Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple infections? Need help resolving.


  • Please log in to reply
18 replies to this topic

#1 El Chupacabra

El Chupacabra

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado USA
  • Local time:02:47 AM

Posted 14 September 2012 - 01:37 PM

I don't really know where to start. A few weeks ago, I went to the TSA's website (from my wife's profile since she was already logged in) to find out what locks are approved for air travel (to avoid a lock being cut off my luggage). I clicked on a link to one of the approved lock technologies (the Travel Sentry link) and, BAM, first sign of trouble started with a pop-up from my TrendMicro AV warning of suspicious activity, so I selected "Don't Allow". The next day, my wife logged into her profile and the fake AV "Live Security Platinum" popped up telling her the computer was infected and wanted her to pay for removal of the infections. She shut the computer down immediately and waited for me to come home. I ran TrendMicro from my profile (which did not seem to be affected) and it turned up nothing. So, I downloaded MalwareBytes and ran a full scan which detected and cleaned the infection. I then booted into Safe Mode and ran MalwareBytes again but did not find anything. At least for next couple of weeks, everything seemed fine until two days ago when my wife logged into her profile and got another TrendMicro warning as soon as she logged in. So, she shutdown immediately and waited for me to come home again. I logged into her profile to see what the problem was so I would know how to proceed, but as soon as I clicked her profile picture, I got a full screen image of the FBI MoneyPak scam and it would not let me do anything but log out and shut down the computer from the profile selection screen. I then logged back in through my profile (which is the only profile that is password protected and doesn't seem to be infected) and updated and ran MalwareBytes again (this time I disabled System Restore first) and discovered the trojan.ransom infection (FBI MoneyPak scam) and cleaned it and no further infections were found after rerunning MalwareBytes and TrendMicro. At this point I should note that both infections were located within my wifes profile folders in the Documents and Settings directory. I've also noticed in her profile and another profile in "Documents and Settings/<User Name>/Local Settings/Application Data" a file named "" with no extension. I tried to boot into Safe Mode today to run further scans but as soon as the list of files runs past the screen while attempting to boot into Safe Mode, the system just restarts (I tried both Safe Mode and Safe Mode with Networking). I've noticed my desktop has been slow for quite some time and am not sure if it has anything to do with all of this (it's been slow even since the last time I reinstalled Windows XP Pro a few years ago). Following are my system specs and I look forward to some help soon:

Processor/MotherBoard/RAM: AMD Athlon XP 2600+ (running at 2.17GHz & 266Mbs FSB)/Abit KD7A/1.5GB Crucial Tech DDR
OS: Microsoft Windows XP Professional w/ SP3

I hope that is enough pertinent info about my system. I don't feel comfortable running ComboFix anymore without "supervision" like I used to do back in the day (yes, I'm technically inclined, but things are getting more complex almost daily). In the mean time, while I wait for a reply, I'm going to try running TrendMicro's RootkitBuster and their FakeAV tool as well so hopefully I can get into Safe Mode if they detect anything the other programs haven't.

:blink:

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:47 AM

Posted 14 September 2012 - 01:44 PM

Do not run any tools unless instructed


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 El Chupacabra

El Chupacabra
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado USA
  • Local time:02:47 AM

Posted 14 September 2012 - 03:35 PM

When I run these tools, should I allow them to fix any problems they find (so far, TDSSkiller didn't find anything and aswMBR is running right now)? I will post the logs as soon as I'm done running the last scanner.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:47 AM

Posted 14 September 2012 - 03:38 PM

Do not fix anything for ASWMBR.Remove infections detected by ESET online scanner

#5 El Chupacabra

El Chupacabra
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado USA
  • Local time:02:47 AM

Posted 14 September 2012 - 05:11 PM

Here are the logs as requested (I see that ESET online scanner found the redirecter I was having problems with in Google searches that I forgot to include in my initial post):
______________________________________________________________
________________________TDSSkiller Log________________________

14:02:15.0703 3672 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:02:17.0718 3672 ============================================================
14:02:17.0718 3672 Current date / time: 2012/09/14 14:02:17.0718
14:02:17.0718 3672 SystemInfo:
14:02:17.0718 3672
14:02:17.0718 3672 OS Version: 5.1.2600 ServicePack: 3.0
14:02:17.0718 3672 Product type: Workstation
14:02:17.0718 3672 ComputerName: JONAH
14:02:17.0718 3672 UserName: James
14:02:17.0718 3672 Windows directory: C:\WINDOWS
14:02:17.0718 3672 System windows directory: C:\WINDOWS
14:02:17.0718 3672 Processor architecture: Intel x86
14:02:17.0718 3672 Number of processors: 1
14:02:17.0718 3672 Page size: 0x1000
14:02:17.0718 3672 Boot type: Normal boot
14:02:17.0718 3672 ============================================================
14:02:18.0656 3672 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:02:18.0656 3672 ============================================================
14:02:18.0656 3672 \Device\Harddisk0\DR0:
14:02:18.0656 3672 MBR partitions:
14:02:18.0656 3672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
14:02:18.0671 3672 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12A14C3F, BlocksNum 0x12A18A82
14:02:18.0671 3672 ============================================================
14:02:18.0703 3672 C: <-> \Device\Harddisk0\DR0\Partition1
14:02:18.0718 3672 D: <-> \Device\Harddisk0\DR0\Partition2
14:02:18.0718 3672 ============================================================
14:02:18.0718 3672 Initialize success
14:02:18.0718 3672 ============================================================
14:02:38.0687 3484 ============================================================
14:02:38.0687 3484 Scan started
14:02:38.0687 3484 Mode: Manual; TDLFS;
14:02:38.0687 3484 ============================================================
14:02:39.0718 3484 ================ Scan system memory ========================
14:02:39.0718 3484 System memory - ok
14:02:39.0734 3484 ================ Scan services =============================
14:02:39.0921 3484 Abiosdsk - ok
14:02:39.0937 3484 abp480n5 - ok
14:02:40.0015 3484 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:02:40.0015 3484 ACPI - ok
14:02:40.0078 3484 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:02:40.0078 3484 ACPIEC - ok
14:02:40.0218 3484 [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
14:02:40.0218 3484 AdobeActiveFileMonitor7.0 - ok
14:02:40.0296 3484 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:02:40.0312 3484 AdobeFlashPlayerUpdateSvc - ok
14:02:40.0343 3484 adpu160m - ok
14:02:40.0390 3484 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:02:40.0406 3484 aec - ok
14:02:40.0468 3484 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:02:40.0484 3484 AFD - ok
14:02:40.0531 3484 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
14:02:40.0546 3484 AFS2K - ok
14:02:40.0578 3484 Aha154x - ok
14:02:40.0609 3484 aic78u2 - ok
14:02:40.0640 3484 aic78xx - ok
14:02:40.0687 3484 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:02:40.0687 3484 Alerter - ok
14:02:40.0734 3484 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
14:02:40.0750 3484 ALG - ok
14:02:40.0781 3484 AliIde - ok
14:02:40.0843 3484 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
14:02:40.0843 3484 AmdK7 - ok
14:02:40.0875 3484 amsint - ok
14:02:40.0984 3484 [ 7B6425745B2AD8354FE8AD2DCE30A9E7 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
14:02:40.0984 3484 Amsp - ok
14:02:41.0031 3484 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:02:41.0031 3484 AppMgmt - ok
14:02:41.0109 3484 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:02:41.0109 3484 Arp1394 - ok
14:02:41.0140 3484 asc - ok
14:02:41.0171 3484 asc3350p - ok
14:02:41.0203 3484 asc3550 - ok
14:02:41.0328 3484 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:02:41.0328 3484 aspnet_state - ok
14:02:41.0375 3484 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:02:41.0375 3484 AsyncMac - ok
14:02:41.0421 3484 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:02:41.0421 3484 atapi - ok
14:02:41.0437 3484 Atdisk - ok
14:02:41.0500 3484 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:02:41.0500 3484 Atmarpc - ok
14:02:41.0562 3484 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:02:41.0562 3484 AudioSrv - ok
14:02:41.0625 3484 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:02:41.0625 3484 audstub - ok
14:02:41.0703 3484 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:02:41.0703 3484 Beep - ok
14:02:41.0765 3484 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\System32\qmgr.dll
14:02:41.0796 3484 BITS - ok
14:02:41.0859 3484 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
14:02:41.0859 3484 Browser - ok
14:02:41.0921 3484 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:02:41.0921 3484 cbidf2k - ok
14:02:41.0953 3484 cd20xrnt - ok
14:02:42.0000 3484 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:02:42.0015 3484 Cdaudio - ok
14:02:42.0046 3484 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:02:42.0046 3484 Cdfs - ok
14:02:42.0109 3484 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:02:42.0109 3484 Cdrom - ok
14:02:42.0171 3484 [ 30B37C18E1725EB9F25039E9A1FB9B7E ] CDRPDACC C:\Program Files\321Studios\Shared\CDRPDACC.SYS
14:02:42.0171 3484 CDRPDACC - ok
14:02:42.0203 3484 Changer - ok
14:02:42.0281 3484 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:02:42.0281 3484 CiSvc - ok
14:02:42.0328 3484 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:02:42.0328 3484 ClipSrv - ok
14:02:42.0390 3484 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:02:42.0406 3484 clr_optimization_v2.0.50727_32 - ok
14:02:42.0437 3484 CmdIde - ok
14:02:42.0500 3484 [ 8ED4497E4CC0C030EAC8E2FFA1DD9679 ] COMMONFX C:\WINDOWS\system32\drivers\COMMONFX.SYS
14:02:42.0500 3484 COMMONFX - ok
14:02:42.0531 3484 [ 8ED4497E4CC0C030EAC8E2FFA1DD9679 ] COMMONFX.SYS C:\WINDOWS\System32\drivers\COMMONFX.SYS
14:02:42.0546 3484 COMMONFX.SYS - ok
14:02:42.0578 3484 COMSysApp - ok
14:02:42.0625 3484 Cpqarray - ok
14:02:42.0687 3484 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
14:02:42.0750 3484 Creative Audio Engine Licensing Service - ok
14:02:42.0796 3484 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:02:42.0796 3484 CryptSvc - ok
14:02:42.0875 3484 [ C1E3B24CA4871BD2A8C3B95110E78721 ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
14:02:42.0890 3484 ctac32k - ok
14:02:42.0953 3484 [ 13E797253EA98C2574C878DE78CA691E ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
14:02:42.0968 3484 ctaud2k - ok
14:02:43.0015 3484 [ AB3456984B59D1425BEFC0D457D41DD4 ] CTAUDFX C:\WINDOWS\system32\drivers\CTAUDFX.SYS
14:02:43.0015 3484 CTAUDFX - ok
14:02:43.0078 3484 [ AB3456984B59D1425BEFC0D457D41DD4 ] CTAUDFX.SYS C:\WINDOWS\System32\drivers\CTAUDFX.SYS
14:02:43.0078 3484 CTAUDFX.SYS - ok
14:02:43.0171 3484 [ 87CB26A58E2B8BF57F4FC92838318C12 ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
14:02:43.0187 3484 CTAudSvcService - ok
14:02:43.0234 3484 [ D5E38C394787C1FBFC70E0C50345C25C ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys
14:02:43.0234 3484 ctdvda2k - ok
14:02:43.0281 3484 [ B4297863E9FCE34C0493FCA66F0970A2 ] CTERFXFX C:\WINDOWS\system32\drivers\CTERFXFX.SYS
14:02:43.0281 3484 CTERFXFX - ok
14:02:43.0328 3484 [ B4297863E9FCE34C0493FCA66F0970A2 ] CTERFXFX.SYS C:\WINDOWS\System32\drivers\CTERFXFX.SYS
14:02:43.0328 3484 CTERFXFX.SYS - ok
14:02:43.0390 3484 [ D19AB3A7DF104250429000F26E0D4049 ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
14:02:43.0390 3484 ctprxy2k - ok
14:02:43.0453 3484 [ D665DA6B6AEA45B9DB090096F2AEF023 ] CTSBLFX C:\WINDOWS\system32\drivers\CTSBLFX.SYS
14:02:43.0453 3484 CTSBLFX - ok
14:02:43.0500 3484 [ D665DA6B6AEA45B9DB090096F2AEF023 ] CTSBLFX.SYS C:\WINDOWS\System32\drivers\CTSBLFX.SYS
14:02:43.0515 3484 CTSBLFX.SYS - ok
14:02:43.0546 3484 [ 27C23069325ACDC27021671424F11BC1 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
14:02:43.0546 3484 ctsfm2k - ok
14:02:43.0562 3484 dac2w2k - ok
14:02:43.0593 3484 dac960nt - ok
14:02:43.0671 3484 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:02:43.0687 3484 DcomLaunch - ok
14:02:43.0765 3484 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:02:43.0765 3484 Dhcp - ok
14:02:43.0812 3484 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:02:43.0812 3484 Disk - ok
14:02:43.0843 3484 dmadmin - ok
14:02:43.0921 3484 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:02:43.0937 3484 dmboot - ok
14:02:43.0968 3484 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:02:43.0984 3484 dmio - ok
14:02:44.0031 3484 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:02:44.0031 3484 dmload - ok
14:02:44.0093 3484 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:02:44.0093 3484 dmserver - ok
14:02:44.0156 3484 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:02:44.0171 3484 DMusic - ok
14:02:44.0218 3484 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:02:44.0234 3484 Dnscache - ok
14:02:44.0281 3484 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:02:44.0281 3484 Dot3svc - ok
14:02:44.0343 3484 [ 02E5D9216994B7C77BBFE01ADCB783A4 ] Dot4 HPH11 C:\WINDOWS\system32\DRIVERS\hphid411.sys
14:02:44.0343 3484 Dot4 HPH11 - ok
14:02:44.0375 3484 [ 0FCC3ED5A97260EEC98CEAE8167E940A ] Dot4Print HPH11 C:\WINDOWS\system32\DRIVERS\hphipr11.sys
14:02:44.0375 3484 Dot4Print HPH11 - ok
14:02:44.0421 3484 [ 93C5582EB9A04CF25B29CA0F1FE57A87 ] Dot4Storage HPH11 C:\WINDOWS\system32\Drivers\hphs2k11.sys
14:02:44.0437 3484 Dot4Storage HPH11 - ok
14:02:44.0468 3484 [ 08B9BF9C88867D3B70473657AE4307B3 ] Dot4Usb HPH11 C:\WINDOWS\system32\drivers\hphius11.sys
14:02:44.0468 3484 Dot4Usb HPH11 - ok
14:02:44.0500 3484 dpti2o - ok
14:02:44.0531 3484 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:02:44.0531 3484 drmkaud - ok
14:02:44.0593 3484 [ 4823163C246868863D41A2F5EE06A21E ] dsNcAdpt C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
14:02:44.0593 3484 dsNcAdpt - ok
14:02:44.0687 3484 [ CD7FA0645CCC8062ACA6F8F896E8767F ] dsNcService C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
14:02:44.0718 3484 dsNcService - ok
14:02:44.0765 3484 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:02:44.0781 3484 EapHost - ok
14:02:44.0828 3484 [ D03A26D94F3A24CC6C32D70BD63BAEAA ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
14:02:44.0828 3484 emupia - ok
14:02:44.0890 3484 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:02:44.0890 3484 ERSvc - ok
14:02:44.0953 3484 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
14:02:44.0968 3484 Eventlog - ok
14:02:45.0015 3484 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
14:02:45.0031 3484 EventSystem - ok
14:02:45.0093 3484 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:02:45.0093 3484 Fastfat - ok
14:02:45.0156 3484 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:02:45.0171 3484 FastUserSwitchingCompatibility - ok
14:02:45.0218 3484 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:02:45.0218 3484 Fdc - ok
14:02:45.0281 3484 [ 52FA46AE36CAAFC6E1FF4FD617DFD25D ] FET5X86V C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
14:02:45.0296 3484 FET5X86V - ok
14:02:45.0328 3484 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
14:02:45.0328 3484 FETNDIS - ok
14:02:45.0375 3484 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:02:45.0390 3484 Fips - ok
14:02:45.0453 3484 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:02:45.0500 3484 FLEXnet Licensing Service - ok
14:02:45.0531 3484 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:02:45.0531 3484 Flpydisk - ok
14:02:45.0593 3484 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
14:02:45.0593 3484 FltMgr - ok
14:02:45.0687 3484 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:02:45.0703 3484 FontCache3.0.0.0 - ok
14:02:45.0718 3484 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:02:45.0718 3484 Fs_Rec - ok
14:02:45.0750 3484 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:02:45.0750 3484 Ftdisk - ok
14:02:45.0812 3484 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
14:02:45.0812 3484 gameenum - ok
14:02:45.0859 3484 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:02:45.0859 3484 Gpc - ok
14:02:45.0953 3484 [ F5F17B523E467FA3DDA7D9A40D296961 ] ha10kx2k C:\WINDOWS\system32\drivers\ha10kx2k.sys
14:02:45.0953 3484 ha10kx2k - ok
14:02:46.0015 3484 [ 42C81F4691681DED6E1FC639AABED570 ] hap16v2k C:\WINDOWS\system32\drivers\hap16v2k.sys
14:02:46.0015 3484 hap16v2k - ok
14:02:46.0062 3484 [ 29EE8F6FCD5E9B206C0D91923E882F6A ] hap17v2k C:\WINDOWS\system32\drivers\hap17v2k.sys
14:02:46.0062 3484 hap17v2k - ok
14:02:46.0140 3484 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:02:46.0140 3484 helpsvc - ok
14:02:46.0187 3484 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:02:46.0187 3484 HidServ - ok
14:02:46.0250 3484 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:02:46.0250 3484 hidusb - ok
14:02:46.0296 3484 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:02:46.0312 3484 hkmsvc - ok
14:02:46.0343 3484 hpn - ok
14:02:46.0406 3484 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:02:46.0406 3484 HTTP - ok
14:02:46.0468 3484 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:02:46.0468 3484 HTTPFilter - ok
14:02:46.0500 3484 i2omgmt - ok
14:02:46.0515 3484 i2omp - ok
14:02:46.0562 3484 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:02:46.0562 3484 i8042prt - ok
14:02:46.0656 3484 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:02:46.0671 3484 idsvc - ok
14:02:46.0734 3484 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:02:46.0734 3484 Imapi - ok
14:02:46.0796 3484 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
14:02:46.0796 3484 ImapiService - ok
14:02:46.0859 3484 ini910u - ok
14:02:46.0906 3484 IntelIde - ok
14:02:46.0968 3484 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
14:02:46.0968 3484 ip6fw - ok
14:02:47.0015 3484 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:02:47.0015 3484 IpFilterDriver - ok
14:02:47.0046 3484 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:02:47.0046 3484 IpInIp - ok
14:02:47.0093 3484 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:02:47.0093 3484 IpNat - ok
14:02:47.0140 3484 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:02:47.0140 3484 IPSec - ok
14:02:47.0171 3484 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:02:47.0171 3484 IRENUM - ok
14:02:47.0250 3484 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:02:47.0250 3484 isapnp - ok
14:02:47.0375 3484 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:02:47.0390 3484 JavaQuickStarterService - ok
14:02:47.0421 3484 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:02:47.0437 3484 Kbdclass - ok
14:02:47.0468 3484 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:02:47.0468 3484 kbdhid - ok
14:02:47.0500 3484 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:02:47.0500 3484 kmixer - ok
14:02:47.0546 3484 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:02:47.0546 3484 KSecDD - ok
14:02:47.0609 3484 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:02:47.0625 3484 lanmanserver - ok
14:02:47.0687 3484 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:02:47.0687 3484 lanmanworkstation - ok
14:02:47.0718 3484 lbrtfdc - ok
14:02:47.0812 3484 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:02:47.0812 3484 LmHosts - ok
14:02:47.0875 3484 [ 6C1B3C47915A8BF6BD752C9D476B1CA5 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
14:02:47.0875 3484 mbamchameleon - ok
14:02:47.0921 3484 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:02:47.0921 3484 Messenger - ok
14:02:47.0984 3484 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:02:47.0984 3484 mnmdd - ok
14:02:48.0046 3484 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
14:02:48.0046 3484 mnmsrvc - ok
14:02:48.0093 3484 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:02:48.0109 3484 Modem - ok
14:02:48.0171 3484 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:02:48.0171 3484 Mouclass - ok
14:02:48.0218 3484 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:02:48.0218 3484 mouhid - ok
14:02:48.0265 3484 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:02:48.0281 3484 MountMgr - ok
14:02:48.0343 3484 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:02:48.0343 3484 MozillaMaintenance - ok
14:02:48.0390 3484 mraid35x - ok
14:02:48.0421 3484 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:02:48.0421 3484 MRxDAV - ok
14:02:48.0484 3484 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:02:48.0484 3484 MRxSmb - ok
14:02:48.0562 3484 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
14:02:48.0562 3484 MSDTC - ok
14:02:48.0609 3484 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:02:48.0609 3484 Msfs - ok
14:02:48.0625 3484 MSIServer - ok
14:02:48.0671 3484 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:02:48.0671 3484 MSKSSRV - ok
14:02:48.0703 3484 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:02:48.0718 3484 MSPCLOCK - ok
14:02:48.0750 3484 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:02:48.0750 3484 MSPQM - ok
14:02:48.0796 3484 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:02:48.0796 3484 mssmbios - ok
14:02:48.0859 3484 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:02:48.0859 3484 Mup - ok
14:02:48.0921 3484 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:02:48.0921 3484 napagent - ok
14:02:48.0984 3484 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:02:48.0984 3484 NDIS - ok
14:02:49.0046 3484 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:02:49.0046 3484 NdisTapi - ok
14:02:49.0125 3484 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:02:49.0125 3484 Ndisuio - ok
14:02:49.0140 3484 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:02:49.0156 3484 NdisWan - ok
14:02:49.0187 3484 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:02:49.0203 3484 NDProxy - ok
14:02:49.0234 3484 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:02:49.0234 3484 NetBIOS - ok
14:02:49.0281 3484 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:02:49.0281 3484 NetBT - ok
14:02:49.0343 3484 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
14:02:49.0343 3484 NetDDE - ok
14:02:49.0375 3484 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:02:49.0375 3484 NetDDEdsdm - ok
14:02:49.0453 3484 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
14:02:49.0453 3484 Netlogon - ok
14:02:49.0500 3484 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
14:02:49.0500 3484 Netman - ok
14:02:49.0562 3484 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:02:49.0562 3484 NetTcpPortSharing - ok
14:02:49.0609 3484 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:02:49.0609 3484 NIC1394 - ok
14:02:49.0656 3484 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
14:02:49.0687 3484 Nla - ok
14:02:49.0750 3484 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:02:49.0750 3484 Npfs - ok
14:02:49.0796 3484 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:02:49.0812 3484 Ntfs - ok
14:02:49.0859 3484 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
14:02:49.0859 3484 NtLmSsp - ok
14:02:49.0921 3484 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:02:49.0953 3484 NtmsSvc - ok
14:02:50.0015 3484 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
14:02:50.0015 3484 NuidFltr - ok
14:02:50.0046 3484 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:02:50.0062 3484 Null - ok
14:02:50.0312 3484 [ 9F4384AA43548DDD438F7B7825D11699 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:02:50.0390 3484 nv - ok
14:02:50.0453 3484 [ 0C41C4ACFE00D826DB479C40C1D9EDC8 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
14:02:50.0453 3484 NVSvc - ok
14:02:50.0515 3484 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:02:50.0515 3484 NwlnkFlt - ok
14:02:50.0546 3484 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:02:50.0546 3484 NwlnkFwd - ok
14:02:50.0609 3484 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:02:50.0609 3484 ohci1394 - ok
14:02:50.0656 3484 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:02:50.0656 3484 ose - ok
14:02:50.0703 3484 [ 4B8AABB697AE81A61395A19CE4447D49 ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
14:02:50.0718 3484 ossrv - ok
14:02:50.0781 3484 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:02:50.0781 3484 Parport - ok
14:02:50.0812 3484 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:02:50.0812 3484 PartMgr - ok
14:02:50.0875 3484 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:02:50.0875 3484 ParVdm - ok
14:02:50.0921 3484 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:02:50.0921 3484 PCI - ok
14:02:50.0953 3484 PCIDump - ok
14:02:51.0000 3484 PCIIde - ok
14:02:51.0046 3484 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:02:51.0046 3484 Pcmcia - ok
14:02:51.0109 3484 [ C3224A794B4FE2F6D0D5434A9FCAD26D ] Pcouffin C:\WINDOWS\system32\Drivers\Pcouffin.sys
14:02:51.0109 3484 Pcouffin - ok
14:02:51.0140 3484 PDCOMP - ok
14:02:51.0171 3484 PDFRAME - ok
14:02:51.0203 3484 PDRELI - ok
14:02:51.0234 3484 PDRFRAME - ok
14:02:51.0265 3484 perc2 - ok
14:02:51.0296 3484 perc2hib - ok
14:02:51.0406 3484 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
14:02:51.0406 3484 PlugPlay - ok
14:02:51.0468 3484 [ E5204E28A4C7E8ECA7F558E2FAB92A89 ] Pml Driver HPH11 C:\WINDOWS\system32\HPHipm11.exe
14:02:51.0468 3484 Pml Driver HPH11 - ok
14:02:51.0515 3484 [ D0BE72557DE73ACABBAB536496D23115 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
14:02:51.0515 3484 Point32 - ok
14:02:51.0531 3484 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
14:02:51.0546 3484 PolicyAgent - ok
14:02:51.0609 3484 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:02:51.0609 3484 PptpMiniport - ok
14:02:51.0640 3484 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:02:51.0640 3484 ProtectedStorage - ok
14:02:51.0656 3484 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:02:51.0671 3484 PSched - ok
14:02:51.0703 3484 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:02:51.0718 3484 Ptilink - ok
14:02:51.0765 3484 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:02:51.0765 3484 PxHelp20 - ok
14:02:51.0781 3484 ql1080 - ok
14:02:51.0812 3484 Ql10wnt - ok
14:02:51.0843 3484 ql12160 - ok
14:02:51.0875 3484 ql1240 - ok
14:02:51.0906 3484 ql1280 - ok
14:02:51.0937 3484 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:02:51.0953 3484 RasAcd - ok
14:02:51.0984 3484 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:02:52.0000 3484 RasAuto - ok
14:02:52.0046 3484 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:02:52.0046 3484 Rasl2tp - ok
14:02:52.0125 3484 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:02:52.0125 3484 RasMan - ok
14:02:52.0156 3484 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:02:52.0156 3484 RasPppoe - ok
14:02:52.0187 3484 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:02:52.0187 3484 Raspti - ok
14:02:52.0234 3484 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:02:52.0250 3484 Rdbss - ok
14:02:52.0296 3484 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:02:52.0296 3484 RDPCDD - ok
14:02:52.0359 3484 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:02:52.0359 3484 rdpdr - ok
14:02:52.0437 3484 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:02:52.0453 3484 RDPWD - ok
14:02:52.0515 3484 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:02:52.0531 3484 RDSessMgr - ok
14:02:52.0562 3484 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:02:52.0578 3484 redbook - ok
14:02:52.0640 3484 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:02:52.0640 3484 RemoteAccess - ok
14:02:52.0703 3484 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:02:52.0703 3484 RemoteRegistry - ok
14:02:52.0750 3484 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
14:02:52.0750 3484 RpcLocator - ok
14:02:52.0781 3484 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:02:52.0796 3484 RpcSs - ok
14:02:52.0843 3484 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
14:02:52.0859 3484 RSVP - ok
14:02:52.0890 3484 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
14:02:52.0906 3484 SamSs - ok
14:02:52.0937 3484 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:02:52.0937 3484 SCardSvr - ok
14:02:53.0000 3484 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:02:53.0015 3484 Schedule - ok
14:02:53.0093 3484 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:02:53.0093 3484 Secdrv - ok
14:02:53.0140 3484 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:02:53.0140 3484 seclogon - ok
14:02:53.0171 3484 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
14:02:53.0171 3484 SENS - ok
14:02:53.0234 3484 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:02:53.0234 3484 serenum - ok
14:02:53.0250 3484 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:02:53.0265 3484 Serial - ok
14:02:53.0375 3484 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:02:53.0375 3484 Sfloppy - ok
14:02:53.0437 3484 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:02:53.0437 3484 ShellHWDetection - ok
14:02:53.0468 3484 Simbad - ok
14:02:53.0515 3484 Sparrow - ok
14:02:53.0578 3484 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:02:53.0578 3484 splitter - ok
14:02:53.0625 3484 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:02:53.0640 3484 Spooler - ok
14:02:53.0687 3484 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:02:53.0687 3484 sr - ok
14:02:53.0750 3484 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
14:02:53.0765 3484 srservice - ok
14:02:53.0828 3484 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:02:53.0843 3484 Srv - ok
14:02:53.0890 3484 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:02:53.0906 3484 SSDPSRV - ok
14:02:53.0984 3484 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:02:54.0000 3484 stisvc - ok
14:02:54.0046 3484 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:02:54.0046 3484 swenum - ok
14:02:54.0093 3484 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:02:54.0093 3484 swmidi - ok
14:02:54.0140 3484 SwPrv - ok
14:02:54.0171 3484 symc810 - ok
14:02:54.0203 3484 symc8xx - ok
14:02:54.0234 3484 sym_hi - ok
14:02:54.0265 3484 sym_u3 - ok
14:02:54.0312 3484 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:02:54.0312 3484 sysaudio - ok
14:02:54.0359 3484 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:02:54.0375 3484 SysmonLog - ok
14:02:54.0453 3484 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:02:54.0468 3484 TapiSrv - ok
14:02:54.0531 3484 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:02:54.0546 3484 Tcpip - ok
14:02:54.0593 3484 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:02:54.0593 3484 TDPIPE - ok
14:02:54.0640 3484 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:02:54.0656 3484 TDTCP - ok
14:02:54.0703 3484 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:02:54.0703 3484 TermDD - ok
14:02:54.0765 3484 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
14:02:54.0781 3484 TermService - ok
14:02:54.0828 3484 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
14:02:54.0828 3484 Themes - ok
14:02:54.0890 3484 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
14:02:54.0890 3484 TlntSvr - ok
14:02:54.0937 3484 [ DE87A23D2DDC7378D1C7AB681E20DE47 ] tmactmon C:\WINDOWS\system32\DRIVERS\tmactmon.sys
14:02:54.0937 3484 tmactmon - ok
14:02:54.0984 3484 [ 7C5CA15A4993E101BF3CC521984C885A ] tmcfw C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
14:02:54.0984 3484 tmcfw - ok
14:02:55.0046 3484 [ 540C2B5DC47651C572C2804DC72FDDA8 ] tmcomm C:\WINDOWS\system32\DRIVERS\tmcomm.sys
14:02:55.0062 3484 tmcomm - ok
14:02:55.0093 3484 [ 2DE1FA64EBAFF376F2C038F64492F62C ] tmevtmgr C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
14:02:55.0093 3484 tmevtmgr - ok
14:02:55.0156 3484 [ 5A61679B2277B9AD550E30479A69503B ] tmtdi C:\WINDOWS\system32\DRIVERS\tmtdi.sys
14:02:55.0156 3484 tmtdi - ok
14:02:55.0187 3484 TosIde - ok
14:02:55.0250 3484 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:02:55.0265 3484 TrkWks - ok
14:02:55.0312 3484 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
14:02:55.0312 3484 uagp35 - ok
14:02:55.0375 3484 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:02:55.0375 3484 Udfs - ok
14:02:55.0421 3484 ultra - ok
14:02:55.0484 3484 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:02:55.0484 3484 Update - ok
14:02:55.0531 3484 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:02:55.0546 3484 upnphost - ok
14:02:55.0593 3484 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
14:02:55.0593 3484 UPS - ok
14:02:55.0656 3484 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:02:55.0671 3484 usbccgp - ok
14:02:55.0703 3484 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:02:55.0703 3484 usbehci - ok
14:02:55.0734 3484 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:02:55.0734 3484 usbhub - ok
14:02:55.0796 3484 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:02:55.0796 3484 USBSTOR - ok
14:02:55.0843 3484 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:02:55.0843 3484 usbuhci - ok
14:02:55.0875 3484 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:02:55.0875 3484 VgaSave - ok
14:02:55.0937 3484 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
14:02:55.0937 3484 ViaIde - ok
14:02:55.0984 3484 [ 4CC623591204ACD5FC89BD0DAD70E838 ] videX32 C:\WINDOWS\system32\DRIVERS\videX32.sys
14:02:55.0984 3484 videX32 - ok
14:02:56.0015 3484 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:02:56.0015 3484 VolSnap - ok
14:02:56.0109 3484 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
14:02:56.0109 3484 VSS - ok
14:02:56.0187 3484 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
14:02:56.0187 3484 W32Time - ok
14:02:56.0250 3484 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:02:56.0265 3484 Wanarp - ok
14:02:56.0328 3484 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:02:56.0343 3484 Wdf01000 - ok
14:02:56.0375 3484 WDICA - ok
14:02:56.0406 3484 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:02:56.0421 3484 wdmaud - ok
14:02:56.0484 3484 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:02:56.0484 3484 WebClient - ok
14:02:56.0609 3484 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:02:56.0609 3484 winmgmt - ok
14:02:56.0671 3484 [ 581176F60885AEF8F78C6E38DCC3CDF9 ] WMDM PMSP Service C:\WINDOWS\system32\MsPMSPSv.exe
14:02:56.0671 3484 WMDM PMSP Service - ok
14:02:56.0718 3484 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:02:56.0734 3484 WmdmPmSN - ok
14:02:56.0796 3484 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:02:56.0812 3484 Wmi - ok
14:02:56.0890 3484 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
14:02:56.0890 3484 WmiApSrv - ok
14:02:57.0000 3484 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
14:02:57.0031 3484 WMPNetworkSvc - ok
14:02:57.0078 3484 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:02:57.0093 3484 WpdUsb - ok
14:02:57.0156 3484 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:02:57.0156 3484 wscsvc - ok
14:02:57.0203 3484 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:02:57.0218 3484 wuauserv - ok
14:02:57.0250 3484 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:02:57.0250 3484 WudfPf - ok
14:02:57.0312 3484 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:02:57.0328 3484 WudfRd - ok
14:02:57.0421 3484 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:02:57.0421 3484 WudfSvc - ok
14:02:57.0500 3484 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:02:57.0515 3484 WZCSVC - ok
14:02:57.0578 3484 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:02:57.0578 3484 xmlprov - ok
14:02:57.0656 3484 ================ Scan global ===============================
14:02:57.0687 3484 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:02:57.0734 3484 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:02:57.0796 3484 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
14:02:57.0828 3484 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:02:57.0828 3484 [Global] - ok
14:02:57.0843 3484 ================ Scan MBR ==================================
14:02:57.0875 3484 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:02:58.0109 3484 \Device\Harddisk0\DR0 - ok
14:02:58.0125 3484 ================ Scan VBR ==================================
14:02:58.0140 3484 [ E0A1E6451AED1B34FB3E8E407E635F85 ] \Device\Harddisk0\DR0\Partition1
14:02:58.0140 3484 \Device\Harddisk0\DR0\Partition1 - ok
14:02:58.0187 3484 [ AC262A944012DA6478D548A9B215D367 ] \Device\Harddisk0\DR0\Partition2
14:02:58.0203 3484 \Device\Harddisk0\DR0\Partition2 - ok
14:02:58.0203 3484 ============================================================
14:02:58.0203 3484 Scan finished
14:02:58.0203 3484 ============================================================
14:02:58.0250 3540 Detected object count: 0
14:02:58.0250 3540 Actual detected object count: 0

________________________End of TDSSkiller Log________________________
_____________________________________________________________________


_________________________________________________________________
________________________Avast! aswMBR Log________________________

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-14 14:10:47
-----------------------------
14:10:47.046 OS Version: Windows 5.1.2600 Service Pack 3
14:10:47.046 Number of processors: 1 586 0x801
14:10:47.046 ComputerName: JONAH UserName: James
14:10:47.609 Initialize success
14:15:04.765 AVAST engine defs: 12091400
14:17:48.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:17:48.656 Disk 0 Vendor: ST3320620A 3.AAC Size: 305245MB BusType: 3
14:17:48.671 Disk 0 MBR read successfully
14:17:48.671 Disk 0 MBR scan
14:17:48.718 Disk 0 Windows XP default MBR code
14:17:48.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
14:17:48.734 Disk 0 Partition - 00 0F Extended LBA 152625 MB offset 312560640
14:17:48.750 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152625 MB offset 312560703
14:17:48.781 Disk 0 scanning sectors +625137345
14:17:48.890 Disk 0 scanning C:\WINDOWS\system32\drivers
14:18:19.796 Service scanning
14:18:50.593 Modules scanning
14:19:20.703 Disk 0 trace - called modules:
14:19:20.718 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
14:19:20.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a508ab8]
14:19:20.718 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8a471f18]
14:19:20.718 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a4c0d98]
14:19:21.031 AVAST engine scan C:\WINDOWS
14:19:45.671 AVAST engine scan C:\WINDOWS\system32
14:25:57.984 AVAST engine scan C:\WINDOWS\system32\drivers
14:26:36.875 AVAST engine scan C:\Documents and Settings\James
14:31:19.296 AVAST engine scan C:\Documents and Settings\All Users
14:36:31.015 Scan finished successfully
14:37:36.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\James\My Documents\MBR.dat"
14:37:36.687 The log file has been saved successfully to "C:\Documents and Settings\James\My Documents\aswMBR.txt"

________________________End of Avast! aswMBR Log________________________
________________________________________________________________________


_______________________________________________________________________
________________________ESET online scanner Log________________________

C:\Documents and Settings\Elyse\Local Settings\Application Data\{8BB4DBAC-F189-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Documents and Settings\James\Local Settings\Application Data\{8BB4DBAC-F189-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Marisa\Local Settings\Application Data\{8BB4DBAC-F189-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined

________________________End of ESET online scanner Log_____________________
___________________________________________________________________________

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:47 AM

Posted 14 September 2012 - 05:31 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#7 El Chupacabra

El Chupacabra
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado USA
  • Local time:02:47 AM

Posted 14 September 2012 - 11:36 PM

MalwareBytes did not detect anything on either scan. Here are the next batch of logs as requested. Also, I still cannot boot into Safe Mode (just an

observation I made while rebooting to run MalwareBytes the second time).

______________________________________________________________
________________________MiniToolbox Log_______________________

MiniToolBox by Farbar Version: 23-07-2012
Ran by James (administrator) on 14-09-2012 at 21:55:54
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 11103 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

VIA Rhine II Fast Ethernet Adapter = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
1394 Net Adapter = 1394 Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Network Connect Adapter"

set address name="Network Connect Adapter" source=dhcp
set dns name="Network Connect Adapter" source=dhcp register=PRIMARY
set wins name="Network Connect Adapter" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : JONAH Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . .

. . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . :

hsd1.co.comcast.net.Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : hsd1.co.comcast.net. Description . . . . .

. . . . . . : VIA Rhine II Fast Ethernet Adapter Physical Address. . . . . . . . . : 00-50-8D-50-14-DE Dhcp Enabled. . . . . . . . . . . :

Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.222 Subnet Mask . . . . . . . . . . . :

255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . .

. . . . . . : 75.75.75.75 75.75.76.76 Lease Obtained. . . . . . . . . . : Friday, September 14, 2012

8:03:14 PM Lease Expires . . . . . . . . . . : Saturday, September 15, 2012 8:03:14 PMEthernet adapter Network Connect Adapter: Media State

. . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter Physical Address. .

. . . . . . . : 00-FF-18-95-11-8AServer: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.225.193, 74.125.225.206, 74.125.225.199, 74.125.225.194
74.125.225.196, 74.125.225.201, 74.125.225.198, 74.125.225.192, 74.125.225.197
74.125.225.195, 74.125.225.200

Pinging google.com [74.125.225.199] with 32 bytes of data:Reply from 74.125.225.199: bytes=32 time=12ms TTL=55Reply from 74.125.225.199: bytes=32

time=24ms TTL=55Ping statistics for 74.125.225.199: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:

Minimum = 12ms, Maximum = 24ms, Average = 18msServer: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 98.138.253.109

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=132ms TTL=48Reply from 98.139.183.24: bytes=32 time=84ms

TTL=49Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum

= 84ms, Maximum = 132ms, Average = 108msServer: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination

host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1:

bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in

milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 8d 50 14 de ...... VIA Compatable Fast Ethernet Adapter - Packet Scheduler

Miniport
0x10004 ...00 ff 18 95 11 8a ...... Juniper Network Connect Virtual Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.222 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.222 192.168.1.222 20
192.168.1.222 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.222 192.168.1.222 20
224.0.0.0 240.0.0.0 192.168.1.222 192.168.1.222 20
255.255.255.255 255.255.255.255 192.168.1.222 192.168.1.222 1
255.255.255.255 255.255.255.255 192.168.1.222 10004 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/13/2012 05:58:14 AM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.62.0.140, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/12/2012 10:20:54 PM) (Source: Application Error) (User: )
Description: Fault bucket 750195438.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the

Wireless connection will be disconnected.

Error: (09/12/2012 10:20:13 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module explorer.exe, version 6.0.2900.5512, fault address 0x00008436.
Processing media-specific event for [explorer.exe!ws!]

Error: (08/30/2012 02:36:52 AM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/30/2012 02:36:20 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]

Error: (08/30/2012 02:33:24 AM) (Source: Application Error) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (08/30/2012 02:33:14 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]

Error: (08/29/2012 08:41:11 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its

validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/29/2012 08:41:11 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its

validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/29/2012 08:41:10 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its

validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (09/14/2012 08:15:15 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service terminated with the following error:
%%2

Error: (09/14/2012 08:05:14 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service terminated with the following error:
%%2

Error: (09/14/2012 08:04:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/14/2012 08:04:42 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service terminated with the following error:
%%2

Error: (09/14/2012 07:49:01 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service terminated with the following error:
%%2

Error: (09/14/2012 04:49:08 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service terminated with the following error:
%%2

Error: (09/14/2012 04:39:30 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service terminated with the following error:
%%2

Error: (09/14/2012 04:37:25 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/14/2012 04:37:25 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service terminated with the following error:
%%2

Error: (09/14/2012 04:23:44 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service terminated with the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (09/13/2012 05:58:14 AM) (Source: Application Hang)(User: )
Description: mbam.exe1.62.0.140hungapp0.0.0.000000000

Error: (09/12/2012 10:20:54 PM) (Source: Application Error)(User: )
Description: 750195438

Error: (09/12/2012 10:20:13 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512explorer.exe6.0.2900.551200008436

Error: (08/30/2012 02:36:52 AM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (08/30/2012 02:36:20 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.55120.0.0.000000000

Error: (08/30/2012 02:33:24 AM) (Source: Application Error)(User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d

Error: (08/30/2012 02:33:14 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.55120.0.0.000000000

Error: (08/29/2012 08:41:11 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its

validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/29/2012 08:41:11 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its

validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/29/2012 08:41:10 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its

validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

Adobe AIR (Version: 1.1.0.5790)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Photoshop Elements 7.0 (Version: 7.0)
Adobe Photoshop Elements 7.0 (Version: 7.0.0.3)
Adobe Photoshop.com Inspiration Browser (Version: 2.61)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
Atlantis Bundle
Bejeweled Deluxe 1.87
Big Kahuna Reef 2 - Chain Reaction
Chinese Traditional Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 4.0)
Creative Audio Console
Creative Audio Console (Version: 1.32)
Creative PlayCenter
Creative Recorder
Creative Software AutoUpdate (Version: 1.40)
Creative TaskBar
DVD X Copy Platinum 4.0.3
DVD X Rescue (Version: 2.1.2)
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
FireNet
HP Photo and Imaging 1.0 - HP Photosmart Printer Series (Version: 1.1.0000)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
Juniper Networks Network Connect 6.2.0 (Version: 6.2.0.13525)
LG Android Drivers (Version: 1.1)
LG USB Modem driver (Version: 4.9.4)
Logitech Harmony Remote Software 7 (Version: 7.6.0.8)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliPoint 5.5 (Version: 5.50.661.0)
Microsoft IntelliType Pro 6.1 (Version: 6.10.156.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Visio Professional 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Small Basic v0.2 (Version: 0.2.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Zoo Tycoon
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
Nero PhotoShow Express (Version: 3.0)
Nero Suite
Nikon View 6
NVIDIA Drivers
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PENTAX Digital Camera Utility
PENTAX REMOTE Assistant
PhotoshopdotcomInspirationBrowser (Version: 0.0.0)
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Platform (Version: 1.34)
QuickTime (Version: 7.72.80.56)
RegiStax Version 4
Remote Control USB Driver (Version: 2.3.2.317)
Rhapsody
Sound Blaster Audigy
SoundFont Showcase
swMSM (Version: 12.0.0.1)
System Requirements Lab
Trend Micro Titanium Maximum Security (Version: 3.1.1109)
Trend Micro Titanium Maximum Security (Version: 3.00)
Ultimate Pinball
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VIA Platform Device Manager (Version: 1.34)
VIA Rhine-Family Fast-Ethernet Adapter
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.6513)
Winamp (Version: 5.601 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Winamp Remote (Version: 2.2008.0508.1530)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 1534.49 MB
Available physical RAM: 1022.33 MB
Total Pagefile: 3433.88 MB
Available Pagefile: 3003.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.21 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:149.04 GB) (Free:128.61 GB) NTFS
3 Drive d: () (Fixed) (Total:149.05 GB) (Free:94.85 GB) NTFS

========================= Users: ========================================

User accounts for \\JONAH

Administrator Elyse Guest
HelpAssistant James Marisa
SUPPORT_388945a0


**** End of log ****


________________________End of MiniToolbox Log_______________________
_____________________________________________________________________




__________________________________________________________________________
________________________Farbar Service Scanner Log________________________

Farbar Service Scanner Version: 06-08-2012
Ran by James (administrator) on 14-09-2012 at 22:14:49
Running from "C:\Documents and Settings\James\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc: "C:\WINDOWS\System32\svchost.exe -k netsvcs".
The ServiceDll of wscsvc: ""C:\WINDOWS\system32\wscsvc.dll"".


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) tmcfw(9)
0x09000000050000000100000002000000030000000400000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****


________________________End of Farbar Service Scanner Log________________________
_________________________________________________________________________________




__________________________________________________________________
________________________Adware Cleaner Log________________________

# AdwCleaner v2.001 - Logfile created 09/14/2012 at 22:19:10
# Updated 09/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : James - JONAH
# Boot Mode : Normal
# Running from : C:\Documents and Settings\James\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\g181e8pg.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Marisa\Application Data\Mozilla\Firefox\Profiles\4q8pwsuo.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Elyse\Application Data\Mozilla\Firefox\Profiles\kds2a8mu.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1387 octets] - [14/09/2012 22:19:10]

########## EOF - C:\AdwCleaner[S1].txt - [1447 octets] ##########


________________________End of Adware Cleaner Log_____________________
______________________________________________________________________

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:47 AM

Posted 15 September 2012 - 05:22 AM

Create a restore point and run this tool

Download Safeboot repair

http://download.bleepingcomputer.com/sUBs/SafeBootKeyRepair.exe

Run this tool,after scan finishes,try to boot into safemode

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Post the new FSS log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

Edited by narenxp, 15 September 2012 - 05:22 AM.


#9 El Chupacabra

El Chupacabra
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado USA
  • Local time:02:47 AM

Posted 15 September 2012 - 12:30 PM

Okay, question... I ran SafeBootKeyRepair.exe and successfully rebooted to Safe Mode with Networking (YAY :clapping: ), do I proceed to run the other tools in Safe Mode or in Normal Mode?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:47 AM

Posted 15 September 2012 - 12:35 PM

normal mode

#11 El Chupacabra

El Chupacabra
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado USA
  • Local time:02:47 AM

Posted 15 September 2012 - 01:19 PM

Here are the new logs requested. I would like to just thank you very much for taking time to help me get out of this jam. I used to be able to do all this stuff on my own, but I have been out of the loop for too long now.

_____________________________________________________________
________________________Svc Repair Log_______________________

Log Opened: 2012-09-15 @ 11:46:50
11:46:50 - -----------------
11:46:50 - | Begin Logging |
11:46:50 - -----------------
11:46:50 - Fix started on a WIN_XP X86 computer
11:46:50 - Prep in progress. Please Wait.
11:46:58 - Prep complete
11:46:58 - Repairing Services Now. Please wait...

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Setup>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
11:47:03 - Services Repair Complete.
11:47:08 - Reboot Initiated


________________________End of Svc Repair Log_______________________
____________________________________________________________________




_________________________________________________________
________________________RKILL Log________________________

Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/15/2012 12:04:50 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\MsPMSPSv.exe (PID: 1164) [WD-HEUR]
* C:\WINDOWS\system32\hphmon04.exe (PID: 2376) [WD-HEUR]
* C:\WINDOWS\system32\CTHELPER.EXE (PID: 2448) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/15/2012 12:05:47 PM
Execution time: 0 hours(s), 0 minute(s), and 56 seconds(s)


________________________End of RKILL Log________________________
________________________________________________________________




____________________________________________________________
________________________Autoruns Log________________________

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "CTHelper" "CtHelper Application" "Creative Technology Ltd" "c:\windows\system32\cthelper.exe"
+ "CTStartup" "Eax Splash" "Creative Technology Ltd." "c:\program files\creative\sbaudigy\program\cteaxspl.exe"
+ "CTxfiHlp" "CTXfiHlp MFC Application" "Creative Technology Ltd" "c:\windows\system32\ctxfihlp.exe"
+ "Disc Detector" "Disc Detector" "Creative Technology Ltd." "c:\program files\creative\sharedll\ctnotify.exe"
+ "HPDJ Taskbar Utility" "" "HP" "c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe"
+ "HPHmon04" "HPHmon04" "Hewlett-Packard" "c:\windows\system32\hphmon04.exe"
+ "HPHUPD04" "HPHupd04" "Hewlett-Packard" "c:\program files\hp photosmart 11\hphinstall\unipatch\hphupd04.exe"
+ "IntelliPoint" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "itype" "IType.exe" "Microsoft Corporation" "c:\program files\microsoft intellitype pro\itype.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "c:\windows\system32\nvmctray.dll"
+ "nwiz" "NVIDIA nView Wizard, Version 111.75 " "NVIDIA Corporation" "c:\windows\system32\nwiz.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "Share-to-Web Namespace Daemon" "hpgs2wnd" "Hewlett-Packard" "c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "Trend Micro Client Framework" "Trend Micro Client Session Agent Monitor" "Trend Micro Inc." "c:\program files\trend micro\uniclient\uifrmwrk\uiwatchdog.exe"
+ "Trend Micro Titanium" "Trend Micro Client Main Console" "Trend Micro Inc." "c:\program files\trend micro\titanium\uiframework\uiwinmgr.exe"
+ "UpdReg" "Creative UpdReg" "Creative Technology Ltd." "c:\windows\updreg.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\CTStartup" "" "" ""
+ "CTStartup" "Eax Splash" "Creative Technology Ltd." "c:\program files\creative\sbaudigy\program\cteaxspl.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "PhotoShow Deluxe Media Manager" "Nero PhotoShow Media Manager" "Ahead Software" "c:\program files\ahead\nero photoshow\data\xtras\mssysmgr.exe"
+ "TrendSecure Remote File Lock" "" "" "File not found: C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe /lock"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
+ "tmbp" "Trend Micro Browser Plug-In (IE)" "Trend Micro Inc." "c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\tmbpie32.dll"
+ "tmpx" "Trend Micro NSC IE Plug-In" "Trend Micro Inc." "c:\program files\trend micro\amsp\module\20004\1.5.1505\6.6.1088\tmieplg.dll"
+ "tmtb" "Trend Micro TrendSecure" "Trend Micro Inc." "c:\program files\trend micro\titanium\uiframework\toolbarie.dll"
+ "tmtbim" "Trend Micro TrendSecure" "Trend Micro Inc." "c:\program files\trend micro\titanium\uiframework\protoolbarimratingactivex.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "LavasoftShellExt" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll"
+ "TmdshellExt Class" "Trend Micro Client Shell Extension" "Trend Micro Inc." "c:\program files\trend micro\uniclient\uifrmwrk\tmdshell.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "NkvDropExt" "NkvDropExt DLL" "Nikon Corporation" "c:\program files\nikon\nkview6\nkvdropext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 111.75 " "NVIDIA Corporation" "c:\windows\system32\nvshell.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "LavasoftShellExt" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "TmdshellExt Class" "Trend Micro Client Shell Extension" "Trend Micro Inc." "c:\program files\trend micro\uniclient\uifrmwrk\tmdshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "NkvDropExt" "NkvDropExt DLL" "Nikon Corporation" "c:\program files\nikon\nkview6\nkvdropext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "TmBpIeBHO Class" "Trend Micro Browser Plug-In (IE)" "Trend Micro Inc." "c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\tmbpie32.dll"
+ "TmIEPlugInBHO Class" "Trend Micro NSC IE Plug-In" "Trend Micro Inc." "c:\program files\trend micro\amsp\module\20004\1.5.1505\6.6.1088\tmieplg.dll"
+ "TSToolbarBHO" "Trend Micro TrendSecure" "Trend Micro Inc." "c:\program files\trend micro\titanium\uiframework\toolbarie.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Trend Micro Toolbar" "Trend Micro TrendSecure" "Trend Micro Inc." "c:\program files\trend micro\titanium\uiframework\toolbarie.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Ad-Aware Update (Weekly).job" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent"
+ "Adobe Flash Player Updater.job" "Adobe Flash Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeActiveFileMonitor7.0" "Tracks files that are managed by Adobe Photoshop Elements" "Adobe Systems Incorporated" "c:\program files\adobe\photoshop elements 7.0\photoshopelementsfileagent.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Amsp" "Manages Trend Micro security modules" "Trend Micro Inc." "c:\program files\trend micro\amsp\coreserviceshell.exe"
+ "Creative Audio Engine Licensing Service" "Provides licensing services for Creative Audio Engine." "Creative Labs" "c:\program files\common files\creative labs shared\service\ctaelicensing.exe"
+ "CTAudSvcService" "Creative Audio Service" "Creative Technology Ltd" "c:\program files\creative\shared files\ctaudsvc.exe"
+ "dsNcService" "Manages secure network connections" "Juniper Networks" "c:\program files\juniper networks\common files\dsncservice.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Macrovision Europe Ltd." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "NVSvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPH11" "PML Driver" "HP" "c:\windows\system32\hphipm11.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AFS2K" "Audio File System" "Oak Technology Inc." "c:\windows\system32\drivers\afs2k.sys"
+ "CDRPDACC" "CD Device Access" "Arrowkey" "c:\program files\321studios\shared\cdrpdacc.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "COMMONFX" "Creative Common FX Plug-in" "Creative Technology Ltd" "c:\windows\system32\drivers\commonfx.sys"
+ "COMMONFX.SYS" "Creative Common FX Plug-in" "Creative Technology Ltd" "c:\windows\system32\drivers\commonfx.sys"
+ "ctac32k" "Creative AC3 SW Decoder Device Driver (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\ctac32k.sys"
+ "ctaud2k" "Creative WDM Audio Device Driver" "Creative Technology Ltd" "c:\windows\system32\drivers\ctaud2k.sys"
+ "CTAUDFX" "Creative SB FX Plug-in" "Creative Technology Ltd" "c:\windows\system32\drivers\ctaudfx.sys"
+ "CTAUDFX.SYS" "Creative SB FX Plug-in" "Creative Technology Ltd" "c:\windows\system32\drivers\ctaudfx.sys"
+ "ctdvda2k" "Creative DVD-Audio Device Driver (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\ctdvda2k.sys"
+ "CTERFXFX" "E-MU E-DSP Effects Plugin Module" "Creative Technology Ltd" "c:\windows\system32\drivers\cterfxfx.sys"
+ "CTERFXFX.SYS" "E-MU E-DSP Effects Plugin Module" "Creative Technology Ltd" "c:\windows\system32\drivers\cterfxfx.sys"
+ "ctprxy2k" "Creative Proxy Device Driver (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\ctprxy2k.sys"
+ "CTSBLFX" "Creative SB FX Plug-in" "Creative Technology Ltd" "c:\windows\system32\drivers\ctsblfx.sys"
+ "CTSBLFX.SYS" "Creative SB FX Plug-in" "Creative Technology Ltd" "c:\windows\system32\drivers\ctsblfx.sys"
+ "ctsfm2k" "SoundFont® Manager (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\ctsfm2k.sys"
+ "Dot4 HPH11" "IEEE-1284.4-1999 Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hphid411.sys"
+ "Dot4Print HPH11" "IEEE-1284.4-1999 Print Class Driver" "HP" "c:\windows\system32\drivers\hphipr11.sys"
+ "Dot4Storage HPH11" "Printer Card Mass Storage Driver" "Hewlett-Packard" "c:\windows\system32\drivers\hphs2k11.sys"
+ "Dot4Usb HPH11" "1284.4<->Usb Datalink Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hphius11.sys"
+ "dsNcAdpt" "dsNcAdapter" "Juniper Networks" "c:\windows\system32\drivers\dsncadpt.sys"
+ "emupia" "E-mu Plug-in Architecture Driver (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\emupia2k.sys"
+ "FET5X86V" "NDIS 5.0 miniport driver" "VIA Technologies, Inc. " "c:\windows\system32\drivers\fetnd5bv.sys"
+ "FETNDIS" "NDIS 5.0 miniport driver" "VIA Technologies, Inc. " "c:\windows\system32\drivers\fetnd5.sys"
+ "ha10kx2k" "Creative EMU10KX HAL (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\ha10kx2k.sys"
+ "hap16v2k" "Creative EMU10KX-P16v HAL (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\hap16v2k.sys"
+ "hap17v2k" "Creative EMU10KX-P17v HAL (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\hap17v2k.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 175.19 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "ossrv" "Creative OS Services Driver (WDM)" "Creative Technology Ltd." "c:\windows\system32\drivers\ctoss2k.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "Pcouffin" "Patin-Couffin low level access layer for CD devices" "VSO Software" "c:\windows\system32\drivers\pcouffin.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "tmactmon" "Trend Micro Activity Monitor Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmactmon.sys"
+ "tmcfw" "Trend Micro NDIS 5.0 Intermedia Driver (i386-fre)" "Trend Micro Inc." "c:\windows\system32\drivers\tm_cfw.sys"
+ "tmcomm" "Trend Micro Common Engine Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmcomm.sys"
+ "tmevtmgr" "Trend Micro Event Manager Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmevtmgr.sys"
+ "tmtdi" "Trend Micro TDI Driver (i386-fre)" "Trend Micro Inc." "c:\windows\system32\drivers\tmtdi.sys"
+ "videX32" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\videx32.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ctmp3" "MP3 CODEC for MSACM" "Creative Technology Ltd." "c:\windows\system32\ctmp3.acm"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "VIDC.FFDS" "" "" "c:\windows\system32\ff_vfw.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "PVTimeScale Plugin" "AMSDSPVT" "Creative Technology Ltd." "c:\program files\creative\sharedll\audplug\amsdspvt.dll"
+ "PVTimeScale Plugin" "AMSDSPVT" "Creative Technology Ltd." "c:\program files\creative\sharedll\audplug\amsdspvt.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "aac_parser" "Direct show parser filter for ADTS" "" "c:\program files\winamp remote\bin\aac_parser.ax"
+ "AC3 Source Filter" "Creative AC3 Source Filter" "Creative Technology Ltd." "c:\program files\creative\sharedll\audplug\ac3filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CoreAAC Audio Decoder" "CoreAAC" "" "c:\program files\winamp remote\bin\coreaac.ax"
+ "Creative EAX Dream" "Creative EAX Dream" "Creative Technology Ltd" "c:\program files\creative\sharedll\audplug\ctdream.ax"
+ "DV Scenes" "DV-Timecode based Scenechange Detection" "Ahead Software AG" "c:\program files\ahead\nerovision\nvdv.dll"
+ "DV Source Filter" "DV-Timecode based Scenechange Detection" "Ahead Software AG" "c:\program files\ahead\nerovision\nvdv.dll"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\ffdshow\ffdshow.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Lava Filter" "" "" "File not found: C:\Program Files\Creative\ShareDLL\AudPlug\CTOozicFt.dll"
+ "MP3 Source Filter" "Creative MP3 Source Filter" "Creative Technology Ltd." "c:\program files\creative\sharedll\audplug\ctmp3sft.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "MpegAudio Filter" "MpegAudio Module" "DScaler Team" "c:\program files\winamp remote\bin\dscaler5\mpegaudio.dll"
+ "MpegVideo Filter" "MpegVideo Module" "DScaler Team" "c:\program files\winamp remote\bin\dscaler5\mpegvideo.dll"
+ "Nero AAC Parser" "Nero Digital Audio Decoding Filter" "Ahead Software AG and its licensors" "c:\program files\ahead\nero photoshow\data\xtras\neaudio.ax"
+ "Nero Audio CD Filter" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio CD Navigator" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio Encoder" " " "Ahead Software AG
Karlsbad
Germany
Phone: ++49-7248-911-800
Fax: ++49-7248-911-888
E-Mail: info@nero.com" "c:\program files\common files\ahead\dsfilter\neaudioenc.ax"
+ "Nero Audio Processor" "Nero Audio Processor" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudioconv.ax"
+ "Nero Audio Processor" "Nero Audio Processor" "Ahead Software AG
" "c:\program files\ahead\nero photoshow\data\xtras\neaudioconv.ax"
+ "Nero Audio Source" "Nero Library" "Ahead Software AG" "c:\program files\ahead\nero photoshow\data\xtras\nerender.ax"
+ "Nero Audio Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Ahead Software AG" "c:\program files\ahead\nero photoshow\data\xtras\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Ahead Software AG" "c:\program files\ahead\nero photoshow\data\xtras\nerender.ax"
+ "Nero Digital Audio Decoder" "Nero Audio Decoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudio.ax"
+ "Nero Digital Audio Decoder" "Nero Digital Audio Decoding Filter" "Ahead Software AG and its licensors" "c:\program files\ahead\nero photoshow\data\xtras\neaudio.ax"
+ "Nero Digital AVC Audio Encoder" "AAC LC/HE Audio Encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendaud.ax"
+ "Nero Digital AVC File Writer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Muxer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Null Renderer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital Parser" "NeroDigital / mp4 / avi / mov parser" "Ahead Software AG" "c:\program files\ahead\nero photoshow\data\xtras\ndparser.ax"
+ "Nero Digital Parser" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero DV Splitter" "DV Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvsplitter.ax"
+ "Nero DVD Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero DVD Navigator" "DVD Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvd.ax"
+ "Nero ES Video Reader" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero ES Video Reader" "NeroDigital / mp4 / avi / mov parser" "Ahead Software AG" "c:\program files\ahead\nero photoshow\data\xtras\ndparser.ax"
+ "Nero File Source" "Nero Library" "Ahead Software AG
" "c:\program files\ahead\nero photoshow\data\xtras\nefilesrc.ax"
+ "Nero File Source" "Nero SVCD source filter" "Nero AG " "c:\program files\common files\ahead\dsfilter\nefilesrc.ax"
+ "Nero File Source (Async.)" "NeFileSourceAsync" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nefilesourceasync.ax"
+ "Nero File Source / Splitter" "Push Mode VOB Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nefsource.ax"
+ "Nero File Source / Splitter" "Push Mode VOB Source Filter" "Ahead Software AG" "c:\program files\ahead\nero photoshow\data\xtras\nefsource.ax"
+ "Nero Format Converter" "Frame rate / Color space converter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neroformatconv.ax"
+ "Nero Format Converter" "NeroFormatConv" "admin" "c:\program files\ahead\nero photoshow\data\xtras\neroformatconv.ax"
+ "Nero Frame Capture" "Direct Show frame grabber filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\necapture.ax"
+ "Nero Mpeg2 Encoder" "MPEG 1/2 Video Encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcr.ax"
+ "Nero Photo Source" "NePhotoSource" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nephotosource.ax"
+ "Nero PS Muxer" "PS Muxer Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nepsmuxer.ax"
+ "Nero QuickTime™ Audio Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero QuickTime™ Video Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero Resize" "Nero Resizing Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neresize.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Splitter" "Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesplitter.ax"
+ "Nero Vcd Navigator" "Nero Vcd Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcd.ax"
+ "Nero Video Analyzer" "Nero Video Analyzer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideoanalyzer.ax"
+ "Nero Video Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero Video Processor" "Resize / Deinterlace / Color Correction / Film Effect / Frame Capture Filter" "Ahead Software AG" "c:\program files\ahead\nero photoshow\data\xtras\nerovideoproc.ax"
+ "Nero Video Processor" "Resize / Deinterlace / Color Correction / Film Effect / Frame Capture Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerovideoproc.ax"
+ "Nero Video Source" "Nero Library" "Ahead Software AG" "c:\program files\ahead\nero photoshow\data\xtras\nerender.ax"
+ "Nero Video Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Noise Reduction" "Sample" "MyCompanyName" "c:\program files\creative\sharedll\audplug\dsnoiser.ax"
+ "NVF Filter" "Nomad Voice File Source Filter" "Creative Technology Ltd." "c:\program files\creative\sharedll\audplug\ctnvfflt.dll"
+ "Orb RTSP Source Filter" " OrbRTSPSource Filter Dynamic Link Library" "" "c:\program files\winamp remote\bin\orbrtspsource.ax"
+ "OrbNSVSourceFilter" "OrbNSVSource Filter" "Orb Networks, Inc." "c:\program files\winamp remote\bin\orbnsvsourcefilter.ax"
+ "OrbSourceFilter" "OrbSourceFilter" "" "c:\program files\winamp remote\bin\orbsourcefilter.ax"
+ "OrbUrlSource" "OrbUrlSource.ax" "Orb Networks, Inc." "c:\program files\winamp remote\bin\orburlsource.ax"
+ "PVTimeScale Plugin" "AMSDSPVT" "Creative Technology Ltd." "c:\program files\creative\sharedll\audplug\amsdspvt.dll"
+ "RealAudio Decoder" "RealMedia Splitter" "Gabest" "c:\program files\winamp remote\bin\realmediasplitter.ax"
+ "RealMedia Source" "RealMedia Splitter" "Gabest" "c:\program files\winamp remote\bin\realmediasplitter.ax"
+ "RealMedia Splitter" "RealMedia Splitter" "Gabest" "c:\program files\winamp remote\bin\realmediasplitter.ax"
+ "RealVideo Decoder" "RealMedia Splitter" "Gabest" "c:\program files\winamp remote\bin\realmediasplitter.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotBoundaryDet" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Track1Filter" "" "" "c:\program files\adobe\photoshop elements 7.0\track1filter.dll"
+ "Track2Filter" "" "" "c:\program files\adobe\photoshop elements 7.0\track2filter.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "Windows Media Pad VU Data Grabber" "Windows Movie Maker" "Microsoft Corporation" "c:\program files\movie maker\wmmfilt.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMS Filter" "Creative Windows Media Source Filter" "Creative Technology Ltd." "c:\program files\creative\sharedll\audplug\ctwmsflt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"


________________________End of Autoruns Log_____________________
________________________________________________________________

#12 El Chupacabra

El Chupacabra
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado USA
  • Local time:02:47 AM

Posted 15 September 2012 - 01:30 PM

The AutoRuns window had some red and some yellow highlighted items in it, but it's not obvious in the raw text I pasted in my previous post. Let me know if you need something different from me for the AutoRuns results (a screenshot, a different file type, manually put those items in a different font color, etc...)

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:47 AM

Posted 15 September 2012 - 01:54 PM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#14 El Chupacabra

El Chupacabra
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado USA
  • Local time:02:47 AM

Posted 15 September 2012 - 02:10 PM

Here is the new FSS log:

_________________________________________________________________________
________________________Farbar Service Scanner Log_______________________

Farbar Service Scanner Version: 06-08-2012
Ran by James (administrator) on 15-09-2012 at 13:03:33
Running from "C:\Documents and Settings\James\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) tmcfw(9)
0x09000000050000000100000002000000030000000400000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****


________________________End of Farbar Service Scanner Log_____________________
______________________________________________________________________________

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:47 AM

Posted 15 September 2012 - 02:16 PM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users