Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fastestwebsearch.com browser Hijacker Win XP 32bit on google Chrome


  • Please log in to reply
20 replies to this topic

#1 Ectomorph

Ectomorph

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 15 September 2012 - 06:36 AM

Hi bleeping computer community. I hope that you can help me in some why or other. I recently downloaded lightshot - thinking about it not from a reliable source (1st link that appeared)- and i have picked up a browser hijacker from the winRAR (now deleted). It is called http://fastestwebsearch.com/search?q=google and it seems to piggyback off google to perform searches. I also check my outdated internet explorer and this is suffering the same curse. I have picked up a hijacker before (can't remember the name) so luckily i was able to identify what it was. My first action was to deactivate all the add-ins for chrome but it is still operational. I then did a full scan using after downloading most recent virus definition files with Semantec Norton Antivirus.

This did not work either. I have also scanned with Microsoft safety scanner and still nothing detected. I then deleted my browser still to find it was still there. I have now performed a back up of all my files and downloaded hijackthis to get a log. I then ran it through their log uploader function and nothing appeared out of the ordinary i.e. nothing 'nasty' was discovered. I even searched each .exe online to check if anyone out there had found the processes to be suspicious, and nothing for anything.

So through a lack of wanting to pull my hair out in clumps I have decided to call in some back-up, so if anyone reading this could provide me with some help that would be amazing!

Many thanks in advance, I await your aid patiently.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:39 AM

Posted 15 September 2012 - 06:37 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Ectomorph

Ectomorph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 16 September 2012 - 04:53 AM

Thanks very much for getting in contact so promptly. It took me a while to complete all the scans, but here they are:


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

_____________________________________________________

TDLFS log

16:13:51.0750 4460 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:13:52.0109 4460 ============================================================
16:13:52.0109 4460 Current date / time: 2012/09/15 16:13:52.0109
16:13:52.0109 4460 SystemInfo:
16:13:52.0109 4460
16:13:52.0109 4460 OS Version: 5.1.2600 ServicePack: 3.0
16:13:52.0109 4460 Product type: Workstation
16:13:52.0109 4460 ComputerName: IVPC166
16:13:52.0140 4460 UserName: Paul
16:13:52.0140 4460 Windows directory: C:\WINDOWS
16:13:52.0140 4460 System windows directory: C:\WINDOWS
16:13:52.0140 4460 Processor architecture: Intel x86
16:13:52.0140 4460 Number of processors: 2
16:13:52.0140 4460 Page size: 0x1000
16:13:52.0140 4460 Boot type: Normal boot
16:13:52.0140 4460 ============================================================
16:13:58.0953 4460 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:13:58.0984 4460 ============================================================
16:13:58.0984 4460 \Device\Harddisk0\DR0:
16:13:58.0984 4460 MBR partitions:
16:13:58.0984 4460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
16:13:58.0984 4460 ============================================================
16:13:59.0015 4460 C: <-> \Device\Harddisk0\DR0\Partition1
16:13:59.0015 4460 ============================================================
16:13:59.0015 4460 Initialize success
16:13:59.0015 4460 ============================================================
16:30:53.0656 5280 ============================================================
16:30:53.0656 5280 Scan started
16:30:53.0656 5280 Mode: Manual;
16:30:53.0656 5280 ============================================================
16:30:56.0046 5280 ================ Scan system memory ========================
16:30:56.0953 5280 System memory - ok
16:30:56.0953 5280 ================ Scan services =============================
16:30:57.0093 5280 Abiosdsk - ok
16:30:57.0109 5280 abp480n5 - ok
16:30:57.0171 5280 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:30:57.0187 5280 ACPI - ok
16:30:57.0250 5280 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:30:57.0250 5280 ACPIEC - ok
16:30:57.0390 5280 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:30:57.0390 5280 AdobeFlashPlayerUpdateSvc - ok
16:30:57.0406 5280 adpu160m - ok
16:30:57.0468 5280 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
16:30:57.0468 5280 aeaudio - ok
16:30:57.0531 5280 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:30:57.0531 5280 aec - ok
16:30:57.0625 5280 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:30:57.0640 5280 AegisP - ok
16:30:57.0703 5280 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:30:57.0703 5280 AFD - ok
16:30:57.0718 5280 AFGMp50 - ok
16:30:57.0718 5280 AFGSp50 - ok
16:30:57.0734 5280 Aha154x - ok
16:30:57.0734 5280 aic78u2 - ok
16:30:57.0750 5280 aic78xx - ok
16:30:57.0828 5280 [ 11F424D02AEA63A3A53445087072FDD0 ] aksfridge C:\WINDOWS\system32\drivers\aksfridge.sys
16:30:57.0843 5280 aksfridge - ok
16:30:57.0890 5280 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:30:57.0890 5280 Alerter - ok
16:30:57.0921 5280 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:30:57.0921 5280 ALG - ok
16:30:57.0937 5280 AliIde - ok
16:30:57.0937 5280 amsint - ok
16:30:58.0000 5280 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:30:58.0000 5280 AppMgmt - ok
16:30:58.0140 5280 [ 3BC98A53C0ABE3FEB3B2B9B3BD9E7AA5 ] AR9271 C:\WINDOWS\system32\DRIVERS\athuw.sys
16:30:58.0234 5280 AR9271 - ok
16:30:58.0234 5280 asc - ok
16:30:58.0250 5280 asc3350p - ok
16:30:58.0250 5280 asc3550 - ok
16:30:58.0375 5280 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:30:58.0375 5280 aspnet_state - ok
16:30:58.0421 5280 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:30:58.0421 5280 AsyncMac - ok
16:30:58.0437 5280 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:30:58.0453 5280 atapi - ok
16:30:58.0453 5280 Atdisk - ok
16:30:58.0484 5280 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:30:58.0484 5280 Atmarpc - ok
16:30:58.0515 5280 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:30:58.0515 5280 AudioSrv - ok
16:30:58.0562 5280 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:30:58.0562 5280 audstub - ok
16:30:58.0656 5280 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:30:58.0656 5280 Beep - ok
16:30:58.0734 5280 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:30:58.0750 5280 BITS - ok
16:30:58.0796 5280 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:30:58.0796 5280 Browser - ok
16:30:58.0843 5280 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:30:58.0843 5280 cbidf2k - ok
16:30:58.0890 5280 [ FDC06E2ADA8C468EBB161624E03976CF ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:30:58.0890 5280 CCDECODE - ok
16:30:59.0062 5280 [ 04945313BC60488E0C14AD1167160659 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
16:30:59.0078 5280 ccEvtMgr - ok
16:30:59.0093 5280 [ 2203161EC24C210D51DB69C604F4A504 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
16:30:59.0125 5280 ccSetMgr - ok
16:30:59.0140 5280 cd20xrnt - ok
16:30:59.0156 5280 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:30:59.0156 5280 Cdaudio - ok
16:30:59.0171 5280 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:30:59.0187 5280 Cdfs - ok
16:30:59.0203 5280 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:30:59.0203 5280 Cdrom - ok
16:30:59.0218 5280 Changer - ok
16:30:59.0281 5280 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:30:59.0281 5280 CiSvc - ok
16:30:59.0328 5280 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:30:59.0328 5280 ClipSrv - ok
16:30:59.0375 5280 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:30:59.0375 5280 clr_optimization_v2.0.50727_32 - ok
16:30:59.0390 5280 CmdIde - ok
16:30:59.0390 5280 COMSysApp - ok
16:30:59.0406 5280 Cpqarray - ok
16:30:59.0453 5280 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:30:59.0453 5280 CryptSvc - ok
16:30:59.0453 5280 dac2w2k - ok
16:30:59.0468 5280 dac960nt - ok
16:30:59.0515 5280 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:30:59.0546 5280 DcomLaunch - ok
16:30:59.0562 5280 [ 9709D3D9E592D3217353F3FAFE29FAA3 ] DefWatch C:\Program Files\Symantec AntiVirus\DefWatch.exe
16:30:59.0640 5280 DefWatch - ok
16:30:59.0687 5280 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:30:59.0687 5280 Dhcp - ok
16:30:59.0718 5280 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:30:59.0718 5280 Disk - ok
16:30:59.0718 5280 dmadmin - ok
16:30:59.0796 5280 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:30:59.0828 5280 dmboot - ok
16:30:59.0875 5280 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:30:59.0875 5280 dmio - ok
16:30:59.0906 5280 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:30:59.0906 5280 dmload - ok
16:30:59.0953 5280 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:30:59.0953 5280 dmserver - ok
16:31:00.0000 5280 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:31:00.0000 5280 DMusic - ok
16:31:00.0062 5280 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:31:00.0062 5280 Dnscache - ok
16:31:00.0109 5280 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:31:00.0109 5280 Dot3svc - ok
16:31:00.0125 5280 dpti2o - ok
16:31:00.0156 5280 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:31:00.0156 5280 drmkaud - ok
16:31:00.0234 5280 [ A8B3EC8EE13CBE14F067C72110155A1B ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys
16:31:00.0234 5280 E1000 - ok
16:31:00.0281 5280 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:31:00.0281 5280 EapHost - ok
16:31:00.0359 5280 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
16:31:00.0390 5280 eeCtrl - ok
16:31:00.0468 5280 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:31:00.0484 5280 EraserUtilRebootDrv - ok
16:31:00.0531 5280 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:31:00.0531 5280 ERSvc - ok
16:31:00.0578 5280 esgiguard - ok
16:31:00.0625 5280 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:31:00.0640 5280 Eventlog - ok
16:31:00.0687 5280 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:31:00.0703 5280 EventSystem - ok
16:31:00.0734 5280 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:31:00.0734 5280 Fastfat - ok
16:31:00.0796 5280 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:31:00.0796 5280 FastUserSwitchingCompatibility - ok
16:31:00.0812 5280 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:31:00.0812 5280 Fdc - ok
16:31:00.0875 5280 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:31:00.0875 5280 Fips - ok
16:31:00.0890 5280 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:31:00.0906 5280 Flpydisk - ok
16:31:00.0937 5280 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:31:00.0937 5280 FltMgr - ok
16:31:01.0015 5280 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:31:01.0015 5280 FontCache3.0.0.0 - ok
16:31:01.0046 5280 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:31:01.0046 5280 Fs_Rec - ok
16:31:01.0062 5280 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:31:01.0062 5280 Ftdisk - ok
16:31:01.0078 5280 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:31:01.0078 5280 Gpc - ok
16:31:01.0203 5280 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:31:01.0218 5280 gupdate - ok
16:31:01.0218 5280 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:31:01.0218 5280 gupdatem - ok
16:31:01.0312 5280 [ 995178A443B07FA9EEAEA041D7B4B5CA ] hardlock C:\WINDOWS\system32\drivers\hardlock.sys
16:31:01.0343 5280 hardlock - ok
16:31:01.0359 5280 hasplms - ok
16:31:01.0468 5280 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:31:01.0468 5280 helpsvc - ok
16:31:01.0500 5280 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:31:01.0500 5280 HidServ - ok
16:31:01.0546 5280 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:31:01.0546 5280 HidUsb - ok
16:31:01.0656 5280 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:31:01.0703 5280 hkmsvc - ok
16:31:01.0703 5280 hpn - ok
16:31:01.0859 5280 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:31:02.0031 5280 HTTP - ok
16:31:02.0046 5280 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:31:02.0062 5280 HTTPFilter - ok
16:31:02.0062 5280 i2omgmt - ok
16:31:02.0078 5280 i2omp - ok
16:31:02.0140 5280 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:31:02.0140 5280 i8042prt - ok
16:31:02.0265 5280 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:31:02.0328 5280 ialm - ok
16:31:02.0453 5280 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:31:02.0500 5280 idsvc - ok
16:31:02.0531 5280 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:31:02.0531 5280 Imapi - ok
16:31:02.0625 5280 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:31:02.0625 5280 ImapiService - ok
16:31:02.0640 5280 ini910u - ok
16:31:02.0656 5280 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:31:02.0656 5280 IntelIde - ok
16:31:02.0671 5280 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:31:02.0671 5280 intelppm - ok
16:31:02.0703 5280 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:31:02.0703 5280 Ip6Fw - ok
16:31:02.0765 5280 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:31:02.0765 5280 IpFilterDriver - ok
16:31:02.0781 5280 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:31:02.0781 5280 IpInIp - ok
16:31:02.0812 5280 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:31:02.0812 5280 IpNat - ok
16:31:02.0812 5280 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:31:02.0828 5280 IPSec - ok
16:31:02.0859 5280 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:31:02.0859 5280 IRENUM - ok
16:31:02.0890 5280 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:31:02.0890 5280 isapnp - ok
16:31:03.0031 5280 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
16:31:03.0062 5280 JavaQuickStarterService - ok
16:31:03.0140 5280 [ AD7C73C72480EECB7675C90EB565E7CB ] jswpsapi C:\Program Files\NETGEAR\WNDA3200\jswpsapi.exe
16:31:03.0171 5280 jswpsapi - ok
16:31:03.0234 5280 [ AD67795900AA8C05CC4570F5349E0639 ] JSWSCIMD C:\WINDOWS\system32\DRIVERS\jswscimd.sys
16:31:03.0234 5280 JSWSCIMD - ok
16:31:03.0296 5280 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:31:03.0296 5280 Kbdclass - ok
16:31:03.0296 5280 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:31:03.0312 5280 kbdhid - ok
16:31:03.0328 5280 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:31:03.0328 5280 kmixer - ok
16:31:03.0406 5280 [ 747667467B3C02DF529810A2403E637A ] ks2avs C:\WINDOWS\system32\Drivers\ks2avs.sys
16:31:03.0421 5280 ks2avs - ok
16:31:03.0484 5280 [ 1EDCFEB73949FA77C323DE98F37A4F23 ] ks2usb_svc C:\WINDOWS\system32\Drivers\ks2usb.sys
16:31:03.0484 5280 ks2usb_svc - ok
16:31:03.0531 5280 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:31:03.0546 5280 KSecDD - ok
16:31:03.0593 5280 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:31:03.0640 5280 lanmanserver - ok
16:31:03.0687 5280 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:31:03.0703 5280 lanmanworkstation - ok
16:31:03.0703 5280 lbrtfdc - ok
16:31:03.0890 5280 [ FB3A35318CA7F6A10FA3C3826A69AFFE ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
16:31:04.0000 5280 LiveUpdate - ok
16:31:04.0062 5280 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:31:04.0062 5280 LmHosts - ok
16:31:04.0203 5280 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
16:31:04.0250 5280 MDM - ok
16:31:04.0296 5280 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:31:04.0296 5280 Messenger - ok
16:31:04.0343 5280 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:31:04.0343 5280 mnmdd - ok
16:31:04.0390 5280 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:31:04.0406 5280 mnmsrvc - ok
16:31:04.0468 5280 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:31:04.0468 5280 Modem - ok
16:31:04.0484 5280 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:31:04.0484 5280 Mouclass - ok
16:31:04.0546 5280 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:31:04.0546 5280 mouhid - ok
16:31:04.0562 5280 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:31:04.0562 5280 MountMgr - ok
16:31:04.0640 5280 [ 83EFF7B976AE24F1A496CA94A8A19919 ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
16:31:04.0656 5280 MPE - ok
16:31:04.0656 5280 mraid35x - ok
16:31:04.0671 5280 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:31:04.0687 5280 MRxDAV - ok
16:31:04.0734 5280 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:31:04.0734 5280 MRxSmb - ok
16:31:04.0750 5280 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:31:04.0750 5280 MSDTC - ok
16:31:04.0765 5280 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:31:04.0765 5280 Msfs - ok
16:31:04.0781 5280 MSIServer - ok
16:31:04.0812 5280 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:31:04.0812 5280 MSKSSRV - ok
16:31:04.0828 5280 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:31:04.0828 5280 MSPCLOCK - ok
16:31:04.0859 5280 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:31:04.0859 5280 MSPQM - ok
16:31:04.0875 5280 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:31:04.0875 5280 mssmbios - ok
16:31:04.0906 5280 [ D5059366B361F0E1124753447AF08AA2 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
16:31:04.0906 5280 MSTEE - ok
16:31:04.0937 5280 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:31:04.0937 5280 Mup - ok
16:31:04.0968 5280 [ AC31B352CE5E92704056D409834BEB74 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:31:04.0968 5280 NABTSFEC - ok
16:31:05.0015 5280 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:31:05.0031 5280 napagent - ok
16:31:05.0093 5280 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120914.002\naveng.sys
16:31:05.0109 5280 NAVENG - ok
16:31:05.0234 5280 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120914.002\navex15.sys
16:31:05.0343 5280 NAVEX15 - ok
16:31:05.0390 5280 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:31:05.0390 5280 NDIS - ok
16:31:05.0421 5280 [ ABD7629CF2796250F315C1DD0B6CF7A0 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:31:05.0421 5280 NdisIP - ok
16:31:05.0500 5280 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:31:05.0500 5280 NdisTapi - ok
16:31:05.0515 5280 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:31:05.0515 5280 Ndisuio - ok
16:31:05.0531 5280 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:31:05.0531 5280 NdisWan - ok
16:31:05.0562 5280 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:31:05.0609 5280 NDProxy - ok
16:31:05.0656 5280 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:31:05.0656 5280 NetBIOS - ok
16:31:05.0671 5280 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:31:05.0671 5280 NetBT - ok
16:31:05.0734 5280 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:31:05.0734 5280 NetDDE - ok
16:31:05.0750 5280 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:31:05.0765 5280 NetDDEdsdm - ok
16:31:05.0796 5280 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:31:05.0796 5280 Netlogon - ok
16:31:05.0828 5280 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:31:05.0828 5280 Netman - ok
16:31:05.0890 5280 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:31:05.0890 5280 NetTcpPortSharing - ok
16:31:06.0187 5280 [ 1C2C6A695BAC97D9D7F6D93FE7A83CAA ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
16:31:06.0453 5280 NIHardwareService - ok
16:31:06.0484 5280 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:31:06.0500 5280 Nla - ok
16:31:06.0562 5280 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:31:06.0562 5280 Npfs - ok
16:31:06.0656 5280 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:31:06.0687 5280 Ntfs - ok
16:31:06.0703 5280 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:31:06.0703 5280 NtLmSsp - ok
16:31:06.0765 5280 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:31:06.0781 5280 NtmsSvc - ok
16:31:06.0828 5280 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:31:06.0828 5280 Null - ok
16:31:06.0875 5280 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:31:06.0875 5280 NwlnkFlt - ok
16:31:06.0906 5280 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:31:06.0906 5280 NwlnkFwd - ok
16:31:06.0921 5280 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:31:06.0921 5280 Parport - ok
16:31:06.0937 5280 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:31:06.0937 5280 PartMgr - ok
16:31:07.0000 5280 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:31:07.0000 5280 ParVdm - ok
16:31:07.0015 5280 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:31:07.0015 5280 PCI - ok
16:31:07.0031 5280 PCIDump - ok
16:31:07.0078 5280 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
16:31:07.0078 5280 PCIIde - ok
16:31:07.0125 5280 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:31:07.0125 5280 Pcmcia - ok
16:31:07.0125 5280 PDCOMP - ok
16:31:07.0140 5280 PDFRAME - ok
16:31:07.0140 5280 PDRELI - ok
16:31:07.0156 5280 PDRFRAME - ok
16:31:07.0156 5280 perc2 - ok
16:31:07.0171 5280 perc2hib - ok
16:31:07.0234 5280 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:31:07.0234 5280 PlugPlay - ok
16:31:07.0250 5280 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:31:07.0250 5280 PolicyAgent - ok
16:31:07.0281 5280 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:31:07.0281 5280 PptpMiniport - ok
16:31:07.0281 5280 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:31:07.0296 5280 ProtectedStorage - ok
16:31:07.0296 5280 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:31:07.0312 5280 PSched - ok
16:31:07.0375 5280 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:31:07.0375 5280 Ptilink - ok
16:31:07.0390 5280 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:31:07.0390 5280 PxHelp20 - ok
16:31:07.0390 5280 ql1080 - ok
16:31:07.0406 5280 Ql10wnt - ok
16:31:07.0406 5280 ql12160 - ok
16:31:07.0421 5280 ql1240 - ok
16:31:07.0421 5280 ql1280 - ok
16:31:07.0484 5280 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:31:07.0484 5280 RasAcd - ok
16:31:07.0562 5280 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:31:07.0609 5280 RasAuto - ok
16:31:07.0640 5280 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:31:07.0640 5280 Rasl2tp - ok
16:31:07.0703 5280 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:31:07.0703 5280 RasMan - ok
16:31:07.0718 5280 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:31:07.0718 5280 RasPppoe - ok
16:31:07.0718 5280 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:31:07.0718 5280 Raspti - ok
16:31:07.0765 5280 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:31:07.0765 5280 Rdbss - ok
16:31:07.0781 5280 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:31:07.0781 5280 RDPCDD - ok
16:31:07.0812 5280 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:31:07.0828 5280 rdpdr - ok
16:31:07.0859 5280 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:31:07.0859 5280 RDPWD - ok
16:31:07.0906 5280 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:31:07.0906 5280 RDSessMgr - ok
16:31:07.0921 5280 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:31:07.0937 5280 redbook - ok
16:31:07.0968 5280 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:31:07.0984 5280 RemoteAccess - ok
16:31:08.0000 5280 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:31:08.0000 5280 RemoteRegistry - ok
16:31:08.0031 5280 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:31:08.0031 5280 RpcLocator - ok
16:31:08.0078 5280 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:31:08.0078 5280 RpcSs - ok
16:31:08.0156 5280 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:31:08.0156 5280 RSVP - ok
16:31:08.0156 5280 RTLWUSB - ok
16:31:08.0171 5280 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:31:08.0187 5280 SamSs - ok
16:31:08.0234 5280 [ 5387EAE86FB5F6B72052F5273BDD3E86 ] SavRoam C:\Program Files\Symantec AntiVirus\SavRoam.exe
16:31:08.0234 5280 SavRoam - ok
16:31:08.0281 5280 [ 12B6E269EF8AC8EA36122544C8A1B6D8 ] SAVRT C:\Program Files\Symantec AntiVirus\savrt.sys
16:31:08.0312 5280 SAVRT - ok
16:31:08.0312 5280 [ 97E5B6F3F95465E1F59360B59D8EC64E ] SAVRTPEL C:\Program Files\Symantec AntiVirus\Savrtpel.sys
16:31:08.0312 5280 SAVRTPEL - ok
16:31:08.0359 5280 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:31:08.0359 5280 SCardSvr - ok
16:31:08.0406 5280 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:31:08.0421 5280 Schedule - ok
16:31:08.0500 5280 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
16:31:08.0562 5280 SeaPort - ok
16:31:08.0625 5280 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:31:08.0625 5280 Secdrv - ok
16:31:08.0625 5280 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:31:08.0625 5280 seclogon - ok
16:31:08.0640 5280 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:31:08.0640 5280 SENS - ok
16:31:08.0671 5280 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:31:08.0671 5280 serenum - ok
16:31:08.0687 5280 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:31:08.0687 5280 Serial - ok
16:31:08.0718 5280 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:31:08.0718 5280 Sfloppy - ok
16:31:08.0781 5280 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:31:08.0796 5280 SharedAccess - ok
16:31:08.0843 5280 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:31:08.0843 5280 ShellHWDetection - ok
16:31:08.0843 5280 Simbad - ok
16:31:08.0890 5280 [ 1FFC44D6787EC1EA9A2B1440A90FA5C1 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:31:08.0890 5280 SLIP - ok
16:31:08.0968 5280 [ 31FD0707C7DBE715234F2823B27214FE ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
16:31:09.0000 5280 smwdm - ok
16:31:09.0078 5280 [ A16722715D3206AB7E1A6463CE0B747E ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
16:31:09.0109 5280 SNDSrvc - ok
16:31:09.0125 5280 Sparrow - ok
16:31:09.0171 5280 [ EF9760A364D836A0CE6149EBDF71524D ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
16:31:09.0218 5280 SPBBCDrv - ok
16:31:09.0296 5280 [ 0A6BCAB3BB4AD9D25E833FB3F840CAE0 ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
16:31:09.0406 5280 SPBBCSvc - ok
16:31:09.0468 5280 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:31:09.0468 5280 splitter - ok
16:31:09.0500 5280 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:31:09.0515 5280 Spooler - ok
16:31:09.0531 5280 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:31:09.0531 5280 sr - ok
16:31:09.0609 5280 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:31:09.0609 5280 srservice - ok
16:31:09.0671 5280 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:31:09.0687 5280 Srv - ok
16:31:09.0718 5280 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:31:09.0718 5280 SSDPSRV - ok
16:31:09.0781 5280 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:31:09.0796 5280 stisvc - ok
16:31:09.0812 5280 [ A9F9FD0212E572B84EDB9EB661F6BC04 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:31:09.0812 5280 streamip - ok
16:31:09.0828 5280 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:31:09.0828 5280 swenum - ok
16:31:09.0875 5280 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:31:09.0890 5280 swmidi - ok
16:31:09.0890 5280 SwPrv - ok
16:31:10.0046 5280 [ 0023CC5610B9C48CF68571DEE4C686FC ] Symantec AntiVirus C:\Program Files\Symantec AntiVirus\Rtvscan.exe
16:31:10.0125 5280 Symantec AntiVirus - ok
16:31:10.0140 5280 symc810 - ok
16:31:10.0156 5280 symc8xx - ok
16:31:10.0171 5280 [ 49B20B430A4F219173F823536944474A ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
16:31:10.0171 5280 SymEvent - ok
16:31:10.0203 5280 [ 626F733BE7F951116C5C0804B068666C ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
16:31:10.0218 5280 SYMREDRV - ok
16:31:10.0281 5280 [ CB7CC4DDBE09E224D4CD876760BA982C ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
16:31:10.0312 5280 SYMTDI - ok
16:31:10.0328 5280 sym_hi - ok
16:31:10.0343 5280 sym_u3 - ok
16:31:10.0468 5280 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:31:10.0578 5280 sysaudio - ok
16:31:11.0046 5280 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:31:11.0093 5280 SysmonLog - ok
16:31:11.0328 5280 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:31:11.0359 5280 TapiSrv - ok
16:31:11.0453 5280 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:31:11.0484 5280 Tcpip - ok
16:31:11.0531 5280 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:31:11.0531 5280 TDPIPE - ok
16:31:11.0578 5280 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:31:11.0593 5280 TDTCP - ok
16:31:11.0625 5280 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:31:11.0625 5280 TermDD - ok
16:31:11.0671 5280 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:31:11.0671 5280 TermService - ok
16:31:11.0718 5280 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:31:11.0718 5280 Themes - ok
16:31:11.0765 5280 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:31:11.0781 5280 TlntSvr - ok
16:31:11.0781 5280 TosIde - ok
16:31:11.0812 5280 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:31:11.0812 5280 TrkWks - ok
16:31:11.0828 5280 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:31:11.0828 5280 Udfs - ok
16:31:11.0843 5280 ultra - ok
16:31:11.0906 5280 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:31:11.0921 5280 Update - ok
16:31:11.0953 5280 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:31:11.0968 5280 upnphost - ok
16:31:12.0000 5280 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:31:12.0000 5280 UPS - ok
16:31:12.0000 5280 USB28xxBGA - ok
16:31:12.0062 5280 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
16:31:12.0062 5280 usbaudio - ok
16:31:12.0109 5280 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:31:12.0109 5280 usbccgp - ok
16:31:12.0125 5280 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:31:12.0125 5280 usbehci - ok
16:31:12.0171 5280 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:31:12.0171 5280 usbhub - ok
16:31:12.0203 5280 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:31:12.0203 5280 usbprint - ok
16:31:12.0234 5280 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:31:12.0234 5280 usbscan - ok
16:31:12.0234 5280 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:31:12.0234 5280 USBSTOR - ok
16:31:12.0281 5280 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:31:12.0281 5280 usbuhci - ok
16:31:12.0296 5280 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:31:12.0296 5280 VgaSave - ok
16:31:12.0312 5280 ViaIde - ok
16:31:12.0328 5280 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:31:12.0328 5280 VolSnap - ok
16:31:12.0406 5280 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:31:12.0421 5280 VSS - ok
16:31:12.0453 5280 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
16:31:12.0468 5280 W32Time - ok
16:31:12.0484 5280 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:31:12.0484 5280 Wanarp - ok
16:31:12.0625 5280 [ 49B50BE4C6E61DC378057A09130E0629 ] WDCS_WNDA3200 C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe
16:31:12.0671 5280 WDCS_WNDA3200 - ok
16:31:12.0734 5280 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
16:31:12.0765 5280 Wdf01000 - ok
16:31:12.0781 5280 WDICA - ok
16:31:12.0843 5280 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:31:12.0843 5280 wdmaud - ok
16:31:12.0890 5280 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:31:12.0921 5280 WebClient - ok
16:31:13.0140 5280 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:31:13.0171 5280 winmgmt - ok
16:31:13.0265 5280 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:31:13.0265 5280 WmdmPmSN - ok
16:31:13.0437 5280 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:31:13.0453 5280 Wmi - ok
16:31:13.0484 5280 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:31:13.0515 5280 WmiApSrv - ok
16:31:13.0781 5280 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:31:13.0843 5280 WMPNetworkSvc - ok
16:31:13.0921 5280 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:31:13.0921 5280 WpdUsb - ok
16:31:14.0031 5280 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:31:14.0046 5280 wscsvc - ok
16:31:14.0062 5280 [ 233CDD1C06942115802EB7CE6669E099 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:31:14.0062 5280 WSTCODEC - ok
16:31:14.0218 5280 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:31:14.0218 5280 wuauserv - ok
16:31:14.0312 5280 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:31:14.0312 5280 WudfPf - ok
16:31:14.0328 5280 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:31:14.0343 5280 WudfRd - ok
16:31:14.0359 5280 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:31:14.0359 5280 WudfSvc - ok
16:31:14.0437 5280 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:31:14.0484 5280 WZCSVC - ok
16:31:14.0515 5280 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:31:14.0515 5280 xmlprov - ok
16:31:14.0562 5280 [ 00AE175B903D45ED4A62384D3315DC2A ] ZDPSp50 C:\WINDOWS\system32\Drivers\ZDPSp50.sys
16:31:14.0562 5280 ZDPSp50 - ok
16:31:14.0593 5280 ================ Scan global ===============================
16:31:14.0640 5280 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:31:14.0718 5280 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:31:14.0765 5280 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:31:14.0781 5280 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:31:14.0781 5280 [Global] - ok
16:31:14.0781 5280 ================ Scan MBR ==================================
16:31:14.0828 5280 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:31:15.0093 5280 \Device\Harddisk0\DR0 - ok
16:31:15.0093 5280 ================ Scan VBR ==================================
16:31:15.0093 5280 [ 3ABE52E047E7D658203C603176B4B69B ] \Device\Harddisk0\DR0\Partition1
16:31:15.0093 5280 \Device\Harddisk0\DR0\Partition1 - ok
16:31:15.0093 5280 ============================================================
16:31:15.0093 5280 Scan finished
16:31:15.0093 5280 ============================================================
16:31:15.0109 5256 Detected object count: 0
16:31:15.0109 5256 Actual detected object count: 0

________________________________________________________

aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-15 16:33:37
-----------------------------
16:33:37.343 OS Version: Windows 5.1.2600 Service Pack 3
16:33:37.343 Number of processors: 2 586 0x209
16:33:37.359 ComputerName: IVPC166 UserName: Paul
16:33:38.312 Initialize success
16:46:01.921 AVAST engine defs: 12091400
23:46:22.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:46:22.453 Disk 0 Vendor: FUJITSU_MHT2060AH 006C Size: 57231MB BusType: 3
23:46:22.468 Disk 0 MBR read successfully
23:46:22.468 Disk 0 MBR scan
23:46:22.515 Disk 0 Windows XP default MBR code
23:46:22.515 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57223 MB offset 63
23:46:22.531 Disk 0 scanning sectors +117194175
23:46:22.656 Disk 0 scanning C:\WINDOWS\system32\drivers
23:46:44.156 Service scanning
23:47:16.046 Modules scanning
23:47:26.203 Disk 0 trace - called modules:
23:47:26.234 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
23:47:26.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a60dab8]
23:47:26.250 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a601d98]
23:47:27.328 AVAST engine scan C:\WINDOWS
23:47:34.906 AVAST engine scan C:\WINDOWS\system32
23:52:22.796 AVAST engine scan C:\WINDOWS\system32\drivers
23:52:46.640 AVAST engine scan C:\Documents and Settings\Paul
00:05:05.000 AVAST engine scan C:\Documents and Settings\All Users
00:07:07.859 Scan finished successfully
08:39:20.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Paul\My Documents\MBR.dat"
08:39:20.453 The log file has been saved successfully to "C:\Documents and Settings\Paul\My Documents\aswMBR.txt"


_______________________________________________________________

ESET online scanner

C:\Program Files\FoxTabFLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined

Thanks again!! :thumbup2:

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:39 AM

Posted 16 September 2012 - 08:22 AM

Dont quote my posts

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 Ectomorph

Ectomorph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 16 September 2012 - 11:54 AM

Sorry about the quotes. I just saved everything into a notepad file and then posted it all by mistake. Anyways, cheers for the help so far.

I ran the malwarebytes software and it found two suspicious items that i deleted, I ran again and nothing came up......

Here are the new logs for the latter three pieces of software you asked for you asked for.
_____________________________________________________
Mini toolbox.
MiniToolBox by Farbar Version: 23-07-2012
Ran by Paul (administrator) on 16-09-2012 at 17:50:29
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

NETGEAR WNDA3200 Wireless 11N Dual-band USB Adapter = Wireless Network Connection 11 (Connected)
Intel® PRO/1000 MT Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 11"

set address name="Wireless Network Connection 11" source=dhcp
set dns name="Wireless Network Connection 11" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 11" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : IVPC166

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection 11:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NETGEAR WNDA3200 Wireless 11N Dual-band USB Adapter

Physical Address. . . . . . . . . : E0-91-F5-4A-38-94

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 194.168.4.100

194.168.8.100

Lease Obtained. . . . . . . . . . : 16 September 2012 17:35:05

Lease Expires . . . . . . . . . . : 16 September 2012 18:35:05



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connection

Physical Address. . . . . . . . . : 00-0D-56-2A-F7-ED

Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: google.com
Addresses: 173.194.41.66, 173.194.41.71, 173.194.41.64, 173.194.41.78
173.194.41.73, 173.194.41.69, 173.194.41.67, 173.194.41.68, 173.194.41.70
173.194.41.65, 173.194.41.72



Pinging google.com [173.194.41.73] with 32 bytes of data:



Reply from 173.194.41.73: bytes=32 time=241ms TTL=56

Reply from 173.194.41.73: bytes=32 time=243ms TTL=56



Ping statistics for 173.194.41.73:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 241ms, Maximum = 243ms, Average = 242ms

Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: yahoo.com
Addresses: 98.139.183.24, 98.138.253.109, 72.30.38.140



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=374ms TTL=45

Reply from 98.138.253.109: bytes=32 time=395ms TTL=45



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 374ms, Maximum = 395ms, Average = 384ms

Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...e0 91 f5 4a 38 94 ...... NETGEAR WNDA3200 Wireless 11N Dual-band USB Adapter - Packet Scheduler Miniport
0x3 ...00 0d 56 2a f7 ed ...... Intel® PRO/1000 MT Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 40
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 40
192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 40
192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 40
224.0.0.0 240.0.0.0 192.168.0.2 192.168.0.2 40
255.255.255.255 255.255.255.255 192.168.0.2 3 1
255.255.255.255 255.255.255.255 192.168.0.2 192.168.0.2 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/16/2012 05:31:44 PM) (Source: Symantec AntiVirus) (User: IVPC166)IVPC166
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Process
Action Taken: Blocked
Actor Process: C:\Documents and Settings\Paul\My Documents\Downloads\adwcleaner (1).exe (PID 3708)
Time: 16 September 2012 17:31:44

Error: (09/16/2012 05:31:44 PM) (Source: Symantec AntiVirus) (User: IVPC166)IVPC166
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info: Terminate Process
Action Taken: Blocked
Actor Process: C:\Documents and Settings\Paul\My Documents\Downloads\adwcleaner (1).exe (PID 3708)
Time: 16 September 2012 17:31:44

Error: (09/15/2012 11:17:00 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/14/2012 08:12:48 PM) (Source: Application Hang) (User: )
Description: Hanging application HijackThis.exe, version 2.0.0.4, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/06/2012 07:24:55 PM) (Source: Symantec AntiVirus) (User: IVPC166)IVPC166
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Event Info: Terminate Process
Action Taken: Blocked
Actor Process: C:\WINDOWS\system32\taskmgr.exe (PID 3832)
Time: 06 September 2012 19:24:55

Error: (09/02/2012 07:26:26 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/02/2012 07:26:26 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/31/2012 10:17:44 PM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 10.0.6866.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/31/2012 10:16:15 PM) (Source: Microsoft Office 10) (User: )
Description: Faulting application winword.exe, version 10.0.6866.0, faulting module mso.dll, version 10.0.6870.0, fault address 0x000035ed.

Error: (08/18/2012 05:24:32 PM) (Source: MsiInstaller) (User: IVPC166)IVPC166
Description: Product: Apple Application Support -- Error 1704. An installation for Adobe Reader X (10.1.4) is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?


System errors:
=============
Error: (09/16/2012 03:38:46 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (09/16/2012 03:38:42 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (09/16/2012 03:38:38 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (09/16/2012 03:38:34 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (09/16/2012 03:38:29 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (09/16/2012 03:38:25 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (09/16/2012 03:38:21 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (09/16/2012 03:38:17 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (09/16/2012 03:38:13 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (09/16/2012 03:38:08 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D


Microsoft Office Sessions:
=========================
Error: (09/16/2012 05:31:44 PM) (Source: Symantec AntiVirus)(User: IVPC166)IVPC166
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Process
Action Taken: Blocked
Actor Process: C:\Documents and Settings\Paul\My Documents\Downloads\adwcleaner (1).exe (PID 3708)
Time: 16 September 2012 17:31:44

Error: (09/16/2012 05:31:44 PM) (Source: Symantec AntiVirus)(User: IVPC166)IVPC166
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info: Terminate Process
Action Taken: Blocked
Actor Process: C:\Documents and Settings\Paul\My Documents\Downloads\adwcleaner (1).exe (PID 3708)
Time: 16 September 2012 17:31:44

Error: (09/15/2012 11:17:00 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (09/14/2012 08:12:48 PM) (Source: Application Hang)(User: )
Description: HijackThis.exe2.0.0.4hungapp0.0.0.000000000

Error: (09/06/2012 07:24:55 PM) (Source: Symantec AntiVirus)(User: IVPC166)IVPC166
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Event Info: Terminate Process
Action Taken: Blocked
Actor Process: C:\WINDOWS\system32\taskmgr.exe (PID 3832)
Time: 06 September 2012 19:24:55

Error: (09/02/2012 07:26:26 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/02/2012 07:26:26 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/31/2012 10:17:44 PM) (Source: Application Hang)(User: )
Description: WINWORD.EXE10.0.6866.0hungapp0.0.0.000000000

Error: (08/31/2012 10:16:15 PM) (Source: Microsoft Office 10)(User: )
Description: winword.exe10.0.6866.0mso.dll10.0.6870.0000035ed

Error: (08/18/2012 05:24:32 PM) (Source: MsiInstaller)(User: IVPC166)IVPC166
Description: Product: Apple Application Support -- Error 1704. An installation for Adobe Reader X (10.1.4) is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Ahead Nero Burning ROM
Audacity 1.3.13 (Unicode)
CCleaner (Version: 3.21)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Download Manager (Version: 2.1.0.0)
EndNote X1 (Version: 11.0.0.2571)
Epson Easy Photo Print 2 (Version: 2.1.0.0)
Epson Event Manager (Version: 2.30.01)
EPSON Scan
EPSON SX210 Series Printer Uninstall
EPSON Web-To-Page
ESET Online Scanner v3
FL Studio 4.5 (Version: 4.5)
Google Chrome (Version: 21.0.1180.79)
Google Update Helper (Version: 1.3.21.115)
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® PRO Network Adapters and Drivers
ISI ResearchSoft - Export Helper
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
LAME v3.98.2 for Audacity
Line 6 Uninstaller (Version: )
LiveUpdate 3.1 (Symantec Corporation) (Version: 3.1.0.99)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Search Enhancement Pack (Version: 1.3.59.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
Native Instruments Audio 2 DJ
Native Instruments Audio 2 DJ (Version: 3.0.0.625)
Native Instruments Audio 4 DJ
Native Instruments Audio 4 DJ (Version: 3.0.0.625)
Native Instruments Audio 8 DJ
Native Instruments Audio 8 DJ (Version: 3.0.0.625)
Native Instruments Controller Editor
Native Instruments Controller Editor (Version: 1.4.0.801)
Native Instruments Service Center
Native Instruments Service Center (Version: 2.2.6.676)
Native Instruments Traktor 2
Native Instruments Traktor 2 (Version: 2.1.0.11158)
Native Instruments Traktor Audio 10
Native Instruments Traktor Audio 10 (Version: 3.0.0.625)
Native Instruments Traktor Audio 2
Native Instruments Traktor Audio 2 (Version: 3.0.0.625)
Native Instruments Traktor Audio 6
Native Instruments Traktor Audio 6 (Version: 3.0.0.625)
Native Instruments Traktor Kontrol S2
Native Instruments Traktor Kontrol S2 Driver
Native Instruments Traktor Kontrol S2 Driver (Version: 3.0.3.696)
NETGEAR WNDA3200 wireless adapter Setup (Version: 1.0.0.11)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PowerDVD
QuickTime (Version: 7.70.80.34)
R for Windows 2.13.2 (Version: 2.13.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
RealUpgrade 1.1 (Version: 1.1.0)
SoundMAX
Symantec AntiVirus (Version: 10.1.6000.6)
TWI Abstractor's Editor (Version: 1.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.56 )
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 2045.98 MB
Available physical RAM: 879.09 MB
Total Pagefile: 4931.48 MB
Available Pagefile: 4232.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.27 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:55.88 GB) (Free:22.21 GB) NTFS

========================= Users: ========================================

User accounts for \\IVPC166

admin_iv Guest HelpAssistant
Paul SUPPORT_388945a0


**** End of log ****

_____________________________________________________
FSS

Farbar Service Scanner Version: 06-08-2012
Ran by Paul (administrator) on 16-09-2012 at 17:47:37
Running from "C:\Documents and Settings\Paul\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) Gpc(3) IPSec(5) JSWSCIMD(10) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x0A0000000500000001000000020000000300000004000000080000000600000007000000090000000A000000
IpSec Tag value is correct.

**** End of log ****
_____________________________________________________
adware cleaner


# AdwCleaner v2.001 - Logfile created 09/16/2012 at 17:31:42
# Updated 09/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Paul - IVPC166
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Paul\My Documents\Downloads\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
Folder Deleted : C:\Documents and Settings\Paul\Local Settings\Application Data\Winamp Toolbar
Folder Deleted : C:\Program Files\Winamp Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2878731
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\Software\Winamp Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v21.0.1180.79

File : C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [6018 octets] - [16/09/2012 17:31:42]

########## EOF - C:\AdwCleaner[S2].txt - [6078 octets] ##########

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:39 AM

Posted 16 September 2012 - 12:26 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#7 Ectomorph

Ectomorph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 16 September 2012 - 12:48 PM

Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/16/2012 06:39:28 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Documents and Settings\Paul\My Documents\Downloads\FSS (1).exe (PID: 2756) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "ccApp" "Symantec User Session" "Symantec Corporation" "c:\program files\common files\symantec shared\ccapp.exe"
+ "TkBellExe" "RealNetworks Scheduler" "RealNetworks, Inc." "c:\program files\real\realplayer\update\realsched.exe"
+ "vptray" "Symantec AntiVirus" "Symantec Corporation" "c:\program files\symantec antivirus\vptray.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "NETGEAR WNDA3200 Smart Wizard.lnk" "WPS Utility" "NETGEAR" "c:\program files\netgear\wnda3200\wnda3200wpsmgr.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Easy Photo Print" "Epson Easy Photo Print (TBL)" "SEIKO EPSON CORPORATION / CyCom Technology Corp." "c:\program files\epson software\easy photo print\eptbl.dll"
+ "EpsonToolBandKicker Class" "EPSON Web-To-Page" "SEIKO EPSON CORPORATION" "c:\program files\epson\epson web-to-page\epson web-to-page.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin" "RealPlayer" "c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll"
+ "Search Helper" "Search Helper for Internet Explorer" "Microsoft Corporation" "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "EPSON Web-To-Page" "EPSON Web-To-Page" "SEIKO EPSON CORPORATION" "c:\program files\epson\epson web-to-page\epson web-to-page.dll"
+ "EPTBL" "Epson Easy Photo Print (TBL)" "SEIKO EPSON CORPORATION / CyCom Technology Corp." "c:\program files\epson software\easy photo print\eptbl.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.3 r300" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
X "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
X "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
X "GoogleUpdateTaskUserS-1-5-21-1275210071-1336601894-839522115-1004Core.job" "Google Installer" "Google Inc." "c:\documents and settings\paul\local settings\application data\google\update\googleupdate.exe"
X "GoogleUpdateTaskUserS-1-5-21-1275210071-1336601894-839522115-1004UA.job" "Google Installer" "Google Inc." "c:\documents and settings\paul\local settings\application data\google\update\googleupdate.exe"
X "RealUpgradeLogonTaskS-1-5-21-1275210071-1336601894-839522115-1004.job" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
X "RealUpgradeScheduledTaskS-1-5-21-1275210071-1336601894-839522115-1004.job" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
+ "update-S-1-5-21-1275210071-1336601894-839522115-1004.job" "Starter Module" "" "c:\program files\skillbrains\updater\updater.exe"
+ "update-sys.job" "Starter Module" "" "c:\program files\skillbrains\updater\updater.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "ccEvtMgr" "Event propagation and logging service" "Symantec Corporation" "c:\program files\common files\symantec shared\ccevtmgr.exe"
+ "ccSetMgr" "Settings storage and management service" "Symantec Corporation" "c:\program files\common files\symantec shared\ccsetmgr.exe"
+ "DefWatch" "Monitors and maintains virus definitions." "Symantec Corporation" "c:\program files\symantec antivirus\defwatch.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "hasplms" "Manages licenses secured by Safenet Inc. Sentinel HASP." "SafeNet Inc." "c:\windows\system32\hasplms.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "jswpsapi" "Provides support for JumpStart using Wi-Fi Protected Setup." "Atheros Communications, Inc." "c:\program files\netgear\wnda3200\jswpsapi.exe"
+ "LiveUpdate" "LiveUpdate Core Engine" "Symantec Corporation" "c:\program files\symantec\liveupdate\lucomserver_3_1.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "MDM" "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly." "Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
+ "NIHardwareService" "Manages Native Instruments controller hardware. If this service is stopped, the hardware becomes unavailable." "Native Instruments GmbH" "c:\program files\common files\native instruments\hardware\nihardwareservice.exe"
+ "SavRoam" "Symantec AntiVirus Roaming Service" "symantec" "c:\program files\symantec antivirus\savroam.exe"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Microsoft Search Enhancement applications. Also provides server communication for the customer experience improvement program. If this service is disabled, search enhancement features such as search history may not work correctly." "Microsoft Corporation" "c:\program files\microsoft\search enhancement pack\seaport\seaport.exe"
+ "SNDSrvc" "Symantec Network Drivers Service" "Symantec Corporation" "c:\program files\common files\symantec shared\sndsrvc.exe"
+ "SPBBCSvc" "Symantec SPBBC" "Symantec Corporation" "c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe"
+ "Symantec AntiVirus" "Provides real-time virus scanning, reporting, and management functionality for Symantec AntiVirus." "Symantec Corporation" "c:\program files\symantec antivirus\rtvscan.exe"
+ "WDCS_WNDA3200" "NETGEAR WNDA3200 Device Checking Service. If this service is disabled, the NETGEAR WNDA3200 Wifi adapter will not work." "" "c:\program files\netgear\wnda3200\wifidevchksvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "aeaudio" "Andrea Audio Stub Driver" "Andrea Electronics Corporation" "c:\windows\system32\drivers\aeaudio.sys"
+ "AegisP" "AEGIS Protocol (IEEE 802.1x) v3.4.5.0" "Meetinghouse Data Communications" "c:\windows\system32\drivers\aegisp.sys"
+ "AFGMp50" "" "" "File not found: System32\Drivers\AFGMp50.sys"
+ "AFGSp50" "" "" "File not found: System32\Drivers\AFGSp50.sys"
+ "aksfridge" "SafeNet Inc. Sentinel HASP Ancillary Function Driver" "SafeNet Inc." "c:\windows\system32\drivers\aksfridge.sys"
+ "AR9271" "Driver for Atheros Wireless Network Adapter" "Atheros Communications, Inc." "c:\windows\system32\drivers\athuw.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "E1000" "Intel® PRO/1000 Adapter NDIS 5.1 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1000325.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eectrl.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "esgiguard" "" "" "File not found: C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
+ "hardlock" "Hardlock Device Driver for Windows NT" "SafeNet Inc." "c:\windows\system32\drivers\hardlock.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\ialmnt5.sys"
+ "JSWSCIMD" "Wireless Intermediate Miniport Driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\jswscimd.sys"
+ "ks2avs" "Traktor Kontrol S2" "Native Instruments GmbH" "c:\windows\system32\drivers\ks2avs.sys"
+ "ks2usb_svc" "Traktor Kontrol S2" "Native Instruments GmbH" "c:\windows\system32\drivers\ks2usb.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\program files\common files\symantec shared\virusdefs\20120914.002\naveng.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\program files\common files\symantec shared\virusdefs\20120914.002\navex15.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "RTLWUSB" "" "" "File not found: system32\DRIVERS\wg111v2.sys"
+ "SAVRT" "AutoProtect" "Symantec Corporation" "c:\program files\symantec antivirus\savrt.sys"
+ "SAVRTPEL" "SAVRTPEL" "Symantec Corporation" "c:\program files\symantec antivirus\savrtpel.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "smwdm" "SoundMAX Integrated Digital Audio " "Analog Devices, Inc." "c:\windows\system32\drivers\smwdm.sys"
+ "SPBBCDrv" "SPBBC Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent.sys"
+ "SYMREDRV" "Redirector Filter Driver" "Symantec Corporation" "c:\windows\system32\drivers\symredrv.sys"
+ "SYMTDI" "Network Dispatch Driver" "Symantec Corporation" "c:\windows\system32\drivers\symtdi.sys"
+ "USB28xxBGA" "" "" "File not found: system32\DRIVERS\emBDA.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "ZDPSp50" "PCAUSA NDIS 5.0 SPR Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\windows\system32\drivers\zdpsp50.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "msacm.vorbis" "Ogg Vorbis CODEC for MSACM" "HMS http://hp.vector.co.jp/authors/VA012897/" "c:\windows\system32\vorbis.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "IL FL Studio DXi" "" "" "c:\program files\flstudio4\system\plugin\dxi\fl studio dxi.dll"
+ "IL FL Studio DXi" "" "" "c:\program files\flstudio4\system\plugin\dxi\fl studio dxi.dll"
+ "IL Multi FL Studio DXi" "" "" "c:\program files\flstudio4\system\plugin\dxi\fl studio dxi (multi).dll"
+ "IL Multi FL Studio DXi" "" "" "c:\program files\flstudio4\system\plugin\dxi\fl studio dxi (multi).dll"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\shared files\audiofilter\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\shared files\audiofilter\claudfx.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\shared files\audiofilter\claudiocd.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\shared files\navfilter\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\shared files\videofilter\clline21.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\shared files\audiofilter\clauts.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\shared files\videofilter\clvsd.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Nero Audio Source" "Nero Library" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Digital Audio Decoder" "Nero Digital Audio Decoding Filter" "Ahead Software AG and its licensors" "c:\program files\common files\ahead\dsfilter\neaudio.ax"
+ "Nero DVD Decoder" "MPEG-1/2/4 video decoder w/ DxVA" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero File Source" "Nero Library" "Ahead Software AG
" "c:\program files\common files\ahead\dsfilter\nefilesrc.ax"
+ "Nero MP4 Reader" "NeroDigital file parser" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero Video Decoder" "MPEG-1/2/4 video decoder w/ DxVA" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero Video Source" "Nero Library" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
+ "NavLogon" "Symantec AntiVirus Logon Notification" "Symantec Corporation" "c:\windows\system32\navlogon.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "EPSON SX210 Series 32MonitorBE" "EPSON Bi-directional Monitor x86" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_flbfde.dll"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:39 AM

Posted 16 September 2012 - 12:56 PM

Any current issues?

#9 Ectomorph

Ectomorph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 16 September 2012 - 01:05 PM

I still have this hijacker on my browser unfortunately :-(

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:39 AM

Posted 16 September 2012 - 01:08 PM

which browser?

#11 Ectomorph

Ectomorph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 16 September 2012 - 01:09 PM

Google Chrome

It is also on internet explorer

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:39 AM

Posted 16 September 2012 - 01:15 PM

Press WIndows+R key and type

inetcpl.cpl

The Internet Options dialog box appears.

Click the Advanced tab.

Checkmark Delete personal settings option

Under Reset Internet Explorer settings, click Reset.

Reinstall google chrome

Let me know if you still have redirects

#13 Ectomorph

Ectomorph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 16 September 2012 - 01:23 PM

I have scrolled up and down the tick list in advanced settings and i cannot see 'delete personal setting' box. I use Windows XP.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:39 AM

Posted 16 September 2012 - 01:27 PM

Skip personal settings,just click on RESET

#15 Ectomorph

Ectomorph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 16 September 2012 - 01:29 PM

ah it all makes sense haha




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users