Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Full screen warning


  • Please log in to reply
23 replies to this topic

#1 mercuryrsng

mercuryrsng

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 08 November 2012 - 09:42 PM

Hello all. I have another computer that had the full screen FBI "you owe us money" screen. I ran Malwarebytes anti malware and it found a bunch of stuff (I can post the log upon request). What else can I do to make sure that this malware is completely gone?

Thanks in advance

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 PM

Posted 08 November 2012 - 09:47 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 09 November 2012 - 06:36 AM

21:55:32.0890 3720 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:55:33.0750 3720 ============================================================
21:55:33.0750 3720 Current date / time: 2012/11/08 21:55:33.0750
21:55:33.0750 3720 SystemInfo:
21:55:33.0750 3720
21:55:33.0750 3720 OS Version: 5.1.2600 ServicePack: 3.0
21:55:33.0750 3720 Product type: Workstation
21:55:33.0750 3720 ComputerName: ANONYMOUS
21:55:33.0750 3720 UserName: Owner
21:55:33.0750 3720 Windows directory: C:\WINDOWS
21:55:33.0750 3720 System windows directory: C:\WINDOWS
21:55:33.0750 3720 Processor architecture: Intel x86
21:55:33.0750 3720 Number of processors: 1
21:55:33.0750 3720 Page size: 0x1000
21:55:33.0750 3720 Boot type: Normal boot
21:55:33.0750 3720 ============================================================
21:55:36.0578 3720 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:55:36.0625 3720 ============================================================
21:55:36.0625 3720 \Device\Harddisk0\DR0:
21:55:36.0625 3720 MBR partitions:
21:55:36.0625 3720 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x94EAFF8
21:55:36.0625 3720 ============================================================
21:55:36.0718 3720 C: <-> \Device\Harddisk0\DR0\Partition1
21:55:36.0765 3720 ============================================================
21:55:36.0765 3720 Initialize success
21:55:36.0765 3720 ============================================================
21:55:50.0921 1292 ============================================================
21:55:50.0921 1292 Scan started
21:55:50.0921 1292 Mode: Manual; TDLFS;
21:55:50.0921 1292 ============================================================
21:55:53.0875 1292 ================ Scan system memory ========================
21:55:53.0875 1292 System memory - ok
21:55:53.0875 1292 ================ Scan services =============================
21:55:55.0968 1292 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
21:55:56.0031 1292 Aavmker4 - ok
21:55:56.0046 1292 Abiosdsk - ok
21:55:56.0234 1292 abp480n5 - ok
21:55:56.0500 1292 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:55:56.0531 1292 ACDaemon - ok
21:55:56.0578 1292 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:55:56.0734 1292 ACPI - ok
21:55:56.0796 1292 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:55:56.0796 1292 ACPIEC - ok
21:55:56.0875 1292 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:55:56.0984 1292 AdobeFlashPlayerUpdateSvc - ok
21:55:57.0000 1292 adpu160m - ok
21:55:57.0062 1292 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:55:57.0062 1292 aec - ok
21:55:57.0218 1292 [ F6B7B1ECD7B41736BDB6FF4B092BCB79 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:55:57.0359 1292 AFD - ok
21:55:57.0437 1292 Aha154x - ok
21:55:57.0468 1292 aic78u2 - ok
21:55:57.0484 1292 aic78xx - ok
21:55:57.0656 1292 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:55:57.0687 1292 Alerter - ok
21:55:57.0843 1292 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:55:57.0937 1292 ALG - ok
21:55:57.0953 1292 AliIde - ok
21:55:57.0968 1292 amsint - ok
21:55:58.0515 1292 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:55:58.0625 1292 Apple Mobile Device - ok
21:55:58.0765 1292 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:55:58.0890 1292 AppMgmt - ok
21:55:58.0921 1292 asc - ok
21:55:58.0937 1292 asc3350p - ok
21:55:58.0953 1292 asc3550 - ok
21:55:59.0312 1292 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:55:59.0484 1292 aspnet_state - ok
21:55:59.0750 1292 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:55:59.0796 1292 aswFsBlk - ok
21:55:59.0906 1292 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
21:56:00.0015 1292 aswMon2 - ok
21:56:00.0078 1292 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
21:56:00.0156 1292 AswRdr - ok
21:56:00.0234 1292 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
21:56:00.0453 1292 aswSnx - ok
21:56:00.0484 1292 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
21:56:00.0640 1292 aswSP - ok
21:56:00.0687 1292 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
21:56:00.0750 1292 aswTdi - ok
21:56:00.0812 1292 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:56:00.0953 1292 AsyncMac - ok
21:56:00.0984 1292 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:56:01.0109 1292 atapi - ok
21:56:01.0140 1292 Atdisk - ok
21:56:01.0203 1292 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:56:01.0218 1292 Atmarpc - ok
21:56:01.0421 1292 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:56:01.0546 1292 AudioSrv - ok
21:56:01.0625 1292 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:56:01.0703 1292 audstub - ok
21:56:01.0796 1292 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:56:01.0828 1292 avast! Antivirus - ok
21:56:02.0046 1292 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:56:02.0093 1292 Beep - ok
21:56:02.0171 1292 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:56:03.0187 1292 BITS - ok
21:56:03.0281 1292 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:56:03.0343 1292 Bonjour Service - ok
21:56:03.0515 1292 [ FC6D1D80588D371F0321E15A75B2F8F2 ] Browser C:\WINDOWS\System32\browser.dll
21:56:03.0640 1292 Browser - ok
21:56:03.0671 1292 [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
21:56:03.0796 1292 BrScnUsb - ok
21:56:04.0015 1292 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
21:56:04.0093 1292 BrYNSvc - ok
21:56:04.0250 1292 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:56:04.0250 1292 cbidf2k - ok
21:56:04.0406 1292 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:56:04.0515 1292 CCDECODE - ok
21:56:04.0593 1292 cd20xrnt - ok
21:56:04.0734 1292 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:56:04.0812 1292 Cdaudio - ok
21:56:04.0921 1292 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:56:05.0062 1292 Cdfs - ok
21:56:05.0109 1292 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:56:05.0171 1292 Cdrom - ok
21:56:05.0250 1292 Changer - ok
21:56:05.0281 1292 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:56:05.0437 1292 CiSvc - ok
21:56:05.0546 1292 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:56:05.0750 1292 ClipSrv - ok
21:56:05.0781 1292 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:56:05.0968 1292 clr_optimization_v2.0.50727_32 - ok
21:56:06.0000 1292 CmdIde - ok
21:56:06.0093 1292 COMSysApp - ok
21:56:06.0484 1292 Cpqarray - ok
21:56:06.0578 1292 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:56:06.0828 1292 CryptSvc - ok
21:56:06.0843 1292 dac2w2k - ok
21:56:06.0906 1292 dac960nt - ok
21:56:07.0093 1292 [ 9222562D44021B988B9F9F62207FB6F2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:56:07.0203 1292 DcomLaunch - ok
21:56:07.0265 1292 [ C51DE19619D50CBD03708647ACA10E70 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:56:07.0312 1292 Dhcp - ok
21:56:07.0359 1292 [ 47B6AAEC570F2C11D8BAD80A064D8ED1 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:56:07.0468 1292 Disk - ok
21:56:07.0484 1292 dmadmin - ok
21:56:07.0609 1292 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:56:07.0765 1292 dmboot - ok
21:56:07.0812 1292 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:56:07.0906 1292 dmio - ok
21:56:07.0937 1292 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:56:07.0984 1292 dmload - ok
21:56:08.0015 1292 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:56:08.0015 1292 dmserver - ok
21:56:08.0062 1292 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:56:08.0093 1292 DMusic - ok
21:56:08.0140 1292 [ D977659AE4D8ECE5286D99D1ED34614D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:56:08.0187 1292 Dnscache - ok
21:56:08.0250 1292 [ B4109C8C3D54C83246997A777724F318 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:56:08.0296 1292 Dot3svc - ok
21:56:08.0296 1292 dpti2o - ok
21:56:08.0328 1292 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:56:08.0390 1292 drmkaud - ok
21:56:08.0421 1292 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:56:08.0593 1292 EapHost - ok
21:56:08.0640 1292 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:56:08.0687 1292 ERSvc - ok
21:56:08.0734 1292 [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] Eventlog C:\WINDOWS\system32\services.exe
21:56:08.0796 1292 Eventlog - ok
21:56:08.0812 1292 [ F17F6226BDC0CD5F0BEF0DAF84D29BEC ] EventSystem C:\WINDOWS\system32\es.dll
21:56:08.0828 1292 EventSystem - ok
21:56:08.0875 1292 [ 4D893323DAE445E34A4C9038B0551BC9 ] exFat C:\WINDOWS\system32\drivers\exFat.sys
21:56:08.0906 1292 exFat - ok
21:56:08.0953 1292 [ DA7ED3A484A2A03FD8AEC1B3A0DB401C ] ezGOSvc C:\WINDOWS\system32\ezGOSvc.dll
21:56:09.0031 1292 ezGOSvc - ok
21:56:09.0078 1292 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:56:09.0125 1292 Fastfat - ok
21:56:09.0171 1292 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:56:09.0234 1292 FastUserSwitchingCompatibility - ok
21:56:09.0265 1292 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:56:09.0312 1292 Fdc - ok
21:56:09.0328 1292 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:56:09.0328 1292 Fips - ok
21:56:09.0406 1292 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:56:09.0421 1292 Flpydisk - ok
21:56:09.0484 1292 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:56:09.0515 1292 FltMgr - ok
21:56:09.0562 1292 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:56:09.0609 1292 FontCache3.0.0.0 - ok
21:56:09.0640 1292 [ 30D42943A54704EF13E2562911DBFCEA ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:56:09.0640 1292 Fs_Rec - ok
21:56:09.0687 1292 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:56:09.0734 1292 Ftdisk - ok
21:56:09.0796 1292 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:56:09.0812 1292 GEARAspiWDM - ok
21:56:09.0859 1292 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:56:09.0921 1292 Gpc - ok
21:56:10.0015 1292 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:56:10.0015 1292 helpsvc - ok
21:56:10.0125 1292 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:56:10.0125 1292 HidServ - ok
21:56:10.0156 1292 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:56:10.0187 1292 HidUsb - ok
21:56:10.0234 1292 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:56:10.0281 1292 hkmsvc - ok
21:56:10.0296 1292 hpn - ok
21:56:10.0359 1292 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:56:10.0406 1292 HTTP - ok
21:56:10.0453 1292 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:56:10.0515 1292 HTTPFilter - ok
21:56:10.0531 1292 i2omgmt - ok
21:56:10.0546 1292 i2omp - ok
21:56:10.0718 1292 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:56:10.0718 1292 i8042prt - ok
21:56:10.0828 1292 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:56:10.0921 1292 ialm - ok
21:56:10.0984 1292 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:56:11.0015 1292 IDriverT - ok
21:56:11.0109 1292 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:56:11.0156 1292 idsvc - ok
21:56:11.0187 1292 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:56:11.0250 1292 Imapi - ok
21:56:11.0265 1292 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:56:11.0281 1292 ImapiService - ok
21:56:11.0343 1292 ini910u - ok
21:56:11.0359 1292 IntelIde - ok
21:56:11.0453 1292 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:56:11.0453 1292 intelppm - ok
21:56:11.0500 1292 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:56:11.0531 1292 Ip6Fw - ok
21:56:11.0562 1292 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:56:11.0578 1292 IpFilterDriver - ok
21:56:11.0593 1292 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:56:11.0640 1292 IpInIp - ok
21:56:11.0671 1292 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:56:11.0687 1292 IpNat - ok
21:56:11.0796 1292 [ 9033D67B7112D23EDED6789BACDED128 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:56:11.0875 1292 iPod Service - ok
21:56:11.0906 1292 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:56:11.0906 1292 IPSec - ok
21:56:11.0953 1292 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:56:11.0984 1292 IRENUM - ok
21:56:12.0031 1292 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:56:12.0078 1292 isapnp - ok
21:56:12.0218 1292 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
21:56:12.0234 1292 JavaQuickStarterService - ok
21:56:12.0281 1292 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:56:12.0312 1292 Kbdclass - ok
21:56:12.0375 1292 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:56:12.0421 1292 kbdhid - ok
21:56:12.0453 1292 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:56:12.0500 1292 kmixer - ok
21:56:12.0546 1292 [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:56:12.0593 1292 KSecDD - ok
21:56:12.0640 1292 [ 3695B8D03745B2F8022B161238347A9D ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
21:56:12.0828 1292 LanmanServer - ok
21:56:12.0859 1292 [ 3B9324D60DD321BAB7BF6F77931D3FD1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:56:12.0921 1292 lanmanworkstation - ok
21:56:12.0937 1292 lbrtfdc - ok
21:56:12.0984 1292 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:56:13.0031 1292 LmHosts - ok
21:56:13.0046 1292 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:56:13.0046 1292 Messenger - ok
21:56:13.0093 1292 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:56:13.0125 1292 Modem - ok
21:56:13.0171 1292 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:56:13.0203 1292 Mouclass - ok
21:56:13.0218 1292 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:56:13.0234 1292 mouhid - ok
21:56:13.0250 1292 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:56:13.0296 1292 MountMgr - ok
21:56:13.0343 1292 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:56:13.0359 1292 MozillaMaintenance - ok
21:56:13.0375 1292 mraid35x - ok
21:56:13.0421 1292 [ 65E818C473E220B6AB762E1966296FD1 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:56:13.0453 1292 MRxDAV - ok
21:56:13.0515 1292 [ FB2FCCC70F7174C7BF64F48E96D3ADF4 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:56:13.0562 1292 MRxSmb - ok
21:56:13.0609 1292 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:56:13.0640 1292 MSDTC - ok
21:56:13.0687 1292 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:56:13.0718 1292 Msfs - ok
21:56:13.0734 1292 MSIServer - ok
21:56:13.0781 1292 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:56:13.0812 1292 MSKSSRV - ok
21:56:13.0843 1292 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:56:13.0843 1292 MSPCLOCK - ok
21:56:13.0859 1292 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:56:13.0921 1292 MSPQM - ok
21:56:14.0000 1292 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:56:14.0031 1292 mssmbios - ok
21:56:14.0046 1292 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:56:14.0062 1292 MSTEE - ok
21:56:14.0109 1292 [ F7B1AD991491F02AF6DA70B00B8BF114 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:56:14.0125 1292 Mup - ok
21:56:14.0156 1292 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:56:14.0203 1292 NABTSFEC - ok
21:56:14.0250 1292 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:56:14.0328 1292 napagent - ok
21:56:14.0406 1292 [ B5B1080D35974C0E718D64280761BCD5 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:56:14.0437 1292 NDIS - ok
21:56:14.0515 1292 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:56:14.0578 1292 NdisIP - ok
21:56:14.0625 1292 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:56:14.0640 1292 NdisTapi - ok
21:56:14.0687 1292 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:56:14.0765 1292 Ndisuio - ok
21:56:14.0843 1292 [ B053A8411045FD0664B389A090CB2BBC ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:56:14.0875 1292 NdisWan - ok
21:56:14.0906 1292 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:56:14.0968 1292 NDProxy - ok
21:56:14.0984 1292 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:56:14.0984 1292 NetBIOS - ok
21:56:15.0000 1292 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:56:15.0062 1292 NetBT - ok
21:56:15.0093 1292 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:56:15.0109 1292 NetDDE - ok
21:56:15.0156 1292 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:56:15.0187 1292 NetDDEdsdm - ok
21:56:15.0203 1292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:56:15.0265 1292 Netlogon - ok
21:56:15.0343 1292 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:56:15.0390 1292 Netman - ok
21:56:15.0453 1292 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:56:15.0468 1292 NetTcpPortSharing - ok
21:56:15.0515 1292 [ 290C1A30DEFC723BBE10910AC2D6F6D0 ] Nla C:\WINDOWS\System32\mswsock.dll
21:56:15.0562 1292 Nla - ok
21:56:15.0609 1292 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:56:15.0656 1292 Npfs - ok
21:56:15.0703 1292 [ AE8CAD8F28DB13B515A68510A539B0B8 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:56:15.0781 1292 Ntfs - ok
21:56:15.0796 1292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:56:15.0812 1292 NtLmSsp - ok
21:56:15.0843 1292 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:56:15.0921 1292 NtmsSvc - ok
21:56:16.0000 1292 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:56:16.0000 1292 Null - ok
21:56:16.0015 1292 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:56:16.0062 1292 NwlnkFlt - ok
21:56:16.0078 1292 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:56:16.0093 1292 NwlnkFwd - ok
21:56:16.0125 1292 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:56:16.0171 1292 Parport - ok
21:56:16.0187 1292 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:56:16.0187 1292 PartMgr - ok
21:56:16.0218 1292 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:56:16.0265 1292 ParVdm - ok
21:56:16.0296 1292 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:56:16.0359 1292 PCI - ok
21:56:16.0359 1292 PCIDump - ok
21:56:16.0390 1292 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:56:16.0437 1292 PCIIde - ok
21:56:16.0500 1292 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:56:16.0546 1292 Pcmcia - ok
21:56:16.0546 1292 PDCOMP - ok
21:56:16.0921 1292 [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
21:56:17.0031 1292 PDFProFiltSrvPP - ok
21:56:17.0046 1292 PDFRAME - ok
21:56:17.0062 1292 PDRELI - ok
21:56:17.0062 1292 PDRFRAME - ok
21:56:17.0125 1292 perc2 - ok
21:56:17.0140 1292 perc2hib - ok
21:56:17.0187 1292 [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] PlugPlay C:\WINDOWS\system32\services.exe
21:56:17.0250 1292 PlugPlay - ok
21:56:17.0265 1292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:56:17.0328 1292 PolicyAgent - ok
21:56:17.0406 1292 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:56:17.0437 1292 PptpMiniport - ok
21:56:17.0453 1292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:56:17.0453 1292 ProtectedStorage - ok
21:56:17.0500 1292 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:56:17.0531 1292 PSched - ok
21:56:17.0562 1292 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:56:17.0609 1292 Ptilink - ok
21:56:17.0625 1292 ql1080 - ok
21:56:17.0640 1292 Ql10wnt - ok
21:56:17.0703 1292 ql12160 - ok
21:56:17.0703 1292 ql1240 - ok
21:56:17.0734 1292 ql1280 - ok
21:56:17.0750 1292 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:56:17.0812 1292 RasAcd - ok
21:56:17.0828 1292 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:56:17.0906 1292 RasAuto - ok
21:56:17.0921 1292 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:56:17.0921 1292 Rasl2tp - ok
21:56:18.0000 1292 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:56:18.0015 1292 RasMan - ok
21:56:18.0031 1292 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:56:18.0093 1292 RasPppoe - ok
21:56:18.0125 1292 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:56:18.0187 1292 Raspti - ok
21:56:18.0218 1292 [ 77050C6615F6EB5402F832B27FD695E0 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:56:18.0281 1292 Rdbss - ok
21:56:18.0296 1292 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:56:18.0312 1292 RDPCDD - ok
21:56:18.0406 1292 [ C694A927EB7C354F7AE97955043A9641 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:56:18.0468 1292 rdpdr - ok
21:56:18.0515 1292 [ C7D9BC54354B8C706ABF172D48313F1B ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:56:18.0562 1292 RDPWD - ok
21:56:18.0609 1292 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:56:18.0656 1292 RDSessMgr - ok
21:56:18.0687 1292 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:56:18.0750 1292 redbook - ok
21:56:18.0765 1292 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:56:18.0843 1292 RemoteAccess - ok
21:56:18.0875 1292 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:56:19.0078 1292 RemoteRegistry - ok
21:56:19.0125 1292 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:56:19.0171 1292 RpcLocator - ok
21:56:19.0218 1292 [ 9222562D44021B988B9F9F62207FB6F2 ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:56:19.0265 1292 RpcSs - ok
21:56:19.0312 1292 [ 743D7D59767073A617B1DCC6C546F234 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
21:56:19.0359 1292 rspndr - ok
21:56:19.0390 1292 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:56:19.0453 1292 RSVP - ok
21:56:19.0484 1292 [ 67C9511A760149797E806FFD9F14AD37 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
21:56:19.0546 1292 RTL8023xp - ok
21:56:19.0562 1292 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:56:19.0625 1292 SamSs - ok
21:56:19.0656 1292 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:56:19.0734 1292 SCardSvr - ok
21:56:19.0781 1292 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:56:19.0828 1292 Schedule - ok
21:56:19.0875 1292 [ 72DFFA33F8ED1C847075EEE2C1E790EE ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:56:19.0906 1292 Secdrv - ok
21:56:19.0937 1292 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:56:19.0968 1292 seclogon - ok
21:56:20.0046 1292 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
21:56:20.0140 1292 senfilt - ok
21:56:20.0171 1292 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:56:20.0187 1292 SENS - ok
21:56:20.0203 1292 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:56:20.0265 1292 serenum - ok
21:56:20.0281 1292 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:56:20.0281 1292 Serial - ok
21:56:20.0390 1292 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:56:20.0437 1292 Sfloppy - ok
21:56:20.0468 1292 [ 4F10A2FA76B5BD54CD68AFA94E8ADB39 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:56:20.0562 1292 SharedAccess - ok
21:56:20.0593 1292 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:56:20.0640 1292 ShellHWDetection - ok
21:56:20.0656 1292 Simbad - ok
21:56:20.0750 1292 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:56:20.0750 1292 SkypeUpdate - ok
21:56:20.0781 1292 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:56:20.0828 1292 SLIP - ok
21:56:20.0921 1292 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
21:56:21.0000 1292 smwdm - ok
21:56:21.0140 1292 Sparrow - ok
21:56:21.0187 1292 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:56:21.0234 1292 splitter - ok
21:56:21.0265 1292 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:56:21.0328 1292 Spooler - ok
21:56:21.0390 1292 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:56:21.0437 1292 sr - ok
21:56:21.0484 1292 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:56:21.0531 1292 srservice - ok
21:56:21.0578 1292 [ 9B390283569EA58D43D2586032B892F5 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:56:21.0640 1292 Srv - ok
21:56:21.0687 1292 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:56:21.0718 1292 SSDPSRV - ok
21:56:21.0781 1292 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:56:21.0828 1292 stisvc - ok
21:56:21.0859 1292 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:56:21.0890 1292 streamip - ok
21:56:21.0921 1292 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:56:21.0921 1292 swenum - ok
21:56:21.0953 1292 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:56:22.0000 1292 swmidi - ok
21:56:22.0015 1292 SwPrv - ok
21:56:22.0031 1292 symc810 - ok
21:56:22.0046 1292 symc8xx - ok
21:56:22.0062 1292 sym_hi - ok
21:56:22.0125 1292 sym_u3 - ok
21:56:22.0140 1292 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:56:22.0156 1292 sysaudio - ok
21:56:22.0203 1292 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:56:22.0250 1292 SysmonLog - ok
21:56:22.0281 1292 [ E2B32B10ACC5D97623275AAFB67E5F03 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:56:22.0328 1292 TapiSrv - ok
21:56:22.0390 1292 [ BA8C046D98345129723E6BCAA1E8AB99 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:56:22.0437 1292 Tcpip - ok
21:56:22.0500 1292 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:56:22.0515 1292 TDPIPE - ok
21:56:22.0546 1292 [ C0578456F29E5F26285F81B7B71FE57D ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:56:22.0593 1292 TDTCP - ok
21:56:22.0625 1292 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:56:22.0625 1292 TermDD - ok
21:56:22.0718 1292 [ 37981A741AD7B04258E87129FFE79AB9 ] TermService C:\WINDOWS\System32\termsrv.dll
21:56:22.0765 1292 TermService - ok
21:56:22.0812 1292 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:56:22.0812 1292 Themes - ok
21:56:22.0859 1292 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:56:22.0906 1292 TlntSvr - ok
21:56:22.0921 1292 TosIde - ok
21:56:22.0937 1292 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:56:23.0000 1292 TrkWks - ok
21:56:23.0031 1292 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:56:23.0203 1292 Udfs - ok
21:56:23.0218 1292 ultra - ok
21:56:23.0265 1292 [ 4847639D852763EE39415C929470F672 ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
21:56:23.0296 1292 UnlockerDriver5 - ok
21:56:23.0359 1292 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:56:23.0437 1292 Update - ok
21:56:23.0484 1292 [ 3F9A3232E5F942874488981F3242C989 ] UPHClean C:\Program Files\UPHClean\uphclean.exe
21:56:23.0500 1292 UPHClean - ok
21:56:23.0578 1292 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:56:23.0656 1292 upnphost - ok
21:56:23.0687 1292 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:56:23.0750 1292 UPS - ok
21:56:23.0781 1292 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:56:23.0828 1292 USBAAPL - ok
21:56:23.0859 1292 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
21:56:23.0859 1292 usbaudio - ok
21:56:23.0875 1292 [ C18D6C74953621346DF6B0A11F80C1CC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:56:23.0921 1292 usbccgp - ok
21:56:24.0015 1292 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:56:24.0015 1292 usbehci - ok
21:56:24.0062 1292 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:56:24.0125 1292 usbhub - ok
21:56:24.0140 1292 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:56:24.0140 1292 usbprint - ok
21:56:24.0187 1292 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:56:24.0218 1292 usbscan - ok
21:56:24.0250 1292 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:56:24.0250 1292 USBSTOR - ok
21:56:24.0359 1292 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:56:24.0359 1292 usbuhci - ok
21:56:24.0421 1292 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
21:56:24.0437 1292 usbvideo - ok
21:56:24.0484 1292 [ BEE793D4A059CAEA55D6AC20E19B3A8F ] USB_RNDIS C:\WINDOWS\system32\DRIVERS\usb8023.sys
21:56:24.0531 1292 USB_RNDIS - ok
21:56:24.0562 1292 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:56:24.0562 1292 VgaSave - ok
21:56:24.0578 1292 ViaIde - ok
21:56:24.0593 1292 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:56:24.0656 1292 VolSnap - ok
21:56:24.0703 1292 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:56:24.0765 1292 VSS - ok
21:56:24.0796 1292 [ 9F8A0D0CBB2FA265A754516128C00E22 ] W32Time C:\WINDOWS\system32\w32time.dll
21:56:24.0859 1292 W32Time - ok
21:56:24.0921 1292 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:56:24.0937 1292 Wanarp - ok
21:56:24.0953 1292 WDICA - ok
21:56:24.0984 1292 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:56:25.0031 1292 wdmaud - ok
21:56:25.0062 1292 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:56:25.0265 1292 WebClient - ok
21:56:25.0375 1292 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:56:25.0453 1292 winmgmt - ok
21:56:25.0515 1292 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:56:25.0546 1292 WmdmPmSN - ok
21:56:25.0609 1292 [ C8A6C82F90B055149925DC7526B2D78C ] Wmi C:\WINDOWS\System32\advapi32.dll
21:56:25.0671 1292 Wmi - ok
21:56:25.0734 1292 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:56:25.0781 1292 WmiApSrv - ok
21:56:25.0890 1292 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:56:25.0937 1292 WMPNetworkSvc - ok
21:56:26.0015 1292 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:56:26.0015 1292 WSTCODEC - ok
21:56:26.0062 1292 [ AAE1A6FFBA2B0436E91795120F48C461 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:56:26.0125 1292 wuauserv - ok
21:56:26.0156 1292 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:56:26.0187 1292 WudfPf - ok
21:56:26.0218 1292 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:56:26.0218 1292 WudfRd - ok
21:56:26.0234 1292 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:56:26.0312 1292 WudfSvc - ok
21:56:26.0359 1292 [ 349B8D2BB755E8C3B0E3E82A87663E55 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:56:26.0468 1292 WZCSVC - ok
21:56:26.0484 1292 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:56:26.0562 1292 xmlprov - ok
21:56:26.0656 1292 ================ Scan global ===============================
21:56:26.0734 1292 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:56:26.0828 1292 [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll
21:56:26.0875 1292 [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll
21:56:26.0968 1292 [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] C:\WINDOWS\system32\services.exe
21:56:27.0031 1292 [Global] - ok
21:56:27.0031 1292 ================ Scan MBR ==================================
21:56:27.0046 1292 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:56:27.0515 1292 \Device\Harddisk0\DR0 - ok
21:56:27.0531 1292 ================ Scan VBR ==================================
21:56:27.0562 1292 [ 2479C3B85AAABBEAED82FB35A0AFAA67 ] \Device\Harddisk0\DR0\Partition1
21:56:27.0562 1292 \Device\Harddisk0\DR0\Partition1 - ok
21:56:27.0593 1292 ============================================================
21:56:27.0593 1292 Scan finished
21:56:27.0593 1292 ============================================================
21:56:27.0625 1748 Detected object count: 0
21:56:27.0625 1748 Actual detected object count: 0



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-08 22:00:37
-----------------------------
22:00:37.578 OS Version: Windows 5.1.2600 Service Pack 3
22:00:37.578 Number of processors: 1 586 0x401
22:00:37.578 ComputerName: ANONYMOUS UserName: Owner
22:00:38.906 Initialize success
22:00:41.734 AVAST engine defs: 12110801
22:00:50.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:00:50.828 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
22:00:50.843 Disk 0 MBR read successfully
22:00:50.906 Disk 0 MBR scan
22:00:51.046 Disk 0 Windows XP default MBR code
22:00:51.078 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:00:51.140 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76245 MB offset 80325
22:00:51.171 Disk 0 scanning sectors +156232125
22:00:51.265 Disk 0 scanning C:\WINDOWS\system32\drivers
22:01:07.703 Service scanning
22:01:50.875 Modules scanning
22:02:22.328 Disk 0 trace - called modules:
22:02:22.546 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
22:02:22.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f88ab8]
22:02:22.593 3 CLASSPNP.SYS[f86f8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f51d98]
22:02:23.484 AVAST engine scan C:\WINDOWS
22:02:28.031 AVAST engine scan C:\WINDOWS\system32
22:06:45.484 AVAST engine scan C:\WINDOWS\system32\drivers
22:07:00.234 AVAST engine scan C:\Documents and Settings\Owner
22:29:44.734 AVAST engine scan C:\Documents and Settings\All Users
22:31:55.781 Scan finished successfully
22:45:07.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\Cleanup\MBR.dat"
22:45:07.734 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\Cleanup\aswMBR.txt"





ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ea9600b002563248a79513069513cab9
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-09 04:45:26
# local_time=2012-11-08 11:45:26 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=62564
# found=2
# cleaned=2
# scan_time=3243
C:\Documents and Settings\Owner\My Documents\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\My Documents\Downloads\Facemoods.exe a variant of Win32/SweetIM.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 PM

Posted 09 November 2012 - 10:18 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 09 November 2012 - 09:21 PM

Not all of the scans posted. I edited this post. I will find all of the text files and repost them. Stand by.

Edited by mercuryrsng, 09 November 2012 - 09:25 PM.


#6 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 09 November 2012 - 09:31 PM

Since I lost some text, I cannot find the log files for Minitoolbox and Farbar Service Scanner. Do you know where they are saved on the computer? Here are the rest for now.


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.06.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: ANONYMOUS [administrator]

11/9/2012 1:30:19 PM
mbam-log-2012-11-09 (13-30-19).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254813
Time elapsed: 3 hour(s), 13 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 42
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP819\A0060164.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060235.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060219.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060223.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060224.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060225.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060226.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060227.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060228.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060229.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060230.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060231.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060232.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060233.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060234.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060236.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060237.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060238.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060239.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060240.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060241.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060242.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060243.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060244.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060245.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060247.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060248.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060249.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060250.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060254.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP820\A0060257.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP821\A0060270.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP821\A0060271.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP821\A0060272.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP821\A0060273.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP821\A0060275.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP821\A0060277.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP821\A0060278.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP821\A0060276.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP823\A0060436.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP823\A0060438.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4EA892AE-34C3-4322-873C-626835B785CE}\RP850\A0064578.exe (Trojan.WinLock) -> Quarantined and deleted successfully.

(end)




# AdwCleaner v2.007 - Logfile created 11/09/2012 at 20:39:33
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - ANONYMOUS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wwaa5au8.default\searchplugins\web-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CToolbar_UNINSTALL
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.inbox.com/homepage.aspx?tbid=80114&lng=en --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wwaa5au8.default\prefs.js

Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Deleted : user_pref("extensions.sahtb.searchEngineNameCurrent", "Web Search");
Deleted : user_pref("extensions.sahtb.searchEngineNameSAH", "Web Search");
Deleted : user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\" ?><MerchantSettings><v n=\"2[...]
Deleted : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n <XMLVersion Number=\"{bdd09e8b-8dee[...]
Deleted : user_pref("extensions.toolbar.mindspark._2pMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("extensions.toolbar.mindspark._5zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

-\\ Google Chrome v23.0.1271.64

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3809 octets] - [09/11/2012 20:39:33]

########## EOF - C:\AdwCleaner[S1].txt - [3869 octets] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 2.9.1 (11.09.2012)
OS: Microsoft Windows XP x86
Ran by Owner on Fri 11/09/2012 at 21:12:51.59
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wwaa5au8.default\extensions\jid0-FVEJI7xQ8r4RUogxXB4zKqvjZRk@jetpack

Successfully deleted the following from "C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wwaa5au8.default\prefs.js"

user_pref("extensions.toolbar.mindspark._2pMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._2pMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._2pMembers_.installation.installDate", "2012100505");
user_pref("extensions.toolbar.mindspark._2pMembers_.installation.partnerId", "^CD^xdm003^S03543^us");
user_pref("extensions.toolbar.mindspark._2pMembers_.installation.partnerSubId", "CJDB_PnN6LICFUKd4AodhTYAsA");
user_pref("extensions.toolbar.mindspark._2pMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._2pMembers_.installation.toolbarId", "5A790842-E511-42F7-A59F-60C2C49C3B0C");
user_pref("extensions.toolbar.mindspark._2pMembers_.lastActivePing", "1349450713091");
user_pref("extensions.toolbar.mindspark._2pMembers_.options.defaultSearch", false);
user_pref("extensions.toolbar.mindspark._2pMembers_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._2pMembers_.options.keywordEnabled", false);
user_pref("extensions.toolbar.mindspark._2pMembers_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._2pMembers_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark._5zMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._5zMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._5zMembers_.installation.installDate", "2012100511");
user_pref("extensions.toolbar.mindspark._5zMembers_.installation.partnerId", "^AFA^xdm069^YY^us");
user_pref("extensions.toolbar.mindspark._5zMembers_.installation.partnerSubId", "101497");
user_pref("extensions.toolbar.mindspark._5zMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._5zMembers_.installation.toolbarId", "7C5DC522-6632-4DBF-841E-3AE8ABC010B6");
user_pref("extensions.toolbar.mindspark._5zMembers_.lastActivePing", "1349452098125");
user_pref("extensions.toolbar.mindspark._5zMembers_.options.defaultSearch", false);
user_pref("extensions.toolbar.mindspark._5zMembers_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._5zMembers_.options.keywordEnabled", false);
user_pref("extensions.toolbar.mindspark._5zMembers_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._5zMembers_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark.lastInstalled", "couponxplorer@mindspark.com");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/09/2012 at 21:20:03.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#7 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 12 November 2012 - 08:37 PM

Hi,

What should I do next. If you read my last post, I couldn't find some of the scan results.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 PM

Posted 12 November 2012 - 08:51 PM

Farbar service scanner and minitoolbox log should be saved in the folder from which the tools were launched.

You can scan them again if you dont find the logs

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#9 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 12 November 2012 - 09:01 PM

Ahh I see now. Here they are and I will have the rest of the results soon.


Farbar Service Scanner Version: 09-11-2012
Ran by Owner (administrator) on 09-11-2012 at 20:36:42
Running from "C:\Documents and Settings\Owner\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2009-04-20 13:16] - [2009-04-20 13:16] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2009-04-20 13:25] - [2009-04-20 13:25] - 0361600 ____A (Microsoft Corporation) BA8C046D98345129723E6BCAA1E8AB99

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll
[2009-04-20 13:17] - [2009-04-20 13:17] - 0330752 ____A (Microsoft Corporation) 4F10A2FA76B5BD54CD68AFA94E8ADB39

C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

ATTENTION!=====> C:\WINDOWS\system32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2011-01-11 00:24] - [2009-04-20 13:19] - 0023576 ____A (Microsoft Corporation) AAE1A6FFBA2B0436E91795120F48C461

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll
[2009-04-20 13:17] - [2009-04-20 13:17] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2009-04-20 13:18] - [2009-04-20 13:18] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINDOWS\system32\services.exe
[2009-04-20 13:18] - [2009-04-20 13:18] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6


Extra List:
=======
aswTdi(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****



MiniToolBox by Farbar Version: 10-11-2012 01
Ran by Owner (administrator) on 12-11-2012 at 20:59:53
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : anonymous
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-0A-CD-18-09-08
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.21
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
Lease Obtained. . . . . . . . . . : Monday, November 12, 2012 8:20:40 PM
Lease Expires . . . . . . . . . . : Monday, November 12, 2012 11:08:40 PM
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.228.101, 74.125.228.102, 74.125.228.103, 74.125.228.104
74.125.228.105, 74.125.228.110, 74.125.228.96, 74.125.228.97, 74.125.228.98
74.125.228.99, 74.125.228.100


Pinging google.com [74.125.228.66] with 32 bytes of data:

Reply from 74.125.228.66: bytes=32 time=25ms TTL=52
Reply from 74.125.228.66: bytes=32 time=20ms TTL=52

Ping statistics for 74.125.228.66:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 20ms, Maximum = 25ms, Average = 22ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=97ms TTL=50
Reply from 72.30.38.140: bytes=32 time=128ms TTL=50

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 97ms, Maximum = 128ms, Average = 112ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0a cd 18 09 08 ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.21 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.21 192.168.0.21 20
192.168.0.0 255.255.255.0 192.168.0.21 192.168.0.21 20
192.168.0.21 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.21 192.168.0.21 20
224.0.0.0 240.0.0.0 192.168.0.21 192.168.0.21 20
255.255.255.255 255.255.255.255 192.168.0.21 192.168.0.21 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/16/2012 07:12:31 PM) (Source: Application Error) (User: )
Description: Faulting application game.exe, version 1.0.3.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00011980.
Processing media-specific event for [game.exe!ws!]

Error: (09/29/2012 07:37:02 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module quicktime.qts, version 7.69.80.9, fault address 0x0077c192.
Processing media-specific event for [wmplayer.exe!ws!]

Error: (09/29/2012 07:36:28 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module quicktime.qts, version 7.69.80.9, fault address 0x0077c192.
Processing media-specific event for [wmplayer.exe!ws!]

Error: (09/29/2012 07:35:44 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module quicktime.qts, version 7.69.80.9, fault address 0x0077c192.
Processing media-specific event for [wmplayer.exe!ws!]

Error: (09/29/2012 06:20:55 AM) (Source: Google Update) (User: ANONYMOUS)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (09/28/2012 09:20:42 PM) (Source: Google Update) (User: ANONYMOUS)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (09/28/2012 06:21:01 PM) (Source: Google Update) (User: ANONYMOUS)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (09/25/2012 07:47:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 69297

Error: (09/25/2012 07:47:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 69297

Error: (09/25/2012 07:47:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/09/2012 11:41:39 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109).

Error: (11/09/2012 06:42:08 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109).

Error: (11/09/2012 01:10:14 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109).

Error: (11/07/2012 01:06:01 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109).

Error: (11/06/2012 08:52:45 PM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB2481109).

Error: (11/06/2012 08:52:17 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (10/26/2012 08:42:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/26/2012 08:25:16 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Aavmker4
aswSnx
aswSP
aswTdi
Fips
intelppm

Error: (10/26/2012 08:24:07 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/26/2012 10:37:36 AM) (Source: 0) (User: )
Description: C:


Microsoft Office Sessions:
=========================
Error: (10/16/2012 07:12:31 PM) (Source: Application Error)(User: )
Description: game.exe1.0.3.0ntdll.dll5.1.2600.605500011980

Error: (09/29/2012 07:37:02 PM) (Source: Application Error)(User: )
Description: wmplayer.exe11.0.5721.5145quicktime.qts7.69.80.90077c192

Error: (09/29/2012 07:36:28 PM) (Source: Application Error)(User: )
Description: wmplayer.exe11.0.5721.5145quicktime.qts7.69.80.90077c192

Error: (09/29/2012 07:35:44 PM) (Source: Application Error)(User: )
Description: wmplayer.exe11.0.5721.5145quicktime.qts7.69.80.90077c192

Error: (09/29/2012 06:20:55 AM) (Source: Google Update)(User: ANONYMOUS)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (09/28/2012 09:20:42 PM) (Source: Google Update)(User: ANONYMOUS)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (09/28/2012 06:21:01 PM) (Source: Google Update)(User: ANONYMOUS)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (09/25/2012 07:47:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 69297

Error: (09/25/2012 07:47:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 69297

Error: (09/25/2012 07:47:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


=========================== Installed Programs ============================

7-Zip 4.65
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader 7.0 (Version: 7.0.0)
Advanced SystemCare 3 (Version: 3.7.3)
Alt-Tab Task Switcher Powertoy for Windows XP (Version: 1.00.0001)
Apple Application Support (Version: 1.5.0)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.2.120)
ArcSoft Panorama Maker 5 (Version: 5.0.1.25)
avast! Free Antivirus (Version: 7.0.1466.0)
Bing Maps 3D (Version: 4.0.903.16005)
Bonjour (Version: 2.0.4.0)
Brother MFL-Pro Suite MFC-J430W (Version: 1.0.19.0)
CCleaner (Version: 3.21)
Chessmaster 10th Edition (Version: 1.00.0000)
Dasher
ESET Online Scanner v3
File Uploader (Version: 1.2.3)
Foxit Creator (Version: 3,0,2,0506)
Foxit Reader
Google Chrome (Version: 23.0.1271.64)
HashCheck Shell Extension (x86-32) (Version: 2.1.8.1)
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
iTunes (Version: 10.2.1.1)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 29 (Version: 6.0.290)
K-Lite Mega Codec Pack 4.7.5 (Version: 4.7.5)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MediaLooks QuickTime Source 1.7.0.6 (DirectShow Filter) (Version: 1.7.0.6)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Service Pack 1 (Version: 1.1.4322)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft AppLocale (Version: 1.0.0)
Microsoft Silverlight (Version: 2.0.40115.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows Application Compatibility Database
Mozilla Firefox 16.0.1 (x86 en-US) (Version: 16.0.1)
Mozilla Maintenance Service (Version: 16.0.1)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
my Picturetown Uploader (Version: 1.1)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.5.2)
Nuance PaperPort 12 (Version: 12.1.0000)
Nuance PDF Viewer Plus (Version: 5.30.3290)
Open Command Prompt Shell Extension (x86-32) (Version: 1.2.0.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
PaperPort Image Printer (Version: 1.00.0001)
Picture Control Utility (Version: 1.1.9)
QuickTime (Version: 7.69.80.9)
QuickTime Alternative 2.8.0 (Version: 2.8.0)
Scansoft PDF Professional
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.10 (Version: 5.10.116)
SoundMAX (Version: 5.12.01.5246)
TeamViewer 6 (Version: 6.0.9947)
The Sims 2
Unlocker 1.8.7 (Version: 1.8.7)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
User Profile Hive Cleanup Service (Version: 1.6.30)
ViewNX (Version: 1.5.1)
WebFldrs XP (Version: 9.50.7523)
Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.70)
Windows Rights Management Client with Service Pack 2 (Version: 5.2.70)

========================= Memory info: ===================================

Percentage of memory in use: 64%
Total physical RAM: 509.98 MB
Available physical RAM: 181.27 MB
Total Pagefile: 1247.26 MB
Available Pagefile: 967.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.98 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.46 GB) (Free:30.51 GB) NTFS
2 Drive d: (Chessmaster 10) (CDROM) (Total:1.47 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\ANONYMOUS

Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0

========================= Restore Points ==================================

19-09-2012 23:09:35 Installed Brother Software Suite
19-09-2012 23:13:46 Unsigned printer driver Brother PC-FAX v.2.2 installed.
20-09-2012 04:40:55 Software Distribution Service 3.0
20-09-2012 09:45:00 Software Distribution Service 3.0
21-09-2012 07:00:25 Software Distribution Service 3.0
22-09-2012 07:00:23 Software Distribution Service 3.0
23-09-2012 03:55:11 Software Distribution Service 3.0
24-09-2012 04:26:24 Software Distribution Service 3.0
25-09-2012 05:11:52 System Checkpoint
25-09-2012 07:00:21 Software Distribution Service 3.0
26-09-2012 04:15:24 Software Distribution Service 3.0
27-09-2012 05:05:31 System Checkpoint
27-09-2012 07:00:20 Software Distribution Service 3.0
28-09-2012 02:28:45 Software Distribution Service 3.0
29-09-2012 03:24:20 Software Distribution Service 3.0
30-09-2012 03:32:15 System Checkpoint
30-09-2012 07:00:22 Software Distribution Service 3.0
30-09-2012 12:02:32 Software Distribution Service 3.0
01-10-2012 08:55:30 Software Distribution Service 3.0
02-10-2012 04:20:05 Software Distribution Service 3.0
03-10-2012 04:16:50 Software Distribution Service 3.0
04-10-2012 02:56:39 Software Distribution Service 3.0
05-10-2012 03:39:03 Software Distribution Service 3.0
05-10-2012 16:03:27 Removed Facebook Video Calling 1.2.0.159
06-10-2012 07:00:21 Software Distribution Service 3.0
07-10-2012 04:51:49 Software Distribution Service 3.0
07-10-2012 20:25:37 IObit Uninstaller RestorePoint
07-10-2012 20:26:53 Removed Nikon Message Center
08-10-2012 07:00:23 Software Distribution Service 3.0
09-10-2012 04:52:15 Software Distribution Service 3.0
10-10-2012 02:34:24 Software Distribution Service 3.0
11-10-2012 03:19:06 System Checkpoint
11-10-2012 03:47:40 Software Distribution Service 3.0
12-10-2012 04:08:37 Software Distribution Service 3.0
13-10-2012 05:08:23 System Checkpoint
13-10-2012 07:00:21 Software Distribution Service 3.0
14-10-2012 04:12:50 Software Distribution Service 3.0
15-10-2012 03:11:52 Software Distribution Service 3.0
16-10-2012 02:35:14 Software Distribution Service 3.0
17-10-2012 02:08:01 Software Distribution Service 3.0
18-10-2012 02:54:11 System Checkpoint
18-10-2012 07:00:20 Software Distribution Service 3.0
19-10-2012 04:24:46 Software Distribution Service 3.0
20-10-2012 04:26:23 System Checkpoint
20-10-2012 07:00:22 Software Distribution Service 3.0
21-10-2012 07:00:24 Software Distribution Service 3.0
22-10-2012 04:09:50 Software Distribution Service 3.0
23-10-2012 04:32:47 System Checkpoint
23-10-2012 07:00:19 Software Distribution Service 3.0
24-10-2012 04:35:29 Software Distribution Service 3.0
25-10-2012 04:19:25 Software Distribution Service 3.0
26-10-2012 04:53:29 System Checkpoint
26-10-2012 07:00:22 Software Distribution Service 3.0
07-11-2012 01:52:34 Software Distribution Service 3.0
07-11-2012 06:05:45 Software Distribution Service 3.0
09-11-2012 06:10:01 Software Distribution Service 3.0
09-11-2012 11:41:46 Software Distribution Service 3.0
10-11-2012 04:41:24 Software Distribution Service 3.0
13-11-2012 01:48:03 System Checkpoint

**** End of log ****

#10 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 12 November 2012 - 10:22 PM

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/12/2012 10:13:53 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\taskswitch.exe (PID: 1860) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* mnmsrvc [Missing Service]
* wscsvc [Missing Service]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\Drivers\tcpip.sys [NoSig]
+-> C:\WINDOWS\system32\dllcache\tcpip.sys : 361,600 : 06/20/2008 00:59 AM : ad978a1b783b5719720cff204b666c8e [Pos Repl]

* C:\WINDOWS\System32\UxTheme.dll [NoSig]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 11/12/2012 10:15:56 PM
Execution time: 0 hours(s), 2 minute(s), and 2 seconds(s)





"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "ArcSoft Connection Service" "ArcSoft Connect Daemon" "ArcSoft Inc." "c:\program files\common files\arcsoft\connection service\bin\acdaemon.exe"
+ "avast" "avast! Antivirus" "AVAST Software" "c:\program files\avast software\avast\avastui.exe"
+ "BrStsMon00" "Status Monitor Application" "Brother Industries, Ltd." "c:\program files\browny02\brother\brstmonw.exe"
+ "ControlCenter4" "ControlCenter Launcher" "Brother Industries, Ltd." "c:\program files\controlcenter4\brccboot.exe"
+ "CoolSwitch" "" "" "c:\windows\system32\taskswitch.exe"
+ "igfxhkcmd" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "igfxpers" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "igfxtray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "IndexSearch" "PaperPort IndexSearch" "Nuance Communications, Inc." "c:\program files\nuance\paperport\indexsearch.exe"
+ "Nikon Transfer Monitor" "Nikon Transfer Monitor" "Nikon Corporation" "c:\program files\common files\nikon\monitor\nkmonitor.exe"
+ "PaperPort PTD" "PaperPort Print to Desktop for NT" "Nuance Communications, Inc." "c:\program files\nuance\paperport\pptd40nt.exe"
+ "PDF5 Registry Controller" "PDF Converter Registry Controller" "Nuance Communications, Inc." "c:\program files\nuance\pdf viewer plus\registrycontroller.exe"
+ "PDFHook" "PdfCreateHook Application" "Nuance Communications, Inc." "c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe"
+ "PPort12reminder" "Ereg" "Nuance Communications, Inc." "c:\program files\nuance\paperport\ereg\ereg.exe"
+ "SoundMAXPnP" "SMax4PNP MFC Application" "Analog Devices, Inc." "c:\program files\analog devices\core\smax4pnp.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "AvgUninstallURL" "" "" "File not found: start"
"C:\Documents and Settings\Owner\Start Menu\Programs\Startup" "" "" ""
+ "TeamViewer 6.lnk" "TeamViewer Remote Control Application" "TeamViewer GmbH" "c:\program files\teamviewer\version6\teamviewer.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\documents and settings\owner\local settings\application data\google\update\googleupdate.exe"
+ "ISUSPM" "Acresso Software Manager" "Acresso Corporation" "c:\documents and settings\all users\application data\flexnet\connect\11\isuspm.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "skype-ie-addon-data" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "HashCheck Shell Extension" "HashCheck Shell Extension (x86-32)" "ktechcomputing.com" "c:\windows\system32\shellext\hashcheck.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers" "" "" ""
+ "HashCheck Shell Extension" "HashCheck Shell Extension (x86-32)" "ktechcomputing.com" "c:\windows\system32\shellext\hashcheck.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "CmdOpen Shell Extension" "Open Command Prompt Shell Extension (x86-32)" "code.kliu.org" "c:\windows\system32\shellext\cmdopen.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "CmdOpen Shell Extension" "Open Command Prompt Shell Extension (x86-32)" "code.kliu.org" "c:\windows\system32\shellext\cmdopen.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "OpenOffice.org" "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "AcroIEHlprObj Class" "Adobe Acrobat IE Helper Version 7.0 for ActiveX" "Adobe Systems Incorporated" "c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll"
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "PlusIEEventHelper Class" "PlusIEContextMenu.dll" "Zeon Corporation" "c:\program files\nuance\pdf viewer plus\bin\plusiecontextmenu.dll"
+ "Skype Browser Helper" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Skype Click to Call" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "avast! Emergency Update.job" "avast! Emergency Update" "AVAST Software" "c:\program files\avast software\avast\avastemupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-839522115-1177238915-1417001333-1003Core.job" "Google Installer" "Google Inc." "c:\documents and settings\owner\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-839522115-1177238915-1417001333-1003UA.job" "Google Installer" "Google Inc." "c:\documents and settings\owner\local settings\application data\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ACDaemon" "ArcSoft Connect Service" "ArcSoft Inc." "c:\program files\common files\arcsoft\connection service\bin\acservice.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "avast! Antivirus" "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler." "AVAST Software" "c:\program files\avast software\avast\avastsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "BrYNSvc" "BrYNCSvc" "Brother Industries, Ltd." "c:\program files\browny02\brynsvc.exe"
+ "ezGOSvc" "Provides licensing, security and update services for EasyBits GO. If this service is stopped or disabled, EasyBits GO may not function properly." "" "c:\windows\system32\ezgosvc.dll"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "PDFProFiltSrvPP" "PDFPro IFilter Service" "Nuance Communications, Inc." "c:\program files\nuance\paperport\pdfprofiltsrvpp.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe"
+ "UPHClean" "Cleans up handles to allow unloading of user profile hive. This can help speed up logging off, reconciliation of roaming profiles and prevent exceeding the registry size limit." "Microsoft Corporation" "c:\program files\uphclean\uphclean.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Aavmker4" "avast! Asynchronous Virus Monitor" "AVAST Software" "c:\windows\system32\drivers\aavmker4.sys"
+ "aswFsBlk" "avast! mini-filter driver (aswFsBlk)" "AVAST Software" "c:\windows\system32\drivers\aswfsblk.sys"
+ "aswMon2" "avast! Standard Shield Support" "AVAST Software" "c:\windows\system32\drivers\aswmon2.sys"
+ "AswRdr" "avast! TDI Redirect driver" "AVAST Software" "c:\windows\system32\drivers\aswrdr.sys"
+ "aswSnx" "avast! virtualization driver (aswSnx)" "AVAST Software" "c:\windows\system32\drivers\aswsnx.sys"
+ "aswSP" "avast! Self Protection" "AVAST Software" "c:\windows\system32\drivers\aswsp.sys"
+ "aswTdi" "avast! Network Shield TDI driver" "AVAST Software" "c:\windows\system32\drivers\aswtdi.sys"
+ "BrScnUsb" "Brother USB Scanner Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brscnusb.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\ialmnt5.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "RTL8023xp" "Realtek 10/100/1000 NDIS 5.1 Driver " "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtnicxp.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "senfilt" "Creative WDM Audio Driver" "Creative Technology Ltd." "c:\windows\system32\drivers\senfilt.sys"
+ "smwdm" "SoundMAX Integrated Digital Audio " "Analog Devices, Inc." "c:\windows\system32\drivers\smwdm.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ac3acm" "AC-3 ACM Codec" "fccHandler" "c:\windows\system32\ac3acm.acm"
+ "msacm.divxa32" "DivX WMA Audio6 FileVersion" "Kristal StudioDFileDescription" "c:\windows\system32\divxa32.acm"
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.l3fhg" "MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\mp3fhg.acm"
+ "msacm.lameacm" "Lame MP3 codec engine" "http://www.mp3dev.org/" "c:\windows\system32\lameacm.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "msacm.vorbis" "Ogg Vorbis CODEC for MSACM" "HMS http://hp.vector.co.jp/authors/VA012897/" "c:\windows\system32\vorbis.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "VIDC.DIVX" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
+ "VIDC.FFDS" "" "" "c:\windows\system32\ff_vfw.dll"
+ "VIDC.HFYU" "Huffyuv lossless video codec" "Disappearing Inc." "c:\windows\system32\huffyuv.dll"
+ "vidc.i263" "Intel I.263 Video Driver 2.55.012" "Intel Corporation" "c:\windows\system32\i263_32.drv"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "VIDC.VP60" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp6vfw.dll"
+ "VIDC.VP61" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp6vfw.dll"
+ "VIDC.VP62" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp6vfw.dll"
+ "VIDC.VP70" "VP70 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp7vfw.dll"
+ "VIDC.X264" "" "" "c:\windows\system32\x264vfw.dll"
+ "VIDC.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
+ "VIDC.YV12" "Helix YV12 YUV Codec" "www.helixcommunity.org" "c:\windows\system32\yv12vfw.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "AC3File" "" "" "c:\program files\k-lite codec pack\filters\ac3file.ax"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "CDXA Reader" "CDXA Reader Filter" "Gabest" "c:\program files\k-lite codec pack\filters\cdxareader.ax"
+ "CoreVorbis Audio Decoder" "CoreVorbis" "-" "c:\program files\k-lite codec pack\filters\corevorbis.ax"
+ "CyberLink Video/SP Decoder (PDVD9)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\k-lite codec pack\filters\clvsd.ax"
+ "DC-Bass Source" "DirectShow™ Audio Decoder" "http://www.dsp-worx.de" "c:\program files\k-lite codec pack\filters\dcbasssource.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\program files\k-lite codec pack\filters\vsfilter.dll"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\k-lite codec pack\ffdshow\ffdshow.ax"
+ "File Source (Monkey Audio)" "" "" "c:\program files\k-lite codec pack\filters\monkeysource.ax"
+ "FLV Source" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "FLV Splitter" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "FLV4 Video Decoder" "FLV Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\flvsplitter.ax"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files\k-lite codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files\k-lite codec pack\filters\haali\splitter.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "madFlac Decoder" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "madFlac Source" "DirectShow FLAC Decoder" "www.madshi.net" "c:\program files\k-lite codec pack\filters\madflac.ax"
+ "MainConcept (Nikon) MPEG Audio Decoder" "MPEG Video and Audio Decoder" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikondsmpeg.ax"
+ "MainConcept (Nikon) MPEG Encoder" "MPEG Encoder and Muxer" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikonesmpeg.ax"
+ "MainConcept (Nikon) MPEG Video Decoder" "MPEG Video and Audio Decoder" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikondsmpeg.ax"
+ "Matroska Source" "Matroska Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\matroskasplitter.ax"
+ "Matroska Splitter" "Matroska Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\matroskasplitter.ax"
+ "MediaLooks QT Source" "QuickTime DirectShow Source" "MediaLooks Company" "c:\program files\medialooks\quicktime directshow source filter\bin\qtsourcepxt.dll"
+ "MONOGRAM AMR Decoder" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Encoder" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Mux" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM AMR Splitter" "AMR Filter Pack" "MONOGRAM Multimedia, s.r.o." "c:\program files\k-lite codec pack\filters\mmamr.ax"
+ "MONOGRAM Musepack Decoder" "mmmpcdec" "" "c:\program files\k-lite codec pack\filters\mmmpcdec.ax"
+ "MONOGRAM Musepack Splitter" "mmmpcdmx" "" "c:\program files\k-lite codec pack\filters\mmmpcdmx.ax"
+ "MP4 Source" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MP4 Splitter" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPC - Mpeg Source (Gabest)" "Mpeg Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mpegsplitter.ax"
+ "MPC - Mpeg Splitter (Gabest)" "Mpeg Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mpegsplitter.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "MPEG4 Video Source" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "MPEG4 Video Splitter" "MP4 Splitter" "Gabest" "c:\program files\k-lite codec pack\filters\mp4splitter.ax"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvmanalyse.ax"
+ "muvee WAV Encoder" "mvWavEncoder Filter (Sample)" "Microsoft Corporation" "c:\program files\common files\muvee technologies\030625\mvwavenc.ax"
+ "QuickTime Source Filter" "QuickTimeSource Module" "" "c:\program files\common files\muvee technologies\030625\quicktimesource.dll"
+ "RadLight OptimFROG DirectShow Filter" "RLOFRDec" "RadLight" "c:\program files\k-lite codec pack\filters\rlofrdec.ax"
+ "RealAudio Decoder" "RealMedia Splitter" "Gabest" "c:\program files\k-lite codec pack\real\realmediasplitter.ax"
+ "RealMedia Source" "RealMedia Splitter" "Gabest" "c:\program files\k-lite codec pack\real\realmediasplitter.ax"
+ "RealMedia Splitter" "RealMedia Splitter" "Gabest" "c:\program files\k-lite codec pack\real\realmediasplitter.ax"
+ "RealVideo Decoder" "RealMedia Splitter" "Gabest" "c:\program files\k-lite codec pack\real\realmediasplitter.ax"
+ "T" "VP7 Decompression Filter" "On2.com Inc." "c:\program files\k-lite codec pack\filters\vp7dec.ax"
+ "WavPack Audio Decoder" "WavPack Audio DirectShow Decoder" "-" "c:\program files\k-lite codec pack\filters\wavpackdsdecoder.ax"
+ "WavPack Audio Splitter" "WavPack Audio DirectShow Splitter" "-" "c:\program files\k-lite codec pack\filters\wavpackdssplitter.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 PM

Posted 12 November 2012 - 10:26 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Go to https://www.virustotal.com/

Click on CHOOSE FILE and browse to

C:\Windows\System32\drivers\tcpip.sys and click ok

Click on SCAN IT option

Post the generated log result here

#12 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 12 November 2012 - 11:03 PM

Virus total didn't produce a log, but it did produce some data on a website. Would you like me to copy and paste it? Might not format correctly.




Farbar Service Scanner Version: 09-11-2012
Ran by Owner (administrator) on 12-11-2012 at 22:51:05
Running from "C:\Documents and Settings\Owner\Desktop\Cleanup"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2009-04-20 13:16] - [2009-04-20 13:16] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2009-04-20 13:25] - [2009-04-20 13:25] - 0361600 ____A (Microsoft Corporation) BA8C046D98345129723E6BCAA1E8AB99

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll
[2009-04-20 13:17] - [2009-04-20 13:17] - 0330752 ____A (Microsoft Corporation) 4F10A2FA76B5BD54CD68AFA94E8ADB39

C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

ATTENTION!=====> C:\WINDOWS\system32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2011-01-11 00:24] - [2009-04-20 13:19] - 0023576 ____A (Microsoft Corporation) AAE1A6FFBA2B0436E91795120F48C461

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll
[2009-04-20 13:17] - [2009-04-20 13:17] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2009-04-20 13:18] - [2009-04-20 13:18] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINDOWS\system32\services.exe
[2009-04-20 13:18] - [2009-04-20 13:18] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6


Extra List:
=======
aswTdi(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 PM

Posted 12 November 2012 - 11:07 PM

Virus total didn't produce a log, but it did produce some data on a website. Would you like me to copy and paste it? Might not format correctly.


I need the link to web page it generated

Launch farbar service scanner again and type

wscsvc.dll in search BOX

Click on SEARCH FILES,post the generated log

#14 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 12 November 2012 - 11:12 PM

https://www.virustotal.com/file/eaeb36b2e7395e34f8c623401fa33eae016882a3b041bd20e14a2b8b1a191695/analysis/1352779339/




Farbar Service Scanner Version: 09-11-2012
Ran by Owner (administrator) on 12-11-2012 at 23:08:42
Microsoft Windows XP Service Pack 3 (X86)

************************************************
======== Search: "wscsvc.dll" =========

====== End Of Search ======

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 PM

Posted 12 November 2012 - 11:18 PM

Download

wscsvc.dll

Copy the file to

C:\windows\system32 folder

Download

wscsvc

Launch it and click YES

Restart the PC and run farbar service scanner again and post the new log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users