Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan/Virus infection?


  • Please log in to reply
9 replies to this topic

#1 idarksavior12

idarksavior12

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 18 September 2012 - 10:19 PM

Hello, I need assistance in identifying and removing a possible infection. Any help would do as I'm thinking of backing up my data and formatting completely.

Symptoms include: new tabs in internet explorer constantly opening, internet explorer crashing, prolonged time using programs/folders, random Avast threat detections (e.g. yesterday, every webpage visited would get Avast to pop up).
I did a quick scan today (incomplete because after 1hr 11mins only 4% was scanned) in Avast and it found 3 infections, 1x Win32:Kryptik-JNX and 2x JS:Blacole-BV (it said the severity was high). After stopping the scan early I moved infections to chest and did another quick scan which is currently going on right now and it's much faster than before (16% in 27mins). However it has been stuck on 16% for 10 mins.

Not sure what to do next, I would appreciate some help with this.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:58 AM

Posted 19 September 2012 - 02:00 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 idarksavior12

idarksavior12
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 19 September 2012 - 06:58 PM

TDSKiller

20:00:57.0109 12640 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:00:57.0625 12640 ============================================================
20:00:57.0625 12640 Current date / time: 2012/09/19 20:00:57.0625
20:00:57.0625 12640 SystemInfo:
20:00:57.0625 12640
20:00:57.0625 12640 OS Version: 5.1.2600 ServicePack: 2.0
20:00:57.0625 12640 Product type: Workstation
20:00:57.0625 12640 ComputerName: KILLERBEE
20:00:57.0625 12640 UserName: Administrator
20:00:57.0625 12640 Windows directory: C:\WINDOWS
20:00:57.0625 12640 System windows directory: C:\WINDOWS
20:00:57.0625 12640 Processor architecture: Intel x86
20:00:57.0625 12640 Number of processors: 1
20:00:57.0625 12640 Page size: 0x1000
20:00:57.0625 12640 Boot type: Normal boot
20:00:57.0625 12640 ============================================================
20:00:59.0093 12640 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:00:59.0156 12640 ============================================================
20:00:59.0156 12640 \Device\Harddisk0\DR0:
20:00:59.0156 12640 MBR partitions:
20:00:59.0156 12640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
20:00:59.0156 12640 ============================================================
20:00:59.0187 12640 C: <-> \Device\Harddisk0\DR0\Partition1
20:00:59.0187 12640 ============================================================
20:00:59.0187 12640 Initialize success
20:00:59.0187 12640 ============================================================
20:01:24.0468 13116 ============================================================
20:01:24.0468 13116 Scan started
20:01:24.0468 13116 Mode: Manual; TDLFS;
20:01:24.0468 13116 ============================================================
20:01:24.0796 13116 ================ Scan system memory ========================
20:01:24.0812 13116 System memory - ok
20:01:24.0812 13116 ================ Scan services =============================
20:01:25.0109 13116 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
20:01:25.0109 13116 Aavmker4 - ok
20:01:25.0125 13116 Abiosdsk - ok
20:01:25.0156 13116 abp480n5 - ok
20:01:25.0218 13116 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:01:25.0234 13116 ACPI - ok
20:01:25.0328 13116 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:01:25.0328 13116 ACPIEC - ok
20:01:25.0343 13116 adpu160m - ok
20:01:25.0406 13116 [ E696E749BEDCDA8B23757B8B5EA93780 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
20:01:25.0421 13116 aeaudio - ok
20:01:25.0484 13116 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
20:01:25.0484 13116 aec - ok
20:01:25.0578 13116 [ 6A0397376853E604DE8E1E7A87FC08AC ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:01:25.0578 13116 AFD - ok
20:01:25.0609 13116 Aha154x - ok
20:01:25.0640 13116 aic78u2 - ok
20:01:25.0656 13116 aic78xx - ok
20:01:25.0703 13116 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:01:25.0703 13116 Alerter - ok
20:01:25.0734 13116 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
20:01:25.0750 13116 ALG - ok
20:01:25.0781 13116 AliIde - ok
20:01:25.0796 13116 amsint - ok
20:01:25.0890 13116 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:01:25.0890 13116 AppMgmt - ok
20:01:25.0906 13116 asc - ok
20:01:25.0921 13116 asc3350p - ok
20:01:25.0968 13116 asc3550 - ok
20:01:26.0671 13116 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:01:26.0703 13116 aspnet_state - ok
20:01:26.0781 13116 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:01:26.0781 13116 aswFsBlk - ok
20:01:26.0828 13116 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
20:01:26.0828 13116 aswMon2 - ok
20:01:26.0859 13116 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
20:01:26.0859 13116 aswRdr - ok
20:01:27.0015 13116 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
20:01:27.0031 13116 aswSnx - ok
20:01:27.0093 13116 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
20:01:27.0109 13116 aswSP - ok
20:01:27.0171 13116 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
20:01:27.0171 13116 aswTdi - ok
20:01:27.0265 13116 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:01:27.0265 13116 AsyncMac - ok
20:01:27.0343 13116 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:01:27.0343 13116 atapi - ok
20:01:27.0390 13116 Atdisk - ok
20:01:27.0453 13116 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:01:27.0453 13116 Atmarpc - ok
20:01:27.0515 13116 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:01:27.0515 13116 AudioSrv - ok
20:01:27.0578 13116 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:01:27.0578 13116 audstub - ok
20:01:27.0796 13116 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
20:01:27.0796 13116 avast! Antivirus - ok
20:01:27.0859 13116 Bcim - ok
20:01:27.0921 13116 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:01:27.0953 13116 Beep - ok
20:01:28.0031 13116 [ 17A0D43C80DB5348759C649835A78CFC ] BITS C:\WINDOWS\system32\qmgr.dll
20:01:28.0093 13116 BITS - ok
20:01:28.0156 13116 [ 39128B5A743545BAEDD3984C210F00A8 ] Browser C:\WINDOWS\System32\browser.dll
20:01:28.0171 13116 Browser - ok
20:01:28.0312 13116 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:01:28.0312 13116 cbidf2k - ok
20:01:28.0328 13116 cd20xrnt - ok
20:01:28.0359 13116 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:01:28.0359 13116 Cdaudio - ok
20:01:28.0453 13116 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:01:28.0453 13116 Cdfs - ok
20:01:28.0531 13116 [ 7B53584D94E9D8716B2DE91D5F1CB42D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:01:28.0546 13116 Cdrom - ok
20:01:28.0578 13116 Changer - ok
20:01:28.0640 13116 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:01:28.0640 13116 CiSvc - ok
20:01:28.0671 13116 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:01:28.0671 13116 ClipSrv - ok
20:01:28.0765 13116 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:01:28.0843 13116 clr_optimization_v2.0.50727_32 - ok
20:01:28.0890 13116 CmdIde - ok
20:01:28.0921 13116 COMSysApp - ok
20:01:28.0968 13116 Cpqarray - ok
20:01:29.0031 13116 [ 87F3E2D2A3231F820F9248DB90090F42 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:01:29.0031 13116 CryptSvc - ok
20:01:29.0078 13116 dac2w2k - ok
20:01:29.0093 13116 dac960nt - ok
20:01:29.0203 13116 [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:01:29.0250 13116 DcomLaunch - ok
20:01:29.0328 13116 [ 3F15A1DBD86F7BDAF404648282D11ECE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:01:29.0343 13116 Dhcp - ok
20:01:29.0359 13116 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:01:29.0406 13116 Disk - ok
20:01:29.0421 13116 dmadmin - ok
20:01:29.0531 13116 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:01:29.0562 13116 dmboot - ok
20:01:29.0609 13116 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
20:01:29.0609 13116 dmio - ok
20:01:29.0687 13116 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:01:29.0718 13116 dmload - ok
20:01:29.0765 13116 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
20:01:29.0765 13116 dmserver - ok
20:01:29.0828 13116 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:01:29.0828 13116 DMusic - ok
20:01:29.0859 13116 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:01:29.0890 13116 Dnscache - ok
20:01:29.0921 13116 dpti2o - ok
20:01:29.0953 13116 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:01:29.0953 13116 drmkaud - ok
20:01:30.0000 13116 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:01:30.0031 13116 ERSvc - ok
20:01:30.0093 13116 [ 4712531AB7A01B7EE059853CA17D39BD ] Eventlog C:\WINDOWS\system32\services.exe
20:01:30.0109 13116 Eventlog - ok
20:01:30.0171 13116 [ A4AB3DCA4A383F0DF4988ABDEB84F9A4 ] EventSystem C:\WINDOWS\system32\es.dll
20:01:30.0203 13116 EventSystem - ok
20:01:30.0281 13116 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:01:30.0281 13116 Fastfat - ok
20:01:30.0343 13116 [ 53D9184A21C5CBF600D918E51EF3A7E5 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:01:30.0359 13116 FastUserSwitchingCompatibility - ok
20:01:30.0390 13116 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:01:30.0406 13116 Fdc - ok
20:01:30.0468 13116 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:01:30.0468 13116 Fips - ok
20:01:30.0546 13116 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:01:30.0546 13116 Flpydisk - ok
20:01:30.0609 13116 [ 6CC5181F718820861EEADAE38F764B75 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:01:30.0609 13116 FltMgr - ok
20:01:30.0734 13116 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:01:30.0734 13116 FontCache3.0.0.0 - ok
20:01:30.0781 13116 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:01:30.0781 13116 Fs_Rec - ok
20:01:30.0796 13116 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:01:30.0843 13116 Ftdisk - ok
20:01:30.0875 13116 [ 5F92FD09E5610A5995DA7D775EADCD12 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:01:30.0890 13116 gameenum - ok
20:01:30.0906 13116 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:01:30.0921 13116 Gpc - ok
20:01:31.0046 13116 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:01:31.0046 13116 gupdate - ok
20:01:31.0078 13116 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:01:31.0093 13116 gupdatem - ok
20:01:31.0218 13116 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:01:31.0218 13116 helpsvc - ok
20:01:31.0265 13116 HidServ - ok
20:01:31.0281 13116 hpn - ok
20:01:31.0375 13116 [ 261BF53E1D1C21F04B4E748A6ED3D055 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:01:31.0390 13116 HTTP - ok
20:01:31.0453 13116 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:01:31.0468 13116 HTTPFilter - ok
20:01:31.0515 13116 i2omgmt - ok
20:01:31.0531 13116 i2omp - ok
20:01:31.0578 13116 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:01:31.0578 13116 i8042prt - ok
20:01:31.0703 13116 [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:01:31.0734 13116 ialm - ok
20:01:31.0890 13116 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:01:31.0937 13116 idsvc - ok
20:01:32.0000 13116 [ 12C59B8929121ACE2F55ACC86682CF12 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:01:32.0031 13116 Imapi - ok
20:01:32.0109 13116 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:01:32.0125 13116 ImapiService - ok
20:01:32.0140 13116 ini910u - ok
20:01:32.0203 13116 [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:01:32.0203 13116 IntelIde - ok
20:01:32.0265 13116 [ BF736DB0517D2B5EFAECF3A7D2C65228 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:01:32.0281 13116 intelppm - ok
20:01:32.0312 13116 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:01:32.0328 13116 Ip6Fw - ok
20:01:32.0359 13116 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:01:32.0375 13116 IpFilterDriver - ok
20:01:32.0406 13116 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:01:32.0406 13116 IpInIp - ok
20:01:32.0421 13116 [ 472C75F85E631F8AA87D21C9FEE6238D ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:01:32.0468 13116 IpNat - ok
20:01:32.0531 13116 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:01:32.0546 13116 IPSec - ok
20:01:32.0609 13116 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:01:32.0625 13116 IRENUM - ok
20:01:32.0671 13116 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:01:32.0671 13116 isapnp - ok
20:01:32.0859 13116 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:01:32.0875 13116 JavaQuickStarterService - ok
20:01:32.0921 13116 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:01:32.0921 13116 Kbdclass - ok
20:01:32.0984 13116 [ 8531438246CE9474E41EE1599904C0C7 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:01:32.0984 13116 kmixer - ok
20:01:33.0046 13116 [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:01:33.0078 13116 KSecDD - ok
20:01:33.0156 13116 [ 76B15AC51A74BE936EA86EA6E08817CF ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:01:33.0171 13116 lanmanserver - ok
20:01:33.0234 13116 [ 4C79D9C38DC98CF1C035EC8470B7D1D5 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:01:33.0281 13116 lanmanworkstation - ok
20:01:33.0328 13116 lbrtfdc - ok
20:01:33.0406 13116 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:01:33.0421 13116 LmHosts - ok
20:01:33.0468 13116 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:01:33.0468 13116 Messenger - ok
20:01:33.0531 13116 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:01:33.0531 13116 mnmdd - ok
20:01:33.0609 13116 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:01:33.0640 13116 mnmsrvc - ok
20:01:33.0718 13116 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:01:33.0718 13116 Modem - ok
20:01:33.0796 13116 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:01:33.0796 13116 Mouclass - ok
20:01:33.0828 13116 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:01:33.0843 13116 MountMgr - ok
20:01:33.0890 13116 mraid35x - ok
20:01:33.0953 13116 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:01:33.0968 13116 MRxDAV - ok
20:01:34.0046 13116 [ 3500E756812E716351F2D341AE1D5623 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:01:34.0078 13116 MRxSmb - ok
20:01:34.0125 13116 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:01:34.0156 13116 MSDTC - ok
20:01:34.0187 13116 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:01:34.0203 13116 Msfs - ok
20:01:34.0218 13116 MSIServer - ok
20:01:34.0281 13116 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:01:34.0281 13116 MSKSSRV - ok
20:01:34.0328 13116 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:01:34.0328 13116 MSPCLOCK - ok
20:01:34.0343 13116 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:01:34.0359 13116 MSPQM - ok
20:01:34.0437 13116 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:01:34.0453 13116 mssmbios - ok
20:01:34.0484 13116 [ A1DD45CDCD2BF8C57A9A0493C09B00B3 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:01:34.0484 13116 Mup - ok
20:01:34.0531 13116 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:01:34.0546 13116 NDIS - ok
20:01:34.0640 13116 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:01:34.0640 13116 NdisTapi - ok
20:01:34.0703 13116 [ 77D9BF86B912104C229D4F0D25BE3C12 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:01:34.0703 13116 Ndisuio - ok
20:01:34.0765 13116 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:01:34.0765 13116 NdisWan - ok
20:01:34.0796 13116 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:01:34.0796 13116 NDProxy - ok
20:01:34.0828 13116 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:01:34.0843 13116 NetBIOS - ok
20:01:34.0906 13116 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:01:34.0921 13116 NetBT - ok
20:01:34.0984 13116 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
20:01:34.0984 13116 NetDDE - ok
20:01:35.0031 13116 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:01:35.0046 13116 NetDDEdsdm - ok
20:01:35.0093 13116 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:01:35.0109 13116 Netlogon - ok
20:01:35.0203 13116 [ 3516D8A18B36784B1005B950B84232E1 ] Netman C:\WINDOWS\System32\netman.dll
20:01:35.0218 13116 Netman - ok
20:01:35.0296 13116 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:01:35.0328 13116 NetTcpPortSharing - ok
20:01:35.0390 13116 [ 1DFCA7713EA5A70D5D93B436AEA0317A ] Nla C:\WINDOWS\System32\mswsock.dll
20:01:35.0421 13116 Nla - ok
20:01:35.0515 13116 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:01:35.0515 13116 Npfs - ok
20:01:35.0593 13116 [ 52723E766051AC8F0B70491AD91F0079 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:01:35.0609 13116 Ntfs - ok
20:01:35.0656 13116 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:01:35.0671 13116 NtLmSsp - ok
20:01:35.0734 13116 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:01:35.0796 13116 NtmsSvc - ok
20:01:35.0843 13116 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:01:35.0859 13116 Null - ok
20:01:35.0937 13116 [ A2DB5B5DCD22F9BA1FED3F50777E1F61 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
20:01:35.0984 13116 NWCWorkstation - ok
20:01:36.0046 13116 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:01:36.0046 13116 NwlnkFlt - ok
20:01:36.0140 13116 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:01:36.0140 13116 NwlnkFwd - ok
20:01:36.0171 13116 [ 79EA3FCDA7067977625B3363A2657C80 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
20:01:36.0203 13116 NwlnkIpx - ok
20:01:36.0218 13116 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
20:01:36.0234 13116 NwlnkNb - ok
20:01:36.0265 13116 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
20:01:36.0281 13116 NwlnkSpx - ok
20:01:36.0312 13116 [ BBBC2E555BB5E4ADBAEB1447F11C68C9 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
20:01:36.0343 13116 NWRDR - ok
20:01:36.0359 13116 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:01:36.0406 13116 Parport - ok
20:01:36.0421 13116 [ 1628710C352BD79ABEBA234356E2B586 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:01:36.0421 13116 PartMgr - ok
20:01:36.0500 13116 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:01:36.0515 13116 ParVdm - ok
20:01:36.0546 13116 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:01:36.0578 13116 PCI - ok
20:01:36.0593 13116 PCIDump - ok
20:01:36.0656 13116 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
20:01:36.0656 13116 PCIIde - ok
20:01:36.0718 13116 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:01:36.0734 13116 Pcmcia - ok
20:01:36.0765 13116 PDCOMP - ok
20:01:36.0796 13116 PDFRAME - ok
20:01:36.0828 13116 PDRELI - ok
20:01:36.0843 13116 PDRFRAME - ok
20:01:36.0890 13116 perc2 - ok
20:01:36.0906 13116 perc2hib - ok
20:01:37.0031 13116 [ 4712531AB7A01B7EE059853CA17D39BD ] PlugPlay C:\WINDOWS\system32\services.exe
20:01:37.0046 13116 PlugPlay - ok
20:01:37.0078 13116 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:01:37.0093 13116 PolicyAgent - ok
20:01:37.0140 13116 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:01:37.0140 13116 PptpMiniport - ok
20:01:37.0171 13116 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:01:37.0187 13116 ProtectedStorage - ok
20:01:37.0234 13116 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:01:37.0234 13116 PSched - ok
20:01:37.0281 13116 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:01:37.0281 13116 Ptilink - ok
20:01:37.0343 13116 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:01:37.0343 13116 PxHelp20 - ok
20:01:37.0359 13116 ql1080 - ok
20:01:37.0406 13116 Ql10wnt - ok
20:01:37.0421 13116 ql12160 - ok
20:01:37.0453 13116 ql1240 - ok
20:01:37.0484 13116 ql1280 - ok
20:01:37.0500 13116 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:01:37.0515 13116 RasAcd - ok
20:01:37.0593 13116 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:01:37.0609 13116 RasAuto - ok
20:01:37.0640 13116 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:01:37.0656 13116 Rasl2tp - ok
20:01:37.0703 13116 [ ED5E89DEDB0111E2869CB37D62B46C7A ] RasMan C:\WINDOWS\System32\rasmans.dll
20:01:37.0718 13116 RasMan - ok
20:01:37.0781 13116 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:01:37.0781 13116 RasPppoe - ok
20:01:37.0796 13116 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:01:37.0796 13116 Raspti - ok
20:01:37.0859 13116 [ B48441A6DC703EE4C36DB14EE51A189C ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:01:37.0859 13116 Rdbss - ok
20:01:37.0890 13116 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:01:37.0906 13116 RDPCDD - ok
20:01:38.0015 13116 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:01:38.0031 13116 rdpdr - ok
20:01:38.0078 13116 [ 047BEA21274C8A4A233674A76C958C2C ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:01:38.0078 13116 RDPWD - ok
20:01:38.0171 13116 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:01:38.0187 13116 RDSessMgr - ok
20:01:38.0234 13116 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:01:38.0234 13116 redbook - ok
20:01:38.0421 13116 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:01:38.0437 13116 RemoteAccess - ok
20:01:38.0515 13116 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:01:38.0531 13116 RemoteRegistry - ok
20:01:38.0593 13116 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
20:01:38.0593 13116 ROOTMODEM - ok
20:01:38.0671 13116 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
20:01:38.0687 13116 RpcLocator - ok
20:01:38.0765 13116 [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:01:38.0796 13116 RpcSs - ok
20:01:38.0890 13116 [ 0E11B35E972796042044BC27CE13B065 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
20:01:38.0890 13116 rspndr - ok
20:01:38.0953 13116 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:01:39.0000 13116 RSVP - ok
20:01:39.0078 13116 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:01:39.0078 13116 rtl8139 - ok
20:01:39.0140 13116 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
20:01:39.0140 13116 SamSs - ok
20:01:39.0203 13116 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:01:39.0218 13116 SCardSvr - ok
20:01:39.0281 13116 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:01:39.0343 13116 Schedule - ok
20:01:39.0406 13116 [ 7570380037993520842C2868121A01F9 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:01:39.0406 13116 Secdrv - ok
20:01:39.0421 13116 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
20:01:39.0468 13116 seclogon - ok
20:01:39.0484 13116 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
20:01:39.0515 13116 SENS - ok
20:01:39.0578 13116 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:01:39.0578 13116 serenum - ok
20:01:39.0609 13116 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:01:39.0609 13116 Serial - ok
20:01:39.0671 13116 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:01:39.0671 13116 Sfloppy - ok
20:01:39.0781 13116 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:01:39.0796 13116 SharedAccess - ok
20:01:39.0843 13116 [ 53D9184A21C5CBF600D918E51EF3A7E5 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:01:39.0875 13116 ShellHWDetection - ok
20:01:39.0906 13116 Simbad - ok
20:01:40.0000 13116 [ FA3368A7039F5ABAA4B933703AC34763 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
20:01:40.0031 13116 smwdm - ok
20:01:40.0078 13116 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
20:01:40.0078 13116 SoundMAX Agent Service (default) - ok
20:01:40.0093 13116 Sparrow - ok
20:01:40.0171 13116 [ 9BB1DD670CB7505A90FC4E61D4AA8227 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:01:40.0171 13116 splitter - ok
20:01:40.0218 13116 [ AD3D9D191AEA7B5445FE1D82FFBB4788 ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:01:40.0265 13116 Spooler - ok
20:01:40.0359 13116 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:01:40.0359 13116 sr - ok
20:01:40.0406 13116 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
20:01:40.0421 13116 srservice - ok
20:01:40.0515 13116 [ D4AF9861C3B6A2163D26DC6B9CF05E2A ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:01:40.0546 13116 Srv - ok
20:01:40.0593 13116 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:01:40.0609 13116 SSDPSRV - ok
20:01:40.0703 13116 [ D9F097AA3B97034D3358A01B43E635B2 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:01:40.0734 13116 stisvc - ok
20:01:40.0781 13116 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:01:40.0781 13116 swenum - ok
20:01:40.0828 13116 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:01:40.0828 13116 swmidi - ok
20:01:40.0859 13116 SwPrv - ok
20:01:40.0906 13116 symc810 - ok
20:01:40.0921 13116 symc8xx - ok
20:01:40.0953 13116 sym_hi - ok
20:01:40.0984 13116 sym_u3 - ok
20:01:41.0046 13116 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:01:41.0046 13116 sysaudio - ok
20:01:41.0140 13116 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:01:41.0156 13116 SysmonLog - ok
20:01:41.0203 13116 [ 1418A3A6E76E5A2E3F5E43866E793A8B ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:01:41.0218 13116 TapiSrv - ok
20:01:41.0312 13116 [ 744E57C99232201AE98C49168B918F48 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:01:41.0328 13116 Tcpip - ok
20:01:41.0406 13116 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:01:41.0406 13116 TDPIPE - ok
20:01:41.0453 13116 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:01:41.0468 13116 TDTCP - ok
20:01:41.0500 13116 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:01:41.0515 13116 TermDD - ok
20:01:41.0578 13116 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:01:41.0609 13116 TermService - ok
20:01:41.0671 13116 [ 53D9184A21C5CBF600D918E51EF3A7E5 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:01:41.0687 13116 Themes - ok
20:01:41.0781 13116 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:01:41.0796 13116 TlntSvr - ok
20:01:41.0828 13116 TosIde - ok
20:01:41.0921 13116 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:01:41.0937 13116 TrkWks - ok
20:01:42.0015 13116 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:01:42.0015 13116 Udfs - ok
20:01:42.0046 13116 ultra - ok
20:01:42.0140 13116 [ 1F03139B77B21C6D84C688798808BC28 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:01:42.0171 13116 Update - ok
20:01:42.0234 13116 [ 36ACA6CDC19C95FF468A1426EB7F32F0 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:01:42.0250 13116 upnphost - ok
20:01:42.0281 13116 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
20:01:42.0296 13116 UPS - ok
20:01:42.0390 13116 [ CDAA3EF29EABAE9AE825BAF2B8E36735 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:01:42.0390 13116 usbehci - ok
20:01:42.0421 13116 [ DB53E336C44CB0975D7DCB35BAC0ECDA ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:01:42.0421 13116 usbhub - ok
20:01:42.0515 13116 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:01:42.0515 13116 USBSTOR - ok
20:01:42.0578 13116 [ 654C19D5CA14483BE3C2384CDDC09468 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:01:42.0578 13116 usbuhci - ok
20:01:42.0609 13116 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:01:42.0609 13116 VgaSave - ok
20:01:42.0656 13116 ViaIde - ok
20:01:42.0703 13116 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:01:42.0703 13116 VolSnap - ok
20:01:42.0765 13116 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
20:01:42.0796 13116 VSS - ok
20:01:42.0890 13116 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
20:01:42.0906 13116 W32Time - ok
20:01:42.0968 13116 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:01:42.0968 13116 Wanarp - ok
20:01:43.0015 13116 WDICA - ok
20:01:43.0046 13116 [ 0BFA8203B8148FB4E54BC212C41CE497 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:01:43.0046 13116 wdmaud - ok
20:01:43.0093 13116 [ 346E7D636ADFE4E3B1B32AF8326220FF ] WebClient C:\WINDOWS\System32\webclnt.dll
20:01:43.0109 13116 WebClient - ok
20:01:43.0265 13116 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:01:43.0265 13116 winmgmt - ok
20:01:43.0359 13116 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:01:43.0390 13116 WmdmPmSN - ok
20:01:43.0484 13116 [ E8E57B0F9EB03D1AABEC28D550C75116 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:01:43.0531 13116 Wmi - ok
20:01:43.0593 13116 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:01:43.0593 13116 WmiApSrv - ok
20:01:43.0718 13116 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:01:43.0765 13116 WMPNetworkSvc - ok
20:01:43.0828 13116 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:01:43.0828 13116 WpdUsb - ok
20:01:43.0890 13116 [ 478995B4555958E52388496618D9C678 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:01:43.0906 13116 wscsvc - ok
20:01:43.0953 13116 [ D29AD7484B98279ED21877DE051A180F ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:01:44.0000 13116 wuauserv - ok
20:01:44.0078 13116 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:01:44.0078 13116 WudfPf - ok
20:01:44.0140 13116 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:01:44.0140 13116 WudfRd - ok
20:01:44.0171 13116 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:01:44.0203 13116 WudfSvc - ok
20:01:44.0281 13116 [ B1F190A2BF52B8F4601C677F475CE5E5 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:01:44.0312 13116 WZCSVC - ok
20:01:44.0343 13116 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:01:44.0406 13116 xmlprov - ok
20:01:44.0453 13116 ================ Scan global ===============================
20:01:44.0515 13116 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
20:01:44.0546 13116 [ 3E958EBBE7DA5691E8B08429A7EDB44B ] C:\WINDOWS\system32\winsrv.dll
20:01:44.0640 13116 [ 3E958EBBE7DA5691E8B08429A7EDB44B ] C:\WINDOWS\system32\winsrv.dll
20:01:44.0703 13116 [ 4712531AB7A01B7EE059853CA17D39BD ] C:\WINDOWS\system32\services.exe
20:01:44.0718 13116 [Global] - ok
20:01:44.0718 13116 ================ Scan MBR ==================================
20:01:44.0765 13116 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:01:44.0781 13116 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
20:01:44.0781 13116 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
20:01:44.0828 13116 ================ Scan VBR ==================================
20:01:44.0843 13116 [ 3F1B8558237C821F47C46D008FC8C72E ] \Device\Harddisk0\DR0\Partition1
20:01:44.0843 13116 \Device\Harddisk0\DR0\Partition1 - ok
20:01:44.0843 13116 ============================================================
20:01:44.0843 13116 Scan finished
20:01:44.0843 13116 ============================================================
20:01:44.0906 13384 Detected object count: 1
20:01:44.0906 13384 Actual detected object count: 1
20:03:57.0937 13384 \Device\Harddisk0\DR0\# - copied to quarantine
20:03:57.0937 13384 \Device\Harddisk0\DR0 - copied to quarantine
20:03:57.0968 13384 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
20:03:57.0984 13384 \Device\Harddisk0\DR0 - ok
20:03:57.0984 13384 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
20:04:08.0343 9764 Deinitialize success


aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-19 20:11:27
-----------------------------
20:11:27.187 OS Version: Windows 5.1.2600 Service Pack 2
20:11:27.187 Number of processors: 1 586 0x204
20:11:27.187 ComputerName: KILLERBEE UserName:
20:11:30.765 Initialize success
20:11:34.437 AVAST engine defs: 12091900
20:12:00.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:12:00.156 Disk 0 Vendor: ST3500641A 3.AAJ Size: 476940MB BusType: 3
20:12:00.171 Disk 0 MBR read successfully
20:12:00.171 Disk 0 MBR scan
20:12:00.187 Disk 0 Windows XP default MBR code
20:12:00.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
20:12:00.203 Disk 0 scanning sectors +976752000
20:12:00.234 Disk 0 malicious Win32:MBRoot code @ sector 976752003 !
20:12:00.296 Disk 0 scanning C:\WINDOWS\system32\drivers
20:12:12.421 Service scanning
20:12:27.890 Modules scanning
20:12:48.828 Disk 0 trace - called modules:
20:12:48.859 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
20:12:49.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f3f9c0]
20:12:49.375 3 CLASSPNP.SYS[f8701fd7] -> nt!IofCallDriver -> \Device\00000064[0x82f40f18]
20:12:49.375 5 ACPI.sys[f864a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f422f8]
20:12:50.796 AVAST engine scan C:\WINDOWS
20:13:07.953 AVAST engine scan C:\WINDOWS\system32
20:17:02.812 AVAST engine scan C:\WINDOWS\system32\drivers
20:17:32.750 AVAST engine scan C:\Documents and Settings\Administrator
20:31:00.609 File: C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\51\5af1cc33-14411b03 **INFECTED** Win32:Kryptik-JNX [Trj]
20:57:15.406 AVAST engine scan C:\Documents and Settings\All Users
20:57:48.625 Scan finished successfully
20:58:07.218 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
20:58:07.250 The log file has been saved successfully to "C:\aswMBR.txt"

ESET Online Scanner (I had to do this twice because my internet went off 20% into the first scan)

First Scan Log (Incomplete)
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\51\5af1cc33-14411b03 Win32/TrojanDownloader.Vespula.AY trojan cleaned by deleting - quarantined

Second Scan Log
C:\Documents and Settings\Administrator\Local Settings\temp\AccmeWare.exe Win32/Somoto application cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\temp\CSM45.tmp Win32/Adware.Mongoose application cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\temp\Soft32_Stub_5741.exe Win32/InstallMonetizer.AB application cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\temp\ICReinstall\cnet2_RegpairSetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\temp\ICReinstall\cnet2_revosetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\temp\is-V3A85.tmp\rkinstaller.exe Win32/Adware.RK.AG application cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\35K4CAYG\tt[5].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\77N0FNG0\ttCA0KIB8J.htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Program Files\I Want This\I Want This.dll Win32/Toolbar.CrossRider application cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:58 AM

Posted 19 September 2012 - 07:15 PM

Run TDSSkiller again and post the new log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 idarksavior12

idarksavior12
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 20 September 2012 - 03:10 AM

TDSSkiller

03:23:09.0125 2676 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
03:23:09.0953 2676 ============================================================
03:23:09.0953 2676 Current date / time: 2012/09/20 03:23:09.0953
03:23:09.0953 2676 SystemInfo:
03:23:09.0953 2676
03:23:09.0953 2676 OS Version: 5.1.2600 ServicePack: 2.0
03:23:09.0953 2676 Product type: Workstation
03:23:09.0953 2676 ComputerName: KILLERBEE
03:23:09.0953 2676 UserName: Administrator
03:23:09.0953 2676 Windows directory: C:\WINDOWS
03:23:09.0953 2676 System windows directory: C:\WINDOWS
03:23:09.0953 2676 Processor architecture: Intel x86
03:23:09.0953 2676 Number of processors: 1
03:23:09.0953 2676 Page size: 0x1000
03:23:09.0953 2676 Boot type: Normal boot
03:23:09.0953 2676 ============================================================
03:23:10.0593 2676 BG loaded
03:23:11.0093 2676 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
03:23:11.0125 2676 ============================================================
03:23:11.0125 2676 \Device\Harddisk0\DR0:
03:23:11.0125 2676 MBR partitions:
03:23:11.0125 2676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
03:23:11.0125 2676 ============================================================
03:23:11.0156 2676 C: <-> \Device\Harddisk0\DR0\Partition1
03:23:11.0156 2676 ============================================================
03:23:11.0156 2676 Initialize success
03:23:11.0156 2676 ============================================================
03:23:49.0906 3472 ============================================================
03:23:49.0906 3472 Scan started
03:23:49.0906 3472 Mode: Manual; TDLFS;
03:23:49.0906 3472 ============================================================
03:23:50.0515 3472 ================ Scan system memory ========================
03:23:50.0515 3472 System memory - ok
03:23:50.0531 3472 ================ Scan services =============================
03:23:50.0828 3472 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
03:23:50.0828 3472 Aavmker4 - ok
03:23:50.0843 3472 Abiosdsk - ok
03:23:50.0890 3472 abp480n5 - ok
03:23:50.0937 3472 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
03:23:50.0937 3472 ACPI - ok
03:23:51.0000 3472 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
03:23:51.0000 3472 ACPIEC - ok
03:23:51.0062 3472 adpu160m - ok
03:23:51.0125 3472 [ E696E749BEDCDA8B23757B8B5EA93780 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
03:23:51.0125 3472 aeaudio - ok
03:23:51.0203 3472 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
03:23:51.0203 3472 aec - ok
03:23:51.0281 3472 [ 6A0397376853E604DE8E1E7A87FC08AC ] AFD C:\WINDOWS\System32\drivers\afd.sys
03:23:51.0281 3472 AFD - ok
03:23:51.0312 3472 Aha154x - ok
03:23:51.0328 3472 aic78u2 - ok
03:23:51.0343 3472 aic78xx - ok
03:23:51.0406 3472 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
03:23:51.0406 3472 Alerter - ok
03:23:51.0453 3472 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
03:23:51.0453 3472 ALG - ok
03:23:51.0468 3472 AliIde - ok
03:23:51.0468 3472 amsint - ok
03:23:51.0562 3472 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
03:23:51.0562 3472 AppMgmt - ok
03:23:51.0593 3472 asc - ok
03:23:51.0625 3472 asc3350p - ok
03:23:51.0656 3472 asc3550 - ok
03:23:51.0781 3472 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
03:23:51.0812 3472 aspnet_state - ok
03:23:51.0906 3472 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
03:23:51.0921 3472 aswFsBlk - ok
03:23:51.0953 3472 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
03:23:51.0968 3472 aswMon2 - ok
03:23:52.0015 3472 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
03:23:52.0015 3472 aswRdr - ok
03:23:52.0093 3472 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
03:23:52.0109 3472 aswSnx - ok
03:23:52.0187 3472 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
03:23:52.0234 3472 aswSP - ok
03:23:52.0312 3472 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
03:23:52.0312 3472 aswTdi - ok
03:23:52.0375 3472 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
03:23:52.0390 3472 AsyncMac - ok
03:23:52.0468 3472 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
03:23:52.0468 3472 atapi - ok
03:23:52.0515 3472 Atdisk - ok
03:23:52.0578 3472 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
03:23:52.0578 3472 Atmarpc - ok
03:23:52.0640 3472 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
03:23:52.0656 3472 AudioSrv - ok
03:23:52.0734 3472 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
03:23:52.0734 3472 audstub - ok
03:23:52.0984 3472 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
03:23:52.0984 3472 avast! Antivirus - ok
03:23:53.0015 3472 Bcim - ok
03:23:53.0062 3472 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
03:23:53.0078 3472 Beep - ok
03:23:53.0156 3472 [ 17A0D43C80DB5348759C649835A78CFC ] BITS C:\WINDOWS\system32\qmgr.dll
03:23:53.0218 3472 BITS - ok
03:23:53.0281 3472 [ 39128B5A743545BAEDD3984C210F00A8 ] Browser C:\WINDOWS\System32\browser.dll
03:23:53.0312 3472 Browser - ok
03:23:53.0375 3472 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
03:23:53.0375 3472 cbidf2k - ok
03:23:53.0390 3472 cd20xrnt - ok
03:23:53.0437 3472 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
03:23:53.0453 3472 Cdaudio - ok
03:23:53.0531 3472 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
03:23:53.0546 3472 Cdfs - ok
03:23:53.0640 3472 [ 7B53584D94E9D8716B2DE91D5F1CB42D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
03:23:53.0656 3472 Cdrom - ok
03:23:53.0687 3472 Changer - ok
03:23:53.0750 3472 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
03:23:53.0750 3472 CiSvc - ok
03:23:53.0812 3472 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
03:23:53.0812 3472 ClipSrv - ok
03:23:53.0875 3472 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:23:53.0890 3472 clr_optimization_v2.0.50727_32 - ok
03:23:53.0906 3472 CmdIde - ok
03:23:53.0953 3472 COMSysApp - ok
03:23:54.0000 3472 Cpqarray - ok
03:23:54.0062 3472 [ 87F3E2D2A3231F820F9248DB90090F42 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
03:23:54.0078 3472 CryptSvc - ok
03:23:54.0109 3472 dac2w2k - ok
03:23:54.0140 3472 dac960nt - ok
03:23:54.0218 3472 [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
03:23:54.0281 3472 DcomLaunch - ok
03:23:54.0343 3472 [ 3F15A1DBD86F7BDAF404648282D11ECE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
03:23:54.0359 3472 Dhcp - ok
03:23:54.0437 3472 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
03:23:54.0437 3472 Disk - ok
03:23:54.0453 3472 dmadmin - ok
03:23:54.0546 3472 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
03:23:54.0593 3472 dmboot - ok
03:23:54.0687 3472 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
03:23:54.0687 3472 dmio - ok
03:23:54.0718 3472 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
03:23:54.0718 3472 dmload - ok
03:23:54.0796 3472 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
03:23:54.0812 3472 dmserver - ok
03:23:54.0875 3472 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
03:23:54.0890 3472 DMusic - ok
03:23:54.0953 3472 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
03:23:54.0968 3472 Dnscache - ok
03:23:54.0984 3472 dpti2o - ok
03:23:55.0015 3472 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
03:23:55.0031 3472 drmkaud - ok
03:23:55.0093 3472 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
03:23:55.0093 3472 ERSvc - ok
03:23:55.0187 3472 [ 4712531AB7A01B7EE059853CA17D39BD ] Eventlog C:\WINDOWS\system32\services.exe
03:23:55.0203 3472 Eventlog - ok
03:23:55.0265 3472 [ A4AB3DCA4A383F0DF4988ABDEB84F9A4 ] EventSystem C:\WINDOWS\system32\es.dll
03:23:55.0265 3472 EventSystem - ok
03:23:55.0343 3472 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
03:23:55.0359 3472 Fastfat - ok
03:23:55.0390 3472 [ 53D9184A21C5CBF600D918E51EF3A7E5 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
03:23:55.0437 3472 FastUserSwitchingCompatibility - ok
03:23:55.0468 3472 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
03:23:55.0468 3472 Fdc - ok
03:23:55.0546 3472 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
03:23:55.0546 3472 Fips - ok
03:23:55.0609 3472 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
03:23:55.0625 3472 Flpydisk - ok
03:23:55.0687 3472 [ 6CC5181F718820861EEADAE38F764B75 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
03:23:55.0703 3472 FltMgr - ok
03:23:55.0812 3472 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
03:23:55.0812 3472 FontCache3.0.0.0 - ok
03:23:55.0828 3472 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
03:23:55.0828 3472 Fs_Rec - ok
03:23:55.0875 3472 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
03:23:55.0890 3472 Ftdisk - ok
03:23:55.0906 3472 [ 5F92FD09E5610A5995DA7D775EADCD12 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
03:23:55.0906 3472 gameenum - ok
03:23:55.0953 3472 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
03:23:55.0968 3472 Gpc - ok
03:23:56.0093 3472 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
03:23:56.0093 3472 gupdate - ok
03:23:56.0140 3472 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
03:23:56.0140 3472 gupdatem - ok
03:23:56.0265 3472 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
03:23:56.0562 3472 helpsvc - ok
03:23:56.0750 3472 HidServ - ok
03:23:56.0843 3472 hpn - ok
03:23:56.0984 3472 [ 261BF53E1D1C21F04B4E748A6ED3D055 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
03:23:57.0031 3472 HTTP - ok
03:23:57.0093 3472 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
03:23:57.0140 3472 HTTPFilter - ok
03:23:57.0156 3472 i2omgmt - ok
03:23:57.0187 3472 i2omp - ok
03:23:57.0250 3472 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
03:23:57.0265 3472 i8042prt - ok
03:23:57.0390 3472 [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
03:23:57.0421 3472 ialm - ok
03:23:57.0578 3472 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:23:57.0609 3472 idsvc - ok
03:23:57.0671 3472 [ 12C59B8929121ACE2F55ACC86682CF12 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
03:23:57.0671 3472 Imapi - ok
03:23:57.0781 3472 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
03:23:57.0812 3472 ImapiService - ok
03:23:57.0843 3472 ini910u - ok
03:23:57.0875 3472 [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
03:23:57.0968 3472 IntelIde - ok
03:23:58.0015 3472 [ BF736DB0517D2B5EFAECF3A7D2C65228 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
03:23:58.0015 3472 intelppm - ok
03:23:58.0031 3472 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
03:23:58.0046 3472 Ip6Fw - ok
03:23:58.0093 3472 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
03:23:58.0093 3472 IpFilterDriver - ok
03:23:58.0109 3472 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
03:23:58.0109 3472 IpInIp - ok
03:23:58.0156 3472 [ 472C75F85E631F8AA87D21C9FEE6238D ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
03:23:58.0171 3472 IpNat - ok
03:23:58.0218 3472 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
03:23:58.0218 3472 IPSec - ok
03:23:58.0265 3472 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
03:23:58.0265 3472 IRENUM - ok
03:23:58.0687 3472 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
03:23:58.0687 3472 isapnp - ok
03:23:58.0875 3472 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
03:23:58.0875 3472 JavaQuickStarterService - ok
03:23:58.0953 3472 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
03:23:58.0953 3472 Kbdclass - ok
03:23:59.0031 3472 [ 8531438246CE9474E41EE1599904C0C7 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
03:23:59.0046 3472 kmixer - ok
03:23:59.0218 3472 [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
03:23:59.0218 3472 KSecDD - ok
03:23:59.0312 3472 [ 76B15AC51A74BE936EA86EA6E08817CF ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
03:23:59.0375 3472 lanmanserver - ok
03:23:59.0453 3472 [ 4C79D9C38DC98CF1C035EC8470B7D1D5 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
03:23:59.0484 3472 lanmanworkstation - ok
03:23:59.0500 3472 lbrtfdc - ok
03:23:59.0609 3472 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
03:23:59.0640 3472 LmHosts - ok
03:23:59.0687 3472 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
03:23:59.0703 3472 Messenger - ok
03:23:59.0796 3472 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
03:23:59.0796 3472 mnmdd - ok
03:23:59.0906 3472 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
03:23:59.0906 3472 mnmsrvc - ok
03:24:00.0015 3472 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
03:24:00.0015 3472 Modem - ok
03:24:00.0109 3472 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
03:24:00.0140 3472 Mouclass - ok
03:24:00.0187 3472 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
03:24:00.0187 3472 MountMgr - ok
03:24:00.0218 3472 mraid35x - ok
03:24:00.0312 3472 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
03:24:00.0343 3472 MRxDAV - ok
03:24:00.0468 3472 [ 3500E756812E716351F2D341AE1D5623 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
03:24:00.0484 3472 MRxSmb - ok
03:24:00.0515 3472 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
03:24:00.0546 3472 MSDTC - ok
03:24:00.0656 3472 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
03:24:00.0656 3472 Msfs - ok
03:24:00.0687 3472 MSIServer - ok
03:24:00.0734 3472 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
03:24:00.0734 3472 MSKSSRV - ok
03:24:00.0781 3472 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
03:24:00.0781 3472 MSPCLOCK - ok
03:24:00.0796 3472 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
03:24:00.0828 3472 MSPQM - ok
03:24:00.0890 3472 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
03:24:00.0890 3472 mssmbios - ok
03:24:00.0937 3472 [ A1DD45CDCD2BF8C57A9A0493C09B00B3 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
03:24:00.0984 3472 Mup - ok
03:24:01.0015 3472 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
03:24:01.0031 3472 NDIS - ok
03:24:01.0125 3472 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
03:24:01.0140 3472 NdisTapi - ok
03:24:01.0203 3472 [ 77D9BF86B912104C229D4F0D25BE3C12 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
03:24:01.0218 3472 Ndisuio - ok
03:24:01.0296 3472 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
03:24:01.0328 3472 NdisWan - ok
03:24:01.0375 3472 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
03:24:01.0406 3472 NDProxy - ok
03:24:01.0453 3472 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
03:24:01.0515 3472 NetBIOS - ok
03:24:01.0531 3472 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
03:24:01.0546 3472 NetBT - ok
03:24:01.0640 3472 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
03:24:01.0671 3472 NetDDE - ok
03:24:01.0687 3472 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
03:24:01.0718 3472 NetDDEdsdm - ok
03:24:01.0750 3472 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
03:24:01.0765 3472 Netlogon - ok
03:24:01.0843 3472 [ 3516D8A18B36784B1005B950B84232E1 ] Netman C:\WINDOWS\System32\netman.dll
03:24:01.0859 3472 Netman - ok
03:24:01.0968 3472 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:24:01.0984 3472 NetTcpPortSharing - ok
03:24:02.0093 3472 [ 1DFCA7713EA5A70D5D93B436AEA0317A ] Nla C:\WINDOWS\System32\mswsock.dll
03:24:02.0218 3472 Nla - ok
03:24:02.0312 3472 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
03:24:02.0328 3472 Npfs - ok
03:24:02.0390 3472 [ 52723E766051AC8F0B70491AD91F0079 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
03:24:02.0421 3472 Ntfs - ok
03:24:02.0468 3472 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
03:24:02.0468 3472 NtLmSsp - ok
03:24:02.0828 3472 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
03:24:02.0906 3472 NtmsSvc - ok
03:24:02.0968 3472 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
03:24:02.0984 3472 Null - ok
03:24:03.0000 3472 [ A2DB5B5DCD22F9BA1FED3F50777E1F61 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
03:24:03.0015 3472 NWCWorkstation - ok
03:24:03.0109 3472 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
03:24:03.0140 3472 NwlnkFlt - ok
03:24:03.0171 3472 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
03:24:03.0171 3472 NwlnkFwd - ok
03:24:03.0218 3472 [ 79EA3FCDA7067977625B3363A2657C80 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
03:24:03.0234 3472 NwlnkIpx - ok
03:24:03.0281 3472 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
03:24:03.0312 3472 NwlnkNb - ok
03:24:03.0375 3472 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
03:24:03.0421 3472 NwlnkSpx - ok
03:24:03.0468 3472 [ BBBC2E555BB5E4ADBAEB1447F11C68C9 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
03:24:03.0500 3472 NWRDR - ok
03:24:03.0562 3472 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
03:24:03.0578 3472 Parport - ok
03:24:03.0609 3472 [ 1628710C352BD79ABEBA234356E2B586 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
03:24:03.0640 3472 PartMgr - ok
03:24:03.0718 3472 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
03:24:03.0734 3472 ParVdm - ok
03:24:03.0765 3472 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
03:24:03.0781 3472 PCI - ok
03:24:03.0796 3472 PCIDump - ok
03:24:03.0828 3472 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
03:24:03.0859 3472 PCIIde - ok
03:24:04.0250 3472 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
03:24:04.0312 3472 Pcmcia - ok
03:24:04.0328 3472 PDCOMP - ok
03:24:04.0343 3472 PDFRAME - ok
03:24:04.0359 3472 PDRELI - ok
03:24:04.0437 3472 PDRFRAME - ok
03:24:04.0453 3472 perc2 - ok
03:24:04.0468 3472 perc2hib - ok
03:24:04.0765 3472 [ 4712531AB7A01B7EE059853CA17D39BD ] PlugPlay C:\WINDOWS\system32\services.exe
03:24:04.0875 3472 PlugPlay - ok
03:24:04.0953 3472 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
03:24:04.0984 3472 PolicyAgent - ok
03:24:05.0062 3472 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
03:24:05.0062 3472 PptpMiniport - ok
03:24:05.0093 3472 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
03:24:05.0125 3472 ProtectedStorage - ok
03:24:05.0140 3472 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
03:24:05.0156 3472 PSched - ok
03:24:05.0171 3472 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
03:24:05.0203 3472 Ptilink - ok
03:24:05.0265 3472 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
03:24:05.0265 3472 PxHelp20 - ok
03:24:05.0265 3472 ql1080 - ok
03:24:05.0281 3472 Ql10wnt - ok
03:24:05.0296 3472 ql12160 - ok
03:24:05.0312 3472 ql1240 - ok
03:24:05.0328 3472 ql1280 - ok
03:24:05.0343 3472 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
03:24:05.0359 3472 RasAcd - ok
03:24:05.0390 3472 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
03:24:05.0406 3472 RasAuto - ok
03:24:05.0453 3472 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
03:24:05.0453 3472 Rasl2tp - ok
03:24:05.0468 3472 [ ED5E89DEDB0111E2869CB37D62B46C7A ] RasMan C:\WINDOWS\System32\rasmans.dll
03:24:05.0484 3472 RasMan - ok
03:24:05.0500 3472 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
03:24:05.0515 3472 RasPppoe - ok
03:24:05.0515 3472 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
03:24:05.0531 3472 Raspti - ok
03:24:05.0593 3472 [ B48441A6DC703EE4C36DB14EE51A189C ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
03:24:05.0796 3472 Rdbss - ok
03:24:05.0828 3472 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
03:24:05.0859 3472 RDPCDD - ok
03:24:05.0921 3472 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
03:24:05.0968 3472 rdpdr - ok
03:24:06.0031 3472 [ 047BEA21274C8A4A233674A76C958C2C ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
03:24:06.0046 3472 RDPWD - ok
03:24:06.0093 3472 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
03:24:06.0109 3472 RDSessMgr - ok
03:24:06.0140 3472 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
03:24:06.0156 3472 redbook - ok
03:24:06.0203 3472 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
03:24:06.0218 3472 RemoteAccess - ok
03:24:06.0281 3472 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
03:24:06.0281 3472 RemoteRegistry - ok
03:24:06.0328 3472 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
03:24:06.0328 3472 ROOTMODEM - ok
03:24:06.0390 3472 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
03:24:06.0406 3472 RpcLocator - ok
03:24:06.0421 3472 [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] RpcSs C:\WINDOWS\System32\rpcss.dll
03:24:06.0453 3472 RpcSs - ok
03:24:06.0500 3472 [ 0E11B35E972796042044BC27CE13B065 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
03:24:06.0500 3472 rspndr - ok
03:24:06.0546 3472 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
03:24:06.0578 3472 RSVP - ok
03:24:06.0625 3472 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
03:24:06.0625 3472 rtl8139 - ok
03:24:06.0640 3472 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
03:24:06.0656 3472 SamSs - ok
03:24:06.0718 3472 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
03:24:06.0734 3472 SCardSvr - ok
03:24:06.0781 3472 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
03:24:06.0812 3472 Schedule - ok
03:24:06.0859 3472 [ 7570380037993520842C2868121A01F9 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
03:24:06.0859 3472 Secdrv - ok
03:24:06.0875 3472 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
03:24:06.0906 3472 seclogon - ok
03:24:06.0921 3472 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
03:24:06.0937 3472 SENS - ok
03:24:06.0953 3472 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
03:24:06.0953 3472 serenum - ok
03:24:06.0984 3472 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
03:24:06.0984 3472 Serial - ok
03:24:07.0015 3472 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
03:24:07.0015 3472 Sfloppy - ok
03:24:07.0078 3472 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
03:24:07.0093 3472 SharedAccess - ok
03:24:07.0109 3472 [ 53D9184A21C5CBF600D918E51EF3A7E5 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
03:24:07.0125 3472 ShellHWDetection - ok
03:24:07.0156 3472 Simbad - ok
03:24:07.0250 3472 [ FA3368A7039F5ABAA4B933703AC34763 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
03:24:07.0296 3472 smwdm - ok
03:24:07.0437 3472 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
03:24:07.0453 3472 SoundMAX Agent Service (default) - ok
03:24:07.0468 3472 Sparrow - ok
03:24:07.0500 3472 [ 9BB1DD670CB7505A90FC4E61D4AA8227 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
03:24:07.0593 3472 splitter - ok
03:24:07.0656 3472 [ AD3D9D191AEA7B5445FE1D82FFBB4788 ] Spooler C:\WINDOWS\system32\spoolsv.exe
03:24:07.0734 3472 Spooler - ok
03:24:07.0781 3472 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
03:24:07.0796 3472 sr - ok
03:24:07.0859 3472 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
03:24:07.0937 3472 srservice - ok
03:24:08.0000 3472 [ D4AF9861C3B6A2163D26DC6B9CF05E2A ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
03:24:08.0015 3472 Srv - ok
03:24:08.0046 3472 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
03:24:08.0062 3472 SSDPSRV - ok
03:24:08.0140 3472 [ D9F097AA3B97034D3358A01B43E635B2 ] stisvc C:\WINDOWS\system32\wiaservc.dll
03:24:08.0187 3472 stisvc - ok
03:24:08.0203 3472 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
03:24:08.0203 3472 swenum - ok
03:24:08.0234 3472 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
03:24:08.0234 3472 swmidi - ok
03:24:08.0250 3472 SwPrv - ok
03:24:08.0265 3472 symc810 - ok
03:24:08.0281 3472 symc8xx - ok
03:24:08.0296 3472 sym_hi - ok
03:24:08.0312 3472 sym_u3 - ok
03:24:08.0359 3472 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
03:24:08.0375 3472 sysaudio - ok
03:24:08.0390 3472 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
03:24:08.0437 3472 SysmonLog - ok
03:24:08.0546 3472 [ 1418A3A6E76E5A2E3F5E43866E793A8B ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
03:24:08.0593 3472 TapiSrv - ok
03:24:08.0687 3472 [ 744E57C99232201AE98C49168B918F48 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
03:24:08.0796 3472 Tcpip - ok
03:24:08.0875 3472 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
03:24:08.0984 3472 TDPIPE - ok
03:24:09.0015 3472 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
03:24:09.0015 3472 TDTCP - ok
03:24:09.0031 3472 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
03:24:09.0046 3472 TermDD - ok
03:24:09.0109 3472 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
03:24:09.0156 3472 TermService - ok
03:24:09.0187 3472 [ 53D9184A21C5CBF600D918E51EF3A7E5 ] Themes C:\WINDOWS\System32\shsvcs.dll
03:24:09.0203 3472 Themes - ok
03:24:09.0250 3472 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
03:24:09.0265 3472 TlntSvr - ok
03:24:09.0281 3472 TosIde - ok
03:24:09.0328 3472 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
03:24:09.0343 3472 TrkWks - ok
03:24:09.0390 3472 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
03:24:09.0390 3472 Udfs - ok
03:24:09.0406 3472 ultra - ok
03:24:09.0468 3472 [ 1F03139B77B21C6D84C688798808BC28 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
03:24:09.0500 3472 Update - ok
03:24:09.0531 3472 [ 36ACA6CDC19C95FF468A1426EB7F32F0 ] upnphost C:\WINDOWS\System32\upnphost.dll
03:24:09.0546 3472 upnphost - ok
03:24:09.0578 3472 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
03:24:09.0593 3472 UPS - ok
03:24:09.0656 3472 [ CDAA3EF29EABAE9AE825BAF2B8E36735 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
03:24:09.0656 3472 usbehci - ok
03:24:09.0671 3472 [ DB53E336C44CB0975D7DCB35BAC0ECDA ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
03:24:09.0687 3472 usbhub - ok
03:24:09.0703 3472 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
03:24:09.0703 3472 USBSTOR - ok
03:24:09.0765 3472 [ 654C19D5CA14483BE3C2384CDDC09468 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
03:24:09.0765 3472 usbuhci - ok
03:24:09.0781 3472 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
03:24:09.0796 3472 VgaSave - ok
03:24:09.0796 3472 ViaIde - ok
03:24:09.0828 3472 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
03:24:09.0828 3472 VolSnap - ok
03:24:09.0890 3472 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
03:24:09.0921 3472 VSS - ok
03:24:09.0968 3472 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
03:24:10.0015 3472 W32Time - ok
03:24:10.0031 3472 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
03:24:10.0046 3472 Wanarp - ok
03:24:10.0062 3472 WDICA - ok
03:24:10.0078 3472 [ 0BFA8203B8148FB4E54BC212C41CE497 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
03:24:10.0093 3472 wdmaud - ok
03:24:10.0109 3472 [ 346E7D636ADFE4E3B1B32AF8326220FF ] WebClient C:\WINDOWS\System32\webclnt.dll
03:24:10.0125 3472 WebClient - ok
03:24:10.0265 3472 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
03:24:10.0328 3472 winmgmt - ok
03:24:10.0406 3472 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
03:24:10.0421 3472 WmdmPmSN - ok
03:24:10.0671 3472 [ E8E57B0F9EB03D1AABEC28D550C75116 ] Wmi C:\WINDOWS\System32\advapi32.dll
03:24:11.0046 3472 Wmi - ok
03:24:11.0265 3472 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
03:24:11.0453 3472 WmiApSrv - ok
03:24:11.0828 3472 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
03:24:11.0921 3472 WMPNetworkSvc - ok
03:24:12.0046 3472 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
03:24:12.0562 3472 WpdUsb - ok
03:24:12.0625 3472 [ 478995B4555958E52388496618D9C678 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
03:24:13.0093 3472 wscsvc - ok
03:24:13.0203 3472 [ D29AD7484B98279ED21877DE051A180F ] wuauserv C:\WINDOWS\system32\wuauserv.dll
03:24:13.0234 3472 wuauserv - ok
03:24:13.0281 3472 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
03:24:13.0281 3472 WudfPf - ok
03:24:13.0296 3472 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
03:24:13.0312 3472 WudfRd - ok
03:24:13.0328 3472 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
03:24:13.0343 3472 WudfSvc - ok
03:24:13.0421 3472 [ B1F190A2BF52B8F4601C677F475CE5E5 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
03:24:13.0500 3472 WZCSVC - ok
03:24:13.0578 3472 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
03:24:13.0687 3472 xmlprov - ok
03:24:13.0703 3472 ================ Scan global ===============================
03:24:13.0765 3472 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
03:24:13.0828 3472 [ 3E958EBBE7DA5691E8B08429A7EDB44B ] C:\WINDOWS\system32\winsrv.dll
03:24:13.0937 3472 [ 3E958EBBE7DA5691E8B08429A7EDB44B ] C:\WINDOWS\system32\winsrv.dll
03:24:14.0890 3472 [ 4712531AB7A01B7EE059853CA17D39BD ] C:\WINDOWS\system32\services.exe
03:24:15.0093 3472 [Global] - ok
03:24:15.0109 3472 ================ Scan MBR ==================================
03:24:15.0140 3472 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
03:24:15.0500 3472 \Device\Harddisk0\DR0 - ok
03:24:15.0500 3472 ================ Scan VBR ==================================
03:24:15.0515 3472 [ 3F1B8558237C821F47C46D008FC8C72E ] \Device\Harddisk0\DR0\Partition1
03:24:15.0546 3472 \Device\Harddisk0\DR0\Partition1 - ok
03:24:15.0546 3472 ============================================================
03:24:15.0546 3472 Scan finished
03:24:15.0546 3472 ============================================================
03:24:15.0578 1140 Detected object count: 0
03:24:15.0578 1140 Actual detected object count: 0
03:25:54.0359 1784 Deinitialize success

MBAM

MBAM crashed on first full scan. Second scan finished. I made a mistake by assuming they were all selected before removing. After reboot I did 3 quick scans, where 2 found infections and the third found nothing. Let me know if you'd like to see the logs.

Mini Toolbox

MiniToolBox by Farbar Version: 23-07-2012
Ran by Administrator (administrator) on 20-09-2012 at 08:39:34
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8139 Family PCI Fast Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area WINS Proxy Enabled. . . . . . . . Physical Address. . . . . . . . . : 00-30-BD-72-6A-1E Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.2.24 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.10 DHCP Server . . . . . . . . . . . : 192.168.2.10 DNS Servers . . . . . . . . . . . : 192.168.2.10 Lease Obtained. . . . . . . . . . : Thursday, September 20, 2012 7:22:30 AM Lease Expires . . . . . . . . . . : Friday, September 21, 2012 7:22:30 AMServer: UnKnown
Address: 192.168.2.10

Name: google.com
Addresses: 173.194.41.99, 173.194.41.100, 173.194.41.101, 173.194.41.102
173.194.41.103, 173.194.41.104, 173.194.41.105, 173.194.41.110, 173.194.41.96
173.194.41.97, 173.194.41.98

Pinging google.com [173.194.34.68] with 32 bytes of data:Reply from 173.194.34.68: bytes=32 time=27ms TTL=55Reply from 173.194.34.68: bytes=32 time=28ms TTL=54Ping statistics for 173.194.34.68: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 27ms, Maximum = 28ms, Average = 27msServer: UnKnown
Address: 192.168.2.10

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:Reply from 72.30.38.140: bytes=32 time=490ms TTL=52Reply from 72.30.38.140: bytes=32 time=501ms TTL=52Ping statistics for 72.30.38.140: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 490ms, Maximum = 501ms, Average = 495msServer: UnKnown
Address: 192.168.2.10

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 30 bd 72 6a 1e ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.10 192.168.2.24 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.24 192.168.2.24 20
192.168.2.24 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.24 192.168.2.24 20
224.0.0.0 240.0.0.0 192.168.2.24 192.168.2.24 20
255.255.255.255 255.255.255.255 192.168.2.24 192.168.2.24 1
Default Gateway: 192.168.2.10
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/20/2012 03:57:41 AM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 1.62.0.140, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x00011dc5.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/19/2012 08:00:28 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/19/2012 08:00:22 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (09/19/2012 08:00:07 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/19/2012 08:00:07 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/19/2012 02:13:46 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x0001ab0a.
Processing media-specific event for [iexplore.exe!ws!]

Error: (09/18/2012 09:06:39 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x0001ab0a.
Processing media-specific event for [iexplore.exe!ws!]

Error: (09/18/2012 05:07:28 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x00034fe9.
Processing media-specific event for [iexplore.exe!ws!]

Error: (09/18/2012 04:41:45 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (09/18/2012 04:41:45 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (09/20/2012 07:23:11 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PCIIde

Error: (09/20/2012 03:36:33 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (09/19/2012 09:27:18 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.22 for the Network Card with network address 0030BD726A1E has been
denied by the DHCP server 192.168.2.10 (The DHCP Server sent a DHCPNACK message).

Error: (09/19/2012 08:06:54 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PCIIde

Error: (09/18/2012 03:36:31 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (09/18/2012 01:49:57 AM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (09/18/2012 01:37:08 AM) (Source: Service Control Manager) (User: )
Description: The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (09/16/2012 03:36:28 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (09/14/2012 03:36:27 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (09/13/2012 06:35:58 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.237 for the Network Card with network address 0030BD726A1E has been
denied by the DHCP server 192.168.2.10 (The DHCP Server sent a DHCPNACK message).


Microsoft Office Sessions:
=========================
Error: (09/20/2012 03:57:41 AM) (Source: Application Error)(User: )
Description: mbam.exe1.62.0.140ntdll.dll5.1.2600.352000011dc5

Error: (09/19/2012 08:00:28 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/19/2012 08:00:22 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (09/19/2012 08:00:07 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/19/2012 08:00:07 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/19/2012 02:13:46 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702ntdll.dll5.1.2600.35200001ab0a

Error: (09/18/2012 09:06:39 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702ntdll.dll5.1.2600.35200001ab0a

Error: (09/18/2012 05:07:28 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702ntdll.dll5.1.2600.352000034fe9

Error: (09/18/2012 04:41:45 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (09/18/2012 04:41:45 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
avast! Free Antivirus (Version: 7.0.1466.0)
ESET Online Scanner v3
Foxit Reader 5.0 (Version: 5.0.2.718)
Google Update Helper (Version: 1.3.21.123)
HijackThis 2.0.2 (Version: 2.0.2)
IL Download Manager
IL Shared Libraries
ImgBurn (Version: 2.4.2.0)
Intel® Extreme Graphics Driver
Internet Download Manager
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
K-Lite Codec Pack 5.4.4 (Standard) (Version: 5.4.4)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Medieval CUE Splitter (Version: 1.1.1)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
RealPlayer
Software Update for Web Folders (Version: 9.60.6715.0)
SoundMAX (Version: 5.12.01.3620)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB932823-v3) (Version: 3)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VLC media player 1.0.5 (Version: 1.0.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 84%
Total physical RAM: 503.48 MB
Available physical RAM: 79.33 MB
Total Pagefile: 1996.66 MB
Available Pagefile: 1592.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.36 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:30.3 GB) NTFS

========================= Users: ========================================

User accounts for \\KILLERBEE

Administrator Guest HelpAssistant
rdpuser18 SUPPORT_388945a0


**** End of log ****

FSS

Farbar Service Scanner Version: 19-09-2012
Ran by Administrator (administrator) on 20-09-2012 at 08:50:09
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2007-12-31 11:03] - [2007-12-31 11:03] - 0112128 ____A (Microsoft Corporation) 3F15A1DBD86F7BDAF404648282D11ECE

C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-04 13:00] - [2008-08-14 10:48] - 0138368 ____A (Microsoft Corporation) 6A0397376853E604DE8E1E7A87FC08AC

C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 13:00] - [2004-08-04 13:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2007-12-31 11:05] - [2008-06-20 11:44] - 0360960 ____N (Microsoft Corporation) 744E57C99232201AE98C49168B918F48

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 13:00] - [2004-08-04 13:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 13:00] - [2004-08-04 13:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 13:00] - [2004-08-04 13:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2007-12-31 11:04] - [2007-12-31 11:04] - 0197632 ____N (Microsoft Corporation) 3516D8A18B36784B1005B950B84232E1

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-08-16 06:56] - [2004-08-04 13:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2008-08-16 06:58] - [2004-08-04 13:00] - 0170496 ____N (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2008-08-16 06:58] - [2004-08-04 13:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2007-12-31 11:05] - [2007-12-31 11:05] - 0080896 ____A (Microsoft Corporation) 478995B4555958E52388496618D9C678

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-08-16 06:56] - [2004-08-04 13:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2008-08-16 06:59] - [2007-12-31 11:05] - 0025944 ____A (Microsoft Corporation) D29AD7484B98279ED21877DE051A180F

C:\WINDOWS\system32\qmgr.dll
[2008-08-16 06:59] - [2007-12-31 11:04] - 0408064 ____N (Microsoft Corporation) 17A0D43C80DB5348759C649835A78CFC

C:\WINDOWS\system32\es.dll
[2007-12-31 11:03] - [2008-07-07 21:06] - 0253952 ____N (Microsoft Corporation) A4AB3DCA4A383F0DF4988ABDEB84F9A4

C:\WINDOWS\system32\cryptsvc.dll
[2007-12-31 11:03] - [2007-12-31 11:03] - 0062464 ____N (Microsoft Corporation) 87F3E2D2A3231F820F9248DB90090F42

C:\WINDOWS\system32\svchost.exe
[2004-08-04 13:00] - [2004-08-04 13:00] - 0014336 ____N (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2007-12-31 11:04] - [2009-02-09 11:01] - 0401408 ____N (Microsoft Corporation) 24B5D53B9ACCC1E2EDCF0A878D6659D4

C:\WINDOWS\system32\services.exe
[2004-08-04 13:00] - [2009-02-06 11:22] - 0110592 ____N (Microsoft Corporation) 4712531AB7A01B7EE059853CA17D39BD


Extra List:
=======
aswTdi(10) Bcim(11) Gpc(3) IPSec(5) NetBT(6) NwlnkIpx(12) NwlnkNb(13) PSched(7) Tcpip(4)
0x0D00000005000000010000000200000003000000040000000A000000060000000700000008000000090000000B0000000C0000000D000000
IpSec Tag value is correct.

**** End of log ****

Adware Cleaner

# AdwCleaner v2.002 - Logfile created 09/20/2012 at 08:51:20
# Updated 16/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Administrator - KILLERBEE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Toolbar4
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0

***** [Registry] *****

Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/accmeware/{9AA0258D-D87A-4D82-BDA2-15B6AC21C85F} --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4995 octets] - [20/09/2012 08:51:20]

########## EOF - C:\AdwCleaner[S1].txt - [5055 octets] ##########

Edited by idarksavior12, 20 September 2012 - 04:46 AM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:58 AM

Posted 20 September 2012 - 03:17 AM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#7 idarksavior12

idarksavior12
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 20 September 2012 - 03:32 AM

rkill log

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/20/2012 09:19:29 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* System Restore Disabled

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = dword:00000001

Checking Windows Service Integrity:

* System Restore Service (srservice) is not Running.
Startup Type set to: Automatic

* System Restore Filter Driver (sr) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\atapi.sys [NoSig]
+-> C:\WINDOWS\ERDNT\cache\atapi.sys : 95,360 : 08/03/2004 11:59 PM : cdfe4411a69c224bd1d11b2da92dac51 [Pos Repl]
+-> C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys : 96,512 : 04/13/2008 07:40 PM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\atapi.sys : 95,360 : 08/03/2004 11:59 PM : cdfe4411a69c224bd1d11b2da92dac51 [Pos Repl]

* C:\WINDOWS\System32\drivers\classpnp.sys [NoSig]
+-> C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\classpnp.sys : 49,536 : 04/13/2008 08:16 PM : fe47dd8fe6d7768ff94ebec6c74b2719 [Pos Repl]
+-> C:\WINDOWS\system32\dllcache\classpnp.sys : 49,536 : 12/31/2007 11:03 AM : 741716525d7907bba7ca7fd637675f77 [Pos Repl]

* C:\WINDOWS\System32\termsrv.dll [NoSig]
+-> C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll : 295,424 : 04/14/2008 08:12 AM : ff3477c03be7201c294c35f684b3479f [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 09/20/2012 09:21:52 AM
Execution time: 0 hours(s), 2 minute(s), and 23 seconds(s)

Autoruns

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "avast5" "avast! Antivirus" "AVAST Software" "c:\program files\alwil software\avast5\avastui.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "TkBellExe" "RealNetworks Scheduler" "RealNetworks, Inc." "c:\program files\common files\real\update_ob\realsched.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "WMPNSCFG" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\alwil software\avast5\ashshell.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\alwil software\avast5\ashshell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\alwil software\avast5\ashshell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\alwil software\avast5\ashshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\alwil software\avast5\aswwebrepie.dll"
+ "IDMIEHlprObj Class" "IDM BHO Module" "Tonec Inc." "c:\program files\internet download manager\idmiecc.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer" "c:\program files\real\realplayer\rpbrowserrecordplugin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\alwil software\avast5\aswwebrepie.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Uninstall BitDefender Online Scanner" "" "" "c:\windows\bdoscandel.exe"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "avast! Emergency Update.job" "avast! Emergency Update" "AVAST Software" "c:\program files\alwil software\avast5\avastemupdate.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "avast! Antivirus" "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler." "AVAST Software" "c:\program files\alwil software\avast5\avastsvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "SoundMAX Agent Service (default)" "SoundMAX service agent component" "Analog Devices, Inc." "c:\program files\analog devices\soundmax\smagent.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Aavmker4" "avast! Asynchronous Virus Monitor" "AVAST Software" "c:\windows\system32\drivers\aavmker4.sys"
+ "aeaudio" "Andrea Audio Noise Cancellation Driver" "Andrea Electronics Corporation" "c:\windows\system32\drivers\aeaudio.sys"
+ "aswFsBlk" "avast! mini-filter driver (aswFsBlk)" "AVAST Software" "c:\windows\system32\drivers\aswfsblk.sys"
+ "aswMon2" "avast! Standard Shield Support" "AVAST Software" "c:\windows\system32\drivers\aswmon2.sys"
+ "aswRdr" "avast! TDI Redirect driver" "AVAST Software" "c:\windows\system32\drivers\aswrdr.sys"
+ "aswSnx" "avast! virtualization driver (aswSnx)" "AVAST Software" "c:\windows\system32\drivers\aswsnx.sys"
+ "aswSP" "avast! Self Protection" "AVAST Software" "c:\windows\system32\drivers\aswsp.sys"
+ "aswTdi" "avast! Network Shield TDI driver" "AVAST Software" "c:\windows\system32\drivers\aswtdi.sys"
+ "Bcim" "" "" "File not found: system32\DRIVERS\bcim.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\ialmnt5.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "rtl8139" "Realtek RTL8139 NDIS 5.0 Driver" "Realtek Semiconductor Corporation" "c:\windows\system32\drivers\rtl8139.sys"
+ "Secdrv" "SafeDisc Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "smwdm" "SoundMAX Integrated Digital Audio " "Analog Devices, Inc." "c:\windows\system32\drivers\smwdm.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "IndeoŽ audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "msacm.vorbis" "Ogg Vorbis CODEC for MSACM" "HMS http://hp.vector.co.jp/authors/VA012897/" "c:\windows\system32\vorbis.acm"
+ "vidc.cvid" "CinepakŽ Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.XVID" "" "" "File not found: xvidvfw.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "IndeoŽ video 4.4 Compression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "IndeoŽ video 4.4 Compression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "IndeoŽ video 4.4 Decompression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "IndeoŽ video 4.4 Decompression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Video/SP Decoder (PDVD9)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\k-lite codec pack\filters\clvsd.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files\k-lite codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Indeo Video ® 5.1 Progressive Download Source" "Intel IndeoŽ video IVF Source Filter 5.10" "Intel Corporation" "c:\windows\system32\ivfsrc.ax"
+ "IndeoŽ audio software" "IndeoŽ audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "IndeoŽ video 5.10 Compression Filter" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "IndeoŽ video 5.10 Decompression Filter" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "madFlac Decoder" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "madFlac Source" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "MPC - FLV Source (Gabest)" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "MPC - FLV Splitter (Gabest)" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "MPC - MP4 Source" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - MP4 Splitter" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - Mpeg Source (Gabest)" "Mpeg Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mpegsplitter.ax"
+ "MPC - Mpeg Splitter (Gabest)" "Mpeg Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mpegsplitter.ax"
+ "MPC - MPEG4 Video Source" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - MPEG4 Video Splitter" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Video Memory Render Filter" "" "" "c:\program files\image-line\fl studio 10\plugins\fruity\effects\zgameeditor visualizer\videomemoryrenderfilter.ax"
+ "WavPack Audio Decoder" "WavPack Audio DirectShow Decoder" "-" "c:\program files\k-lite codec pack\filters\wavpackdsdecoder.ax"
+ "WavPack Audio Splitter" "WavPack Audio DirectShow Splitter" "-" "c:\program files\k-lite codec pack\filters\wavpackdssplitter.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxsrvc Module" "Intel Corporation" "c:\windows\system32\igfxsrvc.dll"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:58 AM

Posted 20 September 2012 - 04:02 AM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#9 idarksavior12

idarksavior12
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 20 September 2012 - 04:44 AM

awesome, that was quicker than I expected. Thank you for helping me out naren, it's much appreciated. :thumbup2:

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:58 AM

Posted 20 September 2012 - 04:45 AM

You're welcome :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users