Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects and Rundll errors


  • Please log in to reply
12 replies to this topic

#1 BlueBat

BlueBat

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 15 October 2012 - 08:49 AM

Hello,

About 3 months ago AVG free alerted me to some sort of trojan/virus on my computer, they were called 'Trojan horse Generic28.CGBK' and 'Win32/Cryptor'. They appeared to be removed and moved to the virus vault. However since then on startup I receive 2 Rundll errors which go away when I click OK. These appear as.

Error loading C:\Documents and Settings\Owner/Application data\pcprtf.dll
Error loading C:\Documents and Settings\Owner/Application data\wmshc.dll

It also will say beneath them that 'the specified module could not be found'.

I will also receive occasional google redirects to random or sometimes related sites to what I was intending to click on. This only appeared after the virus/trojan so I believe there is a relation there. Aside from these problems I have not noticed much of a change to my computer's performance hence why I did not seek any help earlier.

I have scanned my computer using AVG free, MBAM, Super anti spyware and Spybot Search and Destroy to try to solve these problems but they have not solved anything.

I am using Windows Xp home edition.

Thank you for your time.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:09 AM

Posted 15 October 2012 - 09:12 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 BlueBat

BlueBat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 20 October 2012 - 09:13 AM

Apologies for the delay in reply!

TDSS Killer Log

14:01:43.0812 3332 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
14:01:43.0921 3332 ============================================================
14:01:43.0921 3332 Current date / time: 2012/10/20 14:01:43.0921
14:01:43.0921 3332 SystemInfo:
14:01:43.0921 3332
14:01:43.0921 3332 OS Version: 5.1.2600 ServicePack: 2.0
14:01:43.0921 3332 Product type: Workstation
14:01:43.0921 3332 ComputerName: OWNER-F9D714217
14:01:43.0921 3332 UserName: Owner
14:01:43.0921 3332 Windows directory: C:\WINDOWS
14:01:43.0921 3332 System windows directory: C:\WINDOWS
14:01:43.0921 3332 Processor architecture: Intel x86
14:01:43.0921 3332 Number of processors: 2
14:01:43.0921 3332 Page size: 0x1000
14:01:43.0921 3332 Boot type: Normal boot
14:01:43.0921 3332 ============================================================
14:01:45.0703 3332 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:01:45.0703 3332 ============================================================
14:01:45.0703 3332 \Device\Harddisk0\DR0:
14:01:45.0703 3332 MBR partitions:
14:01:45.0703 3332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x587E251
14:01:45.0718 3332 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x587E2CF, BlocksNum 0x3C901F2
14:01:45.0718 3332 ============================================================
14:01:45.0750 3332 D: <-> \Device\Harddisk0\DR0\Partition2
14:01:45.0781 3332 C: <-> \Device\Harddisk0\DR0\Partition1
14:01:45.0781 3332 ============================================================
14:01:45.0781 3332 Initialize success
14:01:45.0781 3332 ============================================================
14:02:22.0843 2228 ============================================================
14:02:22.0843 2228 Scan started
14:02:22.0843 2228 Mode: Manual; TDLFS;
14:02:22.0843 2228 ============================================================
14:02:23.0281 2228 ================ Scan system memory ========================
14:02:23.0281 2228 System memory - ok
14:02:23.0281 2228 ================ Scan services =============================
14:02:23.0343 2228 Abiosdsk - ok
14:02:23.0343 2228 abp480n5 - ok
14:02:23.0375 2228 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:02:23.0390 2228 ACPI - ok
14:02:23.0406 2228 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:02:23.0453 2228 ACPIEC - ok
14:02:23.0531 2228 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:02:23.0562 2228 AdobeFlashPlayerUpdateSvc - ok
14:02:23.0578 2228 adpu160m - ok
14:02:23.0609 2228 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:02:23.0609 2228 aec - ok
14:02:23.0656 2228 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:02:23.0687 2228 AFD - ok
14:02:23.0687 2228 Aha154x - ok
14:02:23.0687 2228 aic78u2 - ok
14:02:23.0703 2228 aic78xx - ok
14:02:23.0734 2228 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:02:23.0734 2228 Alerter - ok
14:02:23.0750 2228 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
14:02:23.0750 2228 ALG - ok
14:02:23.0765 2228 AliIde - ok
14:02:23.0765 2228 amsint - ok
14:02:23.0875 2228 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:02:23.0875 2228 Apple Mobile Device - ok
14:02:23.0875 2228 AppMgmt - ok
14:02:23.0906 2228 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:02:23.0937 2228 Arp1394 - ok
14:02:23.0937 2228 asc - ok
14:02:23.0953 2228 asc3350p - ok
14:02:23.0953 2228 asc3550 - ok
14:02:24.0046 2228 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
14:02:24.0078 2228 aspnet_state - ok
14:02:24.0125 2228 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:02:24.0140 2228 AsyncMac - ok
14:02:24.0187 2228 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:02:24.0187 2228 atapi - ok
14:02:24.0187 2228 Atdisk - ok
14:02:24.0218 2228 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:02:24.0250 2228 Atmarpc - ok
14:02:24.0281 2228 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:02:24.0296 2228 AudioSrv - ok
14:02:24.0312 2228 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:02:24.0328 2228 audstub - ok
14:02:24.0437 2228 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
14:02:24.0453 2228 AVG Security Toolbar Service - ok
14:02:24.0562 2228 [ AA054CD537357F03D5BA6ABA7562B35F ] avg9emc C:\Program Files\AVG\AVG9\avgemc.exe
14:02:24.0593 2228 avg9emc - ok
14:02:24.0640 2228 [ C4D15594DB5BE042D3346EA58DF87D89 ] avg9wd C:\Program Files\AVG\AVG9\avgwdsvc.exe
14:02:24.0656 2228 avg9wd - ok
14:02:24.0703 2228 [ B8C187439D27ABA430DD69FDCF1FA657 ] AvgLdx86 C:\WINDOWS\System32\Drivers\avgldx86.sys
14:02:24.0734 2228 AvgLdx86 - ok
14:02:24.0781 2228 [ 80FF2B1B7EEDA966394F0BAA895BBF4B ] AvgMfx86 C:\WINDOWS\System32\Drivers\avgmfx86.sys
14:02:24.0781 2228 AvgMfx86 - ok
14:02:24.0828 2228 [ 9A7A93388F503A34E7339AE7F9997449 ] AvgTdiX C:\WINDOWS\System32\Drivers\avgtdix.sys
14:02:24.0843 2228 AvgTdiX - ok
14:02:24.0890 2228 [ 6F76908F065C3C151C4BFCA7DFD86979 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
14:02:24.0890 2228 avgtp - ok
14:02:24.0937 2228 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:02:24.0968 2228 Beep - ok
14:02:25.0015 2228 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
14:02:25.0046 2228 BITS - ok
14:02:25.0125 2228 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:02:25.0140 2228 Bonjour Service - ok
14:02:25.0171 2228 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
14:02:25.0171 2228 Browser - ok
14:02:25.0203 2228 cairegbo - ok
14:02:25.0234 2228 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:02:25.0265 2228 cbidf2k - ok
14:02:25.0265 2228 cd20xrnt - ok
14:02:25.0281 2228 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:02:25.0296 2228 Cdaudio - ok
14:02:25.0343 2228 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:02:25.0343 2228 Cdfs - ok
14:02:25.0375 2228 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:02:25.0406 2228 Cdrom - ok
14:02:25.0406 2228 Changer - ok
14:02:25.0437 2228 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:02:25.0453 2228 CiSvc - ok
14:02:25.0453 2228 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:02:25.0453 2228 ClipSrv - ok
14:02:25.0500 2228 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:02:25.0515 2228 CmBatt - ok
14:02:25.0531 2228 CmdIde - ok
14:02:25.0531 2228 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:02:25.0546 2228 Compbatt - ok
14:02:25.0546 2228 COMSysApp - ok
14:02:25.0562 2228 Cpqarray - ok
14:02:25.0578 2228 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:02:25.0578 2228 CryptSvc - ok
14:02:25.0578 2228 dac2w2k - ok
14:02:25.0593 2228 dac960nt - ok
14:02:25.0625 2228 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:02:25.0640 2228 DcomLaunch - ok
14:02:25.0656 2228 DgiVecp - ok
14:02:25.0687 2228 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:02:25.0687 2228 Dhcp - ok
14:02:25.0703 2228 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:02:25.0718 2228 Disk - ok
14:02:25.0734 2228 dmadmin - ok
14:02:25.0796 2228 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:02:25.0859 2228 dmboot - ok
14:02:25.0890 2228 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:02:25.0921 2228 dmio - ok
14:02:25.0953 2228 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:02:25.0968 2228 dmload - ok
14:02:25.0984 2228 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
14:02:26.0000 2228 dmserver - ok
14:02:26.0015 2228 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:02:26.0031 2228 DMusic - ok
14:02:26.0031 2228 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:02:26.0046 2228 Dnscache - ok
14:02:26.0046 2228 dpti2o - ok
14:02:26.0062 2228 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:02:26.0062 2228 drmkaud - ok
14:02:26.0109 2228 [ D57A8FC800B501AC05B10D00F66D127A ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:02:26.0125 2228 E100B - ok
14:02:26.0140 2228 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:02:26.0140 2228 ERSvc - ok
14:02:26.0187 2228 [ 37561F8D4160D62DA86D24AE41FAE8DE ] Eventlog C:\WINDOWS\system32\services.exe
14:02:26.0187 2228 Eventlog - ok
14:02:26.0218 2228 [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem C:\WINDOWS\system32\es.dll
14:02:26.0234 2228 EventSystem - ok
14:02:26.0250 2228 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:02:26.0281 2228 Fastfat - ok
14:02:26.0312 2228 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:02:26.0328 2228 FastUserSwitchingCompatibility - ok
14:02:26.0375 2228 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
14:02:26.0390 2228 Fdc - ok
14:02:26.0406 2228 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:02:26.0437 2228 Fips - ok
14:02:26.0468 2228 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
14:02:26.0484 2228 Flpydisk - ok
14:02:26.0531 2228 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:02:26.0531 2228 FltMgr - ok
14:02:26.0546 2228 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:02:26.0562 2228 Fs_Rec - ok
14:02:26.0593 2228 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:02:26.0609 2228 Ftdisk - ok
14:02:26.0640 2228 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:02:26.0640 2228 GEARAspiWDM - ok
14:02:26.0656 2228 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:02:26.0671 2228 Gpc - ok
14:02:26.0734 2228 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1caa33a198b454e C:\Program Files\Google\Update\GoogleUpdate.exe
14:02:26.0750 2228 gupdate1caa33a198b454e - ok
14:02:26.0750 2228 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:02:26.0750 2228 gupdatem - ok
14:02:26.0812 2228 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:02:26.0828 2228 gusvc - ok
14:02:26.0859 2228 [ E31363D186B3E1D7C4E9117884A6AEE5 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:02:26.0875 2228 HDAudBus - ok
14:02:26.0937 2228 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:02:26.0937 2228 helpsvc - ok
14:02:26.0937 2228 HidServ - ok
14:02:26.0953 2228 hpn - ok
14:02:27.0000 2228 [ ACC46DDA7FECE95A253AE88CEA172E12 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
14:02:27.0031 2228 HSFHWAZL - ok
14:02:27.0078 2228 [ C9F4E7DA78A02623ABF78A4A34CE79B1 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
14:02:27.0140 2228 HSF_DPV - ok
14:02:27.0203 2228 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:02:27.0218 2228 HTTP - ok
14:02:27.0250 2228 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:02:27.0250 2228 HTTPFilter - ok
14:02:27.0265 2228 i2omgmt - ok
14:02:27.0265 2228 i2omp - ok
14:02:27.0296 2228 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:02:27.0328 2228 i8042prt - ok
14:02:27.0359 2228 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:02:27.0375 2228 Imapi - ok
14:02:27.0421 2228 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:02:27.0421 2228 ImapiService - ok
14:02:27.0437 2228 ini910u - ok
14:02:27.0437 2228 IntelIde - ok
14:02:27.0484 2228 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:02:27.0500 2228 intelppm - ok
14:02:27.0515 2228 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:02:27.0546 2228 Ip6Fw - ok
14:02:27.0578 2228 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:02:27.0609 2228 IpFilterDriver - ok
14:02:27.0625 2228 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:02:27.0640 2228 IpInIp - ok
14:02:27.0671 2228 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:02:27.0671 2228 IpNat - ok
14:02:27.0734 2228 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:02:27.0750 2228 iPod Service - ok
14:02:27.0781 2228 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:02:27.0796 2228 IPSec - ok
14:02:27.0828 2228 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:02:27.0859 2228 IRENUM - ok
14:02:27.0906 2228 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:02:27.0906 2228 isapnp - ok
14:02:28.0015 2228 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
14:02:28.0031 2228 JavaQuickStarterService - ok
14:02:28.0046 2228 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:02:28.0062 2228 Kbdclass - ok
14:02:28.0093 2228 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:02:28.0109 2228 kmixer - ok
14:02:28.0125 2228 [ 674D3E5A593475915DC6643317192403 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:02:28.0125 2228 KSecDD - ok
14:02:28.0156 2228 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
14:02:28.0171 2228 lanmanserver - ok
14:02:28.0203 2228 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:02:28.0203 2228 lanmanworkstation - ok
14:02:28.0203 2228 Lavasoft Kernexplorer - ok
14:02:28.0218 2228 lbrtfdc - ok
14:02:28.0234 2228 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:02:28.0234 2228 LmHosts - ok
14:02:28.0250 2228 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:02:28.0250 2228 mdmxsdk - ok
14:02:28.0265 2228 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:02:28.0281 2228 Messenger - ok
14:02:28.0312 2228 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:02:28.0328 2228 mnmdd - ok
14:02:28.0359 2228 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:02:28.0375 2228 mnmsrvc - ok
14:02:28.0375 2228 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:02:28.0406 2228 Modem - ok
14:02:28.0406 2228 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:02:28.0421 2228 Mouclass - ok
14:02:28.0468 2228 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:02:28.0468 2228 MountMgr - ok
14:02:28.0531 2228 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:02:28.0531 2228 MozillaMaintenance - ok
14:02:28.0531 2228 mraid35x - ok
14:02:28.0546 2228 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:02:28.0562 2228 MRxDAV - ok
14:02:28.0609 2228 [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:02:28.0625 2228 MRxSmb - ok
14:02:28.0640 2228 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:02:28.0656 2228 MSDTC - ok
14:02:28.0671 2228 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:02:28.0671 2228 Msfs - ok
14:02:28.0687 2228 MSIServer - ok
14:02:28.0718 2228 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:02:28.0750 2228 MSKSSRV - ok
14:02:28.0812 2228 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:02:28.0828 2228 MSPCLOCK - ok
14:02:28.0859 2228 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:02:28.0875 2228 MSPQM - ok
14:02:28.0906 2228 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:02:28.0921 2228 mssmbios - ok
14:02:28.0921 2228 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:02:28.0937 2228 Mup - ok
14:02:28.0968 2228 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:02:28.0984 2228 NDIS - ok
14:02:29.0015 2228 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:02:29.0031 2228 NdisTapi - ok
14:02:29.0062 2228 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:02:29.0078 2228 Ndisuio - ok
14:02:29.0109 2228 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:02:29.0125 2228 NdisWan - ok
14:02:29.0140 2228 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:02:29.0156 2228 NDProxy - ok
14:02:29.0171 2228 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:02:29.0187 2228 NetBIOS - ok
14:02:29.0203 2228 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:02:29.0218 2228 NetBT - ok
14:02:29.0250 2228 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
14:02:29.0265 2228 NetDDE - ok
14:02:29.0265 2228 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:02:29.0265 2228 NetDDEdsdm - ok
14:02:29.0296 2228 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:02:29.0296 2228 Netlogon - ok
14:02:29.0328 2228 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll
14:02:29.0328 2228 Netman - ok
14:02:29.0375 2228 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:02:29.0375 2228 NIC1394 - ok
14:02:29.0453 2228 [ 097722F235A1FB698BF9234E01B52637 ] Nla C:\WINDOWS\System32\mswsock.dll
14:02:29.0468 2228 Nla - ok
14:02:29.0468 2228 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:02:29.0468 2228 Npfs - ok
14:02:29.0484 2228 NSNDIS5 - ok
14:02:29.0531 2228 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:02:29.0546 2228 Ntfs - ok
14:02:29.0546 2228 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:02:29.0546 2228 NtLmSsp - ok
14:02:29.0593 2228 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:02:29.0609 2228 NtmsSvc - ok
14:02:29.0609 2228 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:02:29.0625 2228 Null - ok
14:02:29.0812 2228 [ 57E81D1FDE97BB98F7373BCE2F4FFB21 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:02:29.0906 2228 nv - ok
14:02:29.0937 2228 [ 65BFFC8257C506E8E81170FC9A42D7E1 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
14:02:29.0953 2228 NVSvc - ok
14:02:30.0000 2228 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:02:30.0015 2228 NwlnkFlt - ok
14:02:30.0031 2228 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:02:30.0062 2228 NwlnkFwd - ok
14:02:30.0171 2228 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:02:30.0187 2228 odserv - ok
14:02:30.0203 2228 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:02:30.0203 2228 ohci1394 - ok
14:02:30.0250 2228 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:02:30.0250 2228 ose - ok
14:02:30.0281 2228 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
14:02:30.0281 2228 Parport - ok
14:02:30.0296 2228 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:02:30.0296 2228 PartMgr - ok
14:02:30.0328 2228 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:02:30.0359 2228 ParVdm - ok
14:02:30.0375 2228 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:02:30.0375 2228 PCI - ok
14:02:30.0390 2228 PCIDump - ok
14:02:30.0390 2228 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:02:30.0406 2228 PCIIde - ok
14:02:30.0468 2228 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:02:30.0484 2228 Pcmcia - ok
14:02:30.0484 2228 PDCOMP - ok
14:02:30.0500 2228 PDFRAME - ok
14:02:30.0500 2228 PDRELI - ok
14:02:30.0500 2228 PDRFRAME - ok
14:02:30.0515 2228 perc2 - ok
14:02:30.0515 2228 perc2hib - ok
14:02:30.0546 2228 [ 37561F8D4160D62DA86D24AE41FAE8DE ] PlugPlay C:\WINDOWS\system32\services.exe
14:02:30.0546 2228 PlugPlay - ok
14:02:30.0562 2228 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:02:30.0562 2228 PolicyAgent - ok
14:02:30.0578 2228 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:02:30.0609 2228 PptpMiniport - ok
14:02:30.0609 2228 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:02:30.0609 2228 ProtectedStorage - ok
14:02:30.0625 2228 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:02:30.0640 2228 PSched - ok
14:02:30.0656 2228 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:02:30.0671 2228 Ptilink - ok
14:02:30.0671 2228 ql1080 - ok
14:02:30.0687 2228 Ql10wnt - ok
14:02:30.0687 2228 ql12160 - ok
14:02:30.0687 2228 ql1240 - ok
14:02:30.0703 2228 ql1280 - ok
14:02:30.0703 2228 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:02:30.0718 2228 RasAcd - ok
14:02:30.0750 2228 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:02:30.0750 2228 RasAuto - ok
14:02:30.0765 2228 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:02:30.0781 2228 Rasl2tp - ok
14:02:30.0812 2228 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:02:30.0812 2228 RasMan - ok
14:02:30.0812 2228 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:02:30.0828 2228 RasPppoe - ok
14:02:30.0859 2228 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:02:30.0875 2228 Raspti - ok
14:02:30.0890 2228 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:02:30.0906 2228 Rdbss - ok
14:02:30.0906 2228 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:02:30.0921 2228 RDPCDD - ok
14:02:30.0968 2228 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:02:31.0000 2228 RDPWD - ok
14:02:31.0031 2228 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:02:31.0031 2228 RDSessMgr - ok
14:02:31.0046 2228 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:02:31.0093 2228 redbook - ok
14:02:31.0109 2228 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:02:31.0125 2228 RemoteAccess - ok
14:02:31.0156 2228 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
14:02:31.0156 2228 RpcLocator - ok
14:02:31.0203 2228 [ 01095FEBF33BEEA00C2A0730B9B3EC28 ] RpcSs C:\WINDOWS\system32\rpcss.dll
14:02:31.0203 2228 RpcSs - ok
14:02:31.0250 2228 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:02:31.0250 2228 RSVP - ok
14:02:31.0281 2228 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
14:02:31.0281 2228 SamSs - ok
14:02:31.0343 2228 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:02:31.0343 2228 SASDIFSV - ok
14:02:31.0375 2228 [ 61DB0D0756A99506207FD724E3692B25 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:02:31.0484 2228 SASKUTIL - ok
14:02:31.0531 2228 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:02:31.0593 2228 SCardSvr - ok
14:02:31.0656 2228 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:02:31.0703 2228 Schedule - ok
14:02:31.0750 2228 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:02:31.0812 2228 Secdrv - ok
14:02:31.0843 2228 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
14:02:31.0859 2228 seclogon - ok
14:02:31.0890 2228 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
14:02:31.0906 2228 SENS - ok
14:02:31.0968 2228 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
14:02:32.0218 2228 Serial - ok
14:02:32.0250 2228 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:02:32.0265 2228 Sfloppy - ok
14:02:32.0312 2228 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:02:32.0328 2228 SharedAccess - ok
14:02:32.0375 2228 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:02:32.0390 2228 ShellHWDetection - ok
14:02:32.0390 2228 Simbad - ok
14:02:32.0421 2228 [ 1A992C8136C015453E82041C35B299DA ] SNC C:\WINDOWS\system32\DRIVERS\SonyNC.sys
14:02:32.0453 2228 SNC - ok
14:02:32.0453 2228 Sparrow - ok
14:02:32.0500 2228 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:02:32.0515 2228 splitter - ok
14:02:32.0531 2228 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:02:32.0531 2228 Spooler - ok
14:02:32.0640 2228 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:02:32.0687 2228 sr - ok
14:02:32.0750 2228 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
14:02:32.0765 2228 srservice - ok
14:02:32.0828 2228 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:02:32.0859 2228 Srv - ok
14:02:32.0890 2228 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:02:32.0906 2228 SSDPSRV - ok
14:02:32.0906 2228 SSPORT - ok
14:02:33.0000 2228 [ C80EC509026F6CC88486742083386FF6 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
14:02:33.0046 2228 STHDA - ok
14:02:33.0093 2228 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:02:33.0093 2228 stisvc - ok
14:02:33.0125 2228 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:02:33.0140 2228 swenum - ok
14:02:33.0156 2228 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:02:33.0156 2228 swmidi - ok
14:02:33.0156 2228 SwPrv - ok
14:02:33.0171 2228 symc810 - ok
14:02:33.0171 2228 symc8xx - ok
14:02:33.0187 2228 sym_hi - ok
14:02:33.0187 2228 sym_u3 - ok
14:02:33.0218 2228 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:02:33.0218 2228 sysaudio - ok
14:02:33.0250 2228 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:02:33.0343 2228 SysmonLog - ok
14:02:33.0390 2228 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:02:33.0515 2228 TapiSrv - ok
14:02:33.0562 2228 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:02:33.0687 2228 Tcpip - ok
14:02:33.0781 2228 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:02:33.0843 2228 TDPIPE - ok
14:02:33.0968 2228 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:02:34.0015 2228 TDTCP - ok
14:02:34.0078 2228 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:02:34.0109 2228 TermDD - ok
14:02:34.0140 2228 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
14:02:34.0156 2228 TermService - ok
14:02:34.0187 2228 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
14:02:34.0187 2228 Themes - ok
14:02:34.0234 2228 [ 26587CE8E6C6F16B8B4E7E2C16FA00BF ] ti21sony C:\WINDOWS\system32\drivers\ti21sony.sys
14:02:34.0250 2228 ti21sony - ok
14:02:34.0265 2228 TosIde - ok
14:02:34.0281 2228 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:02:34.0281 2228 TrkWks - ok
14:02:34.0328 2228 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:02:34.0343 2228 Udfs - ok
14:02:34.0375 2228 ultra - ok
14:02:34.0421 2228 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:02:34.0468 2228 Update - ok
14:02:34.0500 2228 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
14:02:34.0531 2228 upnphost - ok
14:02:34.0546 2228 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
14:02:34.0562 2228 UPS - ok
14:02:34.0609 2228 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
14:02:34.0625 2228 USBAAPL - ok
14:02:34.0656 2228 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:02:34.0687 2228 usbehci - ok
14:02:34.0703 2228 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:02:34.0718 2228 usbhub - ok
14:02:34.0765 2228 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:02:34.0796 2228 usbprint - ok
14:02:34.0828 2228 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:02:34.0843 2228 usbscan - ok
14:02:34.0859 2228 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:02:34.0875 2228 USBSTOR - ok
14:02:34.0906 2228 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:02:34.0921 2228 usbuhci - ok
14:02:34.0937 2228 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:02:34.0953 2228 VgaSave - ok
14:02:34.0968 2228 ViaIde - ok
14:02:35.0015 2228 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:02:35.0031 2228 VolSnap - ok
14:02:35.0156 2228 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
14:02:35.0203 2228 VSS - ok
14:02:35.0343 2228 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
14:02:35.0421 2228 vToolbarUpdater12.2.6 - ok
14:02:35.0468 2228 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
14:02:35.0484 2228 W32Time - ok
14:02:35.0640 2228 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
14:02:35.0687 2228 w39n51 - ok
14:02:35.0703 2228 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:02:35.0750 2228 Wanarp - ok
14:02:35.0750 2228 WDICA - ok
14:02:35.0765 2228 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:02:35.0765 2228 wdmaud - ok
14:02:35.0781 2228 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:02:35.0812 2228 WebClient - ok
14:02:35.0859 2228 [ C1D5CBD8AA0D674DA1BA1BB189696396 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:02:35.0890 2228 winachsf - ok
14:02:35.0984 2228 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:02:35.0984 2228 winmgmt - ok
14:02:36.0046 2228 [ C086483E3DBA8C1C0A687EC8D5B3D4C1 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
14:02:36.0046 2228 WmdmPmSN - ok
14:02:36.0093 2228 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:02:36.0125 2228 WmiApSrv - ok
14:02:36.0171 2228 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:02:36.0171 2228 wscsvc - ok
14:02:36.0203 2228 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:02:36.0203 2228 wuauserv - ok
14:02:36.0234 2228 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:02:36.0234 2228 WZCSVC - ok
14:02:36.0265 2228 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:02:36.0265 2228 xmlprov - ok
14:02:36.0281 2228 ================ Scan global ===============================
14:02:36.0312 2228 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
14:02:36.0343 2228 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
14:02:36.0375 2228 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
14:02:36.0390 2228 [ 37561F8D4160D62DA86D24AE41FAE8DE ] C:\WINDOWS\system32\services.exe
14:02:36.0390 2228 [Global] - ok
14:02:36.0390 2228 ================ Scan MBR ==================================
14:02:36.0437 2228 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
14:02:36.0703 2228 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:02:36.0703 2228 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:02:36.0703 2228 ================ Scan VBR ==================================
14:02:36.0718 2228 [ 4485E6F19D403A678F4459DD4220FC55 ] \Device\Harddisk0\DR0\Partition1
14:02:36.0718 2228 \Device\Harddisk0\DR0\Partition1 - ok
14:02:36.0734 2228 [ C5938D6BB821D2409CAEF2D0B5FDD19A ] \Device\Harddisk0\DR0\Partition2
14:02:36.0750 2228 \Device\Harddisk0\DR0\Partition2 - ok
14:02:36.0750 2228 ============================================================
14:02:36.0750 2228 Scan finished
14:02:36.0750 2228 ============================================================
14:02:36.0765 2188 Detected object count: 1
14:02:36.0765 2188 Actual detected object count: 1
14:02:53.0781 2188 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:02:53.0781 2188 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
14:02:58.0828 3336 Deinitialize success


aswMBR Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-20 14:05:33
-----------------------------
14:05:33.109 OS Version: Windows 5.1.2600 Service Pack 2
14:05:33.109 Number of processors: 2 586 0xE08
14:05:33.125 ComputerName: OWNER-F9D714217 UserName: Owner
14:05:35.609 Initialize success
14:16:01.359 AVAST engine defs: 12102000
14:17:33.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
14:17:33.265 Disk 0 Vendor: TOSHIBA_MK8032GSX AS111G Size: 76319MB BusType: 3
14:17:33.265 Disk 1 \Device\Harddisk1\DR3 -> \Device\00000086
14:17:33.265 Disk 1 Vendor: ( Size: 76319MB BusType: 0
14:17:33.265 Disk 2 \Device\Harddisk2\DR4 -> \Device\00000087
14:17:33.265 Disk 2 Vendor: ( Size: 76319MB BusType: 0
14:17:33.281 Disk 0 MBR read successfully
14:17:33.281 Disk 0 MBR scan
14:17:33.359 Disk 0 Windows XP default MBR code
14:17:33.375 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 45308 MB offset 63
14:17:33.375 Disk 0 Partition - 00 0F Extended LBA 31008 MB offset 92791440
14:17:33.390 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 31008 MB offset 92791503
14:17:33.390 Disk 0 scanning sectors +156296385
14:17:33.515 Disk 0 scanning C:\WINDOWS\system32\drivers
14:17:49.609 Service scanning
14:18:04.031 Modules scanning
14:18:13.546 Disk 0 trace - called modules:
14:18:13.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:18:13.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8677cab8]
14:18:13.562 3 CLASSPNP.SYS[f767305b] -> nt!IofCallDriver -> \Device\0000007f[0x866f69e8]
14:18:13.578 5 ACPI.sys[f74e9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8672d940]
14:18:14.625 AVAST engine scan C:\WINDOWS
14:18:22.265 AVAST engine scan C:\WINDOWS\system32
14:20:41.328 AVAST engine scan C:\WINDOWS\system32\drivers
14:20:51.859 AVAST engine scan C:\Documents and Settings\Owner
14:22:17.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\My Documents\MBR.dat"
14:22:17.453 The log file has been saved successfully to "C:\Documents and Settings\Owner\My Documents\aswMBR.txt"


ESET Log

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0TSY894V\forum[1].htm JS/Exploit.Agent.NBV trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Local Settings\Application Data\{DADD372D-CDBD-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Local Settings\Temp\jar_cache8189350480149821569.tmp Java/Exploit.CVE-2012-1723.J trojan cleaned by deleting - quarantined

Thanks!

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:09 AM

Posted 20 October 2012 - 12:32 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 BlueBat

BlueBat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 21 October 2012 - 11:47 AM

Malwarebytes Log

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.21.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OWNER-F9D714217 [administrator]

21/10/2012 15:31:21
mbam-log-2012-10-21 (15-31-21).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288379
Time elapsed: 51 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|wmshc (Trojan.RedirRdll2.Gen) -> Data: rundll32.exe "C:\Documents and Settings\Owner\Application Data\wmshc.dll",DeleteIndex -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


mini toolbox result


MiniToolBox by Farbar Version: 23-07-2012
Ran by Owner (administrator) on 21-10-2012 at 16:37:48
Microsoft Windows XP Home Edition Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
Intel® PRO/100 VE Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : owner-f9d714217

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-A9-0A-D9-AB



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-13-02-55-C0-2E

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.64

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : 21 October 2012 16:34:47

Lease Expires . . . . . . . . . . : 22 October 2012 16:34:47

Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.41.132, 173.194.41.130, 173.194.41.129, 173.194.41.131
173.194.41.134, 173.194.41.128, 173.194.41.135, 173.194.41.133, 173.194.41.142
173.194.41.137, 173.194.41.136



Pinging google.com [173.194.41.130] with 32 bytes of data:



Reply from 173.194.41.130: bytes=32 time=25ms TTL=51

Reply from 173.194.41.130: bytes=32 time=23ms TTL=52



Ping statistics for 173.194.41.130:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 23ms, Maximum = 25ms, Average = 24ms

Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.138.253.109, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=1480ms TTL=44

Reply from 72.30.38.140: bytes=32 time=1188ms TTL=45



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1188ms, Maximum = 1480ms, Average = 1334ms

Server: homeportal
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 a9 0a d9 ab ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
0x3 ...00 13 02 55 c0 2e ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.64 192.168.1.64 20
192.168.1.0 255.255.255.0 192.168.1.64 192.168.1.64 25
192.168.1.64 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.64 192.168.1.64 25
224.0.0.0 240.0.0.0 192.168.1.64 192.168.1.64 25
255.255.255.255 255.255.255.255 192.168.1.64 2 1
255.255.255.255 255.255.255.255 192.168.1.64 192.168.1.64 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/20/2012 07:29:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3781

Error: (10/20/2012 07:29:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3781

Error: (10/20/2012 07:29:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/19/2012 00:17:18 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (10/19/2012 00:17:17 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (10/19/2012 00:17:17 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (10/19/2012 00:17:16 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (10/19/2012 00:17:16 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (10/19/2012 00:17:15 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (10/19/2012 00:17:15 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.


System errors:
=============
Error: (10/21/2012 04:34:45 PM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (10/21/2012 04:34:45 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%2

Error: (10/21/2012 03:20:13 PM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (10/21/2012 03:20:13 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%2

Error: (10/21/2012 01:21:50 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (10/20/2012 01:57:29 PM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (10/20/2012 01:57:29 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%2

Error: (10/19/2012 11:17:16 PM) (Source: Service Control Manager) (User: )
Description: The SSPORT service failed to start due to the following error:
%%2

Error: (10/19/2012 11:17:16 PM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%2

Error: (10/19/2012 01:21:49 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
AVG Free 9.0
Bonjour (Version: 3.0.0.10)
BT Office Communicator 3.1
DivX Plus Web Player (Version: 2.0.0)
ESET Online Scanner v3
Google Chrome (Version: 22.0.1229.94)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
hp deskjet 5550 series (Remove only)
hp print screen utility
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
iTunes (Version: 10.6.1.7)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 29 (Version: 6.0.290)
JavaFX 2.1.0 (Version: 2.1.0)
Maintenance Samsung ML-1660 Series
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
mDriver (Version: 5.40.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 16.0.1 (x86 en-GB) (Version: 16.0.1)
Mozilla Maintenance Service (Version: 16.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Drivers
QuickTime (Version: 7.71.80.42)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 4.48.1000)
The Official DSA Theory Test for Car Drivers (Version: 1.6)
Update for 2007 Microsoft Office System (KB967642)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB932823-v3) (Version: 3)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Virtual DJ - Atomix Productions
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.0.5 (Version: 1.0.5)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803) (Version: 3.1)
Windows Internet Explorer 8 (Version: 20090308.140743)
WinRAR archiver
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 55%
Total physical RAM: 1022.11 MB
Available physical RAM: 459.13 MB
Total Pagefile: 2459.27 MB
Available Pagefile: 1933.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.03 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:44.25 GB) (Free:6.39 GB) NTFS
2 Drive d: (VAIO) (Fixed) (Total:30.28 GB) (Free:3.37 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-F9D714217

Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0

========================= Restore Points ==================================

19-07-2012 13:48:54 System Checkpoint
22-07-2012 15:42:17 System Checkpoint
23-07-2012 16:20:23 System Checkpoint
28-07-2012 23:02:29 System Checkpoint
01-08-2012 15:51:04 System Checkpoint
03-08-2012 15:55:54 System Checkpoint
06-08-2012 11:00:56 System Checkpoint
10-08-2012 22:34:05 System Checkpoint
19-08-2012 17:22:18 Software Distribution Service 3.0
19-08-2012 17:23:08 Software Distribution Service 3.0
22-08-2012 13:50:12 System Checkpoint
10-09-2012 15:55:02 System Checkpoint
15-09-2012 13:35:18 Removed Java™ 7 Update 4
15-09-2012 13:35:55 Installed Java 7 Update 7
20-09-2012 22:19:23 Avg Update
12-10-2012 23:31:59 System Checkpoint
15-10-2012 15:52:07 System Checkpoint
19-10-2012 23:03:07 System Checkpoint

**** End of log ****

Farbar service scanner Log



Farbar Service Scanner Version: 19-10-2012
Ran by Owner (administrator) on 21-10-2012 at 16:40:52
Running from "C:\Documents and Settings\Owner\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-04 13:00] - [2008-08-14 10:51] - 0138368 ____A (Microsoft Corporation) 55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-04 13:00] - [2004-08-04 13:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-04 13:00] - [2008-06-20 11:45] - 0360320 ____A (Microsoft Corporation) 2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-04 13:00] - [2004-08-04 13:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-04 13:00] - [2004-08-04 13:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-04 13:00] - [2004-08-04 13:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2004-08-04 13:00] - [2004-08-04 13:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-01-29 14:26] - [2004-08-04 13:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2010-01-29 14:28] - [2004-08-04 13:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2010-01-29 14:28] - [2004-08-04 13:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2004-08-04 13:00] - [2004-08-04 13:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2010-01-29 14:26] - [2004-08-04 13:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2010-01-29 14:28] - [2004-08-04 13:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2010-01-29 14:28] - [2004-08-04 13:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-04 13:00] - [2008-07-07 21:32] - 0253952 ____A (Microsoft Corporation) 60D1A6342238378BFB7545C81EE3606C

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-04 13:00] - [2004-08-04 13:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2004-08-04 13:00] - [2004-08-04 13:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-04 13:00] - [2009-02-09 11:20] - 0399360 ____A (Microsoft Corporation) 01095FEBF33BEEA00C2A0730B9B3EC28

C:\WINDOWS\system32\services.exe
[2004-08-04 13:00] - [2009-02-06 18:14] - 0110592 ____A (Microsoft Corporation) 37561F8D4160D62DA86D24AE41FAE8DE


Extra List:
=======
AvgTdiX(90) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0A000000050000000100000002000000030000000400000008000000560000005A0000000600000007000000
IpSec Tag value is correct.

**** End of log ****


adware cleaner Log

# AdwCleaner v2.005 - Logfile created 10/21/2012 at 16:44:19
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Owner - OWNER-F9D714217
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Owner\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={3DE74050-E3D4-43B7-94F6-2C3F2156F313}&mid=ab373856a90c3a1b81dde506cba8c899-d58b95820bfc841588654c8ebc4ce7d3cc851202&lang=us&ds=AVG&pr=fr&d=2011-12-12 15:16:16&v=12.2.5.32&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.1 (en-GB)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\maz0vlug.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid={3DE74050-E3D4-43B7-94F6-2C3F2156F313}&[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.38] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Deleted [l.41] : keyword = "isearch.avg.com",
Deleted [l.44] : search_url = "hxxp://isearch.avg.com/search?cid={3DE74050-E3D4-43B7-94F6-2C3F2156F313}&mid=ab373856a90c3a1b81dde506cba8c899-d58b95820bfc841588654c8ebc4ce7d3cc851202&lang=us&ds=AVG&pr=fr&d=2011-12-12 15:16:16&v=10.0.0.7&sap=dsp&q={searchTerms}",

*************************

AdwCleaner[R1].txt - [6004 octets] - [21/10/2012 16:42:23]
AdwCleaner[S1].txt - [5777 octets] - [21/10/2012 16:44:19]

########## EOF - C:\AdwCleaner[S1].txt - [5837 octets] ##########

Junkware removal tool Log


Junkware Removal Tool (JRT) by Thisisu
Version: 1.8.8 (10.21.2012)
OS: Microsoft Windows XP x86
Ran by Owner on 21/10/2012 at 16:49:58.65
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on 21/10/2012 at 17:00:12.28
End of Report

Thanks!

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:09 AM

Posted 21 October 2012 - 11:51 AM

Update malwarebytes,run scan again and post the log

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 BlueBat

BlueBat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 22 October 2012 - 12:17 PM

Was my first malwarebytes log done wrong? I did not download from the link given as I already had the program so I just updated that instead.

Anyway,

Malwarebytes Log

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.22.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OWNER-F9D714217 [administrator]

22/10/2012 17:01:07
mbam-log-2012-10-22 (17-01-07).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 286960
Time elapsed: 47 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

There are 2 Rkill logs, the first one I stopped it early as I though it was finished, so I repeated the scan and I noticed that there was a change.

Rkill log 1st

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/22/2012 05:55:15 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe (PID: 2188) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

Rkill log 2nd

y Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/22/2012 05:57:14 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/22/2012 05:57:47 PM
Execution time: 0 hours(s), 0 minute(s), and 33 seconds(s)

Autoruns text

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "AppleSyncNotifier" "AppleSyncNotifier" "Apple Inc." "c:\program files\common files\apple\mobile device support\applesyncnotifier.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "AVG9_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg9\avgtray.exe"
+ "HF_G_Jul" "" "" "File not found: C:\Program Files\AVG Secure Search\HF_G_Jul.exe"
+ "HPDJ Taskbar Utility" "" "HP" "c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "pcprtf" "" "" "File not found: C:\Documents and Settings\Owner\Application Data\pcprtf.dll"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "ROC_roc_dec12" "" "" "File not found: C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe"
+ "ROC_ROC_JULY_P1" "" "" "File not found: C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe"
+ "Samsung PanelMgr" "" "" "c:\windows\samsung\panelmgr\ssmmgr.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "vProt" "" "" "File not found: C:\Program Files\AVG Secure Search\vprot.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "BTAgile" "" "" "c:\program files\bt office communicator\btagile.exe"
+ "MSMSGS" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
+ "SpybotSD TeaTimer" "System settings protector" "Safer-Networking Ltd." "c:\program files\spybot - search & destroy\teatimer.exe"
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\superantispyware.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg9\avgpp.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG9 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg9\avgse.dll"
+ "LavasoftShellExt" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG9 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg9\avgse.dll"
+ "LavasoftShellExt" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg9\avgssie.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
+ "Spybot - Search & Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Ad-Aware Update (Weekly).job" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent"
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll"
+ "AVG Security Toolbar Service" "ToolbarB Application" "" "c:\program files\avg\avg9\toolbar\toolbarbroker.exe"
+ "avg9emc" "AVG E-Mail Scanner" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg9\avgemc.exe"
+ "avg9wd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg9\avgwdsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "gupdate1caa33a198b454e" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\java\jre7\bin\jqs.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "NVSvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "vToolbarUpdater12.2.6" "ToolbarU Application" "" "c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\toolbarupdater.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AvgLdx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "AvgMfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "AvgTdiX" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdix.sys"
+ "avgtp" "" "AVG Technologies" "c:\windows\system32\drivers\avgtpx86.sys"
+ "cairegbo" "" "" "c:\windows\system32\drivers\cairegbo.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "DgiVecp" "" "" "File not found: C:\WINDOWS\system32\Drivers\DgiVecp.sys"
+ "E100B" "Intel® PRO/100 Adapter NDIS 5.1 driver" "Intel Corporation" "c:\windows\system32\drivers\e100b325.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dpv.sys"
+ "HSFHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwazl.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "Lavasoft Kernexplorer" "" "" "File not found: C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "mdmxsdk" "Diagnostic Interface DRIVER" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "NSNDIS5" "" "" "File not found: C:\WINDOWS\system32\NSNDIS5.SYS"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 84.18 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "Secdrv" "SafeDisc driver" "" "c:\windows\system32\drivers\secdrv.sys"
+ "SNC" "Sony Notebook Control driver" "Sony Corporation" "c:\windows\system32\drivers\sonync.sys"
+ "SSPORT" "" "" "File not found: C:\WINDOWS\system32\Drivers\SSPORT.sys"
+ "STHDA" "NDRC" "SigmaTel, Inc." "c:\windows\system32\drivers\sthda.sys"
+ "ti21sony" "ti21sony.sys" "Texas Instruments" "c:\windows\system32\drivers\ti21sony.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "w39n51" "Intel® Wireless LAN Driver" "Intel® Corporation" "c:\windows\system32\drivers\w39n51.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "!SASWinLogon" "SUPERAntiSpyware WinLogon Processor" "SUPERAntiSpyware.com" "c:\program files\superantispyware\saswinlo.dll"
+ "avgrsstarter" "AVG Resident Shield Starter" "AVG Technologies CZ, s.r.o." "c:\windows\system32\avgrsstx.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "hpzlnt05" "" "HP" "c:\windows\system32\hpzlnt05.dll"
+ "SSP7M Langmon" "Language Monitor for Status Monitor" "" "c:\windows\system32\ssp7ml3.dll"


Thanks!

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:09 AM

Posted 22 October 2012 - 01:57 PM

Launch Autoruns and uncheck these entries
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "pcprtf" "" "" "File not found: C:\Documents and Settings\Owner\Application Data\pcprtf.dll"

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#9 BlueBat

BlueBat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 24 October 2012 - 09:41 AM

'Remove temporary and junk files'

Do you mean the web browser temporary files only? if not could you please explain it a little more as I'm not sure I understand what to do.

Thanks!

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:09 AM

Posted 24 October 2012 - 09:43 AM

Just follow the instructions posted below the line :thumbup2:

#11 BlueBat

BlueBat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 24 October 2012 - 10:59 AM

Thank you for your quick reply!

I am confused with which entries to uncheck in autoruns, how many in total will be unchecked?

#12 BlueBat

BlueBat
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 24 October 2012 - 11:27 AM

I figured it out, sorry I was being dumb!

Thank you for your patience narenxp! Appreciate all the help!

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:09 AM

Posted 24 October 2012 - 03:17 PM

Launch autoruns and uncheck this entry

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "pcprtf" "" "" "File not found: C:\Documents and Settings\Owner\Application Data\pcprtf.dll"

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users