Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus


  • Please log in to reply
15 replies to this topic

#1 Waysender

Waysender

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nebraska
  • Local time:10:30 PM

Posted 18 August 2012 - 04:23 PM

Greetings Everyone,

I'm sure you can guess why I am here, so here goes...

I at some point in the not to distant past began having problems with being redirected to various sites I had not actually chosen.
Some of the sites were "Click-Get-Answers-Fast", "Search-Tools-Online", "Burstnet.com", "35glam", "Myspace.com" (this one admittedly made me laugh), "USBuildingDigest". I also would be sent to security software sites that were clearly phony.

After doing some homework I discovered I had a rootkit and proceeded to run various security software. (Had I found this site first I would have understood the importance of running order for max effectiveness.) I had MS Essentials, then ran the free AVG software, and just recently I ran the TDSS Kapersky.

As it stands I also am having trouble starting and updating various microsoft functions. Windows firewall and MS Essentials, on the MSE I am not sure if this is the virus or if AVG is possibly being over-protective, I can remove and reinstall (as recommended on another site) to get the latest version. I checked the registry key and noticed a small change.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WZCSVC (this should be WSCSVC correct?)

Although they found several items I still occasionally get redirected albiet at a much lower percentage.

The one things the security scans found that I seemed to recognize was the name "Sirefef.AB", if this helps you that is.

Peaking around my registry I found something that strike me as odd, it is
HKEY_CLASSES_ROOT\CLSID\FASTSRCH.DLL (Default)
Threading Model - Apartment
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
Default - Fastsrch
Theading Model - Apartment

I also found a "hn.kd.ny.ads1.http" and deleted it, that seemed to end alot of the redirects I was getting.

On a side note, something I just blanked on, I use Cox Cable for internet service and my proxy is set as
Proxy Server - "copperhead.bolling.af.mil" Port - 8080
Having a virus and seeing anything as sinister sounding as "copperhead" just made me pause.

I am running Windows XP, 32 bit, on a Dell Laptop. This is a really old laptop, I've been shopping for a new one but would like to salvage this to keep as a web surfing computer, maybe leave iTunes on it ect.

My question is how should I proceed, what order ect. This first, that second and so on. Should I uninstall MSE or AVG? Should I reboot and do the various steps in "Safe Mode"? I apologize but my computer IQ peaked long ago so if I am leaving out any key information please let me know and I will do my best to fill in the blanks.

As I was writing this AVG popped up to tell me of recent threats it has protected me from, I will copy and paste for you. Scratch that, it came up "InPrivate" and wouldn't load, so thats a new one on me.

Any course of action you could put me on would be greatly appreciated, thank you for your time and effort.

Alexander W.

Edited by Waysender, 19 August 2012 - 03:05 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:30 PM

Posted 18 August 2012 - 04:42 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Waysender

Waysender
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nebraska
  • Local time:10:30 PM

Posted 19 August 2012 - 01:41 PM

Thank you for your assistance narenxp, the results are as follows…

TDSSkiller

No threats found.

aswMBR – I am not sure if it ran all the way to the end. After stopping at the following file for a long time I saved the log and posted below.
C:\Documents and Settings\USER\Local Settings\Temp\_av4_\msvcr71.dll

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-19 11:53:28
-----------------------------
11:53:28.471 OS Version: Windows 5.1.2600 Service Pack 3
11:53:28.471 Number of processors: 1 586 0x905
11:53:28.471 ComputerName: USER-737A973129 UserName: USER
11:53:32.476 Initialize success
12:01:17.575 AVAST engine defs: 12081900
12:01:27.269 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:01:27.269 Disk 0 Vendor: FUJITSU_MHT2030AT 009B Size: 28615MB BusType: 3
12:01:27.309 Disk 0 MBR read successfully
12:01:27.319 Disk 0 MBR scan
12:01:31.555 Disk 0 Windows XP default MBR code
12:01:31.605 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 28607 MB offset 63
12:01:35.241 Disk 0 scanning sectors +58589055
12:01:36.973 Disk 0 scanning C:\WINDOWS\system32\drivers
12:03:35.263 Service scanning
12:05:20.985 Service MpKsl7e3812a5 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6FEE0F9A-925D-4041-B232-2FA0A8D98596}\MpKsl7e3812a5.sys **LOCKED** 32
12:06:35.092 Modules scanning
12:07:03.713 Disk 0 trace - called modules:
12:07:03.743 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
12:07:04.154 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b87ab8]
12:07:04.154 3 CLASSPNP.SYS[f85b4fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82b1ad98]
12:07:07.188 AVAST engine scan C:\WINDOWS
12:08:17.579 AVAST engine scan C:\WINDOWS\system32
12:25:56.993 AVAST engine scan C:\WINDOWS\system32\drivers
12:27:32.139 AVAST engine scan C:\Documents and Settings\USER
13:13:35.783 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\USER\My Documents\General Information\MBR.dat"
13:13:36.474 The log file has been saved successfully to "C:\Documents and Settings\USER\My Documents\General Information\aswMBR.txt"

ESET online scanner
I could not get it to run, I kept getting the following prompt.
C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\
Content.IE5\3ADTA9MB\esetsmartinstaller_enu [1].exe
is not a valid Win32 application.

AVG - I went back and checked the AVG Virus Vault.
The results are as follows

Infection - Trojan horse Cryptic.EFM
C:\WINDOWS\Installer\{9f0b09e5-b1ec-f7b1-a8fb-12d09251b419}\n

Infection - Trojan horse Cryptic.EFM
C:\Documents and Settings\USER\Local Settings\Application Data\{9f0b09e5-b1ec-f7b1-a8fb-12d09251b419}\n

Infection - Trojan horse Cryptic.EFM
C:\Documents and Settings\USER\Local Settings\Application Data\{9f0b09e5-b1ec-f7b1-a8fb-12d09251b419}\n

Infection - Virus found Script/Exploit.Kit
C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\TRPSZ75J\main[1].htm

Infection - Trojan horse Cryptic.EFM
C:\WINDOWS\Installer\{9f0b09e5-b1ec-f7b1-a8fb-12d09251b419}\n

Infection - Trojan horse Generic28.AUQH
c:\WINDOWS\assembly\GAC\Desktop.ini

Infection - Trojan horse Generic28.AUQH
c:\System Volume Information\_restore{098A718E-B7A7-4024-B16D-E30C3B0C0ACF}\RP251\A0044230.ini

Infection - Trojan horse Generic28.AUQH
c:\System Volume Information\_restore{098A718E-B7A7-4024-B16D-E30C3B0C0ACF}\RP251\A0044239.ini

Infection - Trojan horse Downloader.BHO.AE
c:\System Volume Information\_restore{098A718E-B7A7-4024-B16D-E30C3B0C0ACF}\RP253\A0044270.dll

Malware - IDP.Trojan.7CBD7B71
C:\WINDOWS\SYSTEM32\FASTSRCH.DLL

After disconnecting I ran AVG just for fun and the following threat popped up.
C:Documents and Settings\User\Local Settings\Temporary Internet Filles\Content.IE5
\3ADTA9MB\CA134QYO (it was listed as a hidden file)

Edited by Waysender, 19 August 2012 - 03:04 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:30 PM

Posted 19 August 2012 - 10:12 PM

Boot into safemode with networking and try to run ASWMBR and ESET.I need to see your TDSSkiller log too

#5 Waysender

Waysender
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nebraska
  • Local time:10:30 PM

Posted 20 August 2012 - 07:01 PM

My apologies for not including the log, I tried again and the second time around everything downloaded and ran fine. The results are as listed.

TDSS

16:32:24.0433 2200 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
16:32:26.0476 2200 ============================================================
16:32:26.0476 2200 Current date / time: 2012/08/20 16:32:26.0476
16:32:26.0476 2200 SystemInfo:
16:32:26.0476 2200
16:32:26.0476 2200 OS Version: 5.1.2600 ServicePack: 3.0
16:32:26.0476 2200 Product type: Workstation
16:32:26.0476 2200 ComputerName: USER-737A973129
16:32:26.0476 2200 UserName: USER
16:32:26.0476 2200 Windows directory: C:\WINDOWS
16:32:26.0476 2200 System windows directory: C:\WINDOWS
16:32:26.0476 2200 Processor architecture: Intel x86
16:32:26.0476 2200 Number of processors: 1
16:32:26.0476 2200 Page size: 0x1000
16:32:26.0476 2200 Boot type: Normal boot
16:32:26.0476 2200 ============================================================
16:33:01.0536 2200 Drive \Device\Harddisk0\DR0 - Size: 0x6FC7C8000 (27.95 Gb), SectorSize: 0x200, Cylinders: 0xE40, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:33:02.0568 2200 ============================================================
16:33:02.0568 2200 \Device\Harddisk0\DR0:
16:33:02.0598 2200 MBR partitions:
16:33:02.0598 2200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37DFF40
16:33:02.0598 2200 ============================================================
16:33:02.0688 2200 C: <-> \Device\Harddisk0\DR0\Partition1
16:33:02.0738 2200 ============================================================
16:33:02.0748 2200 Initialize success
16:33:02.0748 2200 ============================================================
16:33:14.0825 2388 ============================================================
16:33:14.0825 2388 Scan started
16:33:14.0825 2388 Mode: Manual; TDLFS;
16:33:14.0825 2388 ============================================================
16:33:15.0306 2388 ================ Scan system memory ========================
16:33:15.0336 2388 System memory - ok
16:33:15.0336 2388 ================ Scan services =============================
16:33:15.0827 2388 Abiosdsk - ok
16:33:15.0847 2388 abp480n5 - ok
16:33:16.0438 2388 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:33:16.0998 2388 ACPI - ok
16:33:17.0089 2388 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:33:17.0099 2388 ACPIEC - ok
16:33:17.0119 2388 adpu160m - ok
16:33:17.0179 2388 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:33:17.0219 2388 aec - ok
16:33:17.0319 2388 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:33:17.0589 2388 AFD - ok
16:33:17.0669 2388 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
16:33:17.0669 2388 agp440 - ok
16:33:17.0679 2388 Aha154x - ok
16:33:17.0699 2388 aic78u2 - ok
16:33:17.0709 2388 aic78xx - ok
16:33:17.0769 2388 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:33:17.0880 2388 Alerter - ok
16:33:17.0910 2388 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:33:17.0920 2388 ALG - ok
16:33:17.0930 2388 AliIde - ok
16:33:17.0950 2388 amsint - ok
16:33:18.0060 2388 [ 090880E9BF20F928BC341F96D27C019E ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
16:33:18.0200 2388 ApfiltrService - ok
16:33:18.0260 2388 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
16:33:18.0270 2388 APPDRV - ok
16:33:18.0621 2388 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:33:18.0751 2388 Apple Mobile Device - ok
16:33:18.0851 2388 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:33:18.0941 2388 AppMgmt - ok
16:33:18.0951 2388 asc - ok
16:33:18.0981 2388 asc3350p - ok
16:33:18.0991 2388 asc3550 - ok
16:33:19.0272 2388 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:33:19.0792 2388 aspnet_state - ok
16:33:19.0873 2388 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:33:19.0893 2388 AsyncMac - ok
16:33:19.0983 2388 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:33:19.0983 2388 atapi - ok
16:33:20.0003 2388 Atdisk - ok
16:33:20.0253 2388 [ 450BF8C0BD401A48FFA91D28DF665E93 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
16:33:20.0363 2388 Ati HotKey Poller - ok
16:33:20.0634 2388 [ 246248AADA156450BE611ECEAA5FE033 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:33:20.0744 2388 ati2mtag - ok
16:33:20.0844 2388 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:33:20.0854 2388 Atmarpc - ok
16:33:20.0934 2388 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:33:20.0944 2388 AudioSrv - ok
16:33:21.0024 2388 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:33:21.0024 2388 audstub - ok
16:33:21.0945 2388 [ 6D440FF3F44CA72EDFD6176C6D6A89C0 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
16:33:22.0496 2388 AVGIDSAgent - ok
16:33:22.0827 2388 [ 4FA401B33C1B50C816486F6951244A14 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
16:33:22.0927 2388 AVGIDSDriver - ok
16:33:23.0007 2388 [ 69578BC9D43D614C6B3455DB4AF19762 ] AVGIDSEH C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
16:33:23.0067 2388 AVGIDSEH - ok
16:33:23.0137 2388 [ 6DF528406AA22201F392B9B19121CD6F ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
16:33:23.0157 2388 AVGIDSFilter - ok
16:33:23.0207 2388 [ 1E01C2166B5599802BCD61B9691F7476 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
16:33:23.0227 2388 AVGIDSShim - ok
16:33:23.0317 2388 [ BF8118CD5E2255387B715B534D64ACD1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:33:23.0378 2388 Avgldx86 - ok
16:33:23.0478 2388 [ 1C77EF67F196466ADC9924CB288AFE87 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:33:23.0508 2388 Avgmfx86 - ok
16:33:23.0628 2388 [ F2038ED7284B79DCEF581468121192A9 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:33:23.0658 2388 Avgrkx86 - ok
16:33:23.0808 2388 [ A6D562B612216D8D02A35EBEB92366BD ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:33:23.0888 2388 Avgtdix - ok
16:33:23.0968 2388 [ 6699ECE24FE4B3F752A66C66A602EE86 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
16:33:23.0998 2388 avgwd - ok
16:33:24.0099 2388 [ 48BF91CFFBCDD12A710207F2A08FEC4D ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:33:24.0209 2388 b57w2k - ok
16:33:24.0559 2388 [ 30D20FC98BCFD52E1DA778CF19B223D4 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
16:33:24.0619 2388 BCM43XX - ok
16:33:24.0679 2388 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:33:24.0750 2388 Beep - ok
16:33:25.0491 2388 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:33:25.0551 2388 Bonjour Service - ok
16:33:25.0591 2388 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
16:33:25.0671 2388 Browser - ok
16:33:25.0761 2388 [ 9060FA1F3EE5C1100AB1D358C3B0996B ] CBEN5 C:\WINDOWS\system32\DRIVERS\cben5.sys
16:33:25.0831 2388 CBEN5 - ok
16:33:25.0951 2388 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:33:25.0991 2388 cbidf2k - ok
16:33:26.0011 2388 CBPMp50 - ok
16:33:26.0071 2388 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] CBPSp50 C:\WINDOWS\system32\Drivers\CBPSp50.sys
16:33:26.0101 2388 CBPSp50 - ok
16:33:26.0111 2388 cd20xrnt - ok
16:33:26.0222 2388 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:33:26.0252 2388 Cdaudio - ok
16:33:26.0312 2388 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:33:26.0322 2388 Cdfs - ok
16:33:26.0392 2388 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:33:26.0412 2388 Cdrom - ok
16:33:26.0502 2388 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
16:33:27.0103 2388 cercsr6 - ok
16:33:27.0123 2388 Changer - ok
16:33:27.0223 2388 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:33:27.0293 2388 CiSvc - ok
16:33:27.0383 2388 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:33:27.0604 2388 ClipSrv - ok
16:33:27.0714 2388 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:33:28.0685 2388 clr_optimization_v2.0.50727_32 - ok
16:33:28.0755 2388 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:33:29.0146 2388 CmBatt - ok
16:33:29.0166 2388 CmdIde - ok
16:33:29.0226 2388 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:33:29.0236 2388 Compbatt - ok
16:33:29.0256 2388 COMSysApp - ok
16:33:29.0306 2388 Cpqarray - ok
16:33:29.0366 2388 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:33:29.0366 2388 CryptSvc - ok
16:33:29.0386 2388 dac2w2k - ok
16:33:29.0396 2388 dac960nt - ok
16:33:29.0516 2388 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:33:29.0576 2388 DcomLaunch - ok
16:33:29.0627 2388 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:33:29.0657 2388 Dhcp - ok
16:33:29.0677 2388 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:33:29.0707 2388 Disk - ok
16:33:29.0717 2388 dmadmin - ok
16:33:29.0807 2388 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:33:29.0907 2388 dmboot - ok
16:33:29.0947 2388 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:33:29.0997 2388 dmio - ok
16:33:30.0027 2388 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:33:30.0067 2388 dmload - ok
16:33:30.0127 2388 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:33:30.0147 2388 dmserver - ok
16:33:30.0187 2388 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:33:30.0227 2388 DMusic - ok
16:33:30.0267 2388 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:33:30.0298 2388 Dnscache - ok
16:33:30.0418 2388 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:33:30.0508 2388 Dot3svc - ok
16:33:30.0528 2388 dpti2o - ok
16:33:30.0578 2388 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:33:30.0588 2388 drmkaud - ok
16:33:30.0648 2388 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:33:30.0788 2388 EapHost - ok
16:33:30.0888 2388 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:33:30.0908 2388 ERSvc - ok
16:33:31.0039 2388 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:33:31.0049 2388 Eventlog - ok
16:33:31.0199 2388 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:33:31.0319 2388 EventSystem - ok
16:33:31.0890 2388 [ 2BDF3F87223ED9EB2AE96A1BD5CCB1DC ] F-Secure BlackLight Sensor C:\DOCUME~1\USER\LOCALS~1\Temp\F-Secure\BlackLight\fsblsrv.exe
16:33:32.0751 2388 F-Secure BlackLight Sensor - ok
16:33:32.0801 2388 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:33:32.0831 2388 Fastfat - ok
16:33:32.0931 2388 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:33:32.0941 2388 FastUserSwitchingCompatibility - ok
16:33:32.0991 2388 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
16:33:33.0011 2388 Fdc - ok
16:33:33.0071 2388 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:33:33.0092 2388 Fips - ok
16:33:33.0132 2388 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:33:33.0162 2388 Flpydisk - ok
16:33:33.0272 2388 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:33:33.0282 2388 FltMgr - ok
16:33:33.0432 2388 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:33:33.0602 2388 FontCache3.0.0.0 - ok
16:33:33.0622 2388 fsbl-standalone - ok
16:33:33.0642 2388 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:33:33.0642 2388 Fs_Rec - ok
16:33:33.0702 2388 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:33:33.0712 2388 Ftdisk - ok
16:33:33.0773 2388 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:33:33.0913 2388 GEARAspiWDM - ok
16:33:33.0973 2388 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:33:33.0993 2388 Gpc - ok
16:33:34.0093 2388 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:33:34.0093 2388 helpsvc - ok
16:33:34.0143 2388 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:33:34.0153 2388 HidServ - ok
16:33:34.0594 2388 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:33:34.0664 2388 HidUsb - ok
16:33:34.0764 2388 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:33:34.0814 2388 hkmsvc - ok
16:33:34.0834 2388 hpn - ok
16:33:34.0924 2388 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:33:34.0924 2388 HPZid412 - ok
16:33:34.0944 2388 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:33:34.0974 2388 HPZipr12 - ok
16:33:35.0024 2388 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:33:35.0044 2388 HPZius12 - ok
16:33:35.0205 2388 [ A84BBBDD125D370593004F6429F8445C ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
16:33:35.0275 2388 HSFHWICH - ok
16:33:36.0016 2388 [ B678FA91CF4A1C19B462D8DB04CD02AB ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
16:33:36.0226 2388 HSF_DPV - ok
16:33:36.0326 2388 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:33:36.0617 2388 HTTP - ok
16:33:36.0957 2388 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:33:36.0967 2388 HTTPFilter - ok
16:33:36.0987 2388 i2omgmt - ok
16:33:37.0007 2388 i2omp - ok
16:33:37.0047 2388 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:33:37.0067 2388 i8042prt - ok
16:33:37.0217 2388 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:33:37.0278 2388 idsvc - ok
16:33:37.0308 2388 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:33:37.0318 2388 Imapi - ok
16:33:37.0368 2388 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:33:37.0428 2388 ImapiService - ok
16:33:37.0448 2388 ini910u - ok
16:33:37.0488 2388 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:33:37.0498 2388 IntelIde - ok
16:33:37.0578 2388 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:33:37.0588 2388 intelppm - ok
16:33:37.0638 2388 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:33:37.0638 2388 Ip6Fw - ok
16:33:37.0678 2388 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:33:37.0708 2388 IpFilterDriver - ok
16:33:37.0768 2388 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:33:37.0788 2388 IpInIp - ok
16:33:37.0838 2388 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:33:37.0898 2388 IpNat - ok
16:33:38.0059 2388 [ E51BD095B2FDF56B17EE010BB794D6ED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:33:38.0159 2388 iPod Service - ok
16:33:38.0219 2388 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:33:38.0219 2388 IPSec - ok
16:33:38.0259 2388 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
16:33:38.0269 2388 irda - ok
16:33:38.0319 2388 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:33:38.0319 2388 IRENUM - ok
16:33:38.0369 2388 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
16:33:38.0389 2388 Irmon - ok
16:33:38.0429 2388 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:33:38.0449 2388 isapnp - ok
16:33:38.0650 2388 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
16:33:38.0740 2388 JavaQuickStarterService - ok
16:33:38.0780 2388 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:33:38.0780 2388 Kbdclass - ok
16:33:38.0850 2388 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:33:38.0850 2388 kbdhid - ok
16:33:38.0940 2388 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:33:38.0960 2388 kmixer - ok
16:33:39.0050 2388 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:33:39.0060 2388 KSecDD - ok
16:33:39.0120 2388 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:33:39.0150 2388 lanmanserver - ok
16:33:39.0210 2388 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:33:39.0240 2388 lanmanworkstation - ok
16:33:39.0260 2388 lbrtfdc - ok
16:33:39.0351 2388 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:33:39.0381 2388 LmHosts - ok
16:33:39.0451 2388 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:33:39.0451 2388 mdmxsdk - ok
16:33:39.0531 2388 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:33:39.0541 2388 Messenger - ok
16:33:39.0601 2388 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:33:39.0671 2388 mnmdd - ok
16:33:39.0721 2388 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:33:39.0781 2388 mnmsrvc - ok
16:33:39.0831 2388 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:33:39.0851 2388 Modem - ok
16:33:39.0901 2388 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:33:39.0921 2388 Mouclass - ok
16:33:39.0991 2388 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:33:40.0021 2388 mouhid - ok
16:33:40.0062 2388 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:33:40.0062 2388 MountMgr - ok
16:33:40.0212 2388 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:33:40.0222 2388 MpFilter - ok
16:33:40.0833 2388 [ A69630D039C38018689190234F866D77 ] MpKsl2794a63f c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC73293-4D49-4F44-B5E1-8E9C632F0DB5}\MpKsl2794a63f.sys
16:33:40.0923 2388 MpKsl2794a63f - ok
16:33:40.0933 2388 mraid35x - ok
16:33:41.0063 2388 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:33:41.0093 2388 MRxDAV - ok
16:33:41.0163 2388 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:33:41.0293 2388 MRxSmb - ok
16:33:41.0333 2388 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:33:41.0343 2388 MSDTC - ok
16:33:41.0383 2388 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:33:41.0393 2388 Msfs - ok
16:33:41.0413 2388 MSIServer - ok
16:33:41.0674 2388 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:33:41.0764 2388 MSKSSRV - ok
16:33:41.0884 2388 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:33:41.0924 2388 MsMpSvc - ok
16:33:41.0964 2388 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:33:42.0014 2388 MSPCLOCK - ok
16:33:42.0094 2388 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:33:42.0104 2388 MSPQM - ok
16:33:42.0145 2388 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:33:42.0225 2388 mssmbios - ok
16:33:42.0435 2388 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:33:42.0555 2388 Mup - ok
16:33:42.0705 2388 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:33:42.0755 2388 napagent - ok
16:33:42.0795 2388 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:33:42.0936 2388 NDIS - ok
16:33:42.0996 2388 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:33:43.0056 2388 NdisTapi - ok
16:33:43.0146 2388 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:33:43.0146 2388 Ndisuio - ok
16:33:43.0206 2388 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:33:43.0216 2388 NdisWan - ok
16:33:43.0306 2388 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:33:43.0316 2388 NDProxy - ok
16:33:43.0356 2388 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
16:33:43.0356 2388 Net Driver HPZ12 - ok
16:33:43.0386 2388 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:33:43.0396 2388 NetBIOS - ok
16:33:43.0496 2388 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:33:43.0506 2388 NetBT - ok
16:33:43.0577 2388 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:33:43.0607 2388 NetDDE - ok
16:33:43.0637 2388 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:33:43.0637 2388 NetDDEdsdm - ok
16:33:43.0687 2388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:33:43.0697 2388 Netlogon - ok
16:33:43.0767 2388 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:33:43.0837 2388 Netman - ok
16:33:43.0937 2388 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:33:43.0957 2388 NetTcpPortSharing - ok
16:33:44.0087 2388 [ 11D8A00C7EFF1AAEC8E8464769C84A3D ] NICCONFIGSVC C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
16:33:44.0157 2388 NICCONFIGSVC - ok
16:33:44.0218 2388 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:33:44.0238 2388 Nla - ok
16:33:44.0278 2388 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:33:44.0318 2388 Npfs - ok
16:33:44.0428 2388 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:33:44.0508 2388 Ntfs - ok
16:33:44.0548 2388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:33:44.0548 2388 NtLmSsp - ok
16:33:44.0678 2388 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:33:44.0738 2388 NtmsSvc - ok
16:33:44.0778 2388 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:33:44.0798 2388 Null - ok
16:33:44.0868 2388 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:33:44.0878 2388 NwlnkFlt - ok
16:33:44.0909 2388 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:33:44.0969 2388 NwlnkFwd - ok
16:33:45.0039 2388 [ 53D5F1278D9EDB21689BBBCECC09108D ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
16:33:45.0249 2388 omci - ok
16:33:45.0319 2388 [ AB2B07AC4AFD38F574D903EAF9E98A60 ] OZSCR C:\WINDOWS\system32\DRIVERS\ozscr.sys
16:33:45.0319 2388 OZSCR - ok
16:33:45.0359 2388 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:33:45.0369 2388 Parport - ok
16:33:45.0419 2388 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:33:45.0449 2388 PartMgr - ok
16:33:45.0549 2388 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:33:45.0640 2388 ParVdm - ok
16:33:45.0720 2388 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:33:45.0730 2388 PCI - ok
16:33:45.0750 2388 PCIDump - ok
16:33:45.0770 2388 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
16:33:45.0770 2388 PCIIde - ok
16:33:45.0890 2388 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:33:45.0930 2388 Pcmcia - ok
16:33:45.0970 2388 [ 8A89A9AA0A6B9C3B3AD6D98FE211B560 ] PCX504 C:\WINDOWS\system32\DRIVERS\PCX504.sys
16:33:46.0010 2388 PCX504 - ok
16:33:46.0030 2388 PDCOMP - ok
16:33:46.0060 2388 PDFRAME - ok
16:33:46.0080 2388 PDRELI - ok
16:33:46.0100 2388 PDRFRAME - ok
16:33:46.0130 2388 perc2 - ok
16:33:46.0150 2388 perc2hib - ok
16:33:46.0250 2388 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:33:46.0250 2388 PlugPlay - ok
16:33:46.0301 2388 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
16:33:46.0301 2388 Pml Driver HPZ12 - ok
16:33:46.0321 2388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:33:46.0321 2388 PolicyAgent - ok
16:33:46.0391 2388 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:33:46.0391 2388 PptpMiniport - ok
16:33:46.0531 2388 [ 30D72B8E4AAF2903E89F58AE2A8CB30F ] PRISM_ICB C:\WINDOWS\system32\DRIVERS\WG511ICB.sys
16:33:46.0591 2388 PRISM_ICB - ok
16:33:46.0621 2388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:33:46.0621 2388 ProtectedStorage - ok
16:33:46.0681 2388 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:33:46.0691 2388 Ptilink - ok
16:33:46.0791 2388 [ 6A3FBBBBA5F228B003EF64070F7B3FE4 ] Ptserial C:\WINDOWS\system32\DRIVERS\ptserial.sys
16:33:46.0801 2388 Ptserial - ok
16:33:46.0821 2388 ql1080 - ok
16:33:46.0841 2388 Ql10wnt - ok
16:33:46.0861 2388 ql12160 - ok
16:33:46.0871 2388 ql1240 - ok
16:33:46.0891 2388 ql1280 - ok
16:33:46.0951 2388 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:33:46.0971 2388 RasAcd - ok
16:33:47.0052 2388 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:33:47.0052 2388 RasAuto - ok
16:33:47.0132 2388 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
16:33:47.0132 2388 Rasirda - ok
16:33:47.0182 2388 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:33:47.0202 2388 Rasl2tp - ok
16:33:47.0282 2388 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:33:47.0312 2388 RasMan - ok
16:33:47.0342 2388 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:33:47.0362 2388 RasPppoe - ok
16:33:47.0382 2388 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:33:47.0392 2388 Raspti - ok
16:33:47.0452 2388 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:33:47.0472 2388 Rdbss - ok
16:33:47.0512 2388 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:33:47.0522 2388 RDPCDD - ok
16:33:47.0622 2388 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:33:47.0632 2388 rdpdr - ok
16:33:47.0713 2388 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:33:47.0753 2388 RDPWD - ok
16:33:47.0813 2388 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:33:47.0863 2388 RDSessMgr - ok
16:33:47.0923 2388 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:33:47.0953 2388 redbook - ok
16:33:48.0023 2388 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:33:48.0043 2388 RemoteAccess - ok
16:33:48.0093 2388 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:33:48.0123 2388 RemoteRegistry - ok
16:33:48.0163 2388 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:33:48.0193 2388 RpcLocator - ok
16:33:48.0253 2388 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:33:48.0263 2388 RpcSs - ok
16:33:48.0333 2388 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:33:48.0363 2388 RSVP - ok
16:33:48.0384 2388 RT73 - ok
16:33:48.0404 2388 s24trans - ok
16:33:48.0474 2388 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:33:48.0474 2388 SamSs - ok
16:33:48.0544 2388 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:33:48.0554 2388 SCardSvr - ok
16:33:48.0604 2388 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:33:48.0654 2388 Schedule - ok
16:33:48.0724 2388 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:33:48.0754 2388 Secdrv - ok
16:33:48.0804 2388 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:33:48.0824 2388 seclogon - ok
16:33:48.0854 2388 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:33:48.0854 2388 SENS - ok
16:33:48.0894 2388 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:33:48.0904 2388 serenum - ok
16:33:48.0934 2388 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:33:48.0944 2388 Serial - ok
16:33:48.0994 2388 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:33:48.0994 2388 Sfloppy - ok
16:33:49.0044 2388 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:33:49.0044 2388 ShellHWDetection - ok
16:33:49.0064 2388 Simbad - ok
16:33:49.0135 2388 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
16:33:49.0165 2388 SMCIRDA - ok
16:33:49.0185 2388 Sparrow - ok
16:33:49.0245 2388 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:33:49.0245 2388 splitter - ok
16:33:49.0295 2388 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:33:49.0325 2388 Spooler - ok
16:33:49.0405 2388 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:33:49.0405 2388 sr - ok
16:33:49.0485 2388 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:33:49.0545 2388 srservice - ok
16:33:49.0635 2388 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:33:49.0705 2388 Srv - ok
16:33:49.0796 2388 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:33:49.0826 2388 SSDPSRV - ok
16:33:49.0986 2388 [ 5813D453EF8CE49D607C255CF128ACEB ] STAC97 C:\WINDOWS\system32\drivers\stac97.sys
16:33:50.0016 2388 STAC97 - ok
16:33:50.0146 2388 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:33:50.0196 2388 stisvc - ok
16:33:50.0246 2388 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:33:50.0256 2388 swenum - ok
16:33:50.0296 2388 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:33:50.0306 2388 swmidi - ok
16:33:50.0326 2388 SwPrv - ok
16:33:50.0366 2388 symc810 - ok
16:33:50.0386 2388 symc8xx - ok
16:33:50.0416 2388 sym_hi - ok
16:33:50.0426 2388 sym_u3 - ok
16:33:50.0597 2388 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:33:50.0597 2388 sysaudio - ok
16:33:50.0647 2388 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:33:50.0687 2388 SysmonLog - ok
16:33:50.0767 2388 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:33:50.0907 2388 TapiSrv - ok
16:33:51.0017 2388 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:33:51.0047 2388 Tcpip - ok
16:33:51.0117 2388 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:33:51.0137 2388 TDPIPE - ok
16:33:51.0188 2388 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:33:51.0208 2388 TDTCP - ok
16:33:51.0248 2388 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:33:51.0268 2388 TermDD - ok
16:33:51.0408 2388 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:33:51.0428 2388 TermService - ok
16:33:51.0578 2388 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:33:51.0578 2388 Themes - ok
16:33:51.0648 2388 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:33:51.0718 2388 TlntSvr - ok
16:33:51.0738 2388 TosIde - ok
16:33:51.0808 2388 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:33:51.0838 2388 TrkWks - ok
16:33:51.0929 2388 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:33:51.0949 2388 Udfs - ok
16:33:51.0969 2388 UIUSys - ok
16:33:51.0989 2388 ultra - ok
16:33:52.0069 2388 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:33:52.0119 2388 Update - ok
16:33:52.0219 2388 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:33:52.0289 2388 upnphost - ok
16:33:52.0319 2388 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:33:52.0319 2388 UPS - ok
16:33:52.0399 2388 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
16:33:52.0409 2388 USBAAPL - ok
16:33:52.0570 2388 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:33:52.0630 2388 usbccgp - ok
16:33:52.0680 2388 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:33:52.0700 2388 usbehci - ok
16:33:52.0760 2388 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:33:52.0790 2388 usbhub - ok
16:33:52.0860 2388 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:33:52.0890 2388 usbprint - ok
16:33:52.0970 2388 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:33:53.0050 2388 usbscan - ok
16:33:53.0110 2388 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:33:53.0160 2388 USBSTOR - ok
16:33:53.0210 2388 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:33:53.0220 2388 usbuhci - ok
16:33:53.0301 2388 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:33:53.0301 2388 VgaSave - ok
16:33:53.0321 2388 ViaIde - ok
16:33:53.0661 2388 [ 09C2FCD4E379E6AB804A58CAA2A3508B ] Vmodem C:\WINDOWS\system32\DRIVERS\vmodem.sys
16:33:53.0751 2388 Vmodem - ok
16:33:53.0781 2388 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:33:53.0791 2388 VolSnap - ok
16:33:53.0851 2388 [ 081BC31EDDA73D40DEFD347E580F9144 ] Vpctcom C:\WINDOWS\system32\DRIVERS\vpctcom.sys
16:33:53.0891 2388 Vpctcom - ok
16:33:53.0982 2388 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:33:54.0032 2388 VSS - ok
16:33:54.0232 2388 [ 8ED347BAD8D1FB7C40B593BFB01786D2 ] vToolbarUpdater11.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
16:33:54.0412 2388 vToolbarUpdater11.2.0 - ok
16:33:54.0452 2388 [ DB18922F81E90D95E69F45AB8E9FC5C1 ] Vvoice C:\WINDOWS\system32\DRIVERS\vvoice.sys
16:33:54.0462 2388 Vvoice - ok
16:33:54.0492 2388 w29n51 - ok
16:33:54.0833 2388 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
16:33:54.0923 2388 W32Time - ok
16:33:55.0073 2388 [ FB4D7A34EF3B49C2B5439E330B785313 ] w70n51 C:\WINDOWS\system32\DRIVERS\w70n51.sys
16:33:55.0173 2388 w70n51 - ok
16:33:55.0223 2388 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:33:55.0233 2388 Wanarp - ok
16:33:55.0334 2388 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
16:33:55.0614 2388 Wdf01000 - ok
16:33:55.0634 2388 WDICA - ok
16:33:55.0714 2388 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:33:55.0724 2388 wdmaud - ok
16:33:55.0784 2388 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:33:55.0804 2388 WebClient - ok
16:33:56.0004 2388 [ 0C5B9CF1BDF998750D9C5EEB5F8C55AC ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:33:56.0175 2388 winachsf - ok
16:33:56.0525 2388 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:33:56.0675 2388 winmgmt - ok
16:33:56.0695 2388 WinRing0_1_2_0 - ok
16:33:56.0806 2388 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
16:33:56.0806 2388 WinUSB - ok
16:33:57.0356 2388 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:33:57.0927 2388 wlidsvc - ok
16:33:57.0987 2388 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:33:57.0997 2388 WmdmPmSN - ok
16:33:58.0208 2388 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:33:58.0338 2388 Wmi - ok
16:33:58.0899 2388 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:33:58.0919 2388 WmiApSrv - ok
16:33:59.0059 2388 [ 4F51F2688C51520211C3810C8548E639 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:33:59.0109 2388 WMPNetworkSvc - ok
16:33:59.0169 2388 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:33:59.0179 2388 WudfPf - ok
16:33:59.0229 2388 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:33:59.0259 2388 WudfRd - ok
16:33:59.0329 2388 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:33:59.0369 2388 WudfSvc - ok
16:33:59.0459 2388 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:33:59.0530 2388 WZCSVC - ok
16:33:59.0590 2388 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:33:59.0620 2388 xmlprov - ok
16:33:59.0640 2388 zumbus - ok
16:33:59.0790 2388 ================ Scan global ===============================
16:33:59.0830 2388 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:33:59.0900 2388 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:33:59.0960 2388 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:33:59.0990 2388 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:33:59.0990 2388 [Global] - ok
16:34:00.0000 2388 ================ Scan MBR ==================================
16:34:00.0020 2388 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:34:00.0391 2388 \Device\Harddisk0\DR0 - ok
16:34:00.0391 2388 ================ Scan VBR ==================================
16:34:00.0411 2388 [ 3791744AACAF67F5FD959C39B819DD11 ] \Device\Harddisk0\DR0\Partition1
16:34:00.0411 2388 \Device\Harddisk0\DR0\Partition1 - ok
16:34:00.0421 2388 ============================================================
16:34:00.0421 2388 Scan finished
16:34:00.0421 2388 ============================================================
16:34:00.0461 3628 Detected object count: 0
16:34:00.0461 3628 Actual detected object count: 0
16:34:27.0720 2180 Deinitialize success

aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-20 16:38:39
-----------------------------
16:38:39.762 OS Version: Windows 5.1.2600 Service Pack 3
16:38:39.773 Number of processors: 1 586 0x905
16:38:39.773 ComputerName: USER-737A973129 UserName: USER
16:38:43.648 Initialize success
16:40:41.407 AVAST engine defs: 12081900
16:41:24.559 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:41:24.559 Disk 0 Vendor: FUJITSU_MHT2030AT 009B Size: 28615MB BusType: 3
16:41:24.610 Disk 0 MBR read successfully
16:41:24.610 Disk 0 MBR scan
16:41:25.150 Disk 0 Windows XP default MBR code
16:41:25.180 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 28607 MB offset 63
16:41:25.581 Disk 0 scanning sectors +58589055
16:41:26.062 Disk 0 scanning C:\WINDOWS\system32\drivers
16:42:35.011 Service scanning
16:43:24.252 Service MpKsl2794a63f c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9FC73293-4D49-4F44-B5E1-8E9C632F0DB5}\MpKsl2794a63f.sys **LOCKED** 32
16:44:00.994 Modules scanning
16:44:33.111 Disk 0 trace - called modules:
16:44:33.151 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
16:44:33.231 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b87ab8]
16:44:33.231 3 CLASSPNP.SYS[f85b4fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82b1ad98]
16:44:36.085 AVAST engine scan C:\WINDOWS
16:45:00.129 AVAST engine scan C:\WINDOWS\system32
16:51:49.819 AVAST engine scan C:\WINDOWS\system32\drivers
16:52:43.526 AVAST engine scan C:\Documents and Settings\USER
17:04:11.225 AVAST engine scan C:\Documents and Settings\All Users
17:06:18.448 Scan finished successfully
17:06:42.783 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\USER\My Documents\General Information\MBR.dat"
17:06:42.883 The log file has been saved successfully to "C:\Documents and Settings\USER\My Documents\General Information\aswMBR2012.txt"

ESET online

C:\Documents and Settings\USER\Local Settings\Temp\L.class a variant of Java/Agent.EQ trojan cleaned by deleting - quarantined


After my first attempt at this I noticed my AVG updating. I decided to try and update MS essentials and this time it did indeed update. It also suggested running their Security Scanner. I did and it found and fixed/cleaned four potential threats. They are as listed.

Exploit: JAVA/CVE-2012-1723 .OA
Exploit: JAVA/CVE-2012-1723 .OB
Exploit: JAVA/CVE-2012-1723 .OC
Exploit: JAVA/CVE-2012-1723 .OD

AVG also detected a high number of threats (cookies). Most had the names of the websites I was being redirected to so I went into the files and deleted them.

Also I wanted to thank you for your computer expertise and taking time out of your day to offer assistance.

Alexander W.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:30 PM

Posted 20 August 2012 - 08:50 PM

Lets look into them after finishing the scans


Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Create a restore point before trying this

Download

adware cleaner

Launch it click on Delete

post the generated log

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#7 Waysender

Waysender
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nebraska
  • Local time:10:30 PM

Posted 21 August 2012 - 09:57 PM

I ran all of the above programs and they ran fine, the results are as follows...

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.21.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
USER :: USER-737A973129 [administrator]

8/21/2012 3:29:38 PM
MBAB Log.txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264803
Time elapsed: 2 hour(s), 42 minute(s), 51 second(s)

Memory Processes Detected: 0 (No malicious items detected)

Memory Modules Detected: 0 (No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\USER\Local Settings\Application Data\{9f0b09e5-b1ec-f7b1-a8fb-12d09251b419}\n. -> No action taken.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0 (No malicious items detected)

Files Detected: 1
C:\Documents and Settings\USER\Local Settings\Temp\k8h00en.exe (Trojan.Happili) -> No action taken.

(end)

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.21.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
USER :: USER-737A973129 [administrator]

8/21/2012 6:27:16 PM
mbam-log-2012-08-21 (18-27-16).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264440
Time elapsed: 2 hour(s), 42 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MiniToolBox by Farbar Version: 23-07-2012
Ran by USER (administrator) on 21-08-2012 at 21:18:24
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: copperhead.bolling.af.mil:8080

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Dell TrueMobile 1300 WLAN Mini-PCI Card = Wireless Network Connection 3 (Disconnected)
Broadcom 570x Gigabit Integrated Controller = Local Area Connection 2 (Connected)

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : user-737a973129

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : om.cox.net

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : om.cox.net

Description . . . . . . . . . . . : Broadcom 570x Gigabit Integrated Controller

Physical Address. . . . . . . . . : 00-0B-DB-DE-E9-4B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 68.13.5.174

Subnet Mask . . . . . . . . . . . : 255.255.248.0

Default Gateway . . . . . . . . . : 68.13.0.1

DHCP Server . . . . . . . . . . . : 172.19.81.13

DNS Servers . . . . . . . . . . . : 68.105.28.11

68.105.29.11

68.105.28.12

Lease Obtained. . . . . . . . . . : Tuesday, August 21, 2012 9:13:59 PM

Lease Expires . . . . . . . . . . : Wednesday, August 22, 2012 9:13:59 PM

Server: cdns1.cox.net
Address: 68.105.28.11

Name: google.com
Addresses: 74.125.227.133, 74.125.227.134, 74.125.227.135, 74.125.227.136
74.125.227.137, 74.125.227.142, 74.125.227.128, 74.125.227.129, 74.125.227.130
74.125.227.131, 74.125.227.132

Pinging google.com [74.125.227.134] with 32 bytes of data:

Reply from 74.125.227.134: bytes=32 time=24ms TTL=57

Reply from 74.125.227.134: bytes=32 time=52ms TTL=57

Ping statistics for 74.125.227.134:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 24ms, Maximum = 52ms, Average = 38ms

Server: cdns1.cox.net
Address: 68.105.28.11

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=151ms TTL=54

Reply from 98.139.183.24: bytes=32 time=101ms TTL=54

Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 101ms, Maximum = 151ms, Average = 126ms

Server: cdns1.cox.net
Address: 68.105.28.11

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Request timed out.

Request timed out.

Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0b db de e9 4b ...... Broadcom 570x Gigabit Integrated Controller
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 68.13.0.1 68.13.5.174 20
68.13.0.0 255.255.248.0 68.13.5.174 68.13.5.174 20
68.13.5.174 255.255.255.255 127.0.0.1 127.0.0.1 20
68.255.255.255 255.255.255.255 68.13.5.174 68.13.5.174 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 68.13.5.174 68.13.5.174 20
224.0.0.0 240.0.0.0 68.13.5.174 68.13.5.174 20
255.255.255.255 255.255.255.255 68.13.5.174 68.13.5.174 1
Default Gateway: 68.13.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()
Catalog9 30 mswsock.dll [File Not found] ()
Catalog9 31 mswsock.dll [File Not found] ()
Catalog9 32 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/21/2012 05:26:50 PM) (Source: ESENT) (User: )
Description: svchost (1124) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/21/2012 03:26:28 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (08/20/2012 07:04:04 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (08/19/2012 10:00:54 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (08/19/2012 03:49:32 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.0.1526.0, P3 timeout, P4 1.1.8601.0, P5 fixed, P6 1 _ 512, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/19/2012 03:28:21 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.0.1526.0, P3 timeout, P4 1.1.8601.0, P5 fixed, P6 1 _ 512, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (08/18/2012 07:52:10 PM) (Source: Application Hang) (User: )
Description: Hanging application fsbl[1].exe, version 2.2.1092.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/18/2012 07:44:38 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (08/18/2012 07:44:19 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/18/2012 07:36:25 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x715ba067.
Processing media-specific event for [explorer.exe!ws!]

System errors:
=============
Error: (08/21/2012 06:32:03 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.2365.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/21/2012 06:22:51 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PCIIde

Error: (08/21/2012 06:22:51 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/21/2012 06:22:51 PM) (Source: Service Control Manager) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error:
%%2

Error: (08/21/2012 01:02:17 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.2365.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/21/2012 00:53:58 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/21/2012 00:53:58 PM) (Source: Service Control Manager) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error:
%%2

Error: (08/20/2012 07:03:46 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.2365.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/20/2012 01:14:44 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/20/2012 01:14:44 PM) (Source: Service Control Manager) (User: )
Description: The Zune Bus Enumerator Driver service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (08/21/2012 05:26:50 PM) (Source: ESENT)(User: )
Description: svchost1124C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (08/21/2012 03:26:28 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (08/20/2012 07:04:04 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80070424updatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL

Error: (08/19/2012 10:00:54 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x80508018scheduledscancmainwindow__onautoscancomplete0security essentialsNILNILNIL

Error: (08/19/2012 03:49:32 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.0.1526.0timeout1.1.8601.0fixed1 _ 5125 _ not bootNILNILNIL

Error: (08/19/2012 03:28:21 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.0.1526.0timeout1.1.8601.0fixed1 _ 5125 _ not bootNILNILNIL

Error: (08/18/2012 07:52:10 PM) (Source: Application Hang)(User: )
Description: fsbl[1].exe2.2.1092.0hungapp0.0.0.000000000

Error: (08/18/2012 07:44:38 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (08/18/2012 07:44:19 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/18/2012 07:36:25 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.0715ba067

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.268)
Adobe Reader 9.1 (Version: 9.1.0)
ALPS Touch Pad Driver
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.1.116)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Control Panel (Version: 6.14.10.5173)
ATI Display Driver (Version: 8.20-051110a1-028793C-Dell)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.1913)
Bonjour (Version: 2.0.5.0)
Broadcom Gigabit Integrated Controller (Version: 8.13.01)
C-Major Audio (Version: 42xx)
Conexant D480 MDC V.92 Modem
Crash Analysis Tool (Version: 1.00.0001)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Wireless WLAN Card (Version: 4.10.47.3)
gobeProductive (Version: 3.0.0.0)
iTunes (Version: 10.2.2.14)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Default Manager (Version: 2.1.55.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WinUsb 1.0
MobileMe Control Panel (Version: 3.1.6.0)
MSN
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
O2Micro Smartcard Driver (Version: 2.26.0000)
OpenOffice.org 2.0 (Version: 2.0.8968)
PCTEL 2304WT V.9x MDC Modem Drivers
QuickSet (Version: 7.1.8)
QuickTime (Version: 7.69.80.9)
Ralink Wireless LAN Card (Version: 1.00.01)
Safari (Version: 5.33.21.1)
Ulead DVD Player (Version: 1.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 70%
Total physical RAM: 511.23 MB
Available physical RAM: 150.66 MB
Total Pagefile: 1248.39 MB
Available Pagefile: 632.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.73 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:27.94 GB) (Free:7.88 GB) NTFS

========================= Users: ========================================

User accounts for \\USER-737A973129

Administrator Guest HelpAssistant
SUPPORT_388945a0 USER

**** End of log ****

Farbar Service Scanner Version: 06-08-2012
Ran by USER (administrator) on 21-08-2012 at 21:21:51
Running from "C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\PN7XBK15"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(15) Gpc(3) IPSec(5) irda(10) NetBT(6) s24trans(8) Tcpip(4)
0x0F00000005000000010000000200000003000000040000000E0000000F000000060000000700000008000000090000000A0000000B0000000C0000000D000000
IpSec Tag value is correct.

**** End of log ****

# AdwCleaner v1.801 - Logfile created 08/21/2012 at 21:32:17
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : USER - USER-737A973129
# Boot Mode : Normal
# Running from : C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\6TH59XCI\adwcleaner[1].exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : vToolbarUpdater11.2.0

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\USER\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\USER\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\DOCUME~1\USER\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\Documents and Settings\USER\Application Data\AVG Secure Search
Deleted on reboot : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Deleted on reboot : C:\Program Files\AVG Secure Search
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={D622DFE9-3D17-44FC-9CC6-427406AA6A4C}&mid=b29e3130c6f747d1817dd1429d3a00b8-b38c2dbcc3fa71b9686253c431a1c5be9df4aaf8&lang=en&ds=AVG&pr=pr&d=2012-08-01 13:02:10&v=11.1.0.12&sap=nt --> hxxp://www.google.com

*************************

AdwCleaner[S1].txt - [4922 octets] - [21/08/2012 21:32:17]

########## EOF - C:\AdwCleaner[S1].txt - [5050 octets] ##########

Rkill 2.3.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/21/2012 09:47:46 PM in x86 mode.
Windows Version: Windows XP Service Pack 3

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\WINDOWS\system32\WLTRAY.exe (PID: 360) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Firewall Disabled

[HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = dword:00000000

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* BITS [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/21/2012 09:49:18 PM
Execution time: 0 hours(s), 1 minute(s), and 31 seconds(s)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:30 PM

Posted 21 August 2012 - 10:02 PM

Open your C drive

On top,click on Tools-folder options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Documents and Settings\USER\Local Settings\Application Data\{9f0b09e5-b1ec-f7b1-a8fb-12d09251b419}

delete the folder

Download

wscsvc
wuauserv
BITS
Sharedaccess

Launch them,click YES

Restart the PC,post the new FSS log

#9 Waysender

Waysender
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nebraska
  • Local time:10:30 PM

Posted 22 August 2012 - 03:55 PM

I ran FSS and the results are as follows...

Farbar Service Scanner Version: 06-08-2012
Ran by USER (administrator) on 22-08-2012 at 15:53:48
Running from "C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\PN7XBK15"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(15) Gpc(3) IPSec(5) irda(10) NetBT(6) s24trans(8) Tcpip(4)
0x0F00000005000000010000000200000003000000040000000E0000000F000000060000000700000008000000090000000A0000000B0000000C0000000D000000
IpSec Tag value is correct.

**** End of log ****

I got in late from work and missed the file to delete. I have gone back and deleted and re-downloaded the files again. Windows did automatically update, if this might cause a problem I do have the restore point from prior to the CCleaner step. Along with the automatic updates once again enabled the windows firewall also appears to be up and running.
I apologize for my sloppiness and if I need to backtrack and repeat earlier steps just say so. I ran a second FSS and the log is as follows...

Farbar Service Scanner Version: 06-08-2012
Ran by USER (administrator) on 22-08-2012 at 20:48:11
Running from "C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\YMLQGJ9D"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(15) Gpc(3) IPSec(5) irda(10) NetBT(6) s24trans(8) Tcpip(4)
0x0F00000005000000010000000200000003000000040000000E0000000F000000060000000700000008000000090000000A0000000B0000000C0000000D000000
IpSec Tag value is correct.

**** End of log ****

Edited by Waysender, 22 August 2012 - 08:55 PM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:30 PM

Posted 23 August 2012 - 02:04 PM

Any current issues?

#11 Waysender

Waysender
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nebraska
  • Local time:10:30 PM

Posted 23 August 2012 - 05:29 PM

All redirect issues seemed to be resolved. I went through the obvious problems I had initially with any type of search involving the words "virus" or "redirect" and being sent to a clearly fake security site. I did click on "www.avg.com" and was sent to www.softlate.com/avg-anti-virus but this was the ad at the top of the page on bing so im guessing it was just a tie in, it did look like the original AVG site.

Not to risk taking up any more of the valuable resource that is your time but...

1) I have normally only used the Microsoft Security Essentials Software and Windows Firewall, what would you recommend as far as security. I currently have the free AVG, should I remove this now? Should I upgrade to the Full Version? Does this have any type of conflict with the MSE Software?

2) Never having paid much attention to "cookies" before receiving those AVG prompts I took a look around and discovered...
about 500 in my C:\Documents and Settings\Local Service\Cookies
about 250 in my C:\Documents and Settings\Network Service\Cookies
Is this normal and if not is it safe to just delete them or do I need to be selective for the performance of my PC? There is also an "index.dat" file in each folder, is this normal?

3) Since most of the problem seems to be linked to "JAVA" should I delete and re-install from the webiste or is this unnecessary?

Finally I would like to thank you and this wonderful site for your time and effort. Judging by the number of posts you have this is no doubt a daily thing for you to deal with but it really does make a world of difference to me.

Alexander W.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:30 PM

Posted 23 August 2012 - 06:00 PM

I have normally only used the Microsoft Security Essentials Software and Windows Firewall, what would you recommend as far as security. I currently have the free AVG, should I remove this now? Should I upgrade to the Full Version? Does this have any type of conflict with the MSE Software?


AVG and microsoft security essentials are antiviruses.Running two security softwares together would degrade performance and is not recommended.

MSE+Malwarebytes+windows firewall should be enough.If you want AVG Pro edition then uninstall MSE

2) Never having paid much attention to "cookies" before receiving those AVG prompts I took a look around and discovered...
about 500 in my C:\Documents and Settings\Local Service\Cookies
about 250 in my C:\Documents and Settings\Network Service\Cookies
Is this normal and if not is it safe to just delete them or do I need to be selective for the performance of my PC? There is also an "index.dat" file in each folder, is this normal?


Delete the cookies.Index.dat file is normal

3) Since most of the problem seems to be linked to "JAVA" should I delete and re-install from the webiste or is this unnecessary?


Uninstall old versions and install latest update.Update flash player too

Safe surfing :)

#13 Waysender

Waysender
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nebraska
  • Local time:10:30 PM

Posted 27 August 2012 - 02:07 PM

Hello again, the fix was not as long lasting as I thought. On Friday everything was working fine, I uninstalled AVG (which greatly increased overall speed), and logged off for the weekend. I came back Monday and decided to check a few things online. My next two searches on Bing came up correctly but when I clicked on the link (and I checked to make sure it was listed correctly) I was given a familiar result.
My American Express search resulted in "click-get-answers-fast" and immediately went to site "http://63.209.69.107"
My next search was for Bleeping Computer and when I clicked the link I got the same thing. "Click-get-answers-fast" then straight to the following.(http://63.209.69.107/search/web/bleeping+computer)
I checked on my computer and they both came up as "internet shortcut" in the "pagefile.sys".
Everything security wise appears to be up and running properly, MS Essentials, Malwarebytes, and Windows Firewall. Both scans were run in full and came back clean. Should I run through the list again and post the log results? Would it help or at this point do you feel the "corruption" is probably in too deep?
Thank you for your time and effort.

Alexander W.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:30 PM

Posted 27 August 2012 - 02:13 PM

We should be able to solve this.

Which browser has redirects?

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#15 Waysender

Waysender
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nebraska
  • Local time:10:30 PM

Posted 27 August 2012 - 06:11 PM

Im using the Internet Explorer (optimized for Bing and MSN) IE8, updated I think. I think I tried Firefox years ago but have been strictly Internet Explorer for years now. I did all the searches from the Bing homepage and when clicking on a link from the populated list I get sent... well you know where.

I am on wired internet directly from the modem, the LAN Card hasn't worked in a long time, not that I ever really used it. Also when I booted up the computer earlier I got the warning that MS Essentials and Windows Firewall were not up (red balloon warning in the bottom right corner of screen) but about 30 seconds later it kicked in and now I have the green light ect.

If I had to guess all this headache is from looking for pictures from the latest Batman Movie. All I can do is laugh and thank you for your assistance.

Im not overly particular when it comes to browsers, I just stuck with the original, so if you have a favorite or recommended im more than willing to swap it in.

Autoruns ran and the results are as follows... (I also noticed alot of Movie Maker Filter Files in the list, to my knowledge I have never used this program.)

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
+ "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\apoint\apoint.exe"
+ "AppleSyncNotifier" "AppleSyncNotifier" "Apple Inc." "c:\program files\common files\apple\mobile device support\applesyncnotifier.exe"
+ "ATIPTA" "ATI Desktop Control Panel" "ATI Technologies, Inc." "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
+ "Broadcom Wireless Manager UI" "Dell Wireless WLAN Card Wireless Network Tray Applet" "Dell Inc." "c:\windows\system32\wltray.exe"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files\hp\hp software update\hpwuschd2.exe"
+ "HPDJ Taskbar Utility" "" "HP" "c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "Microsoft Default Manager" "Microsoft Default Manager" "Microsoft Corporation" "c:\program files\microsoft\search enhancement pack\default manager\defmgr.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "PCTVOICE" "pctvoice MFC Application" "" "c:\windows\system32\pctspk.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "Microsoft Office.lnk" "Microsoft Office 2000 component" "Microsoft Corporation" "c:\program files\microsoft office\office\osa9.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Applications" "Adobe XMP FileInfo, 5.0-i033" "Adobe Systems Incorporated" "c:\documents and settings\user\local settings\application data\applications\twlqrllu.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "Sun Microsystems, Inc." "c:\program files\openoffice.org 2.0\program\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Ati HotKey Poller" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "NICCONFIGSVC" "Configure your Internal Network Card power management settings." "Dell Inc." "c:\program files\dell\quickset\nicconfigsvc.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ApfiltrService" "Alps Touch Pad Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys"
+ "APPDRV" "App Support Driver" "Dell Inc" "c:\windows\system32\drivers\appdrv.sys"
+ "ati2mtag" "ATI Radeon WindowsNT Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mtag.sys"
+ "b57w2k" "Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57xp32.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl5.sys"
+ "CBEN5" "NDIS 5.X Miniport Driver" "Xircom, Inc." "c:\windows\system32\drivers\cben5.sys"
+ "CBPMp50" "" "" "File not found: System32\Drivers\CBPMp50.sys"
+ "CBPSp50" "PCAUSA NDIS 5.0 SPR Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\windows\system32\drivers\cbpsp50.sys"
+ "cercsr6" "DELL CERC SATA1.5/6ch Miniport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\cercsr6.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HPZid412" "IEEE-1284.4-1999 Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzid412.sys"
+ "HPZipr12" "IEEE-1284.4-1999 Print Class Driver" "HP" "c:\windows\system32\drivers\hpzipr12.sys"
+ "HPZius12" "1284.4<->Usb Datalink Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzius12.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dpv.sys"
+ "HSFHWICH" "HSFHWICH WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwich.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "mdmxsdk" "Diagnostic Interface DRIVER" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "omci" "OMCI Device Driver" "Dell Computer Corporation" "c:\windows\system32\drivers\omci.sys"
+ "OZSCR" "OZSCR" "O2Micro" "c:\windows\system32\drivers\ozscr.sys"
+ "PCDSRVC{E9D79540-57D5953E-06020200}_0" "Kernel Driver" "PC-Doctor, Inc." "c:\program files\dell support center\pcdsrvc.pkms"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PCX504" "NDIS 5.1 Miniport Driver for 32 bit Windows" "Cisco Systems" "c:\windows\system32\drivers\pcx504.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "PRISM_ICB" "PRISM Wireless NDIS 5.1 Driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\wg511icb.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "Ptserial" "HSP Modem Serial Device Driver for NT 5.0" "PCTEL, INC." "c:\windows\system32\drivers\ptserial.sys"
+ "RT73" "" "" "File not found: system32\DRIVERS\rt73.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SMCIRDA" "SMC IrCC NDIS 5.0 IrDA FIR Device Driver" "SMC" "c:\windows\system32\drivers\smcirda.sys"
+ "STAC97" "SigmaTel Audio Driver (WDM)" "SigmaTel, Inc." "c:\windows\system32\drivers\stac97.sys"
+ "UIUSys" "" "" "File not found: system32\drivers\UIUSys.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "Vmodem" "HSP Modem Modem Device Driver" "PCTEL, INC." "c:\windows\system32\drivers\vmodem.sys"
+ "Vpctcom" "HSP Modem Virtual Control Device" "PCtel, Inc." "c:\windows\system32\drivers\vpctcom.sys"
+ "Vvoice" "HSP Modem device driver" "PCtel, Inc." "c:\windows\system32\drivers\vvoice.sys"
+ "w29n51" "" "" "File not found: system32\DRIVERS\w29n51.sys"
+ "w70n51" "Intel® PRO/Wireless LAN Driver" "Intel® Corporation" "c:\windows\system32\drivers\w70n51.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
+ "WinRing0_1_2_0" "" "" "File not found: C:\Program Files\BatteryCare\WinRing0.sys"
+ "zumbus" "" "" "File not found: system32\DRIVERS\zumbus.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "DVD Audio Decoder" "Audio Decoder" "Ulead Systems, Inc." "c:\program files\ulead systems\ulead dvd player\ceaudio.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Ulead DVD Video decoder" "DVD Video Decoder with DxVA Support" "Ulead Systems, Inc." "c:\program files\ulead systems\ulead dvd player\cevideo.ax"
+ "ULead File Source (Async.)" "Ulead Async Filter" "Ulead Systems" "c:\program files\common files\ulead systems\mpeg\ulasync.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "AtiExtEvent" "ATI External Event Utility DLL Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "hpf3l083.dll" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpf3l083.dll"
+ "hpzlnt09" "" "HP" "c:\windows\system32\hpzlnt09.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "BCMLogon" "Lniksys 802.11 Network Adapter Logon Provider" "Broadcom Corporation" "c:\windows\system32\bcmlogon.dll"

Edited by Waysender, 27 August 2012 - 06:14 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users