Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant remove virus causing redirect and sound issues


  • Please log in to reply
14 replies to this topic

#1 Dinky002

Dinky002

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 29 August 2012 - 02:44 PM

I used this forum before and it was a big help.

I had a virus and was able to remove it via Malware Bytes in safe mode. It was a fake scanning virus..scanned my PC found 20 'FAKE' viruses...and wanted me to purchase something.

But after this virus is gone, there is a redirect on my YAHOO and GOOGLE and after the redirect does its nasty business...the sound doesn't work.

If I avoid having the redirect engage..the sound stays around awhile.

It was a rootkit last time...with the help of Bleeping Computer it was found. I think FSECURE found it. (Which I tried this time and it didn't work.)

We removed the rootkit...the redirect went away and the sound came back.

Thanks for any help.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:01 AM

Posted 29 August 2012 - 02:56 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Dinky002

Dinky002
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 30 August 2012 - 06:07 PM

TDSSKiller- not sure how to attach logs???

ASWMBR-
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-29 20:54:19
-----------------------------
20:54:19.046 OS Version: Windows 5.1.2600 Service Pack 3
20:54:19.046 Number of processors: 2 586 0x404
20:54:19.046 ComputerName: WILT02 UserName: Wilt
20:54:21.968 Initialize success
20:56:41.968 AVAST engine defs: 12082901
20:57:38.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:57:38.078 Disk 0 Vendor: ST316002 8.12 Size: 152587MB BusType: 3
20:57:38.078 Disk 0 MBR read successfully
20:57:38.093 Disk 0 MBR scan
20:57:38.156 Disk 0 Windows XP default MBR code
20:57:38.156 Disk 0 MBR hidden
20:57:38.156 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:57:38.171 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152546 MB offset 80325
20:57:38.187 Disk 0 scanning sectors +312496380
20:57:38.296 Disk 0 scanning C:\WINDOWS\system32\drivers
20:57:47.218 Service scanning
20:58:06.781 Modules scanning
21:00:11.718 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
21:00:13.296 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
21:00:13.296 Disk 0 trace - called modules:
21:00:13.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89a8d4b1]<<
21:00:13.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aab2ab8]
21:00:13.296 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x897ce8a0]
21:00:13.296 \Driver\iastor[0x8a054da0] -> IRP_MJ_CREATE -> 0x89a8d4b1
21:00:14.734 AVAST engine scan C:\WINDOWS
21:00:22.484 AVAST engine scan C:\WINDOWS\system32
21:02:57.531 AVAST engine scan C:\WINDOWS\system32\drivers
21:03:07.390 AVAST engine scan C:\Documents and Settings\Wilt
21:06:55.828 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
21:07:29.296 Scan finished successfully
21:09:33.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Wilt\My Documents\logs for antivirus\MBR.dat"
21:09:33.281 The log file has been saved successfully to "C:\Documents and Settings\Wilt\My Documents\logs for antivirus\aswMBRlog.txt"


ESET-
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\13LMG6X1\firstload_com[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\Wilt\Application Data\Sun\Java\Deployment\cache\6.0\16\d726dd0-7f3035ba Java/Exploit.Agent.NBS trojan deleted - quarantined
C:\Documents and Settings\Wilt\Application Data\Sun\Java\Deployment\cache\6.0\63\60205ff-442844ce multiple threats deleted - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:01 AM

Posted 30 August 2012 - 09:04 PM

TDSSKiller- not sure how to attach logs???


Copy,paste the log here

Restart the PC and run aswmbr again and post the new log

#5 Dinky002

Dinky002
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 31 August 2012 - 04:11 PM

TDSSKILLER

17:08:27.0453 3624 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:08:27.0703 3624 ============================================================
17:08:27.0703 3624 Current date / time: 2012/08/31 17:08:27.0703
17:08:27.0703 3624 SystemInfo:
17:08:27.0703 3624
17:08:27.0703 3624 OS Version: 5.1.2600 ServicePack: 3.0
17:08:27.0703 3624 Product type: Workstation
17:08:27.0703 3624 ComputerName: WILT02
17:08:27.0703 3624 UserName: Wilt
17:08:27.0703 3624 Windows directory: C:\WINDOWS
17:08:27.0703 3624 System windows directory: C:\WINDOWS
17:08:27.0703 3624 Processor architecture: Intel x86
17:08:27.0703 3624 Number of processors: 2
17:08:27.0703 3624 Page size: 0x1000
17:08:27.0703 3624 Boot type: Normal boot
17:08:27.0703 3624 ============================================================
17:08:28.0453 3624 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:08:28.0515 3624 ============================================================
17:08:28.0515 3624 \Device\Harddisk0\DR0:
17:08:28.0515 3624 MBR partitions:
17:08:28.0515 3624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x129F1737
17:08:28.0515 3624 ============================================================
17:08:28.0531 3624 C: <-> \Device\Harddisk0\DR0\Partition1
17:08:28.0562 3624 ============================================================
17:08:28.0562 3624 Initialize success
17:08:28.0562 3624 ============================================================
17:08:30.0125 1932 ============================================================
17:08:30.0125 1932 Scan started
17:08:30.0125 1932 Mode: Manual;
17:08:30.0125 1932 ============================================================
17:08:31.0546 1932 ================ Scan system memory ========================
17:08:31.0562 1932 System memory - ok
17:08:31.0562 1932 ================ Scan services =============================
17:08:31.0687 1932 299D - ok
17:08:31.0687 1932 Abiosdsk - ok
17:08:31.0703 1932 abp480n5 - ok
17:08:31.0765 1932 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:08:31.0765 1932 ACPI - ok
17:08:31.0796 1932 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:08:31.0796 1932 ACPIEC - ok
17:08:31.0843 1932 [ 76D5A3D2A50402A0B9B6ED13C4371E79 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:08:31.0859 1932 AdobeFlashPlayerUpdateSvc - ok
17:08:31.0859 1932 adpu160m - ok
17:08:31.0921 1932 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:08:31.0921 1932 aec - ok
17:08:31.0968 1932 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:08:31.0968 1932 AFD - ok
17:08:31.0984 1932 Aha154x - ok
17:08:31.0984 1932 aic78u2 - ok
17:08:32.0000 1932 aic78xx - ok
17:08:32.0046 1932 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:08:32.0046 1932 Alerter - ok
17:08:32.0062 1932 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:08:32.0062 1932 ALG - ok
17:08:32.0062 1932 AliIde - ok
17:08:32.0078 1932 amsint - ok
17:08:32.0171 1932 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:08:32.0187 1932 Apple Mobile Device - ok
17:08:32.0218 1932 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:08:32.0218 1932 AppMgmt - ok
17:08:32.0218 1932 asc - ok
17:08:32.0234 1932 asc3350p - ok
17:08:32.0234 1932 asc3550 - ok
17:08:32.0359 1932 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:08:32.0375 1932 aspnet_state - ok
17:08:32.0406 1932 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:08:32.0406 1932 AsyncMac - ok
17:08:32.0437 1932 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:08:32.0437 1932 atapi - ok
17:08:32.0437 1932 Atdisk - ok
17:08:32.0484 1932 [ ABC57A6F6070BAF9786C318F59F29F0B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:08:32.0500 1932 Ati HotKey Poller - ok
17:08:32.0546 1932 [ 1A73F763DFAD0CA36DBB45BBE1AB66E5 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
17:08:32.0546 1932 ATI Smart - ok
17:08:32.0625 1932 [ 03621F7F968FF63713943405DEB777F9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:08:32.0671 1932 ati2mtag - ok
17:08:32.0703 1932 ATICDSDr - ok
17:08:32.0718 1932 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:08:32.0718 1932 Atmarpc - ok
17:08:32.0765 1932 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:08:32.0765 1932 AudioSrv - ok
17:08:32.0796 1932 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:08:32.0796 1932 audstub - ok
17:08:32.0828 1932 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwdx C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
17:08:32.0828 1932 Avgfwdx - ok
17:08:32.0843 1932 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
17:08:32.0843 1932 Avgfwfd - ok
17:08:33.0062 1932 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files\AVG\AVG2012\avgfws.exe
17:08:33.0093 1932 avgfws - ok
17:08:33.0578 1932 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
17:08:34.0015 1932 AVGIDSAgent - ok
17:08:34.0062 1932 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
17:08:34.0062 1932 AVGIDSDriver - ok
17:08:34.0109 1932 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
17:08:34.0109 1932 AVGIDSFilter - ok
17:08:34.0125 1932 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
17:08:34.0125 1932 AVGIDSHX - ok
17:08:34.0156 1932 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
17:08:34.0156 1932 AVGIDSShim - ok
17:08:34.0187 1932 [ DDA6A2A18841E4C9172BB85958B8D948 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
17:08:34.0203 1932 Avgldx86 - ok
17:08:34.0203 1932 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
17:08:34.0203 1932 Avgmfx86 - ok
17:08:34.0250 1932 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
17:08:34.0250 1932 Avgrkx86 - ok
17:08:34.0281 1932 [ 1263F2554ACE925C237A40B4C568D815 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
17:08:34.0296 1932 Avgtdix - ok
17:08:34.0359 1932 [ 493F32BA712319CA1B720E6A17EC38D7 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
17:08:34.0359 1932 avgtp - ok
17:08:34.0421 1932 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
17:08:34.0437 1932 avgwd - ok
17:08:34.0468 1932 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:08:34.0468 1932 Beep - ok
17:08:34.0531 1932 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:08:34.0562 1932 BITS - ok
17:08:34.0625 1932 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:08:34.0640 1932 Bonjour Service - ok
17:08:34.0687 1932 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:08:34.0687 1932 Browser - ok
17:08:34.0718 1932 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:08:34.0734 1932 cbidf2k - ok
17:08:34.0734 1932 cd20xrnt - ok
17:08:34.0750 1932 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:08:34.0750 1932 Cdaudio - ok
17:08:34.0781 1932 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:08:34.0781 1932 Cdfs - ok
17:08:34.0812 1932 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:08:34.0812 1932 Cdrom - ok
17:08:34.0828 1932 cerc6 - ok
17:08:34.0828 1932 Changer - ok
17:08:34.0859 1932 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:08:34.0859 1932 CiSvc - ok
17:08:34.0859 1932 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:08:34.0859 1932 ClipSrv - ok
17:08:34.0906 1932 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:08:34.0968 1932 clr_optimization_v2.0.50727_32 - ok
17:08:34.0968 1932 CmdIde - ok
17:08:35.0000 1932 [ 2BB3C81C74F83F9A86239E088EC4BD6A ] cmosa C:\WINDOWS\system32\drivers\cmosa.sys
17:08:35.0000 1932 cmosa - ok
17:08:35.0015 1932 COMSysApp - ok
17:08:35.0015 1932 Cpqarray - ok
17:08:35.0078 1932 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:08:35.0078 1932 CryptSvc - ok
17:08:35.0125 1932 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
17:08:35.0125 1932 CVirtA - ok
17:08:35.0250 1932 [ DAD192D12DD0B4C92F6843203852829F ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
17:08:35.0312 1932 CVPND - ok
17:08:35.0359 1932 [ 26DEEF07394624247D1F549BD94F0B15 ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
17:08:35.0359 1932 CVPNDRVA - ok
17:08:35.0375 1932 dac2w2k - ok
17:08:35.0375 1932 dac960nt - ok
17:08:35.0437 1932 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:08:35.0453 1932 DcomLaunch - ok
17:08:35.0593 1932 [ F9F4610044E9370C90F3145B73E3E5BF ] DCSLoader C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
17:08:35.0593 1932 DCSLoader - ok
17:08:35.0625 1932 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:08:35.0625 1932 Dhcp - ok
17:08:35.0640 1932 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:08:35.0640 1932 Disk - ok
17:08:35.0656 1932 dmadmin - ok
17:08:35.0734 1932 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:08:35.0750 1932 dmboot - ok
17:08:35.0750 1932 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:08:35.0750 1932 dmio - ok
17:08:35.0781 1932 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:08:35.0781 1932 dmload - ok
17:08:35.0781 1932 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:08:35.0781 1932 dmserver - ok
17:08:35.0828 1932 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:08:35.0828 1932 DMusic - ok
17:08:35.0859 1932 [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
17:08:35.0859 1932 DNE - ok
17:08:35.0906 1932 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:08:35.0906 1932 Dnscache - ok
17:08:35.0937 1932 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:08:35.0937 1932 Dot3svc - ok
17:08:35.0953 1932 dpti2o - ok
17:08:35.0953 1932 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:08:35.0953 1932 drmkaud - ok
17:08:36.0000 1932 [ 95974E66D3DE4951D29E28E8BC0B644C ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:08:36.0000 1932 E100B - ok
17:08:36.0015 1932 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:08:36.0031 1932 EapHost - ok
17:08:36.0031 1932 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:08:36.0031 1932 ERSvc - ok
17:08:36.0062 1932 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:08:36.0062 1932 Eventlog - ok
17:08:36.0109 1932 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:08:36.0109 1932 EventSystem - ok
17:08:36.0156 1932 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:08:36.0171 1932 Fastfat - ok
17:08:36.0203 1932 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:08:36.0218 1932 FastUserSwitchingCompatibility - ok
17:08:36.0265 1932 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:08:36.0265 1932 Fdc - ok
17:08:36.0312 1932 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:08:36.0312 1932 Fips - ok
17:08:36.0328 1932 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:08:36.0328 1932 Flpydisk - ok
17:08:36.0359 1932 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:08:36.0359 1932 FltMgr - ok
17:08:36.0421 1932 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:08:36.0421 1932 FontCache3.0.0.0 - ok
17:08:36.0437 1932 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:08:36.0437 1932 Fs_Rec - ok
17:08:36.0437 1932 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:08:36.0453 1932 Ftdisk - ok
17:08:36.0468 1932 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:08:36.0468 1932 GEARAspiWDM - ok
17:08:36.0484 1932 GenericMount - ok
17:08:36.0500 1932 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:08:36.0500 1932 Gpc - ok
17:08:36.0562 1932 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:08:36.0562 1932 HDAudBus - ok
17:08:36.0656 1932 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:08:36.0656 1932 helpsvc - ok
17:08:36.0687 1932 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:08:36.0687 1932 HidServ - ok
17:08:36.0703 1932 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:08:36.0703 1932 hidusb - ok
17:08:36.0765 1932 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:08:36.0765 1932 hkmsvc - ok
17:08:36.0781 1932 hpn - ok
17:08:36.0890 1932 [ 58D4765AB87347DB835D5693ADF652C1 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:08:36.0890 1932 hpqcxs08 - ok
17:08:36.0937 1932 [ 99ED733F614660EB32199BF889DFB7E2 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:08:36.0937 1932 hpqddsvc - ok
17:08:36.0984 1932 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
17:08:36.0984 1932 HSFHWBS2 - ok
17:08:37.0015 1932 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
17:08:37.0062 1932 HSF_DP - ok
17:08:37.0125 1932 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:08:37.0125 1932 HTTP - ok
17:08:37.0156 1932 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:08:37.0156 1932 HTTPFilter - ok
17:08:37.0156 1932 i2omgmt - ok
17:08:37.0171 1932 i2omp - ok
17:08:37.0187 1932 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
17:08:37.0187 1932 i8042prt - ok
17:08:37.0234 1932 [ D483687EACE0C065EE772481A96E05F5 ] iastor C:\WINDOWS\system32\drivers\iastor.sys
17:08:37.0250 1932 iastor - ok
17:08:37.0328 1932 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:08:37.0375 1932 idsvc - ok
17:08:37.0406 1932 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:08:37.0421 1932 Imapi - ok
17:08:37.0453 1932 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:08:37.0468 1932 ImapiService - ok
17:08:37.0468 1932 ini910u - ok
17:08:37.0484 1932 IntelIde - ok
17:08:37.0531 1932 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:08:37.0546 1932 intelppm - ok
17:08:37.0562 1932 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:08:37.0562 1932 Ip6Fw - ok
17:08:37.0562 1932 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:08:37.0578 1932 IpInIp - ok
17:08:37.0593 1932 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:08:37.0593 1932 IpNat - ok
17:08:37.0640 1932 [ CA1972397B845B2F53F5DC63C22FD98A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:08:37.0640 1932 iPod Service - ok
17:08:37.0687 1932 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:08:37.0687 1932 IPSec - ok
17:08:37.0703 1932 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:08:37.0703 1932 IRENUM - ok
17:08:37.0734 1932 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:08:37.0734 1932 isapnp - ok
17:08:37.0828 1932 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
17:08:37.0828 1932 JavaQuickStarterService - ok
17:08:37.0875 1932 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:08:37.0875 1932 Kbdclass - ok
17:08:37.0906 1932 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:08:37.0906 1932 kbdhid - ok
17:08:37.0937 1932 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:08:37.0937 1932 kmixer - ok
17:08:37.0968 1932 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:08:37.0968 1932 KSecDD - ok
17:08:38.0000 1932 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
17:08:38.0000 1932 LanmanServer - ok
17:08:38.0046 1932 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:08:38.0078 1932 lanmanworkstation - ok
17:08:38.0078 1932 lbrtfdc - ok
17:08:38.0109 1932 [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
17:08:38.0109 1932 LHidFilt - ok
17:08:38.0156 1932 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:08:38.0156 1932 LmHosts - ok
17:08:38.0203 1932 [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
17:08:38.0203 1932 LMouFilt - ok
17:08:38.0250 1932 [ 77030525CD86A93F1AF34FA9B96D33CE ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
17:08:38.0250 1932 LUsbFilt - ok
17:08:38.0265 1932 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
17:08:38.0281 1932 MBAMProtector - ok
17:08:38.0312 1932 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:08:38.0328 1932 MBAMService - ok
17:08:38.0359 1932 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:08:38.0359 1932 mdmxsdk - ok
17:08:38.0390 1932 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:08:38.0390 1932 Messenger - ok
17:08:38.0421 1932 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:08:38.0421 1932 mnmdd - ok
17:08:38.0453 1932 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:08:38.0453 1932 mnmsrvc - ok
17:08:38.0484 1932 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:08:38.0484 1932 Modem - ok
17:08:38.0531 1932 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:08:38.0531 1932 MODEMCSA - ok
17:08:38.0531 1932 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:08:38.0531 1932 Mouclass - ok
17:08:38.0578 1932 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:08:38.0578 1932 mouhid - ok
17:08:38.0625 1932 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:08:38.0625 1932 MountMgr - ok
17:08:38.0640 1932 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:08:38.0640 1932 MpFilter - ok
17:08:38.0703 1932 MpKsl5dedd897 - ok
17:08:38.0718 1932 mraid35x - ok
17:08:38.0734 1932 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:08:38.0734 1932 MRxDAV - ok
17:08:38.0750 1932 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:08:38.0765 1932 MRxSmb - ok
17:08:38.0796 1932 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:08:38.0796 1932 MSDTC - ok
17:08:38.0828 1932 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:08:38.0828 1932 Msfs - ok
17:08:38.0828 1932 MSIServer - ok
17:08:38.0875 1932 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:08:38.0875 1932 MSKSSRV - ok
17:08:38.0937 1932 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:08:38.0937 1932 MsMpSvc - ok
17:08:38.0953 1932 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:08:38.0953 1932 MSPCLOCK - ok
17:08:38.0968 1932 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:08:38.0968 1932 MSPQM - ok
17:08:39.0000 1932 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:08:39.0000 1932 mssmbios - ok
17:08:39.0015 1932 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:08:39.0031 1932 Mup - ok
17:08:39.0078 1932 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:08:39.0093 1932 napagent - ok
17:08:39.0093 1932 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:08:39.0109 1932 NDIS - ok
17:08:39.0156 1932 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:08:39.0156 1932 NdisTapi - ok
17:08:39.0187 1932 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:08:39.0187 1932 Ndisuio - ok
17:08:39.0218 1932 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:08:39.0218 1932 NdisWan - ok
17:08:39.0234 1932 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:08:39.0234 1932 NDProxy - ok
17:08:39.0234 1932 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:08:39.0250 1932 NetBIOS - ok
17:08:39.0281 1932 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:08:39.0281 1932 NetBT - ok
17:08:39.0312 1932 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:08:39.0312 1932 NetDDE - ok
17:08:39.0328 1932 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:08:39.0328 1932 NetDDEdsdm - ok
17:08:39.0343 1932 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:08:39.0343 1932 Netlogon - ok
17:08:39.0375 1932 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:08:39.0375 1932 Netman - ok
17:08:39.0406 1932 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:08:39.0406 1932 NetTcpPortSharing - ok
17:08:39.0421 1932 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:08:39.0437 1932 Nla - ok
17:08:39.0437 1932 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:08:39.0437 1932 Npfs - ok
17:08:39.0484 1932 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:08:39.0500 1932 Ntfs - ok
17:08:39.0515 1932 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:08:39.0515 1932 NtLmSsp - ok
17:08:39.0578 1932 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:08:39.0593 1932 NtmsSvc - ok
17:08:39.0640 1932 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:08:39.0640 1932 Null - ok
17:08:39.0687 1932 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:08:39.0687 1932 NwlnkFlt - ok
17:08:39.0687 1932 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:08:39.0687 1932 NwlnkFwd - ok
17:08:39.0734 1932 [ E1E54131462B63EFEFAF14ACA8E4012B ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
17:08:39.0734 1932 OMCI - ok
17:08:39.0734 1932 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
17:08:39.0750 1932 Parport - ok
17:08:39.0765 1932 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:08:39.0765 1932 PartMgr - ok
17:08:39.0796 1932 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:08:39.0796 1932 ParVdm - ok
17:08:39.0812 1932 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:08:39.0812 1932 PCI - ok
17:08:39.0812 1932 PCIDump - ok
17:08:39.0828 1932 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:08:39.0828 1932 PCIIde - ok
17:08:39.0828 1932 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:08:39.0828 1932 Pcmcia - ok
17:08:39.0843 1932 PDCOMP - ok
17:08:39.0843 1932 PDFRAME - ok
17:08:39.0843 1932 PDRELI - ok
17:08:39.0859 1932 PDRFRAME - ok
17:08:39.0859 1932 perc2 - ok
17:08:39.0875 1932 perc2hib - ok
17:08:39.0921 1932 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:08:39.0921 1932 PlugPlay - ok
17:08:39.0937 1932 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:08:39.0937 1932 PolicyAgent - ok
17:08:39.0953 1932 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:08:39.0953 1932 PptpMiniport - ok
17:08:39.0968 1932 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:08:39.0968 1932 ProtectedStorage - ok
17:08:39.0968 1932 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:08:39.0968 1932 PSched - ok
17:08:39.0984 1932 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:08:39.0984 1932 Ptilink - ok
17:08:39.0984 1932 ql1080 - ok
17:08:40.0000 1932 Ql10wnt - ok
17:08:40.0000 1932 ql12160 - ok
17:08:40.0015 1932 ql1240 - ok
17:08:40.0015 1932 ql1280 - ok
17:08:40.0046 1932 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:08:40.0046 1932 RasAcd - ok
17:08:40.0062 1932 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:08:40.0078 1932 RasAuto - ok
17:08:40.0093 1932 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:08:40.0093 1932 Rasl2tp - ok
17:08:40.0109 1932 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:08:40.0125 1932 RasMan - ok
17:08:40.0125 1932 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:08:40.0125 1932 RasPppoe - ok
17:08:40.0125 1932 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:08:40.0125 1932 Raspti - ok
17:08:40.0156 1932 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:08:40.0156 1932 Rdbss - ok
17:08:40.0171 1932 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:08:40.0171 1932 RDPCDD - ok
17:08:40.0187 1932 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:08:40.0187 1932 rdpdr - ok
17:08:40.0234 1932 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:08:40.0234 1932 RDPWD - ok
17:08:40.0265 1932 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:08:40.0265 1932 RDSessMgr - ok
17:08:40.0312 1932 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:08:40.0312 1932 redbook - ok
17:08:40.0343 1932 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:08:40.0343 1932 RemoteAccess - ok
17:08:40.0375 1932 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:08:40.0390 1932 RemoteRegistry - ok
17:08:40.0406 1932 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:08:40.0406 1932 RpcLocator - ok
17:08:40.0437 1932 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
17:08:40.0437 1932 RpcSs - ok
17:08:40.0484 1932 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:08:40.0484 1932 RSVP - ok
17:08:40.0500 1932 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:08:40.0500 1932 SamSs - ok
17:08:40.0531 1932 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:08:40.0531 1932 SCardSvr - ok
17:08:40.0593 1932 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:08:40.0609 1932 Schedule - ok
17:08:40.0625 1932 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:08:40.0625 1932 Secdrv - ok
17:08:40.0656 1932 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:08:40.0656 1932 seclogon - ok
17:08:40.0687 1932 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:08:40.0687 1932 SENS - ok
17:08:40.0703 1932 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
17:08:40.0703 1932 Serial - ok
17:08:40.0734 1932 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:08:40.0734 1932 Sfloppy - ok
17:08:40.0765 1932 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:08:40.0765 1932 SharedAccess - ok
17:08:40.0765 1932 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:08:40.0781 1932 ShellHWDetection - ok
17:08:40.0781 1932 Simbad - ok
17:08:40.0796 1932 Sparrow - ok
17:08:40.0812 1932 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:08:40.0812 1932 splitter - ok
17:08:40.0859 1932 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:08:40.0859 1932 Spooler - ok
17:08:40.0875 1932 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:08:40.0875 1932 sr - ok
17:08:40.0906 1932 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:08:40.0906 1932 srservice - ok
17:08:40.0937 1932 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:08:40.0937 1932 Srv - ok
17:08:40.0968 1932 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:08:40.0968 1932 SSDPSRV - ok
17:08:41.0078 1932 [ 2A2DC39623ADEF8AB3703AB9FAC4B440 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
17:08:41.0140 1932 STHDA - ok
17:08:41.0187 1932 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:08:41.0187 1932 stisvc - ok
17:08:41.0218 1932 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:08:41.0218 1932 swenum - ok
17:08:41.0234 1932 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:08:41.0234 1932 swmidi - ok
17:08:41.0234 1932 SwPrv - ok
17:08:41.0234 1932 symc810 - ok
17:08:41.0250 1932 symc8xx - ok
17:08:41.0250 1932 sym_hi - ok
17:08:41.0265 1932 sym_u3 - ok
17:08:41.0265 1932 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:08:41.0265 1932 sysaudio - ok
17:08:41.0296 1932 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:08:41.0296 1932 SysmonLog - ok
17:08:41.0343 1932 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:08:41.0343 1932 TapiSrv - ok
17:08:41.0406 1932 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:08:41.0406 1932 Tcpip - ok
17:08:41.0453 1932 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:08:41.0453 1932 TDPIPE - ok
17:08:41.0484 1932 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:08:41.0484 1932 TDTCP - ok
17:08:41.0515 1932 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:08:41.0515 1932 TermDD - ok
17:08:41.0609 1932 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:08:41.0625 1932 TermService - ok
17:08:41.0656 1932 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:08:41.0656 1932 Themes - ok
17:08:41.0703 1932 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:08:41.0703 1932 TlntSvr - ok
17:08:41.0703 1932 TosIde - ok
17:08:41.0734 1932 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:08:41.0734 1932 TrkWks - ok
17:08:41.0765 1932 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:08:41.0765 1932 Udfs - ok
17:08:41.0781 1932 ultra - ok
17:08:41.0843 1932 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:08:41.0859 1932 Update - ok
17:08:41.0906 1932 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:08:41.0906 1932 upnphost - ok
17:08:41.0937 1932 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:08:41.0937 1932 UPS - ok
17:08:41.0968 1932 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
17:08:41.0968 1932 USBAAPL - ok
17:08:42.0000 1932 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:08:42.0015 1932 usbccgp - ok
17:08:42.0046 1932 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:08:42.0046 1932 usbehci - ok
17:08:42.0078 1932 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:08:42.0078 1932 usbhub - ok
17:08:42.0093 1932 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:08:42.0093 1932 usbprint - ok
17:08:42.0125 1932 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:08:42.0125 1932 USBSTOR - ok
17:08:42.0171 1932 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:08:42.0171 1932 usbuhci - ok
17:08:42.0171 1932 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:08:42.0187 1932 VgaSave - ok
17:08:42.0187 1932 ViaIde - ok
17:08:42.0218 1932 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:08:42.0218 1932 VolSnap - ok
17:08:42.0265 1932 [ 27B3DD12A19EEC50220DF15B64913DDA ] vsdatant C:\WINDOWS\system32\vsdatant.sys
17:08:42.0265 1932 vsdatant - ok
17:08:42.0296 1932 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:08:42.0312 1932 VSS - ok
17:08:42.0375 1932 [ EF51747440486C23BD466311048BD924 ] vToolbarUpdater12.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
17:08:42.0390 1932 vToolbarUpdater12.2.0 - ok
17:08:42.0437 1932 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
17:08:42.0437 1932 W32Time - ok
17:08:42.0468 1932 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:08:42.0484 1932 Wanarp - ok
17:08:42.0546 1932 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
17:08:42.0546 1932 Wdf01000 - ok
17:08:42.0562 1932 WDICA - ok
17:08:42.0593 1932 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:08:42.0609 1932 wdmaud - ok
17:08:42.0640 1932 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:08:42.0640 1932 WebClient - ok
17:08:42.0718 1932 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:08:42.0734 1932 winachsf - ok
17:08:42.0796 1932 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:08:42.0796 1932 winmgmt - ok
17:08:42.0875 1932 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
17:08:42.0937 1932 WinRM - ok
17:08:42.0984 1932 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:08:42.0984 1932 WmdmPmSN - ok
17:08:43.0015 1932 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:08:43.0031 1932 Wmi - ok
17:08:43.0078 1932 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:08:43.0078 1932 WmiApSrv - ok
17:08:43.0265 1932 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:08:43.0296 1932 WMPNetworkSvc - ok
17:08:43.0343 1932 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:08:43.0343 1932 wscsvc - ok
17:08:43.0359 1932 WSearch - ok
17:08:43.0390 1932 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:08:43.0406 1932 wuauserv - ok
17:08:43.0437 1932 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:08:43.0437 1932 WudfPf - ok
17:08:43.0453 1932 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:08:43.0453 1932 WudfRd - ok
17:08:43.0500 1932 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:08:43.0500 1932 WudfSvc - ok
17:08:43.0546 1932 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:08:43.0546 1932 WZCSVC - ok
17:08:43.0593 1932 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:08:43.0593 1932 xmlprov - ok
17:08:43.0609 1932 ================ Scan global ===============================
17:08:43.0640 1932 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:08:43.0671 1932 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:08:43.0687 1932 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:08:43.0718 1932 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:08:43.0734 1932 [Global] - ok
17:08:43.0734 1932 ================ Scan MBR ==================================
17:08:43.0734 1932 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:08:43.0734 1932 Suspicious mbr (Forged): \Device\Harddisk0\DR0
17:08:43.0750 1932 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:08:43.0750 1932 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
17:08:43.0750 1932 ================ Scan VBR ==================================
17:08:43.0781 1932 [ 10559E1442D948432FEE2794B1DBE4C2 ] \Device\Harddisk0\DR0\Partition1
17:08:43.0781 1932 \Device\Harddisk0\DR0\Partition1 - ok
17:08:43.0781 1932 ============================================================
17:08:43.0781 1932 Scan finished
17:08:43.0781 1932 ============================================================
17:08:43.0796 5960 Detected object count: 1
17:08:43.0796 5960 Actual detected object count: 1
17:08:56.0484 5960 \Device\Harddisk0\DR0\# - copied to quarantine
17:08:56.0484 5960 \Device\Harddisk0\DR0 - copied to quarantine
17:08:56.0531 5960 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:08:56.0546 5960 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:08:56.0546 5960 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:08:56.0562 5960 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:08:56.0578 5960 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:08:56.0578 5960 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:08:56.0578 5960 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:08:56.0578 5960 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:08:56.0593 5960 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:08:56.0593 5960 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:08:56.0593 5960 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:08:56.0593 5960 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:08:56.0609 5960 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
17:08:56.0609 5960 \Device\Harddisk0\DR0 - ok
17:08:57.0781 5960 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure


ASWMBR round 2

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-31 16:56:17
-----------------------------
16:56:17.531 OS Version: Windows 5.1.2600 Service Pack 3
16:56:17.531 Number of processors: 2 586 0x404
16:56:17.531 ComputerName: WILT02 UserName: Wilt
16:56:29.937 Initialize success
16:58:52.421 AVAST engine defs: 12083101
16:58:57.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:58:57.000 Disk 0 Vendor: ST316002 8.12 Size: 152587MB BusType: 3
16:58:57.031 Disk 0 MBR read successfully
16:58:57.031 Disk 0 MBR scan
16:58:57.187 Disk 0 Windows XP default MBR code
16:58:57.187 Disk 0 MBR hidden
16:58:57.203 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
16:58:57.234 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152546 MB offset 80325
16:58:57.265 Disk 0 scanning sectors +312496380
16:58:57.421 Disk 0 scanning C:\WINDOWS\system32\drivers
16:59:09.015 Service scanning
16:59:27.421 Modules scanning
16:59:34.437 Disk 0 trace - called modules:
16:59:34.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89a104b1]<<
16:59:34.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aab2ab8]
16:59:34.453 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x895a3300]
16:59:34.453 \Driver\iastor[0x8a069f38] -> IRP_MJ_CREATE -> 0x89a104b1
16:59:35.562 AVAST engine scan C:\WINDOWS
16:59:43.546 AVAST engine scan C:\WINDOWS\system32
17:02:19.234 AVAST engine scan C:\WINDOWS\system32\drivers
17:02:29.656 AVAST engine scan C:\Documents and Settings\Wilt
17:05:45.812 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
17:06:16.765 Scan finished successfully
17:08:07.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Wilt\My Documents\logs for antivirus\MBR.dat"
17:08:07.328 The log file has been saved successfully to "C:\Documents and Settings\Wilt\My Documents\logs for antivirus\aswMBR2.txt"

#6 Dinky002

Dinky002
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 13 September 2012 - 03:55 AM

Have you had a chance to review this log yet?

I am still having redirect issues...but the sound has returned.

Everytime I am in YAHOO I go to type in something in search...my cursor takes forever to appear in the search field.

I think something is still on my system..running in the background especially when on the search engines.

It doesn't redirect per se...just something isn't right.

Thanks for any help.

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:01 AM

Posted 13 September 2012 - 04:28 AM

Sorry never received a notification regarding your reply

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#8 Dinky002

Dinky002
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 16 September 2012 - 02:26 PM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.16.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Wilt :: WILT02 [administrator]

9/16/2012 7:27:11 AM
mbam-log-2012-09-16 (07-27-11).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 461458
Time elapsed: 1 hour(s), 2 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MiniToolBox by Farbar Version: 23-07-2012
Ran by Wilt (administrator) on 16-09-2012 at 08:50:22
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Cisco Systems VPN Adapter = Local Area Connection (Disconnected)
Intel® PRO/100 VE Network Connection = Local Area Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : WILT02

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.pa.comcast.net.



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . : hsd1.pa.comcast.net.

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-12-3F-76-61-7B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.143

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 75.75.76.76

75.75.75.75

Lease Obtained. . . . . . . . . . : Sunday, September 16, 2012 8:09:55 AM

Lease Expires . . . . . . . . . . : Monday, September 17, 2012 8:09:55 AM

Server: cdns02.comcast.net
Address: 75.75.76.76

Name: google.com
Addresses: 173.194.43.33, 173.194.43.37, 173.194.43.38, 173.194.43.39
173.194.43.34, 173.194.43.46, 173.194.43.41, 173.194.43.40, 173.194.43.36
173.194.43.35, 173.194.43.32



Pinging google.com [173.194.43.37] with 32 bytes of data:



Reply from 173.194.43.37: bytes=32 time=29ms TTL=54

Reply from 173.194.43.37: bytes=32 time=32ms TTL=54



Ping statistics for 173.194.43.37:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 29ms, Maximum = 32ms, Average = 30ms

Server: cdns02.comcast.net
Address: 75.75.76.76

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=63ms TTL=50

Reply from 98.139.183.24: bytes=32 time=62ms TTL=51



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 62ms, Maximum = 63ms, Average = 62ms

Server: cdns02.comcast.net
Address: 75.75.76.76

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 12 3f 76 61 7b ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.143 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.143 192.168.1.143 20
192.168.1.0 255.255.255.0 192.168.1.143 192.168.1.143 20
192.168.1.143 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.143 192.168.1.143 20
224.0.0.0 240.0.0.0 192.168.1.143 192.168.1.143 20
255.255.255.255 255.255.255.255 192.168.1.143 192.168.1.143 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/15/2012 04:56:46 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/12/2012 06:35:30 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/02/2012 09:22:08 PM) (Source: Application Error) (User: )
Description: Faulting application SearchIndexer.exe, version 7.0.6001.16503, faulting module tquery.dll, version 7.0.6001.16503, fault address 0x00119d38.
Processing media-specific event for [SearchIndexer.exe!ws!]

Error: (08/31/2012 06:23:43 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/31/2012 06:41:02 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/31/2012 06:41:01 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/31/2012 06:41:01 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/29/2012 04:09:45 PM) (Source: ESENT) (User: )
Description: SearchIndexer (1948) Index SystemIndex_Gthr of table indexRecovery is corrupted (0).

Error: (08/29/2012 04:09:42 PM) (Source: ESENT) (User: )
Description: SearchIndexer (1948) Index SystemIndex_Gthr of table indexRecovery is corrupted (0).

Error: (08/29/2012 11:28:07 AM) (Source: ESENT) (User: )
Description: SearchIndexer (312) Index SystemIndex_Gthr of table indexRecovery is corrupted (0).


System errors:
=============
Error: (09/15/2012 08:11:48 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avgtp

Error: (09/15/2012 08:11:46 PM) (Source: Service Control Manager) (User: )
Description: The System Event Notification service hung on starting.

Error: (09/15/2012 04:58:55 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avgtp

Error: (09/15/2012 04:58:52 PM) (Source: Service Control Manager) (User: )
Description: The System Event Notification service hung on starting.

Error: (09/15/2012 09:39:22 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avgtp

Error: (09/15/2012 09:39:18 AM) (Source: Service Control Manager) (User: )
Description: The System Event Notification service hung on starting.

Error: (09/13/2012 07:16:09 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avgtp

Error: (09/13/2012 07:16:05 AM) (Source: Service Control Manager) (User: )
Description: The System Event Notification service hung on starting.

Error: (09/13/2012 06:27:46 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avgtp

Error: (09/13/2012 06:27:42 AM) (Source: Service Control Manager) (User: )
Description: The System Event Notification service hung on starting.


Microsoft Office Sessions:
=========================
Error: (09/15/2012 04:56:46 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/12/2012 06:35:30 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/02/2012 09:22:08 PM) (Source: Application Error)(User: )
Description: SearchIndexer.exe7.0.6001.16503tquery.dll7.0.6001.1650300119d38

Error: (08/31/2012 06:23:43 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/31/2012 06:41:02 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/31/2012 06:41:01 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/31/2012 06:41:01 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/29/2012 04:09:45 PM) (Source: ESENT)(User: )
Description: SearchIndexer1948SystemIndex_GthrindexRecovery0

Error: (08/29/2012 04:09:42 PM) (Source: ESENT)(User: )
Description: SearchIndexer1948SystemIndex_GthrindexRecovery0

Error: (08/29/2012 11:28:07 AM) (Source: ESENT)(User: )
Description: SearchIndexer312SystemIndex_GthrindexRecovery0


=========================== Installed Programs ============================

Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1012)
ATI Control Panel (Version: 6.14.10.5160)
ATI Display Driver (Version: 8.162-050803a2-025672C-Dell)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 90.0.146.000)
CDDRV_Installer (Version: 4.60)
Cisco Connect (Version: 1.2.10104.2)
Cisco Systems VPN Client 5.0.01.0600 (Version: 5.0.1)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant D850 56K V.9x DFVc Modem
CustomerResearchQFolder (Version: 1.00.0000)
D4200 (Version: 90.0.200.000)
D4200_Help (Version: 90.0.200.000)
Dell Resource CD (Version: 1.00.0000)
Dell ResourceCD
DeviceDiscovery (Version: 90.0.146.000)
DeviceManagementQFolder (Version: 1.00.0000)
dj_sf_ProductContext (Version: 90.0.200.000)
dj_sf_software (Version: 90.0.200.000)
Easy CD and DVD Cover Creator 4.13 (Version: 4.13)
erLT (Version: 1.20.0137)
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
Glary Utilities 2.49.0.1600 (Version: 2.49.0.1600)
HiJackThis (Version: 1.0.0)
HP Customer Participation Program 9.0 (Version: 9.0)
HP Deskjet Printer Driver Software 9.0 (Version: 9.0)
HP Imaging Device Functions 9.0 (Version: 9.0)
HP Photosmart Essential 2.01 (Version: 2.01)
HP Photosmart Essential2.01 (Version: 1.01.0000)
HP Solution Center 9.0 (Version: 9.0)
HP Update (Version: 4.000.006.002)
HPProductAssistant (Version: 90.0.146.000)
HPSSupply (Version: 2.2.0.0000)
Intel® PRO Network Connections Drivers
iTunes (Version: 10.5.1.42)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
KhalInstallWrapper (Version: 2.00.0000)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
MarketResearch (Version: 90.0.146.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office XP Small Business (Version: 10.0.6626.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mortimer Beckett and the Crimson Thief Premium Edition
Mortimer Beckett and the Lost King Collectors Edition(remove only)
Mortimer Beckett and the Time Paradox (Version: 1.0.1.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OmniForm ActiveX Control
Origin (Version: 8.3.1.9)
PanoStandAlone (Version: 90.0.146.000)
Pdf995
PSSWCORE (Version: 2.01.0000)
RollerCoaster Tycoon Deluxe (Version: 1.00.000)
School Tycoon
SigmaTel Audio (Version: 5.10.4600.0)
SolutionCenter (Version: 90.0.146.000)
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 90.0.146.000)
The Sims™ 3 (Version: 1.33.2)
The Sims™ 3 Pets (Version: 10.0.96)
Toolbox (Version: 90.0.146.000)
TrayApp (Version: 90.0.146.000)
UnloadSupport (Version: 9.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VideoToolkit01 (Version: 90.0.146.000)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 90.0.146.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
WinPatrol (Version: 20.5.2011.0)

========================= Devices: ================================

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 2046.09 MB
Available physical RAM: 890.64 MB
Total Pagefile: 3938.11 MB
Available Pagefile: 2688.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.66 MB

========================= Partitions: =====================================

2 Drive c: (OS) (Fixed) (Total:148.97 GB) (Free:80.52 GB) NTFS
9 Drive j: () (Removable) (Total:0.96 GB) (Free:0.93 GB) FAT

========================= Users: ========================================

User accounts for \\WILT02

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 test
Wilt

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

19-06-2012 07:38:39 System Checkpoint
19-06-2012 20:45:49 Software Distribution Service 3.0
20-06-2012 20:50:34 Software Distribution Service 3.0
21-06-2012 20:38:17 Software Distribution Service 3.0
22-06-2012 20:33:41 Software Distribution Service 3.0
23-06-2012 20:37:47 Software Distribution Service 3.0
24-06-2012 05:51:52 Software Distribution Service 3.0
25-06-2012 05:58:13 System Checkpoint
25-06-2012 06:00:15 Software Distribution Service 3.0
25-06-2012 20:19:07 Software Distribution Service 3.0
26-06-2012 20:23:06 Software Distribution Service 3.0
28-06-2012 02:44:27 System Checkpoint
28-06-2012 05:57:45 Software Distribution Service 3.0
29-06-2012 05:59:15 Software Distribution Service 3.0
30-06-2012 07:28:53 System Checkpoint
30-06-2012 19:49:04 Software Distribution Service 3.0
01-07-2012 05:51:36 Software Distribution Service 3.0
02-07-2012 06:00:10 Software Distribution Service 3.0
03-07-2012 06:13:38 System Checkpoint
03-07-2012 19:32:18 Software Distribution Service 3.0
04-07-2012 19:37:06 Software Distribution Service 3.0
05-07-2012 19:21:45 Software Distribution Service 3.0
06-07-2012 20:03:14 System Checkpoint
07-07-2012 16:02:55 Software Distribution Service 3.0
08-07-2012 05:36:29 Software Distribution Service 3.0
09-07-2012 05:48:22 System Checkpoint
09-07-2012 06:10:12 Software Distribution Service 3.0
10-07-2012 06:41:23 System Checkpoint
10-07-2012 15:46:57 Software Distribution Service 3.0
11-07-2012 15:51:00 Software Distribution Service 3.0
11-07-2012 18:00:23 Software Distribution Service 3.0
12-07-2012 18:20:24 System Checkpoint
12-07-2012 18:26:12 Software Distribution Service 3.0
13-07-2012 18:21:35 Software Distribution Service 3.0
14-07-2012 18:26:11 Software Distribution Service 3.0
15-07-2012 06:03:50 Software Distribution Service 3.0
16-07-2012 06:13:14 System Checkpoint
16-07-2012 17:39:42 Installed RollerCoaster Tycoon Deluxe
16-07-2012 18:04:29 Software Distribution Service 3.0
17-07-2012 19:21:14 Software Distribution Service 3.0
18-07-2012 19:16:18 Software Distribution Service 3.0
19-07-2012 19:11:26 Software Distribution Service 3.0
20-07-2012 19:07:18 Software Distribution Service 3.0
21-07-2012 19:05:04 Software Distribution Service 3.0
22-07-2012 05:30:56 Software Distribution Service 3.0
23-07-2012 06:07:21 Software Distribution Service 3.0
24-07-2012 07:12:33 System Checkpoint
24-07-2012 18:46:29 Software Distribution Service 3.0
25-07-2012 18:42:20 Software Distribution Service 3.0
26-07-2012 21:07:36 System Checkpoint
26-07-2012 23:29:28 Software Distribution Service 3.0
27-07-2012 23:25:04 Software Distribution Service 3.0
29-07-2012 00:25:27 Software Distribution Service 3.0
29-07-2012 06:05:25 Software Distribution Service 3.0
30-07-2012 07:54:23 System Checkpoint
30-07-2012 13:46:56 Software Distribution Service 3.0
31-07-2012 13:51:13 Software Distribution Service 3.0
01-08-2012 15:00:15 System Checkpoint
02-08-2012 06:06:12 Software Distribution Service 3.0
03-08-2012 06:45:01 System Checkpoint
03-08-2012 13:26:36 Software Distribution Service 3.0
04-08-2012 13:22:10 Software Distribution Service 3.0
10-08-2012 19:36:37 Software Distribution Service 3.0
12-08-2012 05:34:34 Software Distribution Service 3.0
12-08-2012 06:36:18 Software Distribution Service 3.0
13-08-2012 06:38:14 Software Distribution Service 3.0
14-08-2012 07:49:41 System Checkpoint
15-08-2012 01:15:56 Software Distribution Service 3.0
15-08-2012 18:00:16 Software Distribution Service 3.0
16-08-2012 18:25:04 Software Distribution Service 3.0
17-08-2012 18:29:02 Software Distribution Service 3.0
18-08-2012 19:55:33 System Checkpoint
19-08-2012 05:54:40 Software Distribution Service 3.0
19-08-2012 18:07:43 Software Distribution Service 3.0
20-08-2012 18:14:16 Software Distribution Service 3.0
21-08-2012 17:58:22 Software Distribution Service 3.0
22-08-2012 18:02:44 Software Distribution Service 3.0
23-08-2012 17:48:32 Software Distribution Service 3.0
27-08-2012 22:26:02 Software Distribution Service 3.0
28-08-2012 22:50:33 Software Distribution Service 3.0
29-08-2012 01:48:41 Installed AVG 2012
29-08-2012 01:49:26 Installed AVG 2012
30-08-2012 11:30:17 Software Distribution Service 3.0
31-08-2012 21:25:05 Software Distribution Service 3.0
01-09-2012 23:22:04 System Checkpoint
02-09-2012 06:27:42 Software Distribution Service 3.0
02-09-2012 19:59:02 Software Distribution Service 3.0
03-09-2012 20:03:26 Software Distribution Service 3.0
04-09-2012 21:47:43 System Checkpoint
05-09-2012 10:42:48 Software Distribution Service 3.0
06-09-2012 11:05:58 System Checkpoint
06-09-2012 19:31:35 Software Distribution Service 3.0
07-09-2012 19:27:06 Software Distribution Service 3.0
08-09-2012 19:47:00 Software Distribution Service 3.0
09-09-2012 06:30:12 Software Distribution Service 3.0
10-09-2012 07:52:43 System Checkpoint
10-09-2012 22:55:39 Software Distribution Service 3.0
11-09-2012 22:56:45 System Checkpoint
12-09-2012 10:45:49 Software Distribution Service 3.0
12-09-2012 18:00:14 Software Distribution Service 3.0
13-09-2012 11:25:43 Software Distribution Service 3.0
14-09-2012 13:13:43 System Checkpoint
15-09-2012 05:49:54 Software Distribution Service 3.0
15-09-2012 11:14:39 Software Distribution Service 3.0
16-09-2012 06:17:11 Software Distribution Service 3.0

**** End of log ****


Farbar Service Scanner Version: 06-08-2012
Ran by Wilt (administrator) on 16-09-2012 at 10:01:41
Running from "C:\Documents and Settings\Wilt\Local Settings\Temporary Internet Files\Content.IE5\RZGAB5GQ"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:01 AM

Posted 16 September 2012 - 02:46 PM

FSS log is incomplete

Adware cleaner log?

Edited by narenxp, 16 September 2012 - 02:46 PM.


#10 Dinky002

Dinky002
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 18 September 2012 - 06:57 PM

# AdwCleaner v2.002 - Logfile created 09/18/2012 at 19:53:57
# Updated 16/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Wilt - WILT02
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Wilt\Local Settings\Temporary Internet Files\Content.IE5\GTC9C0CQ\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702


*************************

AdwCleaner[S1].txt - [4611 octets] - [16/09/2012 10:02:37]
AdwCleaner[S2].txt - [686 octets] - [18/09/2012 19:53:57]

########## EOF - C:\AdwCleaner[S2].txt - [745 octets] ##########



Farbar Service Scanner Version: 06-08-2012
Ran by Wilt (administrator) on 18-09-2012 at 20:00:01
Running from "C:\Documents and Settings\Wilt\Local Settings\Temporary Internet Files\Content.IE5\5N92VCDU"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgfwfd(10) Avgtdix(11) DNE(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0B0000000500000001000000020000000300000004000000090000000A0000000B000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:01 AM

Posted 18 September 2012 - 07:02 PM

Run ASWMBR and post the new log

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#12 Dinky002

Dinky002
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 23 September 2012 - 07:11 PM

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/23/2012 08:10:43 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 09/23/2012 08:11:22 PM
Execution time: 0 hours(s), 0 minute(s), and 38 seconds(s)



"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "WinPatrol" "WinPatrol System Monitor" "BillP Studios" "c:\program files\billp studios\winpatrol\winpatrol.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "SpybotSD TeaTimer" "System settings protector" "Safer-Networking Ltd." "c:\program files\spybot - search & destroy\teatimer.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "Glary Utilities" "Context Menu Handler" "Glarysoft Ltd" "c:\program files\glary utilities\contexthandler.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "Glary Utilities" "Context Menu Handler" "Glarysoft Ltd" "c:\program files\glary utilities\contexthandler.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Spybot - Search && Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.2 r202" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "GlaryInitialize.job" "Glary Utilities Initialize" "Glarysoft Ltd" "c:\program files\glary utilities\initialize.exe"
+ "Microsoft Antimalware Scheduled Scan.job" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "msacm.voxacm160" "" "" "File not found: vct3216.acm"
+ "MSVideo" "" "" "File not found: vfwwdm32.dll"
+ "MSVideo8" "" "" "File not found: VfWWDM32.dll"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX" "" "" "File not found: DivX.dll"
+ "VIDC.DRAW" "" "" "File not found: DVIDEO.DLL"
+ "VIDC.FPS1" "" "" "File not found: frapsvid.dll"
+ "vidc.I420" "" "" "File not found: i420vfw.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "VIDC.MSUD" "" "" "File not found: msulvc05.dll"
+ "VIDC.VP40" "" "" "File not found: vp4vfw.dll"
+ "vidc.VP60" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp6vfw.dll"
+ "vidc.VP61" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp6vfw.dll"
+ "vidc.VP62" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp6vfw.dll"
+ "vidc.VP70" "" "" "File not found: vp7vfw.dll"
+ "VIDC.WMV3" "" "" "File not found: wmv9vcm.dll"
+ "vidc.X264" "" "" "File not found: x264vfw.dll"
+ "VIDC.YV12" "" "" "File not found: yv12vfw.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "HP VTK Frame Grabber Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK MPEG-1 Encoder" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK Resize Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "HP VTK Rotate Filter" "HP Video Toolkit" "Hewlett-Packard Co." "c:\program files\common files\hp\digital imaging\bin\hpqvtk01.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgrsx.exe"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "LIDIL hpzll5ha" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpzll5ha.dll"
+ "PDF995 Monitor" "" "" "c:\windows\system32\pdf995mon.dll"

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:01 AM

Posted 23 September 2012 - 09:50 PM

ASWMBR log?

#14 Dinky002

Dinky002
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 25 September 2012 - 05:41 PM

Sorry...missed that one altogether.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-25 18:26:10
-----------------------------
18:26:10.750 OS Version: Windows 5.1.2600 Service Pack 3
18:26:10.750 Number of processors: 2 586 0x404
18:26:10.750 ComputerName: WILT02 UserName: Wilt
18:26:12.296 Initialize success
18:28:56.093 AVAST engine defs: 12092501
18:31:33.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:31:33.578 Disk 0 Vendor: ST316002 8.12 Size: 152587MB BusType: 3
18:31:33.593 Disk 0 MBR read successfully
18:31:33.593 Disk 0 MBR scan
18:31:33.640 Disk 0 Windows XP default MBR code
18:31:33.640 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
18:31:33.656 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152546 MB offset 80325
18:31:33.671 Disk 0 scanning sectors +312496380
18:31:33.718 Disk 0 scanning C:\WINDOWS\system32\drivers
18:31:41.703 Service scanning
18:31:58.000 Modules scanning
18:32:03.031 Disk 0 trace - called modules:
18:32:03.046
18:32:04.109 AVAST engine scan C:\WINDOWS
18:32:12.375 AVAST engine scan C:\WINDOWS\system32
18:35:20.671 AVAST engine scan C:\WINDOWS\system32\drivers
18:35:36.375 AVAST engine scan C:\Documents and Settings\Wilt
18:40:33.828 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS
18:41:25.109 Scan finished successfully
18:42:40.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Wilt\My Documents\logs for antivirus\MBR.dat"
18:42:40.265 The log file has been saved successfully to "C:\Documents and Settings\Wilt\My Documents\logs for antivirus\aswMBR3.txt"

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:01 AM

Posted 25 September 2012 - 05:44 PM

Any current issues?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users