Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MalwareBytes ran, now no boot, xtgina.dll failed to load msg


  • Please log in to reply
13 replies to this topic

#1 idigapony

idigapony

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 01 November 2012 - 05:14 PM

Hello,

Have a Dell PC that cannot fully boot in normal mode after virus removal was run and found items deleted. Receive the error:

User Interface Failure. The Logon User Interface DLL xtgina.dll failed to load. Contact your system administrator to replace the DLL or restore the original DLL.

Last known good config does not work. Neither does safe mode with networking. Can boot to desktop in safe mode.

Stuck. Help!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:19 PM

Posted 01 November 2012 - 06:36 PM

Boot into safemode

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#3 idigapony

idigapony
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 01 November 2012 - 07:16 PM

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acrobat Assistant 8.0" "AcroTray" "Adobe Systems Inc." "c:\program files\adobe\acrobat 9.0\acrobat\acrotray.exe"
+ "Adobe Acrobat Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\acrobat 9.0\acrobat\acrobat_sl.exe"
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "ATICCC" "" "" "c:\program files\ati technologies\ati.ace\clistart.exe"
+ "IAAnotif" "Event Monitor User Notification Tool" "Intel Corporation" "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
+ "IntelliPoint" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "PDVDDXSrv" "CyberLink PowerDVD Resident Program" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe"
+ "SoundMAXPnP" "SMax4PNP" "Analog Devices, Inc." "c:\program files\analog devices\core\smax4pnp.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "Malwarebytes Anti-Malware" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamgui.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 9.0\acrobat elements\contextmenu.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 9.0\acrobat elements\contextmenu.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "&Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn1\yt.dll"
+ "Adobe PDF Conversion Toolbar Helper" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "DefaultTab Browser Helper" "Search Results" "Search Results LLC." "c:\documents and settings\tforeman\application data\defaulttab\defaulttab\defaulttabbho.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "SmartSelect Class" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Adobe PDF" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Yahoo! Toolbar" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn1\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Google Software Updater.job" "gusvc" "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "Microsoft Antimalware Scheduled Scan.job" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "ASFIPmon" "Monitors and propagates changes in the IP settings of ASF-enabled Broadcom network interfaces." "Broadcom Corporation" "c:\program files\broadcom\asfipmon\asfipmon.exe"
+ "Ati HotKey Poller" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "BcmSqlStartupSvc" "Controls the start of the Business Contact Manager SQL Server instance (MSSMLBIZ)." "Microsoft Corporation" "c:\program files\microsoft small business\business contact manager\bcmsqlstartupsvc.exe"
+ "DefaultTabSearch" "" "" "c:\program files\defaulttab\defaulttabsearch.exe"
+ "DefaultTabUpdate" "DefaultTab Update Service" "Search Results, LLC" "c:\documents and settings\tforeman\application data\defaulttab\defaulttab\dtupdate.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Macrovision Europe Ltd." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "gupdate1ca1543ca604c82" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "IAANTMON" "RAID Monitor" "Intel Corporation" "c:\program files\intel\intel matrix storage manager\iaantmon.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "MSSQL$MSSMLBIZ" "Provides storage, processing and controlled access of data and rapid transaction processing." "Microsoft Corporation" "c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "PSI_SVC_2" "This service provides Protexis licensing functionalty." "Protexis Inc." "c:\program files\common files\protexis\license service\psiservice_2.exe"
+ "SQLBrowser" "Provides SQL Server connection information to client computers." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlbrowser.exe"
+ "SQLWriter" "Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ADIHdAudAddService" "High Definition Audio Function Driver" "Analog Devices, Inc." "c:\windows\system32\drivers\adihdaud.sys"
+ "ati2mtag" "ATI Radeon WindowsNT Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mtag.sys"
+ "b57w2k" "Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57xp32.sys"
+ "BASFND" "Broadcom NetDetect Driver." "Broadcom Corporation" "c:\program files\broadcom\asfipmon\basfnd.sys"
+ "BeTwinKeyboard" "BeTwin Keyboard Filter Driver" "ThinSoft Pte Ltd." "c:\windows\system32\drivers\betwinkf.sys"
+ "BeTwinMouse" "BeTwin Mouse Filter Driver" "ThinSoft Pte Ltd." "c:\windows\system32\drivers\betwinmf.sys"
+ "BeTwinSystem" "BeTwin System Driver" "ThinSoft Pte Ltd." "c:\windows\system32\drivers\betwinsystem.sys"
+ "BeTwinVideo" "BeTwin Video Filter Driver" "ThinSoft Pte Ltd." "c:\windows\system32\drivers\betwinvf.sys"
+ "catchme" "" "" "File not found: C:\DOCUME~1\AWRIGH~1.ACC\LOCALS~1\Temp\catchme.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "E100B" "NDIS 5 driver" "Intel Corporation" "c:\windows\system32\drivers\e100b325.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "iaStor" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SenFiltService" "Sensaura WDM 3D Audio Driver" "Sensaura" "c:\windows\system32\drivers\senfilt.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files\google\google earth\client\wavdest.ax"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudwizard.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clline21.ax"
+ "Cyberlink SubTitle Importor" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clauts.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvsd.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL" "" "" ""
+ "xtgina.dll" "" "" "File not found: xtgina.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Adobe PDF Port Monitor" "Adobe PDF Port Monitor DLL" "Adobe Systems Inc" "c:\windows\system32\adobepdf.dll"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:19 PM

Posted 01 November 2012 - 07:34 PM

Launch Autoruns and uncheck this entry

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL" "" "" ""
+ "xtgina.dll" "" "" "File not found: xtgina.dll"

Restart the PC into normal mode

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#5 idigapony

idigapony
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 02 November 2012 - 12:45 PM

TDSSkiller

09:13:27.0731 0244 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:13:28.0389 0244 ============================================================
09:13:28.0389 0244 Current date / time: 2012/11/02 09:13:28.0389
09:13:28.0389 0244 SystemInfo:
09:13:28.0389 0244
09:13:28.0389 0244 OS Version: 5.1.2600 ServicePack: 3.0
09:13:28.0389 0244 Product type: Workstation
09:13:28.0389 0244 ComputerName: ACCOUNTINGMAIN
09:13:28.0389 0244 UserName: awright
09:13:28.0389 0244 Windows directory: C:\WINDOWS
09:13:28.0389 0244 System windows directory: C:\WINDOWS
09:13:28.0389 0244 Processor architecture: Intel x86
09:13:28.0389 0244 Number of processors: 2
09:13:28.0389 0244 Page size: 0x1000
09:13:28.0389 0244 Boot type: Normal boot
09:13:28.0389 0244 ============================================================
09:13:28.0765 0244 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:13:28.0765 0244 ============================================================
09:13:28.0765 0244 \Device\Harddisk0\DR0:
09:13:28.0765 0244 MBR partitions:
09:13:28.0765 0244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x129E99B5
09:13:28.0765 0244 ============================================================
09:13:28.0796 0244 C: <-> \Device\Harddisk0\DR0\Partition1
09:13:28.0796 0244 ============================================================
09:13:28.0796 0244 Initialize success
09:13:28.0796 0244 ============================================================
09:14:02.0645 0876 ============================================================
09:14:02.0645 0876 Scan started
09:14:02.0645 0876 Mode: Manual; TDLFS;
09:14:02.0645 0876 ============================================================
09:14:02.0864 0876 ================ Scan system memory ========================
09:14:02.0864 0876 System memory - ok
09:14:02.0864 0876 ================ Scan services =============================
09:14:02.0974 0876 Abiosdsk - ok
09:14:02.0989 0876 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:14:02.0989 0876 abp480n5 - ok
09:14:03.0036 0876 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:14:03.0036 0876 ACPI - ok
09:14:03.0068 0876 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
09:14:03.0068 0876 ACPIEC - ok
09:14:03.0115 0876 [ 0F0A69496989912351284BB1BAA2CE57 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
09:14:03.0131 0876 ADIHdAudAddService - ok
09:14:03.0209 0876 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:14:03.0225 0876 AdobeFlashPlayerUpdateSvc - ok
09:14:03.0256 0876 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:14:03.0256 0876 adpu160m - ok
09:14:03.0287 0876 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:14:03.0287 0876 aec - ok
09:14:03.0350 0876 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:14:03.0350 0876 AFD - ok
09:14:03.0381 0876 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
09:14:03.0381 0876 agp440 - ok
09:14:03.0397 0876 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:14:03.0397 0876 agpCPQ - ok
09:14:03.0413 0876 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:14:03.0413 0876 Aha154x - ok
09:14:03.0428 0876 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:14:03.0428 0876 aic78u2 - ok
09:14:03.0444 0876 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:14:03.0444 0876 aic78xx - ok
09:14:03.0475 0876 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:14:03.0475 0876 Alerter - ok
09:14:03.0491 0876 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
09:14:03.0491 0876 ALG - ok
09:14:03.0522 0876 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
09:14:03.0522 0876 AliIde - ok
09:14:03.0538 0876 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:14:03.0538 0876 alim1541 - ok
09:14:03.0569 0876 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:14:03.0569 0876 amdagp - ok
09:14:03.0569 0876 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
09:14:03.0569 0876 amsint - ok
09:14:03.0601 0876 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
09:14:03.0601 0876 AppMgmt - ok
09:14:03.0632 0876 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
09:14:03.0632 0876 asc - ok
09:14:03.0648 0876 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:14:03.0648 0876 asc3350p - ok
09:14:03.0648 0876 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:14:03.0648 0876 asc3550 - ok
09:14:03.0726 0876 [ 6295DD28D0ECBC4E6E450C279FEF5ED9 ] ASFIPmon C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
09:14:03.0726 0876 ASFIPmon - ok
09:14:03.0883 0876 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:14:03.0898 0876 aspnet_state - ok
09:14:03.0914 0876 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:14:03.0914 0876 AsyncMac - ok
09:14:03.0945 0876 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:14:03.0961 0876 atapi - ok
09:14:03.0961 0876 Atdisk - ok
09:14:04.0008 0876 [ 55C017C4E1AD9E2FB08CFA1568F50B6F ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
09:14:04.0024 0876 Ati HotKey Poller - ok
09:14:04.0118 0876 [ F942E79994B3751501C478BF9713D221 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:14:04.0133 0876 ati2mtag - ok
09:14:04.0165 0876 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:14:04.0180 0876 Atmarpc - ok
09:14:04.0212 0876 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:14:04.0212 0876 AudioSrv - ok
09:14:04.0227 0876 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:14:04.0227 0876 audstub - ok
09:14:04.0243 0876 [ D0692F7B8217E3B82D2BFAC535816117 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:14:04.0243 0876 b57w2k - ok
09:14:04.0290 0876 [ 5C68AC6F3E5B3E6D6A78E97D05E42C3A ] BASFND C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
09:14:04.0290 0876 BASFND - ok
09:14:04.0368 0876 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
09:14:04.0368 0876 BcmSqlStartupSvc - ok
09:14:04.0400 0876 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:14:04.0400 0876 Beep - ok
09:14:04.0447 0876 [ F3A9A056410F3AA82180050252BB4573 ] BeTwinKeyboard C:\WINDOWS\system32\drivers\BeTwinKF.sys
09:14:04.0447 0876 BeTwinKeyboard - ok
09:14:04.0462 0876 [ F34DA056766C77C8A11BCAA7E86E5657 ] BeTwinMouse C:\WINDOWS\system32\drivers\BeTwinMF.sys
09:14:04.0462 0876 BeTwinMouse - ok
09:14:04.0494 0876 [ AA2137DFFF4E61DA14C9032C5F929C4D ] BeTwinSystem C:\WINDOWS\system32\Drivers\BeTwinSystem.sys
09:14:04.0494 0876 BeTwinSystem - ok
09:14:04.0510 0876 [ 940B33E7DD9CD3D41C854E77A831DCC9 ] BeTwinVideo C:\WINDOWS\system32\drivers\BeTwinVF.sys
09:14:04.0510 0876 BeTwinVideo - ok
09:14:04.0541 0876 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
09:14:04.0588 0876 BITS - ok
09:14:04.0619 0876 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
09:14:04.0619 0876 Browser - ok
09:14:04.0635 0876 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
09:14:04.0635 0876 BthEnum - ok
09:14:04.0745 0876 catchme - ok
09:14:04.0760 0876 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:14:04.0760 0876 cbidf - ok
09:14:04.0760 0876 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:14:04.0760 0876 cbidf2k - ok
09:14:04.0776 0876 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:14:04.0776 0876 cd20xrnt - ok
09:14:04.0823 0876 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:14:04.0823 0876 Cdaudio - ok
09:14:04.0870 0876 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:14:04.0870 0876 Cdfs - ok
09:14:04.0886 0876 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:14:04.0886 0876 Cdrom - ok
09:14:04.0886 0876 Changer - ok
09:14:04.0933 0876 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:14:04.0933 0876 CiSvc - ok
09:14:04.0948 0876 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:14:04.0948 0876 ClipSrv - ok
09:14:05.0027 0876 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:14:05.0042 0876 clr_optimization_v2.0.50727_32 - ok
09:14:05.0089 0876 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:14:05.0121 0876 clr_optimization_v4.0.30319_32 - ok
09:14:05.0136 0876 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:14:05.0136 0876 CmdIde - ok
09:14:05.0152 0876 COMSysApp - ok
09:14:05.0168 0876 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:14:05.0168 0876 Cpqarray - ok
09:14:05.0183 0876 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:14:05.0183 0876 CryptSvc - ok
09:14:05.0199 0876 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:14:05.0199 0876 dac2w2k - ok
09:14:05.0215 0876 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:14:05.0215 0876 dac960nt - ok
09:14:05.0262 0876 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:14:05.0277 0876 DcomLaunch - ok
09:14:05.0371 0876 [ 4780EB441A81C779A62CF331B7EFAE10 ] DefaultTabSearch C:\Program Files\DefaultTab\DefaultTabSearch.exe
09:14:05.0387 0876 DefaultTabSearch - ok
09:14:05.0497 0876 [ 34AE0DFA3EE3B5B9975042D87332D0B7 ] DefaultTabUpdate C:\Documents and Settings\tforeman\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
09:14:05.0497 0876 DefaultTabUpdate - ok
09:14:05.0544 0876 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:14:05.0544 0876 Dhcp - ok
09:14:05.0591 0876 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:14:05.0591 0876 Disk - ok
09:14:05.0591 0876 dmadmin - ok
09:14:05.0638 0876 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:14:05.0653 0876 dmboot - ok
09:14:05.0669 0876 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:14:05.0669 0876 dmio - ok
09:14:05.0685 0876 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:14:05.0685 0876 dmload - ok
09:14:05.0732 0876 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:14:05.0732 0876 dmserver - ok
09:14:05.0747 0876 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:14:05.0747 0876 DMusic - ok
09:14:05.0763 0876 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:14:05.0763 0876 Dnscache - ok
09:14:05.0794 0876 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:14:05.0794 0876 Dot3svc - ok
09:14:05.0810 0876 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:14:05.0810 0876 dpti2o - ok
09:14:05.0826 0876 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:14:05.0826 0876 drmkaud - ok
09:14:05.0841 0876 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:14:05.0841 0876 E100B - ok
09:14:05.0857 0876 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:14:05.0857 0876 EapHost - ok
09:14:05.0873 0876 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:14:05.0873 0876 ERSvc - ok
09:14:05.0920 0876 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
09:14:05.0920 0876 Eventlog - ok
09:14:05.0967 0876 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
09:14:05.0983 0876 EventSystem - ok
09:14:05.0998 0876 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:14:06.0014 0876 Fastfat - ok
09:14:06.0061 0876 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:14:06.0061 0876 FastUserSwitchingCompatibility - ok
09:14:06.0077 0876 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
09:14:06.0077 0876 Fax - ok
09:14:06.0108 0876 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
09:14:06.0108 0876 Fdc - ok
09:14:06.0139 0876 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:14:06.0139 0876 Fips - ok
09:14:06.0218 0876 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:14:06.0218 0876 FLEXnet Licensing Service - ok
09:14:06.0249 0876 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:14:06.0249 0876 Flpydisk - ok
09:14:06.0296 0876 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:14:06.0312 0876 FltMgr - ok
09:14:06.0390 0876 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:14:06.0406 0876 FontCache3.0.0.0 - ok
09:14:06.0421 0876 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:14:06.0421 0876 Fs_Rec - ok
09:14:06.0421 0876 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:14:06.0421 0876 Ftdisk - ok
09:14:06.0468 0876 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:14:06.0484 0876 Gpc - ok
09:14:06.0609 0876 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca1543ca604c82 C:\Program Files\Google\Update\GoogleUpdate.exe
09:14:06.0609 0876 gupdate1ca1543ca604c82 - ok
09:14:06.0625 0876 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:14:06.0625 0876 gupdatem - ok
09:14:06.0672 0876 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:14:06.0688 0876 gusvc - ok
09:14:06.0735 0876 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:14:06.0735 0876 HDAudBus - ok
09:14:06.0813 0876 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:14:06.0813 0876 helpsvc - ok
09:14:06.0860 0876 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
09:14:06.0876 0876 HidServ - ok
09:14:06.0876 0876 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:14:06.0876 0876 HidUsb - ok
09:14:06.0923 0876 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:14:06.0923 0876 hkmsvc - ok
09:14:06.0938 0876 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
09:14:06.0938 0876 hpn - ok
09:14:06.0985 0876 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:14:06.0985 0876 HTTP - ok
09:14:07.0017 0876 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:14:07.0017 0876 HTTPFilter - ok
09:14:07.0048 0876 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
09:14:07.0048 0876 i2omgmt - ok
09:14:07.0079 0876 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:14:07.0079 0876 i2omp - ok
09:14:07.0111 0876 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:14:07.0111 0876 i8042prt - ok
09:14:07.0173 0876 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
09:14:07.0173 0876 IAANTMON - ok
09:14:07.0236 0876 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
09:14:07.0236 0876 iaStor - ok
09:14:07.0346 0876 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:14:07.0362 0876 idsvc - ok
09:14:07.0377 0876 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:14:07.0377 0876 Imapi - ok
09:14:07.0424 0876 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
09:14:07.0440 0876 ImapiService - ok
09:14:07.0471 0876 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:14:07.0471 0876 ini910u - ok
09:14:07.0487 0876 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
09:14:07.0487 0876 IntelIde - ok
09:14:07.0518 0876 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:14:07.0518 0876 intelppm - ok
09:14:07.0550 0876 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:14:07.0550 0876 Ip6Fw - ok
09:14:07.0581 0876 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:14:07.0581 0876 IpFilterDriver - ok
09:14:07.0597 0876 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:14:07.0597 0876 IpInIp - ok
09:14:07.0628 0876 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:14:07.0628 0876 IpNat - ok
09:14:07.0628 0876 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:14:07.0644 0876 IPSec - ok
09:14:07.0659 0876 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:14:07.0659 0876 IRENUM - ok
09:14:07.0691 0876 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:14:07.0691 0876 isapnp - ok
09:14:07.0847 0876 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
09:14:07.0847 0876 JavaQuickStarterService - ok
09:14:07.0863 0876 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:14:07.0863 0876 Kbdclass - ok
09:14:07.0926 0876 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:14:07.0926 0876 kbdhid - ok
09:14:07.0941 0876 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:14:07.0957 0876 kmixer - ok
09:14:07.0988 0876 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:14:07.0988 0876 KSecDD - ok
09:14:08.0020 0876 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:14:08.0020 0876 lanmanserver - ok
09:14:08.0035 0876 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:14:08.0035 0876 lanmanworkstation - ok
09:14:08.0051 0876 lbrtfdc - ok
09:14:08.0098 0876 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:14:08.0098 0876 LmHosts - ok
09:14:08.0129 0876 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:14:08.0129 0876 Messenger - ok
09:14:08.0176 0876 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:14:08.0176 0876 mnmdd - ok
09:14:08.0208 0876 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
09:14:08.0208 0876 mnmsrvc - ok
09:14:08.0223 0876 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:14:08.0223 0876 Modem - ok
09:14:08.0239 0876 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:14:08.0239 0876 Mouclass - ok
09:14:08.0270 0876 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:14:08.0270 0876 mouhid - ok
09:14:08.0286 0876 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:14:08.0286 0876 MountMgr - ok
09:14:08.0333 0876 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
09:14:08.0333 0876 MpFilter - ok
09:14:08.0380 0876 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:14:08.0380 0876 mraid35x - ok
09:14:08.0380 0876 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:14:08.0396 0876 MRxDAV - ok
09:14:08.0427 0876 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:14:08.0443 0876 MRxSmb - ok
09:14:08.0458 0876 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:14:08.0458 0876 MSDTC - ok
09:14:08.0474 0876 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:14:08.0474 0876 Msfs - ok
09:14:08.0474 0876 MSIServer - ok
09:14:08.0505 0876 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:14:08.0505 0876 MSKSSRV - ok
09:14:08.0568 0876 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:14:08.0568 0876 MsMpSvc - ok
09:14:08.0600 0876 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:14:08.0600 0876 MSPCLOCK - ok
09:14:08.0615 0876 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:14:08.0615 0876 MSPQM - ok
09:14:08.0647 0876 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:14:08.0647 0876 mssmbios - ok
09:14:08.0725 0876 MSSQL$MSSMLBIZ - ok
09:14:08.0756 0876 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
09:14:08.0756 0876 MSSQLServerADHelper - ok
09:14:08.0788 0876 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:14:08.0788 0876 Mup - ok
09:14:08.0850 0876 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
09:14:08.0850 0876 napagent - ok
09:14:08.0882 0876 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:14:08.0882 0876 NDIS - ok
09:14:08.0929 0876 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:14:08.0929 0876 NdisTapi - ok
09:14:08.0976 0876 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:14:08.0976 0876 Ndisuio - ok
09:14:08.0991 0876 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:14:09.0007 0876 NdisWan - ok
09:14:09.0054 0876 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:14:09.0054 0876 NDProxy - ok
09:14:09.0101 0876 [ F7C14F5077BF2BC476C348B88A7F74E2 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
09:14:09.0101 0876 Net Driver HPZ12 - ok
09:14:09.0101 0876 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:14:09.0101 0876 NetBIOS - ok
09:14:09.0132 0876 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:14:09.0132 0876 NetBT - ok
09:14:09.0179 0876 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
09:14:09.0179 0876 NetDDE - ok
09:14:09.0195 0876 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:14:09.0195 0876 NetDDEdsdm - ok
09:14:09.0226 0876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
09:14:09.0226 0876 Netlogon - ok
09:14:09.0242 0876 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
09:14:09.0242 0876 Netman - ok
09:14:09.0289 0876 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:14:09.0289 0876 NetTcpPortSharing - ok
09:14:09.0320 0876 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
09:14:09.0336 0876 Nla - ok
09:14:09.0336 0876 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:14:09.0336 0876 Npfs - ok
09:14:09.0352 0876 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:14:09.0367 0876 Ntfs - ok
09:14:09.0383 0876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
09:14:09.0383 0876 NtLmSsp - ok
09:14:09.0414 0876 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:14:09.0414 0876 NtmsSvc - ok
09:14:09.0430 0876 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:14:09.0430 0876 Null - ok
09:14:09.0508 0876 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:14:09.0540 0876 nv - ok
09:14:09.0587 0876 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:14:09.0587 0876 NwlnkFlt - ok
09:14:09.0587 0876 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:14:09.0587 0876 NwlnkFwd - ok
09:14:09.0743 0876 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:14:09.0759 0876 odserv - ok
09:14:09.0806 0876 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:14:09.0806 0876 ose - ok
09:14:09.0853 0876 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
09:14:09.0853 0876 Parport - ok
09:14:09.0869 0876 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:14:09.0869 0876 PartMgr - ok
09:14:09.0900 0876 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:14:09.0900 0876 ParVdm - ok
09:14:09.0931 0876 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:14:09.0931 0876 PCI - ok
09:14:09.0931 0876 PCIDump - ok
09:14:09.0963 0876 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
09:14:09.0963 0876 PCIIde - ok
09:14:09.0979 0876 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
09:14:09.0979 0876 Pcmcia - ok
09:14:09.0979 0876 PDCOMP - ok
09:14:09.0994 0876 PDFRAME - ok
09:14:09.0994 0876 PDRELI - ok
09:14:10.0010 0876 PDRFRAME - ok
09:14:10.0026 0876 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
09:14:10.0026 0876 perc2 - ok
09:14:10.0041 0876 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:14:10.0041 0876 perc2hib - ok
09:14:10.0073 0876 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
09:14:10.0073 0876 PlugPlay - ok
09:14:10.0120 0876 [ E638656001C52A1FAA34F92E6D3A086B ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
09:14:10.0120 0876 Pml Driver HPZ12 - ok
09:14:10.0135 0876 [ CF7C1868B90C90A265FC3F60CE46265B ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
09:14:10.0135 0876 Point32 - ok
09:14:10.0135 0876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:14:10.0151 0876 PolicyAgent - ok
09:14:10.0198 0876 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:14:10.0198 0876 PptpMiniport - ok
09:14:10.0214 0876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:14:10.0214 0876 ProtectedStorage - ok
09:14:10.0214 0876 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:14:10.0214 0876 PSched - ok
09:14:10.0292 0876 [ A812FD2C73D306CABF3BD8C57754F843 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
09:14:10.0292 0876 PSI_SVC_2 - ok
09:14:10.0292 0876 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:14:10.0292 0876 Ptilink - ok
09:14:10.0308 0876 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:14:10.0308 0876 ql1080 - ok
09:14:10.0308 0876 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:14:10.0308 0876 Ql10wnt - ok
09:14:10.0370 0876 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:14:10.0370 0876 ql12160 - ok
09:14:10.0386 0876 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:14:10.0386 0876 ql1240 - ok
09:14:10.0417 0876 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:14:10.0417 0876 ql1280 - ok
09:14:10.0449 0876 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:14:10.0449 0876 RasAcd - ok
09:14:10.0496 0876 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:14:10.0496 0876 RasAuto - ok
09:14:10.0511 0876 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:14:10.0511 0876 Rasl2tp - ok
09:14:10.0558 0876 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:14:10.0558 0876 RasMan - ok
09:14:10.0574 0876 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:14:10.0574 0876 RasPppoe - ok
09:14:10.0574 0876 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:14:10.0574 0876 Raspti - ok
09:14:10.0590 0876 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:14:10.0590 0876 Rdbss - ok
09:14:10.0605 0876 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:14:10.0605 0876 RDPCDD - ok
09:14:10.0621 0876 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:14:10.0637 0876 rdpdr - ok
09:14:10.0684 0876 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:14:10.0684 0876 RDPWD - ok
09:14:10.0715 0876 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:14:10.0715 0876 RDSessMgr - ok
09:14:10.0746 0876 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:14:10.0746 0876 redbook - ok
09:14:10.0778 0876 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:14:10.0778 0876 RemoteAccess - ok
09:14:10.0825 0876 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
09:14:10.0825 0876 RemoteRegistry - ok
09:14:10.0903 0876 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
09:14:10.0903 0876 RFCOMM - ok
09:14:10.0950 0876 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
09:14:10.0950 0876 RpcLocator - ok
09:14:10.0997 0876 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
09:14:10.0997 0876 RpcSs - ok
09:14:11.0044 0876 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
09:14:11.0044 0876 RSVP - ok
09:14:11.0075 0876 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
09:14:11.0075 0876 SamSs - ok
09:14:11.0091 0876 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:14:11.0107 0876 SCardSvr - ok
09:14:11.0154 0876 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:14:11.0154 0876 Schedule - ok
09:14:11.0201 0876 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:14:11.0201 0876 Secdrv - ok
09:14:11.0216 0876 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:14:11.0232 0876 seclogon - ok
09:14:11.0279 0876 [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys
09:14:11.0295 0876 SenFiltService - ok
09:14:11.0311 0876 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
09:14:11.0311 0876 SENS - ok
09:14:11.0358 0876 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
09:14:11.0358 0876 serenum - ok
09:14:11.0373 0876 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
09:14:11.0373 0876 Serial - ok
09:14:11.0405 0876 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
09:14:11.0405 0876 Sfloppy - ok
09:14:11.0467 0876 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:14:11.0467 0876 SharedAccess - ok
09:14:11.0483 0876 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:14:11.0499 0876 ShellHWDetection - ok
09:14:11.0499 0876 Simbad - ok
09:14:11.0530 0876 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:14:11.0530 0876 sisagp - ok
09:14:11.0577 0876 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:14:11.0577 0876 Sparrow - ok
09:14:11.0608 0876 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:14:11.0608 0876 splitter - ok
09:14:11.0655 0876 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:14:11.0655 0876 Spooler - ok
09:14:11.0702 0876 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:14:11.0702 0876 SQLBrowser - ok
09:14:11.0749 0876 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:14:11.0749 0876 SQLWriter - ok
09:14:11.0812 0876 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:14:11.0828 0876 sr - ok
09:14:11.0843 0876 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
09:14:11.0859 0876 srservice - ok
09:14:11.0890 0876 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:14:11.0906 0876 Srv - ok
09:14:11.0922 0876 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:14:11.0922 0876 SSDPSRV - ok
09:14:11.0953 0876 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
09:14:11.0953 0876 StillCam - ok
09:14:12.0000 0876 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:14:12.0000 0876 stisvc - ok
09:14:12.0031 0876 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:14:12.0031 0876 swenum - ok
09:14:12.0031 0876 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:14:12.0031 0876 swmidi - ok
09:14:12.0047 0876 SwPrv - ok
09:14:12.0078 0876 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
09:14:12.0078 0876 symc810 - ok
09:14:12.0078 0876 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:14:12.0078 0876 symc8xx - ok
09:14:12.0094 0876 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:14:12.0094 0876 sym_hi - ok
09:14:12.0110 0876 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:14:12.0110 0876 sym_u3 - ok
09:14:12.0125 0876 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:14:12.0141 0876 sysaudio - ok
09:14:12.0157 0876 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:14:12.0157 0876 SysmonLog - ok
09:14:12.0188 0876 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:14:12.0204 0876 TapiSrv - ok
09:14:12.0266 0876 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:14:12.0266 0876 Tcpip - ok
09:14:12.0298 0876 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:14:12.0298 0876 TDPIPE - ok
09:14:12.0313 0876 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:14:12.0313 0876 TDTCP - ok
09:14:12.0329 0876 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:14:12.0329 0876 TermDD - ok
09:14:12.0345 0876 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
09:14:12.0360 0876 TermService - ok
09:14:12.0376 0876 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
09:14:12.0376 0876 Themes - ok
09:14:12.0407 0876 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
09:14:12.0423 0876 TlntSvr - ok
09:14:12.0423 0876 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
09:14:12.0423 0876 TosIde - ok
09:14:12.0454 0876 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:14:12.0470 0876 TrkWks - ok
09:14:12.0501 0876 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:14:12.0501 0876 Udfs - ok
09:14:12.0517 0876 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
09:14:12.0517 0876 ultra - ok
09:14:12.0580 0876 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:14:12.0580 0876 Update - ok
09:14:12.0658 0876 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:14:12.0658 0876 upnphost - ok
09:14:12.0674 0876 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
09:14:12.0674 0876 UPS - ok
09:14:12.0721 0876 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:14:12.0721 0876 usbccgp - ok
09:14:12.0737 0876 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:14:12.0737 0876 usbehci - ok
09:14:12.0752 0876 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:14:12.0752 0876 usbhub - ok
09:14:12.0768 0876 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:14:12.0768 0876 usbscan - ok
09:14:12.0815 0876 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:14:12.0815 0876 USBSTOR - ok
09:14:12.0878 0876 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:14:12.0893 0876 usbuhci - ok
09:14:12.0893 0876 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:14:12.0893 0876 VgaSave - ok
09:14:12.0925 0876 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:14:12.0925 0876 viaagp - ok
09:14:12.0940 0876 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
09:14:12.0940 0876 ViaIde - ok
09:14:12.0972 0876 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:14:12.0972 0876 VolSnap - ok
09:14:13.0003 0876 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
09:14:13.0003 0876 VSS - ok
09:14:13.0034 0876 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
09:14:13.0050 0876 w32time - ok
09:14:13.0066 0876 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:14:13.0066 0876 Wanarp - ok
09:14:13.0066 0876 WDICA - ok
09:14:13.0081 0876 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:14:13.0081 0876 wdmaud - ok
09:14:13.0097 0876 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:14:13.0097 0876 WebClient - ok
09:14:13.0191 0876 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:14:13.0191 0876 winmgmt - ok
09:14:13.0238 0876 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
09:14:13.0238 0876 WmdmPmSN - ok
09:14:13.0285 0876 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
09:14:13.0301 0876 Wmi - ok
09:14:13.0316 0876 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:14:13.0316 0876 WmiApSrv - ok
09:14:13.0332 0876 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:14:13.0348 0876 WpdUsb - ok
09:14:13.0442 0876 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:14:13.0457 0876 WPFFontCache_v0400 - ok
09:14:13.0489 0876 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:14:13.0489 0876 WS2IFSL - ok
09:14:13.0520 0876 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:14:13.0520 0876 wscsvc - ok
09:14:13.0536 0876 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:14:13.0536 0876 wuauserv - ok
09:14:13.0583 0876 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:14:13.0583 0876 WudfPf - ok
09:14:13.0614 0876 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:14:13.0630 0876 WudfRd - ok
09:14:13.0645 0876 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
09:14:13.0661 0876 WudfSvc - ok
09:14:13.0708 0876 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:14:13.0724 0876 WZCSVC - ok
09:14:13.0755 0876 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:14:13.0755 0876 xmlprov - ok
09:14:13.0771 0876 ================ Scan global ===============================
09:14:13.0818 0876 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:14:13.0865 0876 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:14:13.0880 0876 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:14:13.0896 0876 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:14:13.0896 0876 [Global] - ok
09:14:13.0896 0876 ================ Scan MBR ==================================
09:14:13.0927 0876 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:14:14.0225 0876 \Device\Harddisk0\DR0 - ok
09:14:14.0225 0876 ================ Scan VBR ==================================
09:14:14.0257 0876 [ 473DDCAB55ED193F7B25E4D9DC8FD3A0 ] \Device\Harddisk0\DR0\Partition1
09:14:14.0257 0876 \Device\Harddisk0\DR0\Partition1 - ok
09:14:14.0257 0876 ============================================================
09:14:14.0257 0876 Scan finished
09:14:14.0257 0876 ============================================================
09:14:14.0257 3156 Detected object count: 0
09:14:14.0257 3156 Actual detected object count: 0

-------------------------------

aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-02 09:16:35
-----------------------------
09:16:35.374 OS Version: Windows 5.1.2600 Service Pack 3
09:16:35.374 Number of processors: 2 586 0xF0D
09:16:35.374 ComputerName: ACCOUNTINGMAIN UserName: awright
09:16:35.937 Initialize success
09:20:24.474 AVAST engine defs: 12110200
09:21:16.338 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:21:16.338 Disk 0 Vendor: SAMSUNG_ JF80 Size: 152587MB BusType: 3
09:21:16.430 Disk 0 MBR read successfully
09:21:16.430 Disk 0 MBR scan
09:21:16.446 Disk 0 Windows XP default MBR code
09:21:16.446 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
09:21:16.461 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152531 MB offset 112455
09:21:16.477 Disk 0 scanning sectors +312496380
09:21:16.554 Disk 0 scanning C:\WINDOWS\system32\drivers
09:21:26.772 Service scanning
09:21:45.252 Modules scanning
09:21:49.326 Disk 0 trace - called modules:
09:21:49.342 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:21:49.358 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b2196c8]
09:21:49.358 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8b221030]
09:21:49.824 AVAST engine scan C:\WINDOWS
09:22:08.052 AVAST engine scan C:\WINDOWS\system32
09:25:02.897 AVAST engine scan C:\WINDOWS\system32\drivers
09:25:19.600 AVAST engine scan C:\Documents and Settings\awright
09:26:59.154 AVAST engine scan C:\Documents and Settings\All Users
09:27:24.451 Scan finished successfully
09:31:23.800 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\awright\My Documents\MBR.dat"
09:31:23.800 The log file has been saved successfully to "C:\Documents and Settings\awright\My Documents\aswMBR.txt"




-------------------------------

ESET

C:\Documents and Settings\tforeman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\arcadewebchrome.dll a variant of Win32/Adware.Gamevance.CW application cleaned by deleting - quarantined
C:\Documents and Settings\tforeman\Local Settings\Temp\exp1.tmp.exe a variant of Win32/Kryptik.AOBD trojan cleaned by deleting - quarantined
C:\Documents and Settings\tforeman\Local Settings\Temporary Internet Files\Content.IE5\GDTX60DI\discover-important_message[1].htm JS/Kryptik.AAY trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1359\A0081220.dll a variant of Win32/Adware.Gamevance.CW application cleaned by deleting - quarantined

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:19 PM

Posted 02 November 2012 - 12:46 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#7 idigapony

idigapony
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 02 November 2012 - 01:24 PM

Should I first remove the threats found by ESET?

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:19 PM

Posted 02 November 2012 - 01:35 PM

Yes

#9 idigapony

idigapony
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 02 November 2012 - 03:09 PM

Malwarebytes

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.02.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
awright :: ACCOUNTINGMAIN [administrator]

11/2/2012 11:40:20 AM
mbam-log-2012-11-02 (11-40-20).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 499154
Time elapsed: 51 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

------------------------------
mini toolbox

Revo Uninstaller 1.94 (Version: 1.94)
Sage Components (Version: 1.04.0000)
Sage MAS 90 Workstation (Y:\M4\MAS90) (Version: 4.20)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB978506) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB976749) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
WebEx
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 3069.89 MB
Available physical RAM: 2353.48 MB
Total Pagefile: 4954.83 MB
Available Pagefile: 4383.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.98 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:148.96 GB) (Free:111.7 GB) NTFS

========================= Users: ========================================

User accounts for \\ACCOUNTINGMAIN

Admin ASPNET awright
Charlie Guest HelpAssistant
Kathy SUPPORT_388945a0 SUPPORT_8712
TigerTiger!

========================= Restore Points ==================================

05-08-2012 14:53:49 Software Distribution Service 3.0
06-08-2012 14:54:01 Software Distribution Service 3.0
07-08-2012 14:54:02 Software Distribution Service 3.0
08-08-2012 14:53:35 Software Distribution Service 3.0
08-08-2012 23:41:50 Software Distribution Service 3.0
09-08-2012 14:54:10 Software Distribution Service 3.0
10-08-2012 14:53:27 Software Distribution Service 3.0
11-08-2012 14:55:34 Software Distribution Service 3.0
12-08-2012 14:53:42 Software Distribution Service 3.0
13-08-2012 14:53:54 Software Distribution Service 3.0
14-08-2012 14:54:04 Software Distribution Service 3.0
15-08-2012 10:00:19 Software Distribution Service 3.0
16-08-2012 00:15:31 Software Distribution Service 3.0
16-08-2012 10:19:33 Software Distribution Service 3.0
17-08-2012 10:19:07 Software Distribution Service 3.0
18-08-2012 10:19:35 Software Distribution Service 3.0
19-08-2012 10:19:21 Software Distribution Service 3.0
20-08-2012 10:19:23 Software Distribution Service 3.0
21-08-2012 10:19:43 Software Distribution Service 3.0
22-08-2012 10:19:29 Software Distribution Service 3.0
23-08-2012 00:01:59 Software Distribution Service 3.0
23-08-2012 10:19:19 Software Distribution Service 3.0
24-08-2012 10:18:57 Software Distribution Service 3.0
25-08-2012 10:19:35 Software Distribution Service 3.0
26-08-2012 10:19:16 Software Distribution Service 3.0
27-08-2012 10:19:15 Software Distribution Service 3.0
28-08-2012 10:19:27 Software Distribution Service 3.0
29-08-2012 10:19:31 Software Distribution Service 3.0
30-08-2012 00:00:30 Software Distribution Service 3.0
30-08-2012 10:19:15 Software Distribution Service 3.0
31-08-2012 10:19:22 Software Distribution Service 3.0
31-08-2012 16:12:42 Installed AccountScout.NET
01-09-2012 10:19:19 Software Distribution Service 3.0
02-09-2012 10:19:08 Software Distribution Service 3.0
03-09-2012 10:19:07 Software Distribution Service 3.0
04-09-2012 10:19:06 Software Distribution Service 3.0
05-09-2012 10:19:09 Software Distribution Service 3.0
06-09-2012 00:00:53 Software Distribution Service 3.0
06-09-2012 10:19:11 Software Distribution Service 3.0
07-09-2012 19:02:52 Software Distribution Service 3.0
08-09-2012 19:02:39 Software Distribution Service 3.0
09-09-2012 19:02:40 Software Distribution Service 3.0
10-09-2012 19:02:47 Software Distribution Service 3.0
11-09-2012 19:05:07 Software Distribution Service 3.0
12-09-2012 19:02:54 Software Distribution Service 3.0
12-09-2012 23:36:00 Software Distribution Service 3.0
13-09-2012 10:00:27 Software Distribution Service 3.0
13-09-2012 19:02:51 Software Distribution Service 3.0
14-09-2012 19:02:53 Software Distribution Service 3.0
15-09-2012 19:02:39 Software Distribution Service 3.0
16-09-2012 19:02:12 Software Distribution Service 3.0
17-09-2012 19:02:13 Software Distribution Service 3.0
18-09-2012 19:03:31 Software Distribution Service 3.0
19-09-2012 19:02:35 Software Distribution Service 3.0
19-09-2012 23:36:02 Software Distribution Service 3.0
20-09-2012 19:01:58 Software Distribution Service 3.0
21-09-2012 19:02:36 Software Distribution Service 3.0
22-09-2012 10:00:16 Software Distribution Service 3.0
23-09-2012 10:15:07 Software Distribution Service 3.0
24-09-2012 10:14:43 Software Distribution Service 3.0
25-09-2012 10:14:49 Software Distribution Service 3.0
26-09-2012 10:00:15 Software Distribution Service 3.0
27-09-2012 00:16:54 Software Distribution Service 3.0
27-09-2012 10:11:42 Software Distribution Service 3.0
28-09-2012 10:12:30 Software Distribution Service 3.0
29-09-2012 10:11:47 Software Distribution Service 3.0
30-09-2012 10:11:36 Software Distribution Service 3.0
01-10-2012 10:11:33 Software Distribution Service 3.0
02-10-2012 10:11:50 Software Distribution Service 3.0
03-10-2012 10:12:50 Software Distribution Service 3.0
04-10-2012 00:25:41 Software Distribution Service 3.0
05-10-2012 00:28:37 System Checkpoint
05-10-2012 22:37:49 Software Distribution Service 3.0
06-10-2012 22:37:36 Software Distribution Service 3.0
07-10-2012 22:37:37 Software Distribution Service 3.0
08-10-2012 22:37:53 Software Distribution Service 3.0
09-10-2012 22:37:38 Software Distribution Service 3.0
10-10-2012 10:00:20 Software Distribution Service 3.0
11-10-2012 00:14:26 Software Distribution Service 3.0
11-10-2012 10:18:03 Software Distribution Service 3.0
12-10-2012 19:42:30 System Checkpoint
12-10-2012 20:05:06 Software Distribution Service 3.0
13-10-2012 20:04:32 Software Distribution Service 3.0
14-10-2012 20:04:36 Software Distribution Service 3.0
15-10-2012 20:04:50 Software Distribution Service 3.0
16-10-2012 20:04:31 Software Distribution Service 3.0
17-10-2012 20:04:37 Software Distribution Service 3.0
17-10-2012 23:51:18 Software Distribution Service 3.0
18-10-2012 20:04:43 Software Distribution Service 3.0
19-10-2012 20:04:23 Software Distribution Service 3.0
20-10-2012 20:04:26 Software Distribution Service 3.0
21-10-2012 20:04:24 Software Distribution Service 3.0
22-10-2012 20:04:43 Software Distribution Service 3.0
23-10-2012 20:04:43 Software Distribution Service 3.0
24-10-2012 20:04:30 Software Distribution Service 3.0
24-10-2012 23:51:49 Software Distribution Service 3.0
25-10-2012 20:04:55 Software Distribution Service 3.0
26-10-2012 20:04:32 Software Distribution Service 3.0
27-10-2012 20:04:26 Software Distribution Service 3.0
28-10-2012 20:04:28 Software Distribution Service 3.0
29-10-2012 20:04:03 Software Distribution Service 3.0
30-10-2012 20:04:48 Software Distribution Service 3.0
31-10-2012 20:04:29 Software Distribution Service 3.0
01-11-2012 00:01:00 Software Distribution Service 3.0
01-11-2012 22:41:26 Restore Operation
01-11-2012 22:57:07 Restore Operation
02-11-2012 16:10:04 Software Distribution Service 3.0

**** End of log ****

------------------------------
Farbar service scanner

Farbar Service Scanner Version: 27-10-2012
Ran by awright (administrator) on 02-11-2012 at 12:40:50
Running from "C:\Documents and Settings\awright\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) RFCOMM(8) Tcpip(3)
0x080000000400000001000000020000000300000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

------------------------------
adware cleaner

# AdwCleaner v2.006 - Logfile created 11/02/2012 at 12:43:16
# Updated 30/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : awright - ACCOUNTINGMAIN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\awright\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : DefaultTabSearch

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\tforeman\Application Data\DefaultTab
File Deleted : C:\Documents and Settings\tforeman\Application Data\Mozilla\Firefox\Profiles\79ppxjew.default\extensions\addon@defaulttab.com.xpi
File Deleted : C:\Documents and Settings\tforeman\Application Data\Mozilla\Firefox\Profiles\79ppxjew.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\tforeman\Application Data\Mozilla\Firefox\Profiles\79ppxjew.default\searchplugins\my-web-search.xml
File Deleted : C:\Documents and Settings\tforeman\Application Data\Mozilla\Firefox\Profiles\79ppxjew.default\searchplugins\search-here.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
Folder Deleted : C:\DOCUME~1\tforeman\LOCALS~1\Temp\AskSearch
Folder Deleted : C:\DOCUME~1\tforeman\LOCALS~1\Temp\PremierOpinion
Folder Deleted : C:\Documents and Settings\tforeman\Application Data\Inbox Toolbar
Folder Deleted : C:\Documents and Settings\tforeman\Application Data\Mozilla\Firefox\Profiles\79ppxjew.default\extensions\{6921B3CC-9935-4D28-9A83-B3D824210580}
Folder Deleted : C:\Documents and Settings\tforeman\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\tforeman\Application Data\Qwiklinx
Folder Deleted : C:\Documents and Settings\tforeman\Local Settings\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\tforeman\My Documents\ShopToWin
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\Qwiklinx

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Client
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Script
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Server
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://www.crawler.com/search/ie.aspx?tb_id=60313 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60313 --> hxxp://www.google.com

-\\ Mozilla Firefox v6.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\awright\Application Data\Mozilla\Firefox\Profiles\tebdp9nh.default\prefs.js

Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");

Profile name : default
File : C:\Documents and Settings\tforeman\Application Data\Mozilla\Firefox\Profiles\79ppxjew.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "My Web Search");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");
Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Deleted : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Deleted : user_pref("extensions.asktb.cbid", "7K");
Deleted : user_pref("extensions.asktb.config-updated", false);
Deleted : user_pref("extensions.asktb.crumb", "2011.05.06+15.30.33-toolbar007iad-US-VmFsbGV5IFNwcmluZ3MsQ0EsVW[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.displaybehavior", "");
Deleted : user_pref("extensions.asktb.displaytext", "");
Deleted : user_pref("extensions.asktb.dtid", "YYYYYYS8US");
Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://websearch.ask.com/redirect?client=ff&s[...]
Deleted : user_pref("extensions.asktb.first-launch-url", "file:///C:/Documents%20and%20Settings/tforeman/Deskt[...]
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "E4CD74C6-F8B6-43AD-A217-1DA60581338F");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "su");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1335390666806");
Deleted : user_pref("extensions.asktb.locale", "en_US");
Deleted : user_pref("extensions.asktb.lstation", "");
Deleted : user_pref("extensions.asktb.new-tab-enabled", true);
Deleted : user_pref("extensions.asktb.news-native-on", true);
Deleted : user_pref("extensions.asktb.o", "41647940");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.pstate", "");
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "3");
Deleted : user_pref("extensions.asktb.sa", "YES");
Deleted : user_pref("extensions.asktb.saguid", "5D1A82A1-6F45-46A8-B47B-344BFC03BE20");
Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=[...]
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Deleted : user_pref("extensions.asktb.socialmini-first", true);
Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.socialmini-speed", "5000");
Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.timeinstalled", "4/23/2012 7:31:09 AM");
Deleted : user_pref("extensions.asktb.v", "3.15.1.100010");
Deleted : user_pref("extensions.asktb.version", "5.15.1.22229");
Deleted : user_pref("extensions.asktb.volume", "");
Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
Deleted : user_pref("extensions.inboxcomtoolbar@inbox.com.update.url", "hxxp://toolbar.inbox.com/toolbar/firef[...]
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&t[...]
Deleted : user_pref("extensions.toolbar.mindspark._12Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=FE98F61A[...]

Profile name : default
File : C:\Documents and Settings\Kathy\Application Data\Mozilla\Firefox\Profiles\79ppxjew.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\awright\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\tforeman\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [9786 octets] - [02/11/2012 12:43:16]

########## EOF - C:\AdwCleaner[S1].txt - [9846 octets] ##########

------------------------------
Junkware removal tool

Junkware Removal Tool (JRT) by Thisisu
Version: 2.4.8 (11.02.2012)
OS: Microsoft Windows XP x86
Ran by awright on Fri 11/02/2012 at 12:49:03.72
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services:

Successfully stopped: [SERVICE] DefaultTabUpdate
Successfully deleted: [SERVICE] DefaultTabUpdate



*** Registry Values:

Successfully deleted: [VALUE] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



*** Registry Keys:

Successfully deleted: [KEY] "hkey_local_machine\software\default tab"
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{11bf46c6-b3de-48bd-bf70-3ad85cab80b5}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{11bf46c6-b3de-48bd-bf70-3ad85cab80b5}
Successfully deleted: [KEY] hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{3e7c8b5a-96ab-438f-bf9b-782400655440}
Successfully deleted: [KEY] hkey_classes_root\clsid\{7f6afbf1-e065-4627-a2fd-810366367d01}
Successfully deleted: [KEY] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{7f6afbf1-e065-4627-a2fd-810366367d01}
Successfully deleted: [KEY] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - NOT cleared





**************************************************************
Scan was completed on Fri 11/02/2012 at 12:59:27.54
End of Report

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:19 PM

Posted 02 November 2012 - 04:19 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#11 idigapony

idigapony
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 02 November 2012 - 04:53 PM

Rkill

Rkill 2.4.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/02/2012 02:47:16 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 11/02/2012 02:47:51 PM
Execution time: 0 hours(s), 0 minute(s), and 34 seconds(s)

--------------------------

Autoruns

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acrobat Assistant 8.0" "AcroTray" "Adobe Systems Inc." "c:\program files\adobe\acrobat 9.0\acrobat\acrotray.exe"
+ "Adobe Acrobat Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\acrobat 9.0\acrobat\acrobat_sl.exe"
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "ATICCC" "" "" "c:\program files\ati technologies\ati.ace\clistart.exe"
+ "IAAnotif" "Event Monitor User Notification Tool" "Intel Corporation" "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
+ "IntelliPoint" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "PDVDDXSrv" "CyberLink PowerDVD Resident Program" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe"
+ "SoundMAXPnP" "SMax4PNP" "Analog Devices, Inc." "c:\program files\analog devices\core\smax4pnp.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 9.0\acrobat elements\contextmenu.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 9.0\acrobat elements\contextmenu.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "&Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn1\yt.dll"
+ "Adobe PDF Conversion Toolbar Helper" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "SmartSelect Class" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Adobe PDF" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Google Software Updater.job" "gusvc" "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "Microsoft Antimalware Scheduled Scan.job" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "ASFIPmon" "Monitors and propagates changes in the IP settings of ASF-enabled Broadcom network interfaces." "Broadcom Corporation" "c:\program files\broadcom\asfipmon\asfipmon.exe"
+ "Ati HotKey Poller" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "BcmSqlStartupSvc" "Controls the start of the Business Contact Manager SQL Server instance (MSSMLBIZ)." "Microsoft Corporation" "c:\program files\microsoft small business\business contact manager\bcmsqlstartupsvc.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Macrovision Europe Ltd." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "gupdate1ca1543ca604c82" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "IAANTMON" "RAID Monitor" "Intel Corporation" "c:\program files\intel\intel matrix storage manager\iaantmon.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "MSSQL$MSSMLBIZ" "Provides storage, processing and controlled access of data and rapid transaction processing." "Microsoft Corporation" "c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "PSI_SVC_2" "This service provides Protexis licensing functionalty." "Protexis Inc." "c:\program files\common files\protexis\license service\psiservice_2.exe"
+ "SQLBrowser" "Provides SQL Server connection information to client computers." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlbrowser.exe"
+ "SQLWriter" "Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ADIHdAudAddService" "High Definition Audio Function Driver" "Analog Devices, Inc." "c:\windows\system32\drivers\adihdaud.sys"
+ "ati2mtag" "ATI Radeon WindowsNT Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mtag.sys"
+ "b57w2k" "Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57xp32.sys"
+ "BASFND" "Broadcom NetDetect Driver." "Broadcom Corporation" "c:\program files\broadcom\asfipmon\basfnd.sys"
+ "BeTwinKeyboard" "BeTwin Keyboard Filter Driver" "ThinSoft Pte Ltd." "c:\windows\system32\drivers\betwinkf.sys"
+ "BeTwinMouse" "BeTwin Mouse Filter Driver" "ThinSoft Pte Ltd." "c:\windows\system32\drivers\betwinmf.sys"
+ "BeTwinSystem" "BeTwin System Driver" "ThinSoft Pte Ltd." "c:\windows\system32\drivers\betwinsystem.sys"
+ "BeTwinVideo" "BeTwin Video Filter Driver" "ThinSoft Pte Ltd." "c:\windows\system32\drivers\betwinvf.sys"
+ "catchme" "" "" "File not found: C:\DOCUME~1\AWRIGH~1.ACC\LOCALS~1\Temp\catchme.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "E100B" "NDIS 5 driver" "Intel Corporation" "c:\windows\system32\drivers\e100b325.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "iaStor" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SenFiltService" "Sensaura WDM 3D Audio Driver" "Sensaura" "c:\windows\system32\drivers\senfilt.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files\google\google earth\client\wavdest.ax"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudwizard.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clline21.ax"
+ "Cyberlink SubTitle Importor" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clauts.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvsd.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL" "" "" ""
X "xtgina.dll" "" "" "File not found: xtgina.dll"
"HKCU\Control Panel\Desktop\Scrnsave.exe" "" "" ""
+ "none" "" "" "File not found: none"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Adobe PDF Port Monitor" "Adobe PDF Port Monitor DLL" "Adobe Systems Inc" "c:\windows\system32\adobepdf.dll"

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:19 PM

Posted 02 November 2012 - 04:58 PM

Any current issues?

#13 idigapony

idigapony
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 02 November 2012 - 05:04 PM

None that I can tell... Still see that xtgina shows up in Autoruns, but fnf. But I figure you would have said something if you noticed anything of concern.

Thank you for hanging in there with me yesterday and today. Anything else from you?

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:19 PM

Posted 02 November 2012 - 05:37 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users