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.08.2012_12.30.33\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.08.2012_12.30.33\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.08.2012_12.30.33\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.08.2012_12.30.33\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NP trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.08.2012_12.30.33\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.08.2012_12.30.33\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.08.2012_12.30.33\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.08.2012_12.41.44\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.08.2012_12.41.44\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.08.2012_12.41.44\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.08.2012_12.41.44\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.08.2012_12.41.44\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NP trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.08.2012_12.41.44\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.08.2012_12.41.44\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\13.08.2012_12.41.44\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined



---------------------------------------------------------------------------------------------------------------

Edit 4:---------------------------------------------------

Finally the last one, ADWcleaner:


# AdwCleaner v1.800 - Logfile created 08/13/2012 at 14:55:41
# Updated 01/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Hello - RATAN-410E11E12
# Running from : C:\Documents and Settings\Hello\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Hello\Local Settings\Application Data\Giant Savings
Folder Deleted : C:\DOCUME~1\Hello\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
File Deleted : C:\DOCUME~1\Hello\LOCALS~1\Temp\Uninstall.exe

***** [Registry] *****

Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Giant Savings
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\Viewpoint

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033443379}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447779}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.75

File : C:\Documents and Settings\Hello\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted : "urls_to_restore_on_startup": [ "hxxp://isearch.avg.com/?cid={8350374B-0EAE-4C01-983B-15B98[...]
Deleted : "description": "The fastest way to search the web.",
Deleted : "urls_to_restore_on_startup": [ "hxxp://isearch.avg.com/?cid={8350374B-0EAE-4C01-983B-15B98C69[...]

*************************

AdwCleaner[S1].txt - [307 octets] - [13/08/2012 13:39:16]
AdwCleaner[S2].txt - [3820 octets] - [13/08/2012 14:55:41]

########## EOF - C:\AdwCleaner[S2].txt - [3948 octets] ##########

Edited by StopRedirecting, 13 August 2012 - 02:11 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:08 AM

Posted 15 August 2012 - 11:55 PM

Extremely sorry I didnot respond to you.

You edited your last post to add logs.Make sure to add a new post while posting logs so that i can understand that there is an update :thumbup2:

Any current issues




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users