Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Message-Write Fault Error


  • Please log in to reply
39 replies to this topic

#1 Duvodas

Duvodas

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 11 November 2012 - 03:27 PM

So, I got this Malaware on my computer, and I've followed all the instructions in the "Remove Smart HDD" guide.

I started in safe mode.

I ran rkill.

I ran MBAM.

And when I rebooted my computer, these annoying windows keep popping up:

"System message - Write fault error. A write command during the test has failed to complete". Another window came up saying "System error. Hard disk failure detected. It's highly recommended to run complete HDD scan to prevent loss of personal files."

What else should I do?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 11 November 2012 - 03:38 PM

Boot into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Duvodas

Duvodas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 11 November 2012 - 04:57 PM

Here is the log for the TDSSkiller

15:44:19.0343 0404 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:44:19.0640 0404 ============================================================
15:44:19.0640 0404 Current date / time: 2012/11/11 15:44:19.0640
15:44:19.0640 0404 SystemInfo:
15:44:19.0640 0404
15:44:19.0640 0404 OS Version: 5.1.2600 ServicePack: 3.0
15:44:19.0640 0404 Product type: Workstation
15:44:19.0640 0404 ComputerName: ACER-032A3D62ED
15:44:19.0640 0404 UserName: Administrator
15:44:19.0640 0404 Windows directory: C:\WINDOWS
15:44:19.0640 0404 System windows directory: C:\WINDOWS
15:44:19.0640 0404 Processor architecture: Intel x86
15:44:19.0640 0404 Number of processors: 1
15:44:19.0640 0404 Page size: 0x1000
15:44:19.0640 0404 Boot type: Safe boot with network
15:44:19.0640 0404 ============================================================
15:44:22.0906 0404 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:44:22.0921 0404 ============================================================
15:44:22.0921 0404 \Device\Harddisk0\DR0:
15:44:22.0921 0404 MBR partitions:
15:44:22.0921 0404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
15:44:22.0921 0404 ============================================================
15:44:23.0000 0404 C: <-> \Device\Harddisk0\DR0\Partition1
15:44:23.0046 0404 ============================================================
15:44:23.0046 0404 Initialize success
15:44:23.0046 0404 ============================================================
15:44:42.0718 0656 ============================================================
15:44:42.0718 0656 Scan started
15:44:42.0718 0656 Mode: Manual; TDLFS;
15:44:42.0718 0656 ============================================================
15:44:43.0890 0656 ================ Scan system memory ========================
15:44:43.0890 0656 System memory - ok
15:44:43.0906 0656 ================ Scan services =============================
15:44:44.0109 0656 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:44:44.0125 0656 !SASCORE - ok
15:44:44.0328 0656 [ 17067069B9A7865028C1F2E6971D0CCC ] aawservice C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
15:44:44.0343 0656 aawservice - ok
15:44:44.0906 0656 Abiosdsk - ok
15:44:44.0937 0656 abp480n5 - ok
15:44:45.0000 0656 [ 7563C2166940DF4BD740FCA01FAB2F55 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:44:45.0015 0656 ACPI - ok
15:44:45.0062 0656 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
15:44:45.0062 0656 ACPIEC - ok
15:44:45.0078 0656 adpu160m - ok
15:44:45.0140 0656 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:44:45.0140 0656 aec - ok
15:44:45.0203 0656 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:44:45.0218 0656 AFD - ok
15:44:45.0328 0656 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
15:44:45.0328 0656 AgereModemAudio - ok
15:44:45.0437 0656 [ D31D1A92479BD8C0D050A6FFBDD410D9 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
15:44:45.0468 0656 AgereSoftModem - ok
15:44:45.0484 0656 Aha154x - ok
15:44:45.0515 0656 aic78u2 - ok
15:44:45.0546 0656 aic78xx - ok
15:44:45.0593 0656 [ BD0B616B309969E077C1345EF5B63ABA ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:44:45.0593 0656 Alerter - ok
15:44:45.0609 0656 [ E876E7CED87AD15D0BCFCBCFC2CADB0C ] ALG C:\WINDOWS\System32\alg.exe
15:44:45.0625 0656 ALG - ok
15:44:45.0640 0656 AliIde - ok
15:44:45.0671 0656 amsint - ok
15:44:45.0875 0656 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:44:45.0875 0656 Apple Mobile Device - ok
15:44:45.0937 0656 [ B578AEE2388E06182896721C031652D8 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:44:45.0937 0656 AppMgmt - ok
15:44:46.0015 0656 [ 6D5F95602B8D0D994D31A864872B38EF ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
15:44:46.0031 0656 AR5211 - ok
15:44:46.0078 0656 [ AAA2066CA87BE8CB3803E526AEF72284 ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:44:46.0078 0656 Arp1394 - ok
15:44:46.0109 0656 asc - ok
15:44:46.0125 0656 asc3350p - ok
15:44:46.0156 0656 asc3550 - ok
15:44:46.0250 0656 ASPI32 - ok
15:44:46.0406 0656 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:44:46.0453 0656 aspnet_state - ok
15:44:46.0484 0656 [ DA532763C5DFB8140B1FB45CDE8E371D ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:44:46.0562 0656 AsyncMac - ok
15:44:46.0718 0656 [ 838DF6731742B7198F91C2D9E0468DC3 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:44:46.0718 0656 atapi - ok
15:44:46.0875 0656 Atdisk - ok
15:44:46.0906 0656 [ ADE33E7444E347EE6FE34CFCCB94D678 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:44:46.0906 0656 Atmarpc - ok
15:44:46.0937 0656 [ F247FECF0F95BB8DB23081D3B9D182B5 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:44:46.0937 0656 AudioSrv - ok
15:44:46.0968 0656 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:44:46.0968 0656 audstub - ok
15:44:47.0125 0656 [ DB338A6BD3976904EB0F8343F51E64EB ] avg8wd C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
15:44:47.0125 0656 avg8wd - ok
15:44:47.0187 0656 [ BC12F2404BB6F2B6B2FF3C4C246CB752 ] AvgLdx86 C:\WINDOWS\System32\Drivers\avgldx86.sys
15:44:47.0375 0656 AvgLdx86 - ok
15:44:47.0421 0656 [ 5903D729D4F0C5BCA74123C96A1B29E0 ] AvgMfx86 C:\WINDOWS\System32\Drivers\avgmfx86.sys
15:44:47.0421 0656 AvgMfx86 - ok
15:44:47.0453 0656 [ E7DEBB46B9EF1F28932E533BE4A3D1A9 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:44:47.0640 0656 BCM43XX - ok
15:44:47.0640 0656 [ C768C8A463D32C219CE291645A0621A4 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
15:44:47.0640 0656 bcm4sbxp - ok
15:44:47.0687 0656 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:44:47.0687 0656 Beep - ok
15:44:47.0734 0656 [ 80AFFA9A10E204835F10D1E2D3A6C1EC ] BITS C:\WINDOWS\system32\qmgr.dll
15:44:47.0812 0656 BITS - ok
15:44:47.0921 0656 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:44:47.0937 0656 Bonjour Service - ok
15:44:47.0968 0656 [ 9E40E5F31E203CE90C66AF5E5D13688F ] Browser C:\WINDOWS\System32\browser.dll
15:44:47.0968 0656 Browser - ok
15:44:48.0171 0656 [ 21FA3E51618FF8E2F4B29964ABC5884F ] Browser Defender Update Service C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
15:44:48.0171 0656 Browser Defender Update Service - ok
15:44:48.0250 0656 [ B2C100ADE3A01B663CAA7EB68EE80A51 ] Cam5603D C:\WINDOWS\system32\Drivers\BisonCam.sys
15:44:48.0265 0656 Cam5603D - ok
15:44:48.0312 0656 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:44:48.0312 0656 cbidf2k - ok
15:44:48.0343 0656 [ E8A272D0F11A2FA58431FA6588E6152D ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:44:48.0343 0656 CCDECODE - ok
15:44:48.0343 0656 cd20xrnt - ok
15:44:48.0359 0656 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:44:48.0359 0656 Cdaudio - ok
15:44:48.0390 0656 [ CD319F3A4BFC23E9FB392B94AFD59641 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:44:48.0390 0656 Cdfs - ok
15:44:48.0406 0656 [ 9961D4CF6C01D2B3E6BA7E9A15B55F31 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:44:48.0406 0656 Cdrom - ok
15:44:48.0406 0656 Changer - ok
15:44:48.0421 0656 [ ECDE37D2ED4E640080E54C9AFD18EE41 ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:44:48.0421 0656 CiSvc - ok
15:44:48.0437 0656 [ D1BA0A09D773E6E6BE5971E9FBC2DA06 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:44:48.0437 0656 ClipSrv - ok
15:44:48.0484 0656 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:44:48.0578 0656 clr_optimization_v2.0.50727_32 - ok
15:44:48.0609 0656 [ BC6187543CFFD0CAEC690300DA8C2FA1 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:44:48.0609 0656 CmBatt - ok
15:44:48.0625 0656 CmdIde - ok
15:44:48.0625 0656 [ 55028ABED620B9822DC330107E053EE7 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:44:48.0625 0656 Compbatt - ok
15:44:48.0640 0656 COMSysApp - ok
15:44:48.0656 0656 Cpqarray - ok
15:44:48.0687 0656 [ 3BE9F3160CF92FE9F9CF3B73570F1330 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:44:48.0703 0656 CryptSvc - ok
15:44:48.0703 0656 dac2w2k - ok
15:44:48.0703 0656 dac960nt - ok
15:44:48.0765 0656 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:44:48.0781 0656 DcomLaunch - ok
15:44:48.0828 0656 [ A5034F77B278F07E224FE07CF98A8B76 ] DgiVecp C:\WINDOWS\system32\Drivers\DgiVecp.sys
15:44:48.0843 0656 DgiVecp - ok
15:44:48.0890 0656 [ ABE660C4266B32B1F7E659EF03E0E922 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:44:48.0890 0656 Dhcp - ok
15:44:48.0906 0656 [ 8C7776B0F84BFC3507E2D8F5CEE13DB4 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:44:48.0906 0656 Disk - ok
15:44:48.0921 0656 dmadmin - ok
15:44:48.0968 0656 [ 132F36F598A03B0BD845F565E7FD9705 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:44:48.0984 0656 dmboot - ok
15:44:49.0000 0656 [ E4052FA551F255CE15567B992876B17C ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:44:49.0015 0656 dmio - ok
15:44:49.0031 0656 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:44:49.0031 0656 dmload - ok
15:44:49.0046 0656 [ 134BDCF1F743BFBED275B73AFD502CF1 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:44:49.0046 0656 dmserver - ok
15:44:49.0078 0656 [ E9C1EF7B2D0D0EE2C467DC0FE61EB5EE ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:44:49.0078 0656 DMusic - ok
15:44:49.0156 0656 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:44:49.0171 0656 Dnscache - ok
15:44:49.0187 0656 [ 48DE421C3B577B499E95C3B0B9055432 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:44:49.0187 0656 Dot3svc - ok
15:44:49.0203 0656 dpti2o - ok
15:44:49.0218 0656 [ BC73D3E69EBE5A75BED5881ECC188FAB ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:44:49.0218 0656 drmkaud - ok
15:44:49.0250 0656 [ 1E36912943E60BC765B92D23701C45E4 ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:44:49.0250 0656 EapHost - ok
15:44:49.0265 0656 [ 5AEE9EEDCFBF2B0F9DEC53C27EE722A3 ] EMSCR C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
15:44:49.0265 0656 EMSCR - ok
15:44:49.0296 0656 [ 90DD05870612CD69BB5F6D2596C4B9D6 ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:44:49.0296 0656 ERSvc - ok
15:44:49.0312 0656 [ 8E56AB21D10C368029CEA57DE47D79C2 ] ESDCR C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
15:44:49.0312 0656 ESDCR - ok
15:44:49.0328 0656 [ 0A58FADE5E12D3A611427292073362CB ] ESMCR C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
15:44:49.0328 0656 ESMCR - ok
15:44:49.0375 0656 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:44:49.0390 0656 Eventlog - ok
15:44:49.0437 0656 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
15:44:49.0468 0656 EventSystem - ok
15:44:49.0500 0656 [ 3B8D65D84DDE6ACCBDE1318B5C7A18EB ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:44:49.0515 0656 Fastfat - ok
15:44:49.0546 0656 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:44:49.0546 0656 FastUserSwitchingCompatibility - ok
15:44:49.0578 0656 [ 7491AD23E3F48DF2F33E368179D63B40 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:44:49.0578 0656 Fdc - ok
15:44:49.0593 0656 [ F06DA3260B440A0F6432A50222B880EA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:44:49.0593 0656 Fips - ok
15:44:49.0640 0656 [ 28271C4C9CC2248C1CEA8FF903298C4B ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:44:49.0640 0656 Flpydisk - ok
15:44:49.0796 0656 [ 15835809E26CB8E27BF19860B5A6CAA9 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:44:49.0812 0656 FltMgr - ok
15:44:49.0906 0656 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:44:49.0937 0656 FontCache3.0.0.0 - ok
15:44:49.0968 0656 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:44:49.0968 0656 Fs_Rec - ok
15:44:50.0140 0656 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:44:50.0140 0656 Ftdisk - ok
15:44:50.0171 0656 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:44:50.0171 0656 GEARAspiWDM - ok
15:44:50.0203 0656 [ 455A242ECB4296ECA80D319566D6971E ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:44:50.0218 0656 Gpc - ok
15:44:50.0328 0656 [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:44:50.0328 0656 gusvc - ok
15:44:50.0390 0656 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:44:50.0390 0656 HDAudBus - ok
15:44:50.0453 0656 [ 092620EB30864486BE588D2367E6AC28 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:44:50.0453 0656 helpsvc - ok
15:44:50.0484 0656 [ D52E548518ECEE4E364DC95D234BBA4A ] HidServ C:\WINDOWS\System32\hidserv.dll
15:44:50.0500 0656 HidServ - ok
15:44:50.0546 0656 [ 38AB3FD05AC2146EEDE3704A22C785C6 ] hidshim C:\WINDOWS\system32\DRIVERS\hidshim.sys
15:44:50.0562 0656 hidshim - ok
15:44:50.0593 0656 [ 0E59F9EB06BD4CC0A7F34BB852615247 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:44:50.0609 0656 hidusb - ok
15:44:50.0828 0656 [ 5CFB08B84ABC3DFFA54849A272012F40 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:44:50.0828 0656 hkmsvc - ok
15:44:50.0843 0656 hpn - ok
15:44:50.0906 0656 [ 6A5C4732D6803F84E2987EDD8E4359CE ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
15:44:50.0968 0656 HSFHWAZL - ok
15:44:51.0031 0656 [ 21C31273C6CC4826E74BE8AE3B09D4A8 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
15:44:51.0062 0656 HSF_DPV - ok
15:44:51.0109 0656 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:44:51.0125 0656 HTTP - ok
15:44:51.0140 0656 [ 94429263065B17070ADFC1ED6A2D3F70 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:44:51.0156 0656 HTTPFilter - ok
15:44:51.0171 0656 i2omgmt - ok
15:44:51.0203 0656 i2omp - ok
15:44:51.0234 0656 [ B1D5AC772C9602519ABF878DA44F2993 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:44:51.0250 0656 i8042prt - ok
15:44:51.0578 0656 [ 2AAE7BE67911F4AEC9AD28E9CFB9096F ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:44:51.0968 0656 ialm - ok
15:44:52.0187 0656 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:44:52.0203 0656 idsvc - ok
15:44:52.0234 0656 [ 22ABEF00814937A22C4F4828EADC3EF8 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:44:52.0250 0656 Imapi - ok
15:44:52.0281 0656 [ 39CC28CD352CC192AEB843FB8665895F ] ImapiService C:\WINDOWS\system32\imapi.exe
15:44:52.0281 0656 ImapiService - ok
15:44:52.0281 0656 ini910u - ok
15:44:52.0515 0656 [ 74B482F8B2A9EBE8473381A7A58F801D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:44:52.0718 0656 IntcAzAudAddService - ok
15:44:52.0734 0656 IntelIde - ok
15:44:52.0781 0656 [ 58959C4C8D8C0534F0E161C8E8899C96 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:44:52.0781 0656 intelppm - ok
15:44:52.0796 0656 [ B1157E4E295D3DEC5E62B2BB5189C0A8 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:44:52.0796 0656 Ip6Fw - ok
15:44:52.0828 0656 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:44:52.0828 0656 IpFilterDriver - ok
15:44:52.0843 0656 [ 89638A2B685902CB4E70CD5D9EF33156 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:44:52.0843 0656 IpInIp - ok
15:44:52.0859 0656 [ A5791AEC1588BFD76295DE679B147C55 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:44:52.0875 0656 IpNat - ok
15:44:52.0968 0656 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:44:53.0000 0656 iPod Service - ok
15:44:53.0031 0656 [ 8C2FA9ECE20F0F99E9003F060E155DB9 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:44:53.0031 0656 IPSec - ok
15:44:53.0062 0656 [ F17106F5E19039BC7EC7F6C54BA82F21 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:44:53.0062 0656 IRENUM - ok
15:44:53.0078 0656 [ 4D08FBB3BD7B6CCE4F352D3D5A1C5154 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:44:53.0078 0656 isapnp - ok
15:44:53.0234 0656 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
15:44:53.0234 0656 JavaQuickStarterService - ok
15:44:53.0281 0656 [ F46911A590C6A69CAE4CE915E3C54EA2 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:44:53.0281 0656 Kbdclass - ok
15:44:53.0296 0656 [ 74E6777EB19269A81259D9E3FA8E0CF6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:44:53.0296 0656 kbdhid - ok
15:44:53.0343 0656 [ 724FA1E8877B52D0C6A876D41EA558E7 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:44:53.0359 0656 kmixer - ok
15:44:53.0390 0656 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:44:53.0390 0656 KSecDD - ok
15:44:53.0437 0656 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
15:44:53.0453 0656 LanmanServer - ok
15:44:53.0484 0656 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:44:53.0500 0656 lanmanworkstation - ok
15:44:53.0500 0656 lbrtfdc - ok
15:44:53.0562 0656 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:44:53.0562 0656 LightScribeService - ok
15:44:53.0593 0656 [ E3C57C9F6DD7983BFDD047493722D2BB ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:44:53.0593 0656 LmHosts - ok
15:44:53.0671 0656 [ 67B6F4E0DB57DD2020A2415294BA4ED8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
15:44:53.0687 0656 McciCMService - ok
15:44:53.0843 0656 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
15:44:53.0843 0656 McComponentHostService - ok
15:44:53.0984 0656 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:44:54.0000 0656 MDM - ok
15:44:54.0015 0656 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:44:54.0015 0656 mdmxsdk - ok
15:44:54.0031 0656 [ B0E62543939AD2B59B69AD2639D397DB ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:44:54.0031 0656 Messenger - ok
15:44:54.0078 0656 [ 027315AF46FB8FE59FD654F7804D3440 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:44:54.0078 0656 Modem - ok
15:44:54.0093 0656 [ BE8BA5D4C4ADEE75F6B4DC77B8C18726 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:44:54.0093 0656 Mouclass - ok
15:44:54.0109 0656 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:44:54.0109 0656 mouhid - ok
15:44:54.0109 0656 [ 4E73CA698169B63690CD170D62AF5289 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:44:54.0125 0656 MountMgr - ok
15:44:54.0187 0656 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:44:54.0187 0656 MozillaMaintenance - ok
15:44:54.0203 0656 mraid35x - ok
15:44:54.0265 0656 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
15:44:54.0265 0656 MREMP50 - ok
15:44:54.0265 0656 MREMP50a64 - ok
15:44:54.0328 0656 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
15:44:54.0328 0656 MRESP50 - ok
15:44:54.0328 0656 MRESP50a64 - ok
15:44:54.0375 0656 [ AC9A33D0836545E72E878D6B2EE66ED3 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:44:54.0375 0656 MRxDAV - ok
15:44:54.0453 0656 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:44:54.0468 0656 MRxSmb - ok
15:44:54.0546 0656 [ AF8467D683E8D3D7950E980D447645F6 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:44:54.0546 0656 MSDTC - ok
15:44:54.0578 0656 [ 921A36437283D1303C42996877976EA0 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:44:54.0578 0656 Msfs - ok
15:44:54.0578 0656 MSIServer - ok
15:44:54.0609 0656 [ 8D235F3B33089CE8C02E3A56C55CFA2A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:44:54.0609 0656 MSKSSRV - ok
15:44:54.0625 0656 [ 60B0A7B75A169EFC90A7D28B762F1D7A ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:44:54.0625 0656 MSPCLOCK - ok
15:44:54.0640 0656 [ 5FF45F159DD6F9292CD0645706593ADE ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:44:54.0640 0656 MSPQM - ok
15:44:54.0671 0656 [ 227DA9E3A1A6FC04210D2392B9EA9026 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:44:54.0671 0656 mssmbios - ok
15:44:54.0671 0656 [ 2E29D69EBE0F84C91B6AC951E7CC4D05 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
15:44:54.0687 0656 MSTEE - ok
15:44:54.0750 0656 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:44:54.0750 0656 Mup - ok
15:44:54.0765 0656 [ BDCAC0684D77E289465B183D0B785941 ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:44:54.0765 0656 NABTSFEC - ok
15:44:54.0812 0656 [ 2B0C4BBC291DD4608EAD2F2CBCE10E5C ] napagent C:\WINDOWS\System32\qagentrt.dll
15:44:54.0812 0656 napagent - ok
15:44:54.0843 0656 [ D89ACA7F76952917CBADE3C315B50036 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:44:54.0843 0656 NDIS - ok
15:44:54.0859 0656 [ 514A71B244D6DC19A657C91A2A336B7A ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:44:54.0859 0656 NdisIP - ok
15:44:54.0890 0656 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:44:54.0890 0656 NdisTapi - ok
15:44:54.0890 0656 [ 6C299F28150BF94C304B5B2F9AEF0C9A ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:44:54.0890 0656 Ndisuio - ok
15:44:54.0921 0656 [ 026B1FC7ED7761FF1330047580D8345E ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:44:55.0046 0656 NdisWan - ok
15:44:55.0093 0656 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:44:55.0093 0656 NDProxy - ok
15:44:55.0109 0656 [ 34691C114A1E3DF953D4F918C1068FB6 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:44:55.0109 0656 NetBIOS - ok
15:44:55.0125 0656 [ FCF68116195ADF2777644187303F206A ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:44:55.0125 0656 NetBT - ok
15:44:55.0156 0656 [ 6B4EDEFFEBBD705A1160F27A821532B3 ] NetDDE C:\WINDOWS\system32\netdde.exe
15:44:55.0156 0656 NetDDE - ok
15:44:55.0171 0656 [ 6B4EDEFFEBBD705A1160F27A821532B3 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:44:55.0171 0656 NetDDEdsdm - ok
15:44:55.0203 0656 [ 543B4545600F5B26150FF3F639AA670A ] Netlogon C:\WINDOWS\system32\lsass.exe
15:44:55.0203 0656 Netlogon - ok
15:44:55.0218 0656 [ A0C9CB2819059FA490B2CF43AA08D19C ] Netman C:\WINDOWS\System32\netman.dll
15:44:55.0234 0656 Netman - ok
15:44:55.0328 0656 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:44:55.0328 0656 NetTcpPortSharing - ok
15:44:55.0343 0656 [ E54114C34A338313EA622DFADEADA0D4 ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:44:55.0359 0656 NIC1394 - ok
15:44:55.0390 0656 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:44:55.0390 0656 Nla - ok
15:44:55.0421 0656 [ 682D9C1B2219BCCDA7D033E2706FDB50 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:44:55.0421 0656 Npfs - ok
15:44:55.0453 0656 [ 4BAA9DE705D0EA0036642D655A36D16E ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:44:55.0484 0656 Ntfs - ok
15:44:55.0484 0656 [ 543B4545600F5B26150FF3F639AA670A ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:44:55.0484 0656 NtLmSsp - ok
15:44:55.0531 0656 [ 92FA7CCEE20701EFB2107E9B91F1B846 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:44:55.0546 0656 NtmsSvc - ok
15:44:55.0578 0656 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:44:55.0578 0656 Null - ok
15:44:55.0796 0656 [ EB2858F920B8135B807B5CCAA3ED73DC ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:44:56.0000 0656 nv - ok
15:44:56.0062 0656 [ 70217A23470F4BB4C8FB4ABE06813081 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:44:56.0062 0656 NVENETFD - ok
15:44:56.0093 0656 [ BE8513730653384939A4D2D977C81027 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:44:56.0109 0656 nvnetbus - ok
15:44:56.0140 0656 [ 9AEBC32F9D6E02EBEE0369AB296FE7C8 ] nvsmu C:\WINDOWS\system32\DRIVERS\nvsmu.sys
15:44:56.0140 0656 nvsmu - ok
15:44:56.0171 0656 [ 36032035FA55F030D55237D5C639A81D ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
15:44:56.0187 0656 NVSvc - ok
15:44:56.0234 0656 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:44:56.0234 0656 NwlnkFlt - ok
15:44:56.0250 0656 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:44:56.0250 0656 NwlnkFwd - ok
15:44:56.0265 0656 [ 7012CF464C9DED9509564ED4C7BF2B07 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:44:56.0265 0656 ohci1394 - ok
15:44:56.0296 0656 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:44:56.0312 0656 ose - ok
15:44:56.0343 0656 [ 86C656BFB7DF47DA74F681FF1B75FE81 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:44:56.0343 0656 Parport - ok
15:44:56.0359 0656 [ E1C9C03D779B559A10A744709EB194B4 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:44:56.0359 0656 PartMgr - ok
15:44:56.0375 0656 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:44:56.0375 0656 ParVdm - ok
15:44:56.0390 0656 [ 48AFFB14E2BED45D37B72894E7923444 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:44:56.0406 0656 PCI - ok
15:44:56.0406 0656 PCIDump - ok
15:44:56.0437 0656 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:44:56.0437 0656 PCIIde - ok
15:44:56.0500 0656 [ B054FACB7EB88946033A9E703569E885 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:44:56.0500 0656 Pcmcia - ok
15:44:56.0562 0656 [ D9F8E37834EFF27442E384D495EE5232 ] PCTCore C:\WINDOWS\system32\drivers\PCTCore.sys
15:44:56.0562 0656 PCTCore - ok
15:44:56.0578 0656 PDCOMP - ok
15:44:56.0578 0656 PDFRAME - ok
15:44:56.0593 0656 PDRELI - ok
15:44:56.0609 0656 PDRFRAME - ok
15:44:56.0609 0656 perc2 - ok
15:44:56.0625 0656 perc2hib - ok
15:44:56.0671 0656 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:44:56.0671 0656 PlugPlay - ok
15:44:56.0703 0656 [ 543B4545600F5B26150FF3F639AA670A ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:44:56.0703 0656 PolicyAgent - ok
15:44:56.0750 0656 [ 0F14D1F70CB752E1B3BDC8F9E1764712 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:44:56.0750 0656 PptpMiniport - ok
15:44:56.0781 0656 [ 1D68E276D3E3BD8179C7FE4383F58821 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
15:44:56.0781 0656 Processor - ok
15:44:56.0781 0656 [ 543B4545600F5B26150FF3F639AA670A ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:44:56.0781 0656 ProtectedStorage - ok
15:44:56.0812 0656 [ 57E14E15AC0F50D33335669A3B764F0A ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:44:56.0812 0656 PSched - ok
15:44:56.0843 0656 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:44:56.0843 0656 Ptilink - ok
15:44:56.0843 0656 ql1080 - ok
15:44:56.0859 0656 Ql10wnt - ok
15:44:56.0859 0656 ql12160 - ok
15:44:56.0875 0656 ql1240 - ok
15:44:56.0875 0656 ql1280 - ok
15:44:56.0890 0656 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:44:56.0890 0656 RasAcd - ok
15:44:56.0906 0656 [ 034AE40C0D63CD1BC909FE4CD0149148 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:44:56.0921 0656 RasAuto - ok
15:44:56.0937 0656 [ 946AFD1D88E27F9D1FB90846E059F28D ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:44:56.0937 0656 Rasl2tp - ok
15:44:56.0953 0656 [ 78FE0F702DE2C52B523E3093339E9D55 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:44:56.0953 0656 RasMan - ok
15:44:56.0968 0656 [ 2A6EA23EF68A0F509B045B105EC2BC5C ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:44:56.0968 0656 RasPppoe - ok
15:44:56.0984 0656 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:44:56.0984 0656 Raspti - ok
15:44:57.0015 0656 [ 9534C6AC6E389EFEC8B2794C379D97E7 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:44:57.0015 0656 Rdbss - ok
15:44:57.0031 0656 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:44:57.0031 0656 RDPCDD - ok
15:44:57.0078 0656 [ 1E9EA73D5F49F7B0CE9F0F4F3D63242B ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:44:57.0093 0656 rdpdr - ok
15:44:57.0140 0656 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:44:57.0218 0656 RDPWD - ok
15:44:57.0281 0656 [ 55280866297D954F31679885ED58D077 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:44:57.0281 0656 RDSessMgr - ok
15:44:57.0312 0656 [ 805D17F1EC3626BB98B62DB45CEBE187 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:44:57.0312 0656 redbook - ok
15:44:57.0359 0656 [ 2C6425ED9ACD2B52D346F77D7E48BED3 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:44:57.0359 0656 RemoteAccess - ok
15:44:57.0375 0656 [ 5858B07C7F91F1C7E95CF187C6AA0BCD ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:44:57.0375 0656 RemoteRegistry - ok
15:44:57.0437 0656 [ 7A6648B61661B1421FFAB762E391E33F ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
15:44:57.0437 0656 rimmptsk - ok
15:44:57.0453 0656 [ D0A35B7670AA3558EAAB483F64446496 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
15:44:57.0453 0656 rimsptsk - ok
15:44:57.0500 0656 [ 3AC17802740C3A4764DC9750E92E6233 ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
15:44:57.0515 0656 rismxdp - ok
15:44:57.0546 0656 [ 3835E5B6404D27D1C05BC33B296C3905 ] RpcLocator C:\WINDOWS\system32\locator.exe
15:44:57.0562 0656 RpcLocator - ok
15:44:57.0609 0656 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:44:57.0625 0656 RpcSs - ok
15:44:57.0671 0656 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:44:57.0703 0656 RSVP - ok
15:44:57.0859 0656 [ B52B25F41BF3511071A0E7D10D659C56 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
15:44:57.0953 0656 RTLE8023xp - ok
15:44:57.0984 0656 [ 543B4545600F5B26150FF3F639AA670A ] SamSs C:\WINDOWS\system32\lsass.exe
15:44:57.0984 0656 SamSs - ok
15:44:58.0093 0656 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:44:58.0109 0656 SASDIFSV - ok
15:44:58.0156 0656 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:44:58.0156 0656 SASKUTIL - ok
15:44:58.0203 0656 [ 93C707F59D097DB907998174158C8530 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:44:58.0203 0656 SCardSvr - ok
15:44:58.0265 0656 [ F441BA47BD8610CB9536965BD7D1F943 ] SCDEmu C:\WINDOWS\system32\drivers\SCDEmu.sys
15:44:58.0265 0656 SCDEmu - ok
15:44:58.0312 0656 [ 62DEBEDA7434D4F6D3DFCDE4F3AF7761 ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:44:58.0328 0656 Schedule - ok
15:44:58.0343 0656 [ 89456D58F413C838CA5342775211E295 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:44:58.0343 0656 sdbus - ok
15:44:58.0359 0656 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:44:58.0359 0656 Secdrv - ok
15:44:58.0359 0656 [ C6F49F6F4F1CDCAA25D1BF545EAE838F ] seclogon C:\WINDOWS\System32\seclogon.dll
15:44:58.0359 0656 seclogon - ok
15:44:58.0375 0656 [ F2DA97B960DA71CFFF49C966AB74D2FC ] SENS C:\WINDOWS\system32\sens.dll
15:44:58.0375 0656 SENS - ok
15:44:58.0390 0656 [ EF126141D909A8FA89DF35F44DFB1F2F ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:44:58.0390 0656 Serenum - ok
15:44:58.0406 0656 [ CF82322FA0B7A1E2F910EACC9D002B39 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:44:58.0406 0656 Serial - ok
15:44:58.0437 0656 [ 439CEC05C6F6E68FEB95F5B4FC01E9F3 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:44:58.0437 0656 Sfloppy - ok
15:44:58.0468 0656 [ 91A696F08DAEB53F77EE725B304F3246 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:44:58.0500 0656 SharedAccess - ok
15:44:58.0531 0656 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:44:58.0531 0656 ShellHWDetection - ok
15:44:58.0531 0656 Simbad - ok
15:44:58.0578 0656 [ 09A392D93A595C6A07CEE9B7CF683F64 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:44:58.0578 0656 SLIP - ok
15:44:58.0609 0656 Sparrow - ok
15:44:58.0640 0656 [ AD4C32A5E4802F9596BC87598BEC5EFA ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:44:58.0640 0656 splitter - ok
15:44:58.0671 0656 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:44:58.0671 0656 Spooler - ok
15:44:58.0796 0656 [ E8AEBF1E13D550BED140C1C6015E71B4 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:44:58.0812 0656 sr - ok
15:44:58.0843 0656 [ AB54E2DFF17D58350F88606FA85A02AF ] srservice C:\WINDOWS\system32\srsvc.dll
15:44:58.0843 0656 srservice - ok
15:44:58.0968 0656 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:44:58.0984 0656 Srv - ok
15:44:59.0015 0656 [ 7B50C000ED67FF2F446123753D5413FF ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:44:59.0015 0656 SSDPSRV - ok
15:44:59.0062 0656 [ E736B227E428BE3FB9A1F8755E320B4B ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:44:59.0078 0656 stisvc - ok
15:44:59.0093 0656 [ FF058F23412E411B1F30FE3F4464BDFE ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:44:59.0093 0656 streamip - ok
15:44:59.0109 0656 [ 492F74DB817FF4BCB582ADE7495E9B7B ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:44:59.0109 0656 swenum - ok
15:44:59.0125 0656 [ 6FB4B1734F613D614CC0F6A28D7FD2E5 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:44:59.0140 0656 swmidi - ok
15:44:59.0156 0656 SwPrv - ok
15:44:59.0156 0656 symc810 - ok
15:44:59.0171 0656 symc8xx - ok
15:44:59.0171 0656 sym_hi - ok
15:44:59.0187 0656 sym_u3 - ok
15:44:59.0218 0656 [ B29CA8E11142186468C62A2DD30E2E84 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:44:59.0218 0656 sysaudio - ok
15:44:59.0265 0656 [ C4C34141A39385F64FC423C7C8B245DF ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:44:59.0265 0656 SysmonLog - ok
15:44:59.0296 0656 [ 8A3AE8286C14965EA84529555A479C35 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:44:59.0296 0656 TapiSrv - ok
15:44:59.0359 0656 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:44:59.0359 0656 Tcpip - ok
15:44:59.0406 0656 [ 7A15C6872B75F0DB426C97429200292E ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:44:59.0406 0656 TDPIPE - ok
15:44:59.0406 0656 [ CD471C6AD7B3B85695BE281BAF71C27E ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:44:59.0406 0656 TDTCP - ok
15:44:59.0421 0656 [ 3D648F177F9637A33070F918CA17D191 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:44:59.0421 0656 TermDD - ok
15:44:59.0468 0656 [ CCB30FBA0F11056E199F360B351E5349 ] TermService C:\WINDOWS\System32\termsrv.dll
15:44:59.0484 0656 TermService - ok
15:44:59.0515 0656 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:44:59.0515 0656 Themes - ok
15:44:59.0546 0656 [ D4E29BD6FF231A2FB8201D0DF0E89F18 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:44:59.0546 0656 TlntSvr - ok
15:44:59.0562 0656 TosIde - ok
15:44:59.0578 0656 [ A9218E2CBDCC33CDC0ED0AD14E8863FA ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:44:59.0578 0656 TrkWks - ok
15:44:59.0640 0656 [ 113384367C3999E084FE156B18C7625E ] TrojanKillerDriver C:\WINDOWS\system32\DRIVERS\gtkdrv.sys
15:44:59.0640 0656 TrojanKillerDriver - ok
15:44:59.0671 0656 [ 0149BA616F4F84EEA280EBBBE2727379 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:44:59.0687 0656 Udfs - ok
15:44:59.0687 0656 ultra - ok
15:44:59.0734 0656 [ CE14ABC02A88B8C9D08726F21A1E3E7A ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:44:59.0750 0656 Update - ok
15:44:59.0781 0656 [ 18097058DDFA698E6A7AEC1D965B61B0 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:44:59.0796 0656 upnphost - ok
15:44:59.0812 0656 [ 2EF7EF0B1D49139B2FE2F6D2F4504810 ] UPS C:\WINDOWS\System32\ups.exe
15:44:59.0812 0656 UPS - ok
15:44:59.0843 0656 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
15:44:59.0843 0656 USBAAPL - ok
15:44:59.0875 0656 [ A1A80DFEF1B7C1F86A2170AE0E9376F6 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:44:59.0875 0656 usbccgp - ok
15:44:59.0906 0656 [ A272F17643AAE348F7E296EBDCDBD48D ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:44:59.0906 0656 usbehci - ok
15:44:59.0906 0656 [ AB16F57DF6ADCEB94CA74AE33800CCE4 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:44:59.0921 0656 usbhub - ok
15:44:59.0937 0656 [ 4B167FA0B7265ABB7D35CE9D6F45FC1B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:44:59.0937 0656 usbohci - ok
15:44:59.0984 0656 [ BF4ACC6FA22EC157EF27F414860A358D ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:44:59.0984 0656 usbprint - ok
15:45:00.0031 0656 [ 27E3998C0FF792BE5AD48E5CDC53CF86 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:45:00.0031 0656 USBSTOR - ok
15:45:00.0078 0656 [ 79F2E86C56453942B951A979CFE1C619 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:45:00.0078 0656 usbuhci - ok
15:45:00.0109 0656 [ 68E63607E53183EA125D36EDED218D4E ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
15:45:00.0109 0656 usbvideo - ok
15:45:00.0140 0656 [ E3894343F9C7A6A5B5A4051BB2A51DFF ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:45:00.0140 0656 VgaSave - ok
15:45:00.0140 0656 ViaIde - ok
15:45:00.0218 0656 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe
15:45:00.0218 0656 Viewpoint Manager Service - ok
15:45:00.0218 0656 [ 734738D29213DE1EE15FDB7BBD134FE7 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:45:00.0218 0656 VolSnap - ok
15:45:00.0250 0656 [ AA8FCFE8AD758F1EB4E91C35CA567120 ] VSS C:\WINDOWS\System32\vssvc.exe
15:45:00.0265 0656 VSS - ok
15:45:00.0281 0656 [ 747089D0836DE2965363E0D017AFC07E ] W32Time C:\WINDOWS\system32\w32time.dll
15:45:00.0281 0656 W32Time - ok
15:45:00.0312 0656 [ B1C554EE64AE2D6515B0893E047C90D6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:45:00.0312 0656 Wanarp - ok
15:45:00.0375 0656 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:45:00.0390 0656 Wdf01000 - ok
15:45:00.0390 0656 WDICA - ok
15:45:00.0421 0656 [ 9B8065C28267B639776BBAB90BF6C841 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:45:00.0421 0656 wdmaud - ok
15:45:00.0437 0656 [ 1E5809BB10C4935910470E0C7B727524 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:45:00.0453 0656 WebClient - ok
15:45:00.0500 0656 [ 307D248F97835B6879BDD361086924FE ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:45:00.0515 0656 winachsf - ok
15:45:00.0562 0656 [ 1792A8661B3139B11D773E8A4EE50894 ] winbondhidcir C:\WINDOWS\system32\DRIVERS\winbondhidcir.sys
15:45:00.0562 0656 winbondhidcir - ok
15:45:00.0671 0656 [ FCC16FD46AFDD9996C61236C50D4DD21 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:45:00.0671 0656 winmgmt - ok
15:45:00.0734 0656 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:45:00.0734 0656 WmdmPmSN - ok
15:45:00.0796 0656 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:45:00.0812 0656 Wmi - ok
15:45:00.0843 0656 [ 16116952192917FAAA45E3EBBC3AB295 ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:45:00.0843 0656 WmiAcpi - ok
15:45:00.0875 0656 [ 40844F8DDE70E0955F5660A669F33D0C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:45:00.0875 0656 WmiApSrv - ok
15:45:00.0968 0656 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:45:00.0984 0656 WMPNetworkSvc - ok
15:45:01.0031 0656 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:45:01.0031 0656 WS2IFSL - ok
15:45:01.0093 0656 [ B7FE5CDA268792D2ABAAB56946AFE3BE ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:45:01.0109 0656 wscsvc - ok
15:45:01.0125 0656 [ 400E972FBA7046EC04E8A037B5F7FE86 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:45:01.0125 0656 WSTCODEC - ok
15:45:01.0171 0656 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:45:01.0171 0656 WudfPf - ok
15:45:01.0187 0656 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:45:01.0187 0656 WudfRd - ok
15:45:01.0203 0656 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:45:01.0234 0656 WudfSvc - ok
15:45:01.0265 0656 [ 78502B4F25C91A61E3ACFB2F33B6B7A1 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:45:01.0296 0656 WZCSVC - ok
15:45:01.0312 0656 [ F077E30465B99436FF68E5B6ECE0728E ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:45:01.0328 0656 xmlprov - ok
15:45:01.0453 0656 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
15:45:01.0468 0656 YahooAUService - ok
15:45:01.0515 0656 ================ Scan global ===============================
15:45:01.0546 0656 [ 06842E76E4AED48BC3E6ABAA5633E78A ] C:\WINDOWS\system32\basesrv.dll
15:45:01.0609 0656 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
15:45:01.0625 0656 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
15:45:01.0656 0656 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:45:01.0671 0656 [Global] - ok
15:45:01.0671 0656 ================ Scan MBR ==================================
15:45:01.0687 0656 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:45:01.0984 0656 \Device\Harddisk0\DR0 - ok
15:45:01.0984 0656 ================ Scan VBR ==================================
15:45:01.0984 0656 [ CCEB5469D344DFD64F4D044D0783DC7A ] \Device\Harddisk0\DR0\Partition1
15:45:01.0984 0656 \Device\Harddisk0\DR0\Partition1 - ok
15:45:01.0984 0656 ============================================================
15:45:01.0984 0656 Scan finished
15:45:01.0984 0656 ============================================================
15:45:02.0015 0524 Detected object count: 0
15:45:02.0015 0524 Actual detected object count: 0




Thes are the results of the aswMBR



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-11 15:45:47
-----------------------------
15:45:47.640 OS Version: Windows 5.1.2600 Service Pack 3
15:45:47.640 Number of processors: 1 586 0xE08
15:45:47.640 ComputerName: ACER-032A3D62ED UserName: Administrator
15:45:48.312 Initialize success
15:49:03.750 AVAST engine defs: 12111100
15:49:21.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
15:49:21.687 Disk 0 Vendor: TOSHIBA_MK8032GAX AD001A Size: 76319MB BusType: 3
15:49:21.734 Disk 0 MBR read successfully
15:49:21.750 Disk 0 MBR scan
15:49:21.812 Disk 0 Windows XP default MBR code
15:49:21.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
15:49:21.859 Disk 0 scanning sectors +156296385
15:49:21.953 Disk 0 scanning C:\WINDOWS\system32\drivers
15:49:33.328 Service scanning
15:50:06.859 Modules scanning
15:50:16.140 Disk 0 trace - called modules:
15:50:16.171 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:50:16.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86df8ab8]
15:50:17.312 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> [0x86d37b10]
15:50:17.390 5 PCTCore.sys[f734fac6] -> nt!IofCallDriver -> \Device\0000007e[0x86d589e8]
15:50:17.453 7 ACPI.sys[f743e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86d0bd98]
15:50:18.140 AVAST engine scan C:\WINDOWS
15:50:27.218 AVAST engine scan C:\WINDOWS\system32
15:54:14.343 AVAST engine scan C:\WINDOWS\system32\drivers
15:54:31.390 AVAST engine scan C:\Documents and Settings\Administrator
15:55:26.609 AVAST engine scan C:\Documents and Settings\All Users
15:56:19.593 File: C:\Documents and Settings\All Users\Application Data\XyYAJagqEkahNTn.exe **INFECTED** Win32:FakeSysdef-TA [Trj]
15:56:28.187 Scan finished successfully
15:56:50.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
15:56:50.078 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"



This is the log for ESET online scanner



C:\Documents and Settings\Admon\Desktop\gtk2136setup.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\Documents and Settings\Admon\Local Settings\Application Data\bcr.exe a variant of Win32/Kryptik.YKA trojan cleaned by deleting - quarantined
C:\Documents and Settings\Admon\Local Settings\Temp\plugtmp-54\plugin-SXC_9d-jcrzIYWaTf JS/Exploit.Pdfka.PVC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Admon\My Documents\My Music\Audacity.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\XyYAJagqEkahNTn.exe a variant of Win32/Kryptik.AOLQ trojan cleaned by deleting - quarantined
C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined

Thanks in advance for your help.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 11 November 2012 - 05:37 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 Duvodas

Duvodas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 11 November 2012 - 05:57 PM

Question: Why am I downloading all these programs and posting the results here? Wasn't it enough with the logs I already posted?

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 11 November 2012 - 06:02 PM

No we need multiple programs to make sure system is clean.There is no single tool that can remove all infections.

Edited by narenxp, 11 November 2012 - 06:03 PM.


#7 Duvodas

Duvodas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 11 November 2012 - 06:06 PM

No we need multiple programs to make sure system is clean.There is no single tool that can remove all infections.



Alright. I'll do that. In the meantime, what can you tell me about the logs I already posted? Do they shed some light into what's hapenning to my PC?

Edited by Duvodas, 11 November 2012 - 06:06 PM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 11 November 2012 - 06:20 PM

Yes they do.You are infected by rogue infections.

#9 Duvodas

Duvodas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 11 November 2012 - 06:30 PM

Log for mini tool box:
MiniToolBox by Farbar Version: 10-11-2012 02
Ran by Admon (administrator) on 11-11-2012 at 18:26:02
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
fa
========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:5555

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection 4 (Connected)
Broadcom 802.11g Network Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 4"

set address name="Local Area Connection 4" source=dhcp
set dns name="Local Area Connection 4" source=dhcp register=PRIMARY
set wins name="Local Area Connection 4" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : acer-032a3d62ed

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 4:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-16-D4-4E-44-B4

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.1.10.11

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.1.10.1

DHCP Server . . . . . . . . . . . : 10.1.10.1

DNS Servers . . . . . . . . . . . : 10.1.10.1

Lease Obtained. . . . . . . . . . : Sunday, November 11, 2012 6:15:15 PM

Lease Expires . . . . . . . . . . : Sunday, November 18, 2012 6:15:15 PM



Ethernet adapter Wireless Network Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter

Physical Address. . . . . . . . . : 00-16-CF-9B-53-EA

Server: UnKnown
Address: 10.1.10.1

Name: google.com
Addresses: 74.125.140.101, 74.125.140.139, 74.125.140.113, 74.125.140.102
74.125.140.100, 74.125.140.138



Pinging google.com [74.125.140.138] with 32 bytes of data:



Reply from 74.125.140.138: bytes=32 time=17ms TTL=47

Reply from 74.125.140.138: bytes=32 time=57ms TTL=47



Ping statistics for 74.125.140.138:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 57ms, Average = 37ms

Server: UnKnown
Address: 10.1.10.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=64ms TTL=48

Reply from 98.138.253.109: bytes=32 time=74ms TTL=48



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 64ms, Maximum = 74ms, Average = 69ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 d4 4e 44 b4 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x3 ...00 16 cf 9b 53 ea ...... Broadcom 802.11g Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.10.1 10.1.10.11 20
10.1.10.0 255.255.255.0 10.1.10.11 10.1.10.11 20
10.1.10.11 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.1.10.11 10.1.10.11 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 10.1.10.11 10.1.10.11 20
224.0.0.0 240.0.0.0 10.1.10.11 10.1.10.11 20
255.255.255.255 255.255.255.255 10.1.10.11 10.1.10.11 1
255.255.255.255 255.255.255.255 10.1.10.11 3 1
Default Gateway: 10.1.10.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/11/2012 00:25:24 PM) (Source: LoadPerf) (User: )
Description: Installing the performance counter strings for service WmiApRpl (%2) failed. The
Error code is the first DWORD in Data section.

Error: (11/11/2012 00:25:24 PM) (Source: LoadPerf) (User: )
Description: Unable to update the performance counter strings of the 009 language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Error: (11/11/2012 00:25:21 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (11/11/2012 00:25:21 PM) (Source: LoadPerf) (User: )
Description: Unable to update the performance counter strings of the 009 language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Error: (11/11/2012 11:17:28 AM) (Source: LoadPerf) (User: )
Description: Installing the performance counter strings for service WmiApRpl (%2) failed. The
Error code is the first DWORD in Data section.

Error: (11/11/2012 11:17:28 AM) (Source: LoadPerf) (User: )
Description: Unable to update the performance counter strings of the 009 language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Error: (11/11/2012 11:10:18 AM) (Source: LoadPerf) (User: )
Description: Installing the performance counter strings for service WmiApRpl (%2) failed. The
Error code is the first DWORD in Data section.

Error: (11/11/2012 11:10:18 AM) (Source: LoadPerf) (User: )
Description: Unable to update the performance counter strings of the 009 language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Error: (11/11/2012 11:10:13 AM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Error: (11/11/2012 11:10:13 AM) (Source: LoadPerf) (User: )
Description: Unable to update the performance counter strings of the 009 language ID.
The Win32 status returned by the call is the first DWORD in Data section.


System errors:
=============
Error: (11/11/2012 06:16:06 PM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (11/11/2012 06:15:16 PM) (Source: 0) (User: )
Description: TCPIP\Parameters\Adapters\NDISWANIP

Error: (11/11/2012 06:13:54 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/11/2012 06:10:58 PM) (Source: DCOM) (User: ACER-032A3D62ED)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/11/2012 06:10:35 PM) (Source: DCOM) (User: ACER-032A3D62ED)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/11/2012 06:10:33 PM) (Source: DCOM) (User: ACER-032A3D62ED)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/11/2012 06:08:58 PM) (Source: DCOM) (User: ACER-032A3D62ED)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/11/2012 06:08:56 PM) (Source: DCOM) (User: ACER-032A3D62ED)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/11/2012 06:08:29 PM) (Source: DCOM) (User: ACER-032A3D62ED)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/11/2012 06:08:24 PM) (Source: DCOM) (User: ACER-032A3D62ED)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

7-Zip 4.32
Acer OrbiCam
Ad-Aware (Version: 7.1.0.7)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.34)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 8.1.6 (Version: 8.1.6)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Agere Systems HDA Modem
Alky for Applications (Windows XP) (Version: 1.0)
Amazon Kindle
Amazon MP3 Downloader 1.0.12 (Version: 1.0.12)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
ATT-PRT22
Attribute Changer 5.30 (Version: 5.30)
Audacity 1.2.6
AVG Free 8.5
Bonjour (Version: 3.0.0.10)
BrettspielWelt
Browser Defender 2.0.6.15 (Version: 2.0.6.15)
Catan Online World (Version: 3.926)
CCleaner (Version: 3.17)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Critical Update for Windows Media Player 11 (KB959772)
DAMN NFO Viewer v2.10.0032.RC3 (Remove Only) (Version: v2.10.0032.RC3)
Disk Cleaner (remove only)
DVD Solution
ESET Online Scanner v3
Facebook Plug-In
Gadget Installer (Version: 1.0.2)
Google Talk Plugin (Version: 3.10.2.10212)
HDAUDIO Soft Data Fax Modem with SmartCP
InfoAtoms (Version: 1.4.0.0)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.6.3.25)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 14.0.8089.726)
LightScribe 1.4.124.1 (Version: 1.4.124.1)
LiveUpdate 2.0 (Symantec Corporation) (Version: 2.0.39.0)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Recent Documents Gadget (Version: 12.0.4518.1027)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Plus! for Windows XP (Version: 1.00.00.0536)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
MSVCRT (Version: 14.0.1468.721)
Multimedia Launcher
Nero OEM
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
PowerDVD
PowerISO
PowerTweaK Menu (mmm) (Version: 2.02)
QuickTime (Version: 7.1.3.100)
Realtek High Definition Audio Driver (Version: 5.10.0.5643)
RefreshEM (Version: 1.0.0.0)
RegShot (Version: 1.7.2.5)
Resource Hacker (Version: 3.4.0.79)
Right Click Image Converter
SAMSUNG Intelli-studio
Samsung ML-2010 Series
Samsung Video Codec 1.2.5009 Uninstall
Segoe UI (Version: 14.0.4327.805)
Sendto Xtras (Version: 11.5)
Spybot - Search & Destroy (Version: 1.6.2)
Styler (Version: 1.4.0.1)
SUPERAntiSpyware (Version: 5.0.1136)
TaskSwitchXP (Version: 2.0.11)
Trojan Killer (Version: 2.1.3.6)
Unlocker 1.8.6 (Version: 1.8.6)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VirtualDJ Home FREE (Version: 7.0.4.1)
WebFldrs XP (Version: 9.50.7523)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Sidebar (Version: 6.0.6000.16386)
Windows Vista Sounds Pack (Version: 1.0.0)
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Xvid 1.2.1 final uninstall (Version: 1.2)
Yahoo! Detect
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 80%
Total physical RAM: 1014.04 MB
Available physical RAM: 200.94 MB
Total Pagefile: 2358.11 MB
Available Pagefile: 1465.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.84 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.53 GB) (Free:18.9 GB) NTFS

========================= Users: ========================================

User accounts for \\ACER-032A3D62ED

Administrator Admon ASPNET
Guest HelpAssistant SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

13-08-2012 11:40:28 System Checkpoint
22-08-2012 16:08:41 System Checkpoint
24-08-2012 18:26:08 System Checkpoint
26-08-2012 00:12:36 System Checkpoint
28-08-2012 01:55:35 System Checkpoint
29-08-2012 02:06:43 System Checkpoint
30-08-2012 14:04:58 System Checkpoint
31-08-2012 14:52:55 System Checkpoint
04-09-2012 01:33:07 System Checkpoint
07-09-2012 23:01:52 System Checkpoint
10-09-2012 22:41:29 System Checkpoint
12-09-2012 11:03:37 System Checkpoint
13-09-2012 12:24:46 System Checkpoint
14-09-2012 16:18:48 System Checkpoint
18-09-2012 00:17:54 System Checkpoint
20-09-2012 03:03:31 System Checkpoint
22-09-2012 01:43:29 System Checkpoint
23-09-2012 16:27:36 System Checkpoint
25-09-2012 00:30:03 System Checkpoint
26-09-2012 01:23:33 System Checkpoint
27-09-2012 14:06:00 System Checkpoint
30-09-2012 16:51:19 System Checkpoint
01-10-2012 22:49:20 System Checkpoint
02-10-2012 23:22:50 System Checkpoint
04-10-2012 23:09:38 System Checkpoint
06-10-2012 13:46:37 System Checkpoint
07-10-2012 15:23:32 System Checkpoint
08-10-2012 15:40:02 System Checkpoint
09-10-2012 19:12:14 System Checkpoint
11-10-2012 12:11:46 System Checkpoint
12-10-2012 14:51:07 System Checkpoint
15-10-2012 06:01:44 System Checkpoint
16-10-2012 21:46:36 System Checkpoint
19-10-2012 16:09:50 System Checkpoint
20-10-2012 16:47:44 System Checkpoint
22-10-2012 00:03:50 System Checkpoint
23-10-2012 14:35:52 System Checkpoint
24-10-2012 22:52:51 System Checkpoint
30-10-2012 14:21:25 System Checkpoint
01-11-2012 14:09:07 System Checkpoint
04-11-2012 14:59:31 System Checkpoint
06-11-2012 01:35:43 System Checkpoint
07-11-2012 02:16:31 System Checkpoint
08-11-2012 13:26:48 System Checkpoint
10-11-2012 15:31:33 System Checkpoint

**** End of log ****




Here are the far bar scanner results:

Farbar Service Scanner Version: 09-11-2012
Ran by Admon (administrator) on 11-11-2012 at 18:29:07
Running from "C:\Documents and Settings\Admon\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2008-03-07 02:46] - [2008-03-07 02:46] - 0126976 ____A (Microsoft Corporation) ABE660C4266B32B1F7E659EF03E0E922

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2008-03-06 19:55] - [2008-03-06 19:55] - 0162816 ____A (Microsoft Corporation) FCF68116195ADF2777644187303F206A

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys
[2008-03-06 19:54] - [2008-03-06 19:54] - 0075264 ____A (Microsoft Corporation) 8C2FA9ECE20F0F99E9003F060E155DB9

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll
[2008-03-07 02:46] - [2008-03-07 02:46] - 0331264 ___AC (Microsoft Corporation) 91A696F08DAEB53F77EE725B304F3246

C:\WINDOWS\system32\netman.dll
[2008-03-07 02:46] - [2008-03-07 02:46] - 0198144 ____A (Microsoft Corporation) A0C9CB2819059FA490B2CF43AA08D19C

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-07-19 13:13] - [2008-03-07 02:46] - 0144896 ____A (Microsoft Corporation) FCC16FD46AFDD9996C61236C50D4DD21

C:\WINDOWS\system32\srsvc.dll
[2008-07-19 13:21] - [2008-03-07 02:46] - 0171008 ____A (Microsoft Corporation) AB54E2DFF17D58350F88606FA85A02AF

C:\WINDOWS\system32\Drivers\sr.sys
[2008-07-19 13:21] - [2008-03-06 19:10] - 0073472 ___AC (Microsoft Corporation) E8AEBF1E13D550BED140C1C6015E71B4

C:\WINDOWS\system32\wscsvc.dll
[2008-03-07 02:46] - [2008-03-07 02:46] - 0080896 ____A (Microsoft Corporation) B7FE5CDA268792D2ABAAB56946AFE3BE

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-07-19 13:13] - [2008-03-07 02:46] - 0144896 ____A (Microsoft Corporation) FCC16FD46AFDD9996C61236C50D4DD21

C:\WINDOWS\system32\wuauserv.dll
[2008-07-19 13:21] - [2008-03-07 02:46] - 0006656 ___AC (Microsoft Corporation) B64E5C23F7939ED28F040B1AB269D8AB

C:\WINDOWS\system32\qmgr.dll
[2008-07-19 13:21] - [2008-03-07 02:46] - 0409088 ____A (Microsoft Corporation) 80AFFA9A10E204835F10D1E2D3A6C1EC

C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll
[2008-03-07 02:46] - [2008-03-07 02:46] - 0062464 ____A (Microsoft Corporation) 3BE9F3160CF92FE9F9CF3B73570F1330

C:\WINDOWS\system32\svchost.exe
[2008-03-07 02:46] - [2008-03-07 02:46] - 0014336 ____A (Microsoft Corporation) 90CEF742ABE7EC1DA7DF8EF2016817CD

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#10 Duvodas

Duvodas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 11 November 2012 - 06:44 PM

Here's the log for JTR


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 2.9.9 (11.11.2012)
OS: Microsoft Windows XP x86
Ran by Admon on Sun 11/11/2012 at 18:32:51.40
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d2f8f919-690b-4ea2-9fa7-a203d1e04f75}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\zugo"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\comobject.deskbarenabler"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\comobject.deskbarenabler.1"
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d2f8f919-690b-4ea2-9fa7-a203d1e04f75}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Admon\Application Data\fixcleaner"
Successfully deleted: [Folder] "C:\Program Files\fixcleaner"
Successfully deleted: [Folder] "C:\Program Files\styler\tb"



~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\Admon\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
Successfully deleted: [File] C:\Documents and Settings\Admon\Application Data\Mozilla\Firefox\Profiles\u4xdk4ot.default\searchplugins\bing-zugo.xml





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/11/2012 at 18:41:46.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#11 Duvodas

Duvodas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 11 November 2012 - 08:20 PM

Here's the log for MBAM:



Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.09.29.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admon :: ACER-032A3D62ED [administrator]

11/11/2012 6:24:26 PM
mbam-log-2012-11-11 (20-19-44).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 302214
Time elapsed: 1 hour(s), 54 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:5555 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\All Users\Application Data\Macromedia\swfupdate (Trojan.Agent) -> No action taken.

Files Detected: 5
C:\System Volume Information\_restore{5B9D27D4-F8EA-4D40-948E-2BF6A55205ED}\RP890\A0284890.exe (Trojan.FakeMS) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Macromedia\swfupdate\Ui.dtd (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Macromedia\swfupdate\flagunit.dtd (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Macromedia\swfupdate\h64data.dtd (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Macromedia\swfupdate\LocalsSettings.dtd (Trojan.Agent) -> No action taken.

(end)

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 11 November 2012 - 08:22 PM

Run malwarebytes again and post the clean log

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#13 Duvodas

Duvodas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 11 November 2012 - 08:30 PM

It all got fixed. No more pop up windows, no more hidden icons. All of those programs I ran did the trick.

Thank you so much for your help!

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:45 PM

Posted 11 November 2012 - 08:40 PM

Still require the logs from last instructions :)

#15 Duvodas

Duvodas
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 11 November 2012 - 08:45 PM

Here's the Autoruns log:


"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Aimersoft Helper Compact.exe" "" "" "File not found: C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe"
+ "Alcmtr" "Realtek Azalia Audio - Event Monitor" "Realtek Semiconductor Corp." "c:\windows\alcmtr.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "AVG8_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg8\avgtray.exe"
+ "GGyfLFDEWNT.exe" "" "" "File not found: C:\Documents and Settings\All Users\Application Data\GGyfLFDEWNT.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Computer, Inc." "c:\program files\quicktime\qttask.exe"
+ "RTHDCPL" "Realtek HD Audio Control Panel" "Realtek Semiconductor Corp." "c:\windows\rthdcpl.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "YMailAdvisor" "Yahoo! Mail Advisor" "Yahoo! Inc." "c:\program files\yahoo!\common\ymailadvisor.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "McAfee Security Scan Plus.lnk" "McAfee Security Scanner Scheduler" "McAfee, Inc." "c:\program files\mcafee security scan\2.0.181\ssscheduler.exe"
"C:\Documents and Settings\Admon\Start Menu\Programs\Startup" "" "" ""
+ "PowerReg Scheduler.exe" "PRegScheduler MFC Application" "" "c:\documents and settings\admon\start menu\programs\startup\powerreg scheduler.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AdobeUpdater" "Adobe Updater" "Adobe Systems Incorporated" "c:\program files\common files\adobe\updater5\adobeupdater.exe"
+ "Google Update" "Google Installer" "Google Inc." "c:\documents and settings\admon\local settings\application data\google\update\googleupdate.exe"
+ "Sidebar" "Windows Sidebar" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "SpybotSD TeaTimer" "System settings protector" "Safer-Networking Ltd." "c:\program files\spybot - search & destroy\teatimer.exe"
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\superantispyware.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "Shockwave Updater" "Shockwave Helper" "Adobe Systems, Inc." "c:\windows\system32\adobe\shockwave 11\swhelper_1103472.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg8\avgpp.dll"
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8089.0726.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8089.0726.dll"
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "" "" "c:\program files\7-zip\7-zip.dll"
+ "ACShell" "Attribute Changer Shell Extension" "Romain Petges" "c:\program files\attribute changer\acshell.dll"
+ "AVG8 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg8\avgse.dll"
+ "ClipName" "clipname" "MainSoft sarl" "c:\windows\system32\shellext\clipname.dll"
+ "CopyMoveTo" "" "" "c:\windows\system32\shellext\copytosendto.dll"
+ "File Case Context Menu Handler" "File Case Shell Extension" "Synesis Software (Pty) Ltd" "c:\windows\system32\shellext\meflcase.dll"
+ "MIPSE" "MiTeC Image Preview Shell Extension" "MiTeC" "c:\windows\system32\shellext\mipse.dll"
+ "PowerISO" "PowerISOShell DLL" "PowerISO Computing, Inc." "c:\program files\poweriso\pwrisosh.dll"
+ "Right Click Image Converter" "" "" "c:\program files\kristanix\right click image converter\extrcic.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "Yahoo! Mail" "Yahoo! Mail" "Yahoo! Inc." "c:\program files\yahoo!\common\ymmapi.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "HashTab" "HashTab File Hash Shell Extension" "Beeblebrox.org" "c:\windows\system32\shellext\hashtab.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "" "" "c:\program files\7-zip\7-zip.dll"
+ "ACShell" "Attribute Changer Shell Extension" "Romain Petges" "c:\program files\attribute changer\acshell.dll"
+ "CmdOpen Shell Extension" "Open Command Prompt Shell Extension" "ktechcomputing.com" "c:\windows\system32\shellext\cmdopen.dll"
+ "CopyMoveTo" "" "" "c:\windows\system32\shellext\copytosendto.dll"
+ "PowerISO" "PowerISOShell DLL" "PowerISO Computing, Inc." "c:\program files\poweriso\pwrisosh.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "" "" "c:\program files\7-zip\7-zip.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 110.60 " "NVIDIA Corporation" "c:\windows\system32\nvshell.dll"
+ "BrowserBackExtension" "BrowserBack Module" "" "c:\windows\system32\shellext\browserback.dll"
+ "CmdOpen Shell Extension" "Open Command Prompt Shell Extension" "ktechcomputing.com" "c:\windows\system32\shellext\cmdopen.dll"
+ "FileExtToggleExtension" "FileExtToggle Module" "" "c:\windows\system32\shellext\fileexttoggle.dll"
+ "HiddenFilesToggleExtension" "HiddenFilesToggle Module" "" "c:\windows\system32\shellext\hiddenfilestoggle.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "SelectAllExtension" "SelectAll Module" "" "c:\windows\system32\shellext\selectall.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG8 Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg8\avgse.dll"
+ "ClipName" "clipname" "MainSoft sarl" "c:\windows\system32\shellext\clipname.dll"
+ "CopyMoveTo" "" "" "c:\windows\system32\shellext\copytosendto.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "PowerISO" "PowerISOShell DLL" "PowerISO Computing, Inc." "c:\program files\poweriso\pwrisosh.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "&Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn1\yt.dll"
+ "Adobe PDF Reader Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg8\avgssie.dll"
+ "InfoAtoms" "InfoAtoms" "InfoAtoms Inc." "c:\program files\infoatoms\ie32\infoatomsclientie.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll"
+ "PC Tools Browser Guard BHO" "Browser Defender Toolbar" "Threat Expert Ltd." "c:\program files\spyware doctor\bdt\pctbrowserdefender.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "PC Tools Browser Guard" "Browser Defender Toolbar" "Threat Expert Ltd." "c:\program files\spyware doctor\bdt\pctbrowserdefender.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Spybot - Search & Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
"Task Scheduler" "" "" ""
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-343818398-1229272821-1177238915-1004Core.job" "Google Installer" "Google Inc." "c:\documents and settings\admon\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-343818398-1229272821-1177238915-1004UA.job" "Google Installer" "Google Inc." "c:\documents and settings\admon\local settings\application data\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe"
+ "aawservice" "Ad-Aware service" "Lavasoft" "c:\program files\lavasoft\ad-aware\aawservice.exe"
+ "AgereModemAudio" "Agere Soft Modem Call Progress Service" "Agere Systems" "c:\windows\system32\agrsmsvc.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "avg8wd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg8\avgwdsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "Browser Defender Update Service" "Browser Defender Update Service" "Threat Expert Ltd." "c:\program files\spyware doctor\bdt\bdtupdateservice.exe"
+ "gusvc" "gusvc" "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jqs.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files\common files\lightscribe\lssrvc.exe"
+ "McciCMService" "mcci+McciCMService" "Motive Communications, Inc." "c:\program files\common files\motive\mccicmservice.exe"
+ "McComponentHostService" "McAfee Security Scan Component Host Service" "McAfee, Inc." "c:\program files\mcafee security scan\2.0.181\mcchsvc.exe"
+ "MDM" "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly." "Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "NVSvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "YahooAUService" "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements." "Yahoo! Inc." "c:\program files\yahoo!\softwareupdate\yahooauservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AgereSoftModem" "SoftModem Device Driver" "Agere Systems" "c:\windows\system32\drivers\agrsm.sys"
+ "AR5211" "Driver for Atheros AR5001 Wireless Network Adapter" "Atheros Communications, Inc." "c:\windows\system32\drivers\ar5211.sys"
+ "ASPI32" "" "" "File not found: C:\WINDOWS\System32\Drivers\ASPI32.sys"
+ "AvgLdx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "AvgMfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl5.sys"
+ "bcm4sbxp" "Broadcom Corporation NDIS 5.1 ethernet driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcm4sbxp.sys"
+ "Cam5603D" "Universal Serial Bus Camera Driver" "Bison Electronics. Inc. " "c:\windows\system32\drivers\bisoncam.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "DgiVecp" "Windows NT 4.0 IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes" "DeviceGuys, Inc." "c:\windows\system32\drivers\dgivecp.sys"
+ "EMSCR" "ENE PCI Memory Stick Card Reader Driver" "ENE Technology Inc." "c:\windows\system32\drivers\ems7sk.sys"
+ "ESDCR" "ENE PCI Secure Digital / MMC Card Reader Driver" "ENE Technology Inc." "c:\windows\system32\drivers\esd7sk.sys"
+ "ESMCR" "ENE PCI SmartMedia / XD Card Reader Driver" "ENE Technology Inc." "c:\windows\system32\drivers\esm7sk.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "hidshim" "SHIM filter for KMDF HIDMINI driver" "Windows ® Codename Longhorn DDK provider" "c:\windows\system32\drivers\hidshim.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dpv.sys"
+ "HSFHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwazl.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\igxpmp32.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkhdaud.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "mdmxsdk" "Diagnostic Interface x86 Driver" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "MREMP50" "PCAUSA NDIS 5.0 MPR Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\program files\common files\motive\mremp50.sys"
+ "MREMP50a64" "" "" "File not found: C:\WINDOWS\System32\Drivers\MREMP50a64.sys"
+ "MRESP50" "PCAUSA NDIS 5.0 SPR Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\program files\common files\motive\mresp50.sys"
+ "MRESP50a64" "" "" "File not found: C:\WINDOWS\System32\Drivers\MRESP50a64.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 91.63 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "NVENETFD" "NVIDIA Networking Function Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvenetfd.sys"
+ "nvnetbus" "NVIDIA Networking Bus Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvnetbus.sys"
+ "nvsmu" "NVIDIA® nForce™ SMU Microcontroller Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvsmu.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PCTCore" "PC Tools KDS Core Driver" "PC Tools" "c:\windows\system32\drivers\pctcore.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "rimmptsk" "RICOH MMC Driver" "REDC" "c:\windows\system32\drivers\rimmptsk.sys"
+ "rimsptsk" "RICOH MS Driver" "REDC" "c:\windows\system32\drivers\rimsptsk.sys"
+ "rismxdp" "RICOH XD SM Driver" "REDC" "c:\windows\system32\drivers\rixdptsk.sys"
+ "RTLE8023xp" "Realtek 10/100/1000 NDIS 5.1 Driver " "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtenicxp.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "SCDEmu" "PowerISO Virtual Drive" "PowerISO Computing, Inc." "c:\windows\system32\drivers\scdemu.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "TrojanKillerDriver" "GridinSoft Trojan Killer Mini-Filter Driver" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\gtkdrv.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
+ "winbondhidcir" "Winbond HID CIR Receiver" "Winbond Electronics Corporation" "c:\windows\system32\drivers\winbondhidcir.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
+ "VIDC.YVU9" "" "" "c:\windows\system32\iyvu9_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink dvd solution\powerdvd\audiofilter\claud.ax"
+ "CyberLink Audio Effect (PDVD6)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink dvd solution\powerdvd\audiofilter\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer (PDVD6)" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink dvd solution\powerdvd\audiofilter\claudspa.ax"
+ "CyberLink AudioCD Filter (PDVD6)" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink dvd solution\powerdvd\audiofilter\claudiocd.ax"
+ "CyberLink Demux (PDVD6)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink dvd solution\powerdvd\navfilter\cldemuxer.ax"
+ "CyberLink DVD Navigator (PDVD6)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink dvd solution\powerdvd\navfilter\clnavx.ax"
+ "CyberLink Line21 Decoder (PDVD6)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink dvd solution\powerdvd\videofilter\clline21.ax"
+ "Cyberlink SubTitle Importor (PDVD6)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink dvd solution\powerdvd\videofilter\clsubtitle.ax"
+ "CyberLink TimeStretch Filter (PDVD6)" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink dvd solution\powerdvd\audiofilter\clauts.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink dvd solution\powerdvd\videofilter\clvsd.ax"
+ "DivX for Blizzard Decoder Filter" "" "" "File not found: c:\program files\warcraft iii\blizzard.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Nero Audio CD Filter" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio CD Navigator" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio Processor" "Nero Audio Processor" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudioconv.ax"
+ "Nero Audio Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Digital Audio Decoder" "Nero Audio Decoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudio.ax"
+ "Nero Digital AVC Audio Encoder" "AAC LC/HE Audio Encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendaud.ax"
+ "Nero Digital AVC File Writer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Muxer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Null Renderer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Subpicture Enc" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital Parser" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero DV Splitter" "DV Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvsplitter.ax"
+ "Nero DVD Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero DVD Navigator" "DVD Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvd.ax"
+ "Nero ES Video Reader" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero File Source" "Nero SVCD source filter" "Nero AG " "c:\program files\common files\ahead\dsfilter\nefilesrc.ax"
+ "Nero File Source (Async.)" "NeFileSourceAsync" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nefilesourceasync.ax"
+ "Nero File Source / Splitter" "Push Mode VOB Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nefsource.ax"
+ "Nero Format Converter" "Frame rate / Color space converter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neroformatconv.ax"
+ "Nero Frame Capture" "Direct Show frame grabber filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\necapture.ax"
+ "Nero Mpeg2 Encoder" "MPEG 1/2 Video Encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcr.ax"
+ "Nero Photo Source" "NePhotoSource" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nephotosource.ax"
+ "Nero PS Muxer" "" "" "c:\program files\common files\ahead\dsfilter\nepsmuxer.ax"
+ "Nero QuickTime™ Audio Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero QuickTime™ Video Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero Resize" "Nero Resizing Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neresize.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Splitter" "Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesplitter.ax"
+ "Nero Vcd Navigator" "Nero Vcd Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcd.ax"
+ "Nero Video Analyzer" "Nero Video Analyzer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideoanalyzer.ax"
+ "Nero Video Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero Video Processor" "Resize / Deinterlace / Color Correction / Film Effect / Frame Capture Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerovideoproc.ax"
+ "Nero Video Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Samsung AAC Decoding Filter" "AAC Decoder Filter Dll" "Pixtree, Inc." "c:\program files\samsung\intelli-studio\filters\pxtraacd.dll"
+ "Samsung AAC Encoder Filter" "AAC Encoder Filter Dll" "Pixtree, Inc." "c:\program files\samsung\intelli-studio\filters\pxtraace.dll"
+ "Samsung H264 Decoder" "HTH264Dec1" "Honest Technology" "c:\program files\samsung\intelli-studio\filters\pxtrvdf.dll"
+ "Samsung H264 Encoding Filter" "Pixtree h264 video encoder dshow filter" "PIXTREE, Inc." "c:\program files\samsung\intelli-studio\filters\pxtrvef.dll"
+ "Samsung MJPEG Decoder" "HTH264Dec1" "Honest Technology" "c:\program files\samsung\intelli-studio\filters\pxtrvdf.dll"
+ "Samsung MP4 Muxer Filter" "" "" "c:\program files\samsung\intelli-studio\filters\ssmp4mux.ax"
+ "Samsung MPEG-4 Splitter Filter" "Pixtree MP4 Splitter Filter" "Pixtree, Inc." "c:\program files\samsung\intelli-studio\filters\pxtrmp4s.dll"
+ "SEDG Video Decoder" "" "" "c:\windows\system32\mcs_dec2.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\system32\xvid.ax"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "lsdelete" "" "" "c:\windows\system32\lsdelete.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "!SASWinLogon" "SUPERAntiSpyware WinLogon Processor" "SUPERAntiSpyware.com" "c:\program files\superantispyware\saswinlo.dll"
+ "avgrsstarter" "AVG Resident Shield Starter" "AVG Technologies CZ, s.r.o." "c:\windows\system32\avgrsstx.dll"
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
+ "WgaLogon" "" "" "c:\windows\system32\wgalogon.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "spd__ Langmon" "Language Monitor for Status Monitor" "" "c:\windows\system32\spd__l.dll"
+ "SUGS2 Langmon" "Language Monitor for Status Monitor" "Samsung Electronics." "c:\windows\system32\sugs2lmk.dll"

The MBSM is going to take two hours to scan.

Can you tell me anything about the last logs?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users