Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects, Amazon asking personal info, respawning malware


  • Please log in to reply
14 replies to this topic

#1 jmillerdls

jmillerdls

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 13 September 2012 - 12:29 AM

It initially started as redirects. I ran Malwarebytes (found nothing), then Hitman, which found malware. I had it deleted by Hitman and assumed everything was fine. Then I started hearing strange sounds seemingly at random. Then, my banking sites and Amazon said that it needed all this personal information to verify my account. That is when I assumed something was wrong again. So, I ran Hitman again and it found more malware. I deleted it. I ran Hitman again, it found more. It was finding 1 file every time and it had a similar, but different name. I went to where it said it was...deleted it...and watched it respawn (under a different name).

I guess I should also add that I ran RogueKiller and it said that I had ZeroAccess. I didn't make any changes with the software however as I am not familiar with the software, but maybe that can help you help me.

I'm not really sure where to go from here. Any help?

Edited by jmillerdls, 13 September 2012 - 12:34 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:42 PM

Posted 13 September 2012 - 12:38 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 13 September 2012 - 01:43 AM

00:39:34.0717 26376 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
00:39:34.0998 26376 ============================================================
00:39:34.0998 26376 Current date / time: 2012/09/13 00:39:34.0998
00:39:34.0998 26376 SystemInfo:
00:39:34.0998 26376
00:39:34.0998 26376 OS Version: 5.1.2600 ServicePack: 3.0
00:39:34.0998 26376 Product type: Workstation
00:39:34.0998 26376 ComputerName: JBOY
00:39:34.0998 26376 UserName: Jonathan
00:39:34.0998 26376 Windows directory: C:\WINDOWS
00:39:34.0998 26376 System windows directory: C:\WINDOWS
00:39:34.0998 26376 Processor architecture: Intel x86
00:39:34.0998 26376 Number of processors: 2
00:39:34.0998 26376 Page size: 0x1000
00:39:34.0998 26376 Boot type: Normal boot
00:39:34.0998 26376 ============================================================
00:39:36.0420 26376 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:39:36.0420 26376 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:39:36.0420 26376 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:39:36.0420 26376 ============================================================
00:39:36.0420 26376 \Device\Harddisk0\DR0:
00:39:36.0420 26376 MBR partitions:
00:39:36.0420 26376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
00:39:36.0420 26376 \Device\Harddisk1\DR1:
00:39:36.0420 26376 MBR partitions:
00:39:36.0420 26376 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
00:39:36.0420 26376 \Device\Harddisk2\DR2:
00:39:36.0420 26376 MBR partitions:
00:39:36.0420 26376 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
00:39:36.0420 26376 ============================================================
00:39:36.0420 26376 E: <-> \Device\Harddisk2\DR2\Partition1
00:39:36.0467 26376 C: <-> \Device\Harddisk1\DR1\Partition1
00:39:36.0529 26376 H: <-> \Device\Harddisk0\DR0\Partition1
00:39:36.0529 26376 ============================================================
00:39:36.0529 26376 Initialize success
00:39:36.0529 26376 ============================================================
00:39:53.0358 5864 ============================================================
00:39:53.0358 5864 Scan started
00:39:53.0358 5864 Mode: Manual; TDLFS;
00:39:53.0358 5864 ============================================================
00:39:53.0858 5864 ================ Scan system memory ========================
00:39:53.0858 5864 System memory - ok
00:39:53.0858 5864 ================ Scan services =============================
00:39:53.0951 5864 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
00:39:53.0951 5864 !SASCORE - ok
00:39:54.0045 5864 3021 - ok
00:39:54.0139 5864 Abiosdsk - ok
00:39:54.0139 5864 abp480n5 - ok
00:39:54.0201 5864 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:39:54.0201 5864 ACPI - ok
00:39:54.0248 5864 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
00:39:54.0248 5864 ACPIEC - ok
00:39:54.0358 5864 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:39:54.0358 5864 AdobeFlashPlayerUpdateSvc - ok
00:39:54.0358 5864 adpu160m - ok
00:39:54.0373 5864 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
00:39:54.0373 5864 aec - ok
00:39:54.0420 5864 [ 355556D9E580915118CD7EF736653A89 ] AFD C:\WINDOWS\System32\drivers\afd.sys
00:39:54.0420 5864 AFD - ok
00:39:54.0436 5864 Aha154x - ok
00:39:54.0436 5864 aic78u2 - ok
00:39:54.0436 5864 aic78xx - ok
00:39:54.0483 5864 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
00:39:54.0483 5864 Alerter - ok
00:39:54.0545 5864 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
00:39:54.0545 5864 ALG - ok
00:39:54.0545 5864 AliIde - ok
00:39:54.0623 5864 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
00:39:54.0639 5864 Ambfilt - ok
00:39:54.0639 5864 amsint - ok
00:39:54.0795 5864 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:39:54.0795 5864 Apple Mobile Device - ok
00:39:54.0795 5864 asc - ok
00:39:54.0811 5864 asc3350p - ok
00:39:54.0811 5864 asc3550 - ok
00:39:54.0936 5864 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
00:39:54.0936 5864 aspnet_state - ok
00:39:54.0983 5864 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:39:54.0983 5864 AsyncMac - ok
00:39:54.0998 5864 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
00:39:54.0998 5864 atapi - ok
00:39:55.0014 5864 Atdisk - ok
00:39:55.0014 5864 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:39:55.0014 5864 Atmarpc - ok
00:39:55.0061 5864 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
00:39:55.0061 5864 AudioSrv - ok
00:39:55.0123 5864 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
00:39:55.0123 5864 audstub - ok
00:39:55.0186 5864 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
00:39:55.0186 5864 Beep - ok
00:39:55.0233 5864 [ BE5D50529799B9BAB6BE879EC768B6CF ] BIOS C:\WINDOWS\system32\drivers\BIOS.sys
00:39:55.0233 5864 BIOS - ok
00:39:55.0311 5864 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:39:55.0311 5864 Bonjour Service - ok
00:39:55.0373 5864 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
00:39:55.0373 5864 Browser - ok
00:39:55.0404 5864 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
00:39:55.0404 5864 cbidf2k - ok
00:39:55.0404 5864 cd20xrnt - ok
00:39:55.0436 5864 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
00:39:55.0436 5864 Cdaudio - ok
00:39:55.0467 5864 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
00:39:55.0467 5864 Cdfs - ok
00:39:55.0498 5864 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:39:55.0498 5864 Cdrom - ok
00:39:55.0498 5864 Changer - ok
00:39:55.0561 5864 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
00:39:55.0561 5864 CiSvc - ok
00:39:55.0608 5864 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
00:39:55.0608 5864 ClipSrv - ok
00:39:55.0670 5864 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:39:55.0670 5864 clr_optimization_v2.0.50727_32 - ok
00:39:55.0670 5864 CmdIde - ok
00:39:55.0670 5864 COMSysApp - ok
00:39:55.0686 5864 Cpqarray - ok
00:39:55.0748 5864 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
00:39:55.0748 5864 CryptSvc - ok
00:39:55.0748 5864 dac2w2k - ok
00:39:55.0764 5864 dac960nt - ok
00:39:55.0826 5864 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
00:39:55.0826 5864 DcomLaunch - ok
00:39:55.0826 5864 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
00:39:55.0826 5864 Dhcp - ok
00:39:55.0826 5864 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
00:39:55.0842 5864 Disk - ok
00:39:55.0842 5864 dmadmin - ok
00:39:55.0873 5864 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
00:39:55.0873 5864 dmboot - ok
00:39:55.0936 5864 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
00:39:55.0936 5864 dmio - ok
00:39:55.0983 5864 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
00:39:55.0983 5864 dmload - ok
00:39:56.0045 5864 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
00:39:56.0045 5864 dmserver - ok
00:39:56.0045 5864 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
00:39:56.0061 5864 DMusic - ok
00:39:56.0108 5864 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
00:39:56.0108 5864 Dnscache - ok
00:39:56.0170 5864 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
00:39:56.0170 5864 Dot3svc - ok
00:39:56.0170 5864 dpti2o - ok
00:39:56.0186 5864 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
00:39:56.0186 5864 drmkaud - ok
00:39:56.0248 5864 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
00:39:56.0248 5864 EapHost - ok
00:39:56.0295 5864 [ FD9FC82F134B1C91004FFC76A5AE494B ] ENTECH C:\WINDOWS\system32\DRIVERS\ENTECH.sys
00:39:56.0295 5864 ENTECH - ok
00:39:56.0358 5864 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
00:39:56.0358 5864 ERSvc - ok
00:39:56.0420 5864 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
00:39:56.0420 5864 Eventlog - ok
00:39:56.0467 5864 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
00:39:56.0467 5864 EventSystem - ok
00:39:56.0529 5864 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
00:39:56.0529 5864 Fastfat - ok
00:39:56.0592 5864 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:39:56.0592 5864 FastUserSwitchingCompatibility - ok
00:39:56.0608 5864 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
00:39:56.0608 5864 Fdc - ok
00:39:56.0623 5864 [ 5FAA391F5B4CD2C38BE7CA270E13B444 ] FET5X86V C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
00:39:56.0623 5864 FET5X86V - ok
00:39:56.0670 5864 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
00:39:56.0670 5864 FETNDIS - ok
00:39:56.0670 5864 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
00:39:56.0670 5864 Fips - ok
00:39:56.0748 5864 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:39:56.0748 5864 FLEXnet Licensing Service - ok
00:39:56.0764 5864 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:39:56.0764 5864 Flpydisk - ok
00:39:56.0779 5864 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
00:39:56.0779 5864 FltMgr - ok
00:39:56.0889 5864 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:39:56.0889 5864 FontCache3.0.0.0 - ok
00:39:56.0889 5864 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:39:56.0904 5864 Fs_Rec - ok
00:39:56.0904 5864 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:39:56.0920 5864 Ftdisk - ok
00:39:56.0920 5864 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
00:39:56.0920 5864 gameenum - ok
00:39:56.0967 5864 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:39:56.0967 5864 GEARAspiWDM - ok
00:39:56.0998 5864 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
00:39:56.0998 5864 giveio - ok
00:39:57.0029 5864 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:39:57.0029 5864 Gpc - ok
00:39:57.0045 5864 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:39:57.0045 5864 HDAudBus - ok
00:39:57.0139 5864 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:39:57.0139 5864 helpsvc - ok
00:39:57.0201 5864 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
00:39:57.0201 5864 HidServ - ok
00:39:57.0248 5864 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:39:57.0248 5864 HidUsb - ok
00:39:57.0311 5864 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
00:39:57.0311 5864 hkmsvc - ok
00:39:57.0311 5864 hpn - ok
00:39:57.0420 5864 hpqcxs08 - ok
00:39:57.0483 5864 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
00:39:57.0483 5864 hpqddsvc - ok
00:39:57.0529 5864 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
00:39:57.0529 5864 HPZid412 - ok
00:39:57.0545 5864 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
00:39:57.0545 5864 HPZipr12 - ok
00:39:57.0561 5864 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
00:39:57.0561 5864 HPZius12 - ok
00:39:57.0608 5864 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
00:39:57.0608 5864 HTTP - ok
00:39:57.0670 5864 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
00:39:57.0670 5864 HTTPFilter - ok
00:39:57.0670 5864 i2omgmt - ok
00:39:57.0670 5864 i2omp - ok
00:39:57.0733 5864 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:39:57.0733 5864 i8042prt - ok
00:39:57.0795 5864 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:39:57.0795 5864 idsvc - ok
00:39:57.0842 5864 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
00:39:57.0842 5864 Imapi - ok
00:39:57.0904 5864 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
00:39:57.0904 5864 ImapiService - ok
00:39:57.0904 5864 ini910u - ok
00:39:58.0092 5864 [ 921F2452A8D3A10083DDD824FC8C267F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:39:58.0123 5864 IntcAzAudAddService - ok
00:39:58.0139 5864 IntelIde - ok
00:39:58.0170 5864 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:39:58.0170 5864 intelppm - ok
00:39:58.0217 5864 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
00:39:58.0217 5864 Ip6Fw - ok
00:39:58.0248 5864 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:39:58.0248 5864 IpFilterDriver - ok
00:39:58.0295 5864 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:39:58.0295 5864 IpInIp - ok
00:39:58.0326 5864 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:39:58.0326 5864 IpNat - ok
00:39:58.0404 5864 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:39:58.0404 5864 iPod Service - ok
00:39:58.0467 5864 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:39:58.0467 5864 IPSec - ok
00:39:58.0529 5864 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
00:39:58.0529 5864 irda - ok
00:39:58.0545 5864 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
00:39:58.0545 5864 IRENUM - ok
00:39:58.0592 5864 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
00:39:58.0592 5864 Irmon - ok
00:39:58.0592 5864 [ 0501F0B9AB08425F8C0EACBDCC04AA32 ] irsir C:\WINDOWS\system32\DRIVERS\irsir.sys
00:39:58.0592 5864 irsir - ok
00:39:58.0608 5864 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:39:58.0608 5864 isapnp - ok
00:39:58.0654 5864 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
00:39:58.0654 5864 JavaQuickStarterService - ok
00:39:58.0701 5864 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:39:58.0701 5864 Kbdclass - ok
00:39:58.0717 5864 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:39:58.0717 5864 kbdhid - ok
00:39:58.0733 5864 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
00:39:58.0733 5864 kmixer - ok
00:39:58.0764 5864 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
00:39:58.0764 5864 KSecDD - ok
00:39:58.0795 5864 [ D1968DEA7BAFF4A917858C384339CEC8 ] L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
00:39:58.0795 5864 L8042Kbd - ok
00:39:58.0811 5864 [ D6FC755FF505D99E6CC73E83492310DF ] L8042mou C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
00:39:58.0811 5864 L8042mou - ok
00:39:58.0873 5864 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
00:39:58.0873 5864 lanmanserver - ok
00:39:58.0889 5864 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:39:58.0889 5864 lanmanworkstation - ok
00:39:58.0936 5864 Lavasoft Kernexplorer - ok
00:39:58.0936 5864 lbrtfdc - ok
00:39:58.0967 5864 [ 24E0DDB99AECCF86BB37702611761459 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
00:39:58.0967 5864 LHidFilt - ok
00:39:59.0029 5864 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
00:39:59.0029 5864 LmHosts - ok
00:39:59.0045 5864 [ D58B330D318361A66A9FE60D7C9B4951 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
00:39:59.0045 5864 LMouFilt - ok
00:39:59.0045 5864 [ C149BDAD13194DF16EA33F9F601ED7BF ] LMouKE C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
00:39:59.0045 5864 LMouKE - ok
00:39:59.0092 5864 [ 144011D14BD35F4E36136AE057B1AADD ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
00:39:59.0092 5864 LUsbFilt - ok
00:39:59.0123 5864 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
00:39:59.0123 5864 Messenger - ok
00:39:59.0170 5864 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
00:39:59.0170 5864 mnmdd - ok
00:39:59.0217 5864 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
00:39:59.0217 5864 mnmsrvc - ok
00:39:59.0279 5864 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
00:39:59.0279 5864 Modem - ok
00:39:59.0342 5864 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
00:39:59.0342 5864 Monfilt - ok
00:39:59.0404 5864 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:39:59.0404 5864 Mouclass - ok
00:39:59.0404 5864 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:39:59.0404 5864 mouhid - ok
00:39:59.0420 5864 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
00:39:59.0420 5864 MountMgr - ok
00:39:59.0483 5864 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:39:59.0483 5864 MozillaMaintenance - ok
00:39:59.0483 5864 mraid35x - ok
00:39:59.0483 5864 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:39:59.0483 5864 MRxDAV - ok
00:39:59.0545 5864 [ 0DC719E9B15E902346E87E9DCD5751FA ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:39:59.0545 5864 MRxSmb - ok
00:39:59.0592 5864 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
00:39:59.0592 5864 MSDTC - ok
00:39:59.0623 5864 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
00:39:59.0623 5864 Msfs - ok
00:39:59.0623 5864 MSIServer - ok
00:39:59.0654 5864 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:39:59.0654 5864 MSKSSRV - ok
00:39:59.0654 5864 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:39:59.0670 5864 MSPCLOCK - ok
00:39:59.0670 5864 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
00:39:59.0670 5864 MSPQM - ok
00:39:59.0686 5864 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:39:59.0686 5864 mssmbios - ok
00:39:59.0717 5864 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
00:39:59.0717 5864 ms_mpu401 - ok
00:39:59.0733 5864 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
00:39:59.0733 5864 Mup - ok
00:39:59.0779 5864 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
00:39:59.0779 5864 napagent - ok
00:39:59.0826 5864 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
00:39:59.0826 5864 NDIS - ok
00:39:59.0858 5864 [ B797EE2EF919C95561DEE78B72B33E5B ] ndiscm C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
00:39:59.0858 5864 ndiscm - ok
00:39:59.0889 5864 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:39:59.0889 5864 NdisTapi - ok
00:39:59.0904 5864 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:39:59.0904 5864 Ndisuio - ok
00:39:59.0904 5864 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:39:59.0904 5864 NdisWan - ok
00:39:59.0951 5864 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
00:39:59.0967 5864 NDProxy - ok
00:40:00.0014 5864 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
00:40:00.0014 5864 Net Driver HPZ12 - ok
00:40:00.0029 5864 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
00:40:00.0029 5864 NetBIOS - ok
00:40:00.0076 5864 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
00:40:00.0076 5864 NetBT - ok
00:40:00.0139 5864 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
00:40:00.0139 5864 NetDDE - ok
00:40:00.0139 5864 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
00:40:00.0139 5864 NetDDEdsdm - ok
00:40:00.0186 5864 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
00:40:00.0201 5864 Netlogon - ok
00:40:00.0201 5864 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
00:40:00.0201 5864 Netman - ok
00:40:00.0233 5864 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:40:00.0233 5864 NetTcpPortSharing - ok
00:40:00.0264 5864 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
00:40:00.0264 5864 Nla - ok
00:40:00.0279 5864 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
00:40:00.0279 5864 Npfs - ok
00:40:00.0342 5864 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
00:40:00.0342 5864 Ntfs - ok
00:40:00.0342 5864 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
00:40:00.0342 5864 NtLmSsp - ok
00:40:00.0420 5864 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
00:40:00.0420 5864 NtmsSvc - ok
00:40:00.0451 5864 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
00:40:00.0451 5864 Null - ok
00:40:00.0779 5864 [ 062C16F3364C7706713282163586988E ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:40:00.0842 5864 nv - ok
00:40:00.0889 5864 [ 8EB410A64C86D51007687EE00BC2F912 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
00:40:00.0889 5864 NVHDA - ok
00:40:00.0951 5864 [ B2F5AC506C9B1103827B62BA18A2C514 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
00:40:00.0951 5864 NVSvc - ok
00:40:01.0014 5864 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:40:01.0014 5864 NwlnkFlt - ok
00:40:01.0014 5864 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:40:01.0014 5864 NwlnkFwd - ok
00:40:01.0139 5864 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:40:01.0154 5864 odserv - ok
00:40:01.0186 5864 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:40:01.0186 5864 ose - ok
00:40:01.0217 5864 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
00:40:01.0217 5864 Parport - ok
00:40:01.0264 5864 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
00:40:01.0264 5864 PartMgr - ok
00:40:01.0326 5864 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
00:40:01.0326 5864 ParVdm - ok
00:40:01.0326 5864 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
00:40:01.0326 5864 PCI - ok
00:40:01.0326 5864 PCIDump - ok
00:40:01.0358 5864 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
00:40:01.0358 5864 PCIIde - ok
00:40:01.0404 5864 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
00:40:01.0404 5864 Pcmcia - ok
00:40:01.0436 5864 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
00:40:01.0436 5864 pcouffin - ok
00:40:01.0436 5864 PDCOMP - ok
00:40:01.0436 5864 PDFRAME - ok
00:40:01.0436 5864 PDRELI - ok
00:40:01.0436 5864 PDRFRAME - ok
00:40:01.0451 5864 perc2 - ok
00:40:01.0451 5864 perc2hib - ok
00:40:01.0467 5864 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
00:40:01.0467 5864 PlugPlay - ok
00:40:01.0514 5864 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
00:40:01.0514 5864 Pml Driver HPZ12 - ok
00:40:01.0576 5864 [ 2E3394C8EBF31A9B4F0A531EB5CC7BC7 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
00:40:01.0576 5864 Point32 - ok
00:40:01.0576 5864 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
00:40:01.0576 5864 PolicyAgent - ok
00:40:01.0639 5864 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:40:01.0639 5864 PptpMiniport - ok
00:40:01.0639 5864 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:40:01.0639 5864 ProtectedStorage - ok
00:40:01.0639 5864 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
00:40:01.0639 5864 PSched - ok
00:40:01.0639 5864 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:40:01.0639 5864 Ptilink - ok
00:40:01.0654 5864 ql1080 - ok
00:40:01.0654 5864 Ql10wnt - ok
00:40:01.0654 5864 ql12160 - ok
00:40:01.0654 5864 ql1240 - ok
00:40:01.0654 5864 ql1280 - ok
00:40:01.0701 5864 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:40:01.0701 5864 RasAcd - ok
00:40:01.0748 5864 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
00:40:01.0748 5864 RasAuto - ok
00:40:01.0795 5864 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
00:40:01.0795 5864 Rasirda - ok
00:40:01.0795 5864 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:40:01.0795 5864 Rasl2tp - ok
00:40:01.0858 5864 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
00:40:01.0858 5864 RasMan - ok
00:40:01.0858 5864 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:40:01.0858 5864 RasPppoe - ok
00:40:01.0858 5864 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
00:40:01.0858 5864 Raspti - ok
00:40:01.0873 5864 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:40:01.0889 5864 Rdbss - ok
00:40:01.0889 5864 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:40:01.0889 5864 RDPCDD - ok
00:40:01.0951 5864 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:40:01.0951 5864 rdpdr - ok
00:40:01.0967 5864 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
00:40:01.0967 5864 RDPWD - ok
00:40:02.0014 5864 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
00:40:02.0029 5864 RDSessMgr - ok
00:40:02.0076 5864 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
00:40:02.0076 5864 redbook - ok
00:40:02.0108 5864 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
00:40:02.0108 5864 RemoteAccess - ok
00:40:02.0108 5864 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
00:40:02.0108 5864 RpcLocator - ok
00:40:02.0139 5864 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
00:40:02.0154 5864 RpcSs - ok
00:40:02.0170 5864 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
00:40:02.0170 5864 RSVP - ok
00:40:02.0217 5864 [ 6164F7CFF5BD381FDA94BADC417832C6 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
00:40:02.0217 5864 RTL8023xp - ok
00:40:02.0264 5864 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
00:40:02.0264 5864 rtl8139 - ok
00:40:02.0311 5864 [ 839141088AD7EE90F5B441B2D1AFD22C ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
00:40:02.0311 5864 RTLE8023xp - ok
00:40:02.0326 5864 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
00:40:02.0326 5864 SamSs - ok
00:40:02.0373 5864 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:40:02.0373 5864 SASDIFSV - ok
00:40:02.0389 5864 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:40:02.0389 5864 SASKUTIL - ok
00:40:02.0389 5864 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
00:40:02.0389 5864 SCardSvr - ok
00:40:02.0436 5864 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
00:40:02.0436 5864 Schedule - ok
00:40:02.0467 5864 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:40:02.0467 5864 Secdrv - ok
00:40:02.0514 5864 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
00:40:02.0514 5864 seclogon - ok
00:40:02.0514 5864 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
00:40:02.0514 5864 SENS - ok
00:40:02.0514 5864 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
00:40:02.0514 5864 serenum - ok
00:40:02.0529 5864 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
00:40:02.0529 5864 Serial - ok
00:40:02.0592 5864 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
00:40:02.0592 5864 Sfloppy - ok
00:40:02.0608 5864 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:40:02.0608 5864 ShellHWDetection - ok
00:40:02.0608 5864 Simbad - ok
00:40:02.0608 5864 Sparrow - ok
00:40:02.0654 5864 [ 5D6401DB90EC81B71F8E2C5C8F0FEF23 ] speedfan C:\WINDOWS\system32\speedfan.sys
00:40:02.0654 5864 speedfan - ok
00:40:02.0717 5864 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
00:40:02.0717 5864 splitter - ok
00:40:02.0779 5864 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
00:40:02.0779 5864 Spooler - ok
00:40:02.0811 5864 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
00:40:02.0811 5864 sr - ok
00:40:02.0842 5864 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
00:40:02.0842 5864 srservice - ok
00:40:02.0904 5864 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
00:40:02.0904 5864 Srv - ok
00:40:02.0920 5864 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
00:40:02.0920 5864 SSDPSRV - ok
00:40:02.0951 5864 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
00:40:02.0951 5864 stisvc - ok
00:40:02.0951 5864 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
00:40:02.0951 5864 swenum - ok
00:40:02.0967 5864 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
00:40:02.0967 5864 swmidi - ok
00:40:02.0967 5864 SwPrv - ok
00:40:02.0983 5864 symc810 - ok
00:40:02.0983 5864 symc8xx - ok
00:40:02.0983 5864 sym_hi - ok
00:40:02.0983 5864 sym_u3 - ok
00:40:03.0045 5864 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
00:40:03.0045 5864 sysaudio - ok
00:40:03.0061 5864 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
00:40:03.0061 5864 SysmonLog - ok
00:40:03.0108 5864 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
00:40:03.0108 5864 TapiSrv - ok
00:40:03.0139 5864 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:40:03.0139 5864 Tcpip - ok
00:40:03.0201 5864 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
00:40:03.0201 5864 TDPIPE - ok
00:40:03.0217 5864 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
00:40:03.0217 5864 TDTCP - ok
00:40:03.0217 5864 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
00:40:03.0217 5864 TermDD - ok
00:40:03.0279 5864 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
00:40:03.0279 5864 TermService - ok
00:40:03.0295 5864 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
00:40:03.0295 5864 Themes - ok
00:40:03.0295 5864 TosIde - ok
00:40:03.0358 5864 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
00:40:03.0358 5864 TrkWks - ok
00:40:03.0404 5864 [ 0D630405311E1AE574BC2EC6681E485E ] TuneUp.Defrag C:\WINDOWS\System32\TuneUpDefragService.exe
00:40:03.0404 5864 TuneUp.Defrag - ok
00:40:03.0420 5864 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
00:40:03.0420 5864 uagp35 - ok
00:40:03.0483 5864 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
00:40:03.0483 5864 Udfs - ok
00:40:03.0483 5864 ultra - ok
00:40:03.0529 5864 [ 26401A2C5E5466857077EADAAEC7CDD0 ] UltraMonMirror C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
00:40:03.0529 5864 UltraMonMirror - ok
00:40:03.0592 5864 [ 6FC85B4505EEFBFDFC817787E4B3E26F ] UltraMonUtility C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
00:40:03.0592 5864 UltraMonUtility - ok
00:40:03.0639 5864 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
00:40:03.0639 5864 UMWdf - ok
00:40:03.0701 5864 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
00:40:03.0701 5864 Update - ok
00:40:03.0717 5864 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
00:40:03.0717 5864 upnphost - ok
00:40:03.0779 5864 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
00:40:03.0779 5864 UPS - ok
00:40:03.0826 5864 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
00:40:03.0826 5864 USBAAPL - ok
00:40:03.0873 5864 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:40:03.0873 5864 usbccgp - ok
00:40:03.0889 5864 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:40:03.0889 5864 usbehci - ok
00:40:03.0936 5864 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:40:03.0936 5864 usbhub - ok
00:40:03.0998 5864 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:40:03.0998 5864 usbprint - ok
00:40:04.0029 5864 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:40:04.0029 5864 usbscan - ok
00:40:04.0092 5864 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:40:04.0092 5864 USBSTOR - ok
00:40:04.0108 5864 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:40:04.0108 5864 usbuhci - ok
00:40:04.0170 5864 [ 838C97B3D28BFEBDD11D12ADFE957004 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
00:40:04.0170 5864 UxTuneUp - ok
00:40:04.0186 5864 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
00:40:04.0186 5864 VgaSave - ok
00:40:04.0217 5864 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
00:40:04.0217 5864 ViaIde - ok
00:40:04.0248 5864 [ F95C0FCFBCBDA6D8F202D2DF4052F88D ] videX32 C:\WINDOWS\system32\DRIVERS\videX32.sys
00:40:04.0248 5864 videX32 - ok
00:40:04.0248 5864 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
00:40:04.0248 5864 VolSnap - ok
00:40:04.0295 5864 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
00:40:04.0295 5864 VSS - ok
00:40:04.0342 5864 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
00:40:04.0342 5864 W32Time - ok
00:40:04.0342 5864 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:40:04.0342 5864 Wanarp - ok
00:40:04.0404 5864 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
00:40:04.0404 5864 Wdf01000 - ok
00:40:04.0404 5864 WDICA - ok
00:40:04.0467 5864 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
00:40:04.0467 5864 wdmaud - ok
00:40:04.0529 5864 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
00:40:04.0529 5864 WebClient - ok
00:40:04.0623 5864 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
00:40:04.0623 5864 winmgmt - ok
00:40:04.0686 5864 [ 38932C4649F8BAAD6CE1000AC6503D5B ] WmBEnum C:\WINDOWS\system32\drivers\WmBEnum.sys
00:40:04.0686 5864 WmBEnum - ok
00:40:04.0717 5864 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
00:40:04.0717 5864 WmdmPmSN - ok
00:40:04.0748 5864 [ 58B3ADAB903FA1A78C86E6A42B80FE76 ] WmFilter C:\WINDOWS\system32\drivers\WmFilter.sys
00:40:04.0748 5864 WmFilter - ok
00:40:04.0795 5864 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:40:04.0795 5864 WmiApSrv - ok
00:40:04.0811 5864 [ E45F01F4014D7AB13B8A0C41EBF48A3D ] WmVirHid C:\WINDOWS\system32\drivers\WmVirHid.sys
00:40:04.0811 5864 WmVirHid - ok
00:40:04.0811 5864 [ 0398265DD65AAE2ECE180FA9D1E7B5BB ] WmXlCore C:\WINDOWS\system32\drivers\WmXlCore.sys
00:40:04.0811 5864 WmXlCore - ok
00:40:04.0842 5864 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
00:40:04.0842 5864 WZCSVC - ok
00:40:04.0873 5864 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
00:40:04.0873 5864 xmlprov - ok
00:40:04.0889 5864 [ 154FE6A5A608CD725266877901E883C2 ] ZD1211BU(SMC) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
00:40:04.0889 5864 ZD1211BU(SMC) - ok
00:40:04.0904 5864 ================ Scan global ===============================
00:40:04.0936 5864 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
00:40:04.0998 5864 [ EC0A223C4854E98A3AFB2C31B7B420A0 ] C:\WINDOWS\system32\winsrv.dll
00:40:04.0998 5864 [ EC0A223C4854E98A3AFB2C31B7B420A0 ] C:\WINDOWS\system32\winsrv.dll
00:40:04.0998 5864 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
00:40:05.0014 5864 [Global] - ok
00:40:05.0014 5864 ================ Scan MBR ==================================
00:40:05.0404 5864 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
00:40:05.0686 5864 \Device\Harddisk0\DR0 - ok
00:40:05.0701 5864 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
00:40:05.0951 5864 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
00:40:05.0951 5864 \Device\Harddisk1\DR1 - detected TDSS File System (1)
00:40:05.0951 5864 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
00:40:06.0529 5864 \Device\Harddisk2\DR2 - ok
00:40:06.0529 5864 ================ Scan VBR ==================================
00:40:06.0529 5864 [ 54A7F129765D2BDE74406488647F0DF4 ] \Device\Harddisk0\DR0\Partition1
00:40:06.0529 5864 \Device\Harddisk0\DR0\Partition1 - ok
00:40:06.0529 5864 [ 0B4A1C3620D1FEEF69BF7683FB03FFCF ] \Device\Harddisk1\DR1\Partition1
00:40:06.0529 5864 \Device\Harddisk1\DR1\Partition1 - ok
00:40:06.0529 5864 [ AC966C1B164FF35A3E2ED8FEC301D6AA ] \Device\Harddisk2\DR2\Partition1
00:40:06.0529 5864 \Device\Harddisk2\DR2\Partition1 - ok
00:40:06.0529 5864 ============================================================
00:40:06.0529 5864 Scan finished
00:40:06.0529 5864 ============================================================
00:40:06.0545 38500 Detected object count: 1
00:40:06.0545 38500 Actual detected object count: 1




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-13 00:49:49
-----------------------------
00:49:49.548 OS Version: Windows 5.1.2600 Service Pack 3
00:49:49.548 Number of processors: 2 586 0x1706
00:49:49.548 ComputerName: JBOY UserName:
00:49:50.517 Initialize success
00:50:12.751 AVAST engine defs: 12091201
00:50:14.595 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
00:50:14.595 Disk 0 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
00:50:14.611 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-18
00:50:14.611 Disk 1 Vendor: WDC_WD1600AAJS-00B4A0 01.03A01 Size: 152627MB BusType: 3
00:50:14.611 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-20
00:50:14.611 Disk 2 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
00:50:14.658 Disk 1 MBR read successfully
00:50:14.658 Disk 1 MBR scan
00:50:14.798 Disk 1 Windows XP default MBR code
00:50:14.829 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
00:50:14.861 Disk 1 scanning sectors +312560640
00:50:15.095 Disk 1 scanning C:\WINDOWS\system32\drivers
00:51:04.283 Service scanning
00:51:29.173 Modules scanning
00:51:38.173 Disk 1 trace - called modules:
00:51:38.189 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
00:51:38.204 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8b298ab8]
00:51:38.204 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000073[0x8b27b9e8]
00:51:38.204 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-18[0x8b2c8940]
00:51:39.486 AVAST engine scan C:\WINDOWS
00:51:48.111 AVAST engine scan C:\WINDOWS\system32
00:52:21.298 File: C:\WINDOWS\system32\iDbvGTT.exe **INFECTED** Win32:Trojan-gen
00:54:04.533 AVAST engine scan C:\WINDOWS\system32\drivers
00:54:23.033 AVAST engine scan C:\Documents and Settings\Jonathan
01:03:44.876 AVAST engine scan C:\Documents and Settings\All Users
01:04:58.126 Scan finished successfully
01:05:27.564 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Jonathan\Desktop\MBR.dat"
01:05:27.564 The log file has been saved successfully to "C:\Documents and Settings\Jonathan\Desktop\aswMBR.txt"





C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFakeAlertttam2.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo1.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo1.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo3.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPalevo5.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\Jonathan\Application Data\nlolal.dll a variant of Win32/Medfos.DH trojan
C:\Documents and Settings\Jonathan\Desktop\RK_Quarantine\nlolal.dll.vir a variant of Win32/Medfos.DH trojan
C:\Documents and Settings\Jonathan\Local Settings\Application Data\{27A6247D-F87F-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\TDSSKiller_Quarantine\07.09.2012_10.00.05\rtkt0000\svc0000\tsk0000.dta Win32/Simda.M.Gen trojan
C:\TDSSKiller_Quarantine\21.02.2012_18.45.07\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\21.02.2012_18.48.29\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\31.01.2012_19.31.09\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\31.01.2012_19.31.09\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\31.01.2012_19.31.09\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYG trojan
C:\TDSSKiller_Quarantine\31.01.2012_19.31.09\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AC trojan
C:\TDSSKiller_Quarantine\31.01.2012_19.31.09\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\31.01.2012_19.31.09\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan
C:\WINDOWS\system32\iDbvGTT.exe a variant of Win32/Kryptik.ALMV trojan
Operating memory multiple threats



I think I changed the settings so nothing got removed/deleted despite it finding many issues.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:42 PM

Posted 13 September 2012 - 01:47 AM

I think I changed the settings so nothing got removed/deleted despite it finding many issues.


Remove them

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.



Download

adware cleaner

Launch it click on Delete

post the generated log

#5 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 13 September 2012 - 01:57 AM

wait...remove them with the original scanners, and then do these? Or remove whatever these scans find (I know malwarebytes won't find them).

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:42 PM

Posted 13 September 2012 - 02:00 AM

Remove it with ESET online scanner and move on to other scans.

#7 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 13 September 2012 - 04:19 AM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Jonathan (administrator) on 13-09-2012 at 04:10:52
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 61798
"network.proxy.no_proxies_on", ""
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168D(P)/8111D(P) PCI-E Gigabit Ethernet NIC = Local Area Connection 6 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 6"

set address name="Local Area Connection 6" source=static addr=192.168.1.11 mask=255.255.255.0
set address name="Local Area Connection 6" gateway=192.168.1.1 gwmetric=0
set dns name="Local Area Connection 6" source=static addr=68.105.28.11 register=PRIMARY
add dns name="Local Area Connection 6" addr=68.105.29.11 index=2
set wins name="Local Area Connection 6" source=static addr=none


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : JBOY

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 6:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8168D(P)/8111D(P) PCI-E Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-30-67-4E-F2-C8

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.11

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.105.28.11

68.105.29.11

Server: cdns1.cox.net
Address: 68.105.28.11

Name: google.com
Addresses: 74.125.227.128, 74.125.227.129, 74.125.227.130, 74.125.227.131
74.125.227.132, 74.125.227.133, 74.125.227.134, 74.125.227.135, 74.125.227.136
74.125.227.137, 74.125.227.142



Pinging google.com [74.125.227.40] with 32 bytes of data:



Reply from 74.125.227.40: bytes=32 time=29ms TTL=54

Reply from 74.125.227.40: bytes=32 time=41ms TTL=54



Ping statistics for 74.125.227.40:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 29ms, Maximum = 41ms, Average = 35ms

Server: cdns1.cox.net
Address: 68.105.28.11

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=725ms TTL=52

Reply from 72.30.38.140: bytes=32 time=598ms TTL=52



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 598ms, Maximum = 725ms, Average = 661ms

Server: cdns1.cox.net
Address: 68.105.28.11

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 30 67 4e f2 c8 ...... Realtek RTL8168D(P)/8111D(P) PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.11 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.11 192.168.1.11 20
192.168.1.0 255.255.255.0 192.168.1.11 192.168.1.11 20
192.168.1.11 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.11 192.168.1.11 20
224.0.0.0 240.0.0.0 192.168.1.11 192.168.1.11 20
255.255.255.255 255.255.255.255 192.168.1.11 192.168.1.11 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (09/13/2012 02:26:00 AM) (Source: DCOM) (User: JBOY)
Description: The server {4FB6BB00-3347-11D0-B40A-00AA005FF586} did not register with DCOM within the required timeout.

Error: (09/13/2012 02:21:27 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE} did not register with DCOM within the required timeout.

Error: (09/13/2012 02:20:57 AM) (Source: Service Control Manager) (User: )
Description: The hpqcxs08 service terminated with the following error:
%%126

Error: (09/13/2012 02:20:57 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE} did not register with DCOM within the required timeout.

Error: (09/13/2012 02:20:33 AM) (Source: Service Control Manager) (User: )
Description: The hpqcxs08 service terminated with the following error:
%%126

Error: (09/13/2012 02:20:33 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (09/13/2012 02:20:33 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/13/2012 02:20:33 AM) (Source: Service Control Manager) (User: )
Description: The 3021 service failed to start due to the following error:
%%2

Error: (09/13/2012 02:20:33 AM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (09/13/2012 02:17:05 AM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

µTorrent (Version: 1.8.1)
2007 Microsoft Office Suite Service Pack 3 (SP3)
32 Bit HP CIO Components Installer (Version: 2.1.5)
A Note 4.2.3
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AIO_Scan (Version: 90.0.222.000)
All To PDF (Version: 5.0.0.0)
allSnap version 1.33.2 (Version: 1.33)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Astral Masters
Atomic Alarm Clock 5.61
Audacity 1.2.6
AutoHotkey 1.0.47.06 (Version: 1.0.47.06)
Bejeweled 2 Deluxe 1.0
Bejeweled 3 (Version: 1.0)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 100.0.170.000)
CBR Reader
CCleaner (Version: 2.33)
Combined Community Codec Pack 2008-09-21 16:18 (Version: 2008.09.21.0)
ConvertXtoDVD 4.0.9.322 (Version: 4.0.9.322)
Copy (Version: 100.0.170.000)
CueCard (remove only)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 110.0.180.000)
DeviceManagementQFolder (Version: 1.00.0000)
DJ_AIO_03_F4200_ProductContext (Version: 100.0.215.000)
DJ_AIO_03_F4200_Software (Version: 100.0.206.000)
DJ_AIO_03_F4200_Software_Min (Version: 100.0.213.000)
DJ_AIO_Software_min (Version: 90.0.222.000)
Driver Sweeper 2.1.0
Dynex DX-E102 PCI 10/100Mb Network Adapter (Version: 1.00.0000)
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
F4200 (Version: 100.0.206.000)
F4200_Help (Version: 100.0.206.000)
FastStone Capture 5.3 (Version: 5.3)
ffdshow [rev 2033] [2008-07-05] (Version: 1.0)
Foxit Reader
GOM Player (Version: 2.1.43.5119)
GOMTV Streamer (Version: 1.0.0.25)
GPBaseService (Version: 100.0.187.000)
GPBaseService2 (Version: 130.0.371.000)
Hero Poker (Version: 5.0)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Solution Center 13.0 (Version: 13.0)
HPProductAssistant (Version: 130.0.371.000)
IconPackager
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
JDownloader (Version: 0.89)
K8100 (Version: 1.00.0000)
Logitech Gaming Software 5.02 (Version: 5.02.116)
Magic ISO Maker v5.5 (build 0272)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Mathematica Extras 8.0 (2609412) (Version: 8.0.4)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliPoint 7.1 (Version: 7.10.344.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office IME (Chinese (Simplified)) 2007 (Version: 12.0.4518.1014)
Microsoft Office IME (Chinese (Traditional)) 2007 (Version: 12.0.4518.1014)
Microsoft Office IME (Japanese) 2007 (Version: 12.0.4518.1014)
Microsoft Office IME (Korean) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Arabic) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Basque) 2007 (Version: 12.0.4518.1070)
Microsoft Office Proof (Bulgarian) 2007 (Version: 12.0.4518.1042)
Microsoft Office Proof (Catalan) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Chinese (Simplified)) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Chinese (Traditional)) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Croatian) 2007 (Version: 12.0.4518.1039)
Microsoft Office Proof (Czech) 2007 (Version: 12.0.4518.1025)
Microsoft Office Proof (Danish) 2007 (Version: 12.0.4518.1021)
Microsoft Office Proof (Dutch) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Estonian) 2007 (Version: 12.0.4518.1042)
Microsoft Office Proof (Finnish) 2007 (Version: 12.0.4518.1017)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Galician) 2007 (Version: 12.0.4518.1070)
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Greek) 2007 (Version: 12.0.4518.1029)
Microsoft Office Proof (Gujarati) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Hebrew) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Hindi) 2007 (Version: 12.0.4518.1017)
Microsoft Office Proof (Hungarian) 2007 (Version: 12.0.4518.1029)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Japanese) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Kannada) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Korean) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Latvian) 2007 (Version: 12.0.4518.1045)
Microsoft Office Proof (Lithuanian) 2007 (Version: 12.0.4518.1048)
Microsoft Office Proof (Marathi) 2007 (Version: 12.0.4518.1017)
Microsoft Office Proof (Norwegian (Bokmål)) 2007 (Version: 12.0.4518.1022)
Microsoft Office Proof (Norwegian (Nynorsk)) 2007 (Version: 12.0.4518.1022)
Microsoft Office Proof (Polish) 2007 (Version: 12.0.4518.1020)
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Portuguese (Portugal)) 2007 (Version: 12.0.4518.1029)
Microsoft Office Proof (Punjabi) 2007 (Version: 12.0.4518.1017)
Microsoft Office Proof (Romanian) 2007 (Version: 12.0.4518.1039)
Microsoft Office Proof (Russian) 2007 (Version: 12.0.4518.1024)
Microsoft Office Proof (Serbian (Latin)) 2007 (Version: 12.0.4518.1041)
Microsoft Office Proof (Slovak) 2007 (Version: 12.0.4518.1025)
Microsoft Office Proof (Slovenian) 2007 (Version: 12.0.4518.1039)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Swedish) 2007 (Version: 12.0.4518.1018)
Microsoft Office Proof (Tamil) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Telugu) 2007 (Version: 12.0.4518.1017)
Microsoft Office Proof (Thai) 2007 (Version: 12.0.4518.1017)
Microsoft Office Proof (Turkish) 2007 (Version: 12.0.4518.1027)
Microsoft Office Proof (Ukrainian) 2007 (Version: 12.0.4518.1022)
Microsoft Office Proof (Urdu) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Kit 2007 (Version: 12.0.4518.1070)
Microsoft Office Proofing Tools Kit 2007 (Version: 12.0.4518.1070)
Microsoft Office ProofMUI (English) 2007 (Version: 12.0.4518.1070)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Moffsoft FreeCalc (Version: 1.1)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
MultiRes (remove only)
Nero 7 Demo (Version: 7.00.7520)
NVIDIA Control Panel 296.10 (Version: 296.10)
NVIDIA Display Control Panel (Version: 6.14.11.9745)
NVIDIA Graphics Driver 296.10 (Version: 296.10)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA nView 136.18 (Version: 136.18)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
OpenAL
Pando Media Booster (Version: 2.3.3.0)
Plants vs. ZombiesJust For Fun Games
Platform (Version: 1.22)
QuickTime (Version: 7.72.80.56)
RBTray 3.3 (Version: 3.3)
Real Alternative 1.9.0 (Version: 1.9.0)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.20.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.6299)
RedMon - Redirection Port Monitor
Ruler Bars
Scan (Version: 11.0.0.0)
SolutionCenter (Version: 130.0.373.000)
SopCast 3.0.3 (Version: 3.0.3)
SpeedFan (remove only)
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 110.0.180.000)
SUPERAntiSpyware (Version: 5.0.1142)
System Requirements Lab (Version: 4.1.14.0)
Toolbox (Version: 110.0.180.000)
TrayApp (Version: 110.0.180.000)
TuneUp Utilities 2008 (Version: 7.0.8007)
UltraMon (Version: 3.0.2)
UnloadSupport (Version: 10.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VIA Platform Device Manager (Version: 1.22)
VIA Rhine-Family Fast-Ethernet Adapter
VLC media player 1.1.7 (Version: 1.1.7)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 100.0.170.000)
Winamp (Version: 5.601 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Media Format Runtime
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Wolfram CDF Player (M-WIN-D 8.0.4 2609533) (Version: 8.0.4)
XLSTAT 2012 (Version: 14.1.01)
XML Paper Specification Shared Components Pack 1.0
Zuma Deluxe RA
Zumas Revenge! - Adventure
Zune Desktop Theme (Version: 1.0.5341.0)

========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 3071.11 MB
Available physical RAM: 2315.47 MB
Total Pagefile: 4957.28 MB
Available Pagefile: 4371.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.81 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:149.04 GB) (Free:41.98 GB) NTFS
4 Drive e: (WD1) (Fixed) (Total:1863.01 GB) (Free:5.31 GB) NTFS
5 Drive h: (WD2) (Fixed) (Total:1863.01 GB) (Free:29.48 GB) NTFS

========================= Users: ========================================

User accounts for \\JBOY

Administrator Guest HelpAssistant
Jonathan postgres SUPPORT_388945a0


**** End of log ****




Farbar Service Scanner Version: 06-08-2012
Ran by Jonathan (administrator) on 13-09-2012 at 04:12:46
Running from "C:\Documents and Settings\Jonathan\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(4) IPSec(6) irda(3) NetBT(7) PSched(8) Tcpip(5)
0x080000000600000001000000020000000300000004000000050000000700000008000000
IpSec Tag value is correct.

**** End of log ****




# AdwCleaner v2.001 - Logfile created 09/13/2012 at 04:13:57
# Updated 09/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jonathan - JBOY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jonathan\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Zugo
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\nlz161hz.default\prefs.js

C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\nlz161hz.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1564 octets] - [13/09/2012 04:13:57]

########## EOF - C:\AdwCleaner[S1].txt - [1624 octets] ##########




There was one file ESET didn't remove, it was in the memory apparently.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:42 PM

Posted 13 September 2012 - 04:29 AM

Malwarebytes log?

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Post the new FSS log


download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#9 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 13 September 2012 - 04:41 AM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.13.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Jonathan :: JBOY [administrator]

9/13/2012 3:37:00 AM
mbam-log-2012-09-13 (03-37-00).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 314358
Time elapsed: 33 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Farbar Service Scanner Version: 06-08-2012
Ran by Jonathan (administrator) on 13-09-2012 at 04:36:01
Running from "C:\Documents and Settings\Jonathan\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-03 23:14] - [2011-02-16 08:22] - 0138496 ____A (Microsoft Corporation)

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(4) IPSec(6) irda(3) NetBT(7) PSched(8) Tcpip(5)
0x080000000600000001000000020000000300000004000000050000000700000008000000
IpSec Tag value is correct.

**** End of log ****




Rkill 2.3.14 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/13/2012 04:37:49 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001

Checking Windows Service Integrity:

* System Restore Service (srservice) is not Running.
Startup Type set to: Automatic

* System Restore Filter Driver (sr) is not Running.
Startup Type set to: Disabled

* AppMgmt [Missing ServiceDLL Value]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/13/2012 04:38:31 AM
Execution time: 0 hours(s), 0 minute(s), and 42 seconds(s)




"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "IME JPN 2007 Migration" "Microsoft Office IME 2007" "Microsoft Corporation" "c:\program files\common files\microsoft shared\ime12\imejp\imjpklmg.exe"
+ "IntelliPoint" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "Korean IME Migration" "Microsoft Korean IME" "Microsoft Corporation" "c:\program files\common files\microsoft shared\ime12\imekr\imkrmig.exe"
+ "Microsoft Pinyin IME Migration" "Microsoft Pinyin IME 2007" "Microsoft Corporation" "c:\program files\common files\microsoft shared\ime12\imesc\imscmig.exe"
+ "nlolal" "" "" "File not found: C:\Documents and Settings\Jonathan\Application Data\nlolal.dll"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "c:\windows\system32\nvmctray.dll"
+ "nwiz" "NVIDIA nView Wizard, Version 136.18 " "NVIDIA Corporation" "c:\program files\nvidia corporation\nview\nwiz.exe"
+ "RTHDCPL" "Realtek HD Audio Control Panel" "Realtek Semiconductor Corp." "c:\windows\rthdcpl.exe"
"C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup" "" "" ""
+ "allSnap.lnk" "allSnap: makes all windows snap together" "Ivan Heckman" "c:\program files\allsnap\allsnap.exe"
+ "FastStone Capture.lnk" "" "" "c:\program files\faststone capture\fscapture.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Pando Media Booster" "Pando Media Booster" "" "c:\program files\pando networks\media booster\pmb.exe"
+ "SkinClock" "" "" "c:\program files\atomic alarm clock\atomicalarmclock.exe"
+ "speedfan" "" "Almico Software (www.almico.com)" "c:\program files\speedfan\speedfan.exe"
+ "Sysinternals Process Explorer" "Sysinternals Process Explorer" "Sysinternals - www.sysinternals.com" "c:\documents and settings\jonathan\desktop\my stuff\shortcuts\procexp.exe"
+ "UltraMon" "UltraMon" "Realtime Soft Ltd" "c:\program files\ultramon\ultramon.exe"
+ "WwYNcgC" "N85LkqWt58vxErAtnq" "" "c:\windows\system32\wwyncgc.exe"
+ "µTorrent" "µTorrent" "BitTorrent, Inc." "c:\program files\utorrent\utorrent.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "DSCtxMenuP" "" "QuickPDFtoWord" "c:\program files\all_to_pdf\dsctxmenu.dll"
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files\magiciso\misosh.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "TuneUp Shredder Shell Extension" "TuneUp Shredder Shell Extension" "TuneUp Software GmbH" "c:\program files\tuneup utilities 2008\sdshelex-win32.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "IPFileShellExt Class" "IconPackager Shell Extension" "Stardock.net, Inc" "c:\program files\stardock\object desktop\iconpackager\shellext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files\magiciso\misosh.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "TuneUp Shredder Shell Extension" "TuneUp Shredder Shell Extension" "TuneUp Software GmbH" "c:\program files\tuneup utilities 2008\sdshelex-win32.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 136.18 " "NVIDIA Corporation" "c:\program files\nvidia corporation\nview\nvshell.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MagicISO" "MagicISO Shell Extension Module" "MagicISO, Inc." "c:\program files\magiciso\misosh.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
"HKCU\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Hero Poker" "" "" "c:\documents and settings\jonathan\start menu\programs\hero poker\hero poker.lnk"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Ad-Aware Update (Weekly).job" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent repair"
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.3 r300" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Acresso Software Inc." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "hpqcxs08" "" "" "File not found: C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll"
+ "hpqddsvc" "This service detects and monitors CUE devices on the system." "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqddsvc.dll"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "NVSvc" "NVIDIA Driver Helper Service, Version 296.10" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "TuneUp.Defrag" "Allows TuneUp Drive Defrag to defragment your disks so that your computer runs faster and more efficiently." "TuneUp Software GmbH" "c:\windows\system32\tuneupdefragservice.exe"
+ "UxTuneUp" "Allows to use visual styles without Microsoft signature." "TuneUp Software GmbH" "c:\windows\system32\uxtuneup.dll"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "3021" "" "" "File not found: C:\WINDOWS\TEMP\3021.sys"
+ "Ambfilt" "Creative WDM 3D Audio Driver" "Creative" "c:\windows\system32\drivers\ambfilt.sys"
+ "BIOS" "I/O Interface driver file" "BIOSTAR Group" "c:\windows\system32\drivers\bios.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "ENTECH" "" "EnTech Taiwan" "c:\windows\system32\drivers\entech.sys"
+ "FET5X86V" "NDIS 5.0 miniport driver" "VIA Technologies, Inc. " "c:\windows\system32\drivers\fetnd5bv.sys"
+ "FETNDIS" "NDIS 5.0 miniport driver" "VIA Technologies, Inc. " "c:\windows\system32\drivers\fetnd5.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "giveio" "" "" "c:\windows\system32\giveio.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "HPZid412" "IEEE-1284.4-1999 Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzid412.sys"
+ "HPZipr12" "IEEE-1284.4-1999 Print Class Driver" "HP" "c:\windows\system32\drivers\hpzipr12.sys"
+ "HPZius12" "1284.4<->Usb Datalink Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzius12.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkhdaud.sys"
+ "L8042Kbd" "Logitech PS2 Keyboard Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\l8042kbd.sys"
+ "L8042mou" "Logitech PS/2 Mouse Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\l8042mou.sys"
+ "Lavasoft Kernexplorer" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "LHidFilt" "Logitech HID Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lhidfilt.sys"
+ "LMouFilt" "Logitech Mouse Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lmoufilt.sys"
+ "LMouKE" "Logitech Filter Driver for Mouse Class." "Logitech, Inc." "c:\windows\system32\drivers\lmouke.sys"
+ "LUsbFilt" "Logitech USB Filter Driver." "Logitech, Inc." "c:\windows\system32\drivers\lusbfilt.sys"
+ "Monfilt" "Creative WDM Audio Driver (32-bit)" "Creative Technology Ltd." "c:\windows\system32\drivers\monfilt.sys"
+ "ndiscm" "Motorola USB Cable Modem NDIS 5.0 Driver" "Motorola Inc." "c:\windows\system32\drivers\netmotcm.sys"
+ "nv" "NVIDIA Windows XP Miniport Driver, Version 296.10 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "NVHDA" "NVIDIA HDMI Audio Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvhda32.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "pcouffin" "low level access layer for CD/DVD/BD devices" "VSO Software" "c:\windows\system32\drivers\pcouffin.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "RTL8023xp" "Dynex DX-E102/E202 10/100Mb NDIS XP Driver " "Dynex " "c:\windows\system32\drivers\rtnicxp.sys"
+ "rtl8139" "Realtek RTL8139 NDIS 5.0 Driver" "Realtek Semiconductor Corporation" "c:\windows\system32\drivers\rtl8139.sys"
+ "RTLE8023xp" "Realtek 10/100/1000 NDIS 5.1 Driver " "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtenicxp.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "speedfan" "SpeedFan Device Driver" "Windows ® 2000 DDK provider" "c:\windows\system32\speedfan.sys"
+ "UltraMonMirror" "UltraMon Display Mirror Miniport" "Realtime Soft" "c:\windows\system32\drivers\ultramonmirror.sys"
+ "UltraMonUtility" "UltraMon Utility Driver" "Realtime Soft" "c:\program files\common files\realtime soft\ultramonmirrordrv\x32\ultramonutility.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "videX32" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\videx32.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "WmBEnum" "Logitech WingMan Virtual Bus Enumerator Driver" "Logitech Inc." "c:\windows\system32\drivers\wmbenum.sys"
+ "WmFilter" "Logitech WingMan Hid Filter Driver" "Logitech Inc." "c:\windows\system32\drivers\wmfilter.sys"
+ "WmVirHid" "Logitech WingMan Virtual Hid Device Driver" "Logitech Inc." "c:\windows\system32\drivers\wmvirhid.sys"
+ "WmXlCore" "Logitech WingMan Translation Driver" "Logitech Inc." "c:\windows\system32\drivers\wmxlcore.sys"
+ "ZD1211BU(SMC)" "ZD1211B 802.11 b+g USB LAN Driver" "ZyDAS Technology Corporation" "c:\windows\system32\drivers\zd1211bu.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.ffds" "" "" "c:\program files\combined community codec pack\filters\ffdshow\ff_vfw.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.VP60" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp6vfw.dll"
+ "vidc.VP61" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp6vfw.dll"
+ "vidc.VP62" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp6vfw.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "_ VSO Preview Filter" "Video preview filter" "VSO Software SARL" "c:\program files\vso\common\vsovprev.ax"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\combined community codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\combined community codec pack\filters\vsfilter.dll"
+ "DXVA Filter" "MPEG-1/2 Decoder Filter for DirectShow" "Gabest" "c:\program files\gretech\gomplayer\codecs\mpeg2decfilter.ax"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\combined community codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\combined community codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\combined community codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\combined community codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\combined community codec pack\filters\ffdshow\ffdshow.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "GomTV Streamer Network Filter" "GomTV Streamer Nework Source Filter" "Gretech Corp." "c:\program files\gretech\gomtvstreamer\gomtvstreamernf.ax"
+ "Gretech AAC Source Filter" "" "" "c:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech ASF Source Filter" "" "" "c:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech AsfEx Source Filter" "" "" "c:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech Audio Filter" "" "" "c:\program files\gretech\gomplayer\gaf.ax"
+ "Gretech AVI Source Filter" "" "" "c:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech FLV Source Filter" "" "" "c:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech MKV Source Filter" "" "" "c:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech MP3 Source Filter" "" "" "c:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech MP4 Source Filter" "" "" "c:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech MPEG Source Filter" "" "" "c:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech MPEG Source Filter2" "" "" "c:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech Network(AVI) Filter" "" "" "c:\program files\gretech\gomplayer\gnf.ax"
+ "Gretech Network(FLV) Filter" "" "" "c:\program files\gretech\gomplayer\gnf.ax"
+ "Gretech Network(GOM) Filter" "" "" "c:\program files\gretech\gomplayer\gnf.ax"
+ "Gretech Network(MP4) Filter" "" "" "c:\program files\gretech\gomplayer\gnf.ax"
+ "Gretech Network(OGG) Filter" "" "" "c:\program files\gretech\gomplayer\gnf.ax"
+ "Gretech Network(SHOUTcast) Filter" "" "" "c:\program files\gretech\gomplayer\gnf.ax"
+ "Gretech OGG Source Filter" "" "" "c:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech OGG Source Filter2" "" "" "c:\program files\gretech\gomplayer\gsfu.ax"
+ "Gretech Video Filter" "" "" "c:\program files\gretech\gomplayer\gvf.ax"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files\combined community codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files\combined community codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files\combined community codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files\combined community codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files\combined community codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files\combined community codec pack\filters\haali\splitter.ax"
+ "HighMAT and MPV Navigator Filter" "MPV Playback Filter" "" "c:\program files\common files\ahead\dsfilter\hmnavigator.ax"
+ "HighMAT/MPV Navigation Client Filter" "MPV Playback Filter" "" "c:\program files\common files\ahead\dsfilter\hmnavigator.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPC - FLV Source (Gabest)" "FLV Splitter" "Gabest" "c:\program files\combined community codec pack\filters\flvsplitter.ax"
+ "MPC - FLV Splitter (Gabest)" "FLV Splitter" "Gabest" "c:\program files\combined community codec pack\filters\flvsplitter.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "MPEG/AC3/DTS/LPCM Audio Decoder" "Mpeg Audio Decoder for DirectShow, based on libmad" "Gabest" "c:\program files\gretech\gomplayer\codecs\mpadecfilter.ax"
+ "Mpeg2Dec Filter" "MPEG-1/2 Decoder Filter for DirectShow" "Gabest" "c:\program files\gretech\gomplayer\codecs\mpeg2decfilter.ax"
+ "Nero Audio CD Filter" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio CD Navigator" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio Processor" "Nero Audio Processor" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudioconv.ax"
+ "Nero Audio Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Digital Audio Decoder" "Nero Audio Decoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudio.ax"
+ "Nero Digital AVC Audio Encoder" "AAC LC/HE Audio Encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendaud.ax"
+ "Nero Digital AVC File Writer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Muxer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Null Renderer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Subpicture Enc" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital Parser" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero DV Splitter" "DV Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvsplitter.ax"
+ "Nero DVD Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero DVD Navigator" "DVD Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvd.ax"
+ "Nero ES Video Reader" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero File Source" "Nero SVCD source filter" "Nero AG " "c:\program files\common files\ahead\dsfilter\nefilesrc.ax"
+ "Nero File Source (Async.)" "Nero Home" "Nero AG" "c:\program files\common files\ahead\dsfilter\nefilesourceasync.ax"
+ "Nero File Source / Splitter" "Push Mode VOB Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nefsource.ax"
+ "Nero Format Converter" "Frame rate / Color space converter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neroformatconv.ax"
+ "Nero Frame Capture" "Direct Show frame grabber filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\necapture.ax"
+ "Nero InteractiveGraphics Decoder" "Graphics Decoder Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nebdgraphic.ax"
+ "Nero Mpeg2 Encoder" "MPEG 1/2 encoder filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcr.ax"
+ "Nero Overlay Mixer" "Overlay Mixer Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neoverlaymixer.ax"
+ "Nero Photo Source" "Nero Home" "Nero AG" "c:\program files\common files\ahead\dsfilter\nephotosource.ax"
+ "Nero PresentationGraphics Decoder" "Graphics Decoder Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nebdgraphic.ax"
+ "Nero PS Muxer" "" "" "c:\program files\common files\ahead\dsfilter\nepsmuxer.ax"
+ "Nero QuickTime™ Audio Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero QuickTime™ Video Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero Resize" "Nero Resizing Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neresize.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Splitter" "Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesplitter.ax"
+ "Nero Stream Buffer Sink" "Nero Stream Buffer Engine" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesbe.ax"
+ "Nero Stream Buffer Source" "Nero Stream Buffer Engine" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesbe.ax"
+ "Nero Subpicture Decoder" "Nero Subpicture Decoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesubpicture.ax"
+ "Nero Thumbnail Decoder" "Thumbnail Decoder Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nebdthumbnail.ax"
+ "Nero Vcd Navigator" "Nero Vcd Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcd.ax"
+ "Nero Video Analyzer" "Nero Video Analyzer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideoanalyzer.ax"
+ "Nero Video Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero Video Decoder HD" "Nero HD Video Decoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideohd.ax"
+ "Nero Video Processor" "Resize / Deinterlace / Color Correction / Film Effect / Frame Capture Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerovideoproc.ax"
+ "Nero Video Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "RealAudio Decoder" "RealMedia Splitter" "Gabest" "c:\program files\real alternative\realmediasplitter.ax"
+ "RealMedia Source" "RealMedia Splitter" "Gabest" "c:\program files\real alternative\realmediasplitter.ax"
+ "RealMedia Splitter" "RealMedia Splitter" "Gabest" "c:\program files\real alternative\realmediasplitter.ax"
+ "RealVideo Decoder" "RealMedia Splitter" "Gabest" "c:\program files\real alternative\realmediasplitter.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "T" "VP6 Decompression Filter" "On2.com Inc." "c:\windows\system32\vp6dec.ax"
+ "TrueMotion 2.0 Decompressor" "TrueMotion 2.0 Decompressor" "The Duck Corporation" "c:\windows\system32\tm20dec.ax"
+ "WavPack Audio Decoder" "WavPack Audio DirectShow Decoder" "-" "c:\program files\combined community codec pack\filters\wavpackdsdecoder.ax"
+ "WavPack Audio Splitter" "WavPack Audio DirectShow Splitter" "-" "c:\program files\combined community codec pack\filters\wavpackdssplitter.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "!SASWinLogon" "SUPERAntiSpyware WinLogon Processor" "SUPERAntiSpyware.com" "c:\program files\superantispyware\saswinlo.dll"
"HKCU\Control Panel\Desktop\Scrnsave.exe" "" "" ""
+ "C:\WINDOWS\UltraMon.scr" "UltraMon Screen Saver" "Realtime Soft Ltd" "c:\windows\ultramon.scr"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "LIDIL hpzll5ha" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpzll5ha.dll"
+ "PCL hpz3l5mu" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3l5mu.dll"
+ "Redirected Port" "" "" "c:\windows\system32\execute.dll"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:42 PM

Posted 13 September 2012 - 04:55 AM

Launch Autoruns and uncheck these entries
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "nlolal" "" "" "File not found: C:\Documents and Settings\Jonathan\Application Data\nlolal.dll"
 "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "WwYNcgC" "N85LkqWt58vxErAtnq" "" "c:\windows\system32\wwyncgc.exe"

Restart the PC

Go to

https://www.virustotal.com/

Click on Browse ,upload this file

c:\windows\system32\wwyncgc.exe

Click on SCAN IT

Post the generated result here

#11 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 13 September 2012 - 05:08 AM

SHA256: 105f0f1296728632a6e3926c6e24681ff74d7212d4324324ff7068f979daffde
File name: WwYNcgC.exe
Detection ratio: 23 / 42
Analysis date: 2012-09-13 10:06:00 UTC ( 1 minute ago )

Antivirus Result Update
AhnLab-V3 Trojan/Win32.Gen 20120912
AntiVir TR/Crypt.XPACK.Gen8 20120913
Antiy-AVL - 20120911
Avast Win32:Trojan-gen 20120913
AVG Generic29.ATMB 20120913
BitDefender Trojan.Generic.KDV.722460 20120913
ByteHero - 20120817
CAT-QuickHeal - 20120913
ClamAV - 20120913
Commtouch - 20120913
Comodo UnclassifiedMalware 20120913
DrWeb - 20120913
Emsisoft Trojan.Win32.Enchanim!IK 20120913
eSafe - 20120911
ESET-NOD32 a variant of Win32/Kryptik.ALMV 20120912
F-Prot - 20120912
F-Secure Trojan.Generic.KDV.722460 20120913
Fortinet W32/Krypt.AAOD!tr 20120830
GData Trojan.Generic.KDV.722460 20120913
Ikarus Trojan.Win32.Enchanim 20120913
Jiangmin - 20120913
K7AntiVirus - 20120912
Kaspersky UDS:DangerousObject.Multi.Generic 20120913
McAfee Artemis!800ADCA8469D 20120913
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Obfuscated.H 20120912
Microsoft Trojan:Win32/Enchanim.gen!B 20120913
Norman - 20120913
nProtect Trojan.Generic.KDV.722460 20120913
Panda Trj/CI.A 20120912
PCTools - 20120913
Rising - 20120912
Sophos Mal/Generic-L 20120913
SUPERAntiSpyware - 20120911
Symantec Trojan.Gen.2 20120913
TheHacker - 20120911
TotalDefense - 20120912
TrendMicro TROJ_GEN.R47CDIA 20120913
TrendMicro-HouseCall TROJ_GEN.R47CDIA 20120913
VBA32 - 20120913
VIPRE Trojan.Win32.Generic!BT 20120913
ViRobot - 20120913
VirusBuster - 20120912




not sure if that is the part you wanted me to post.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:42 PM

Posted 13 September 2012 - 05:16 AM

Let me know if you're able to delete this file manually

c:\windows\system32\wwyncgc.exe

#13 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 13 September 2012 - 05:18 AM

I can. This is the file I was referring to in the first post. I can delete it, but it instantly respawns under a different (but similar), name. Now it is: WwYNclh.exe

Edited by jmillerdls, 13 September 2012 - 05:18 AM.


#14 jmillerdls

jmillerdls
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 13 September 2012 - 06:17 AM

I downloaded Microsoft Security Essentials just to have an antivirus and that file auto added itself to "Excluded files and locations." So, I removed it and it got quarantined. However, a new one was instantly created and excluded itself as well. So now it is: xXfmCVM.exe

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:42 PM

Posted 13 September 2012 - 06:32 AM

We need advanced tools to remove this one

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users