Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a redirect virus


  • Please log in to reply
15 replies to this topic

#1 PabloRock

PabloRock

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 15 November 2012 - 06:07 PM

Hello all. I seem to have a redirect virus buried somewhere. I searched and searched the net and tried quite a few things to no avail. I've run many virus scans (AVG, Avast, malewarebytes, Spybot, Spyhunter) as well as tdsskiller. Also tried as much as I can in safe mode. My hijackthis looks ok as well (but I'm no expert). I also checked my host file and router and they both look ok.

It started with firefox, so I unistalled it and install chrome but still had the problem. IE doesn't seem to have the problem, but now it doesn't show a lot of pictures. I'm in chrome now, but it IE I can't see the Bleeping logo or the RSS logo (plus others), but I can see the Kaspersky ad.

Any help would be appreciated.
Thanks. Paul.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:53 AM

Posted 15 November 2012 - 06:09 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 PabloRock

PabloRock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 16 November 2012 - 09:03 AM

Thanks for the quick reply. Had to let things run overnight.

TDSSKiller Log;

18:45:09.0349 4948 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:45:09.0631 4948 ============================================================
18:45:09.0631 4948 Current date / time: 2012/11/15 18:45:09.0631
18:45:09.0631 4948 SystemInfo:
18:45:09.0631 4948
18:45:09.0631 4948 OS Version: 5.1.2600 ServicePack: 3.0
18:45:09.0631 4948 Product type: Workstation
18:45:09.0631 4948 ComputerName: PAULS-OFFICE-PC
18:45:09.0631 4948 UserName: Paul
18:45:09.0631 4948 Windows directory: C:\WINDOWS
18:45:09.0631 4948 System windows directory: C:\WINDOWS
18:45:09.0631 4948 Processor architecture: Intel x86
18:45:09.0631 4948 Number of processors: 1
18:45:09.0631 4948 Page size: 0x1000
18:45:09.0631 4948 Boot type: Normal boot
18:45:09.0631 4948 ============================================================
18:45:10.0834 4948 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:45:10.0834 4948 Drive \Device\Harddisk1\DR1 - Size: 0x1BF08EB000 (111.76 Gb), SectorSize: 0x200, Cylinders: 0x38FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:45:10.0849 4948 ============================================================
18:45:10.0849 4948 \Device\Harddisk0\DR0:
18:45:10.0849 4948 MBR partitions:
18:45:10.0849 4948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
18:45:10.0849 4948 \Device\Harddisk1\DR1:
18:45:10.0849 4948 MBR partitions:
18:45:10.0849 4948 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0xDF741B9
18:45:10.0849 4948 ============================================================
18:45:10.0849 4948 E: <-> \Device\Harddisk1\DR1\Partition1
18:45:10.0881 4948 C: <-> \Device\Harddisk0\DR0\Partition1
18:45:10.0881 4948 ============================================================
18:45:10.0881 4948 Initialize success
18:45:10.0881 4948 ============================================================
18:45:31.0724 5000 ============================================================
18:45:31.0724 5000 Scan started
18:45:31.0724 5000 Mode: Manual; TDLFS;
18:45:31.0724 5000 ============================================================
18:45:31.0881 5000 ================ Scan system memory ========================
18:45:31.0896 5000 System memory - ok
18:45:31.0896 5000 ================ Scan services =============================
18:45:31.0990 5000 [ 3521710006C797A0F0E65F9B64A13F63 ] 2X SSO Service C:\Program Files\2X\Client\\TUXCredProv.exe
18:45:32.0006 5000 2X SSO Service - ok
18:45:32.0084 5000 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
18:45:32.0084 5000 Aavmker4 - ok
18:45:32.0099 5000 Abiosdsk - ok
18:45:32.0115 5000 abp480n5 - ok
18:45:32.0146 5000 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:45:32.0162 5000 ACPI - ok
18:45:32.0193 5000 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:45:32.0209 5000 ACPIEC - ok
18:45:32.0224 5000 adpu160m - ok
18:45:32.0240 5000 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:45:32.0256 5000 aec - ok
18:45:32.0303 5000 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:45:32.0303 5000 AFD - ok
18:45:32.0318 5000 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
18:45:32.0334 5000 agp440 - ok
18:45:32.0334 5000 Aha154x - ok
18:45:32.0349 5000 aic78u2 - ok
18:45:32.0365 5000 aic78xx - ok
18:45:32.0396 5000 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:45:32.0396 5000 Alerter - ok
18:45:32.0412 5000 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
18:45:32.0428 5000 ALG - ok
18:45:32.0428 5000 AliIde - ok
18:45:32.0443 5000 amsint - ok
18:45:32.0474 5000 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:45:32.0490 5000 AppMgmt - ok
18:45:32.0521 5000 [ 4C085D506129550E38FDF1611431B9EA ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
18:45:32.0537 5000 AR5211 - ok
18:45:32.0568 5000 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:45:32.0568 5000 Arp1394 - ok
18:45:32.0584 5000 asc - ok
18:45:32.0584 5000 asc3350p - ok
18:45:32.0599 5000 asc3550 - ok
18:45:32.0678 5000 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:45:32.0693 5000 aspnet_state - ok
18:45:32.0724 5000 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:45:32.0724 5000 aswFsBlk - ok
18:45:32.0740 5000 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
18:45:32.0740 5000 aswMon2 - ok
18:45:32.0756 5000 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
18:45:32.0771 5000 aswRdr - ok
18:45:32.0818 5000 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
18:45:32.0834 5000 aswSnx - ok
18:45:32.0865 5000 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
18:45:32.0881 5000 aswSP - ok
18:45:32.0896 5000 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
18:45:32.0912 5000 aswTdi - ok
18:45:32.0943 5000 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:45:32.0943 5000 AsyncMac - ok
18:45:32.0959 5000 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:45:32.0974 5000 atapi - ok
18:45:32.0974 5000 Atdisk - ok
18:45:32.0990 5000 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:45:33.0006 5000 Atmarpc - ok
18:45:33.0037 5000 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:45:33.0037 5000 AudioSrv - ok
18:45:33.0084 5000 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:45:33.0084 5000 audstub - ok
18:45:33.0146 5000 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
18:45:33.0146 5000 avast! Antivirus - ok
18:45:33.0162 5000 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
18:45:33.0178 5000 AVGIDSHX - ok
18:45:33.0209 5000 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
18:45:33.0224 5000 Avgldx86 - ok
18:45:33.0256 5000 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
18:45:33.0256 5000 Avgmfx86 - ok
18:45:33.0271 5000 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
18:45:33.0271 5000 Avgrkx86 - ok
18:45:33.0318 5000 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
18:45:33.0318 5000 avgwd - ok
18:45:33.0365 5000 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:45:33.0365 5000 Beep - ok
18:45:33.0412 5000 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:45:33.0474 5000 BITS - ok
18:45:33.0521 5000 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
18:45:33.0521 5000 Browser - ok
18:45:33.0568 5000 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
18:45:33.0599 5000 BrYNSvc - ok
18:45:33.0693 5000 catchme - ok
18:45:33.0724 5000 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:45:33.0740 5000 cbidf2k - ok
18:45:33.0740 5000 cd20xrnt - ok
18:45:33.0771 5000 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:45:33.0771 5000 Cdaudio - ok
18:45:33.0818 5000 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:45:33.0818 5000 Cdfs - ok
18:45:33.0834 5000 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:45:33.0834 5000 Cdrom - ok
18:45:33.0849 5000 Changer - ok
18:45:33.0881 5000 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:45:33.0881 5000 CiSvc - ok
18:45:33.0912 5000 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:45:33.0928 5000 ClipSrv - ok
18:45:34.0006 5000 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:45:34.0021 5000 clr_optimization_v2.0.50727_32 - ok
18:45:34.0053 5000 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:45:34.0084 5000 clr_optimization_v4.0.30319_32 - ok
18:45:34.0099 5000 CmdIde - ok
18:45:34.0099 5000 COMSysApp - ok
18:45:34.0115 5000 Cpqarray - ok
18:45:34.0146 5000 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:45:34.0162 5000 CryptSvc - ok
18:45:34.0162 5000 dac2w2k - ok
18:45:34.0178 5000 dac960nt - ok
18:45:34.0224 5000 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:45:34.0256 5000 DcomLaunch - ok
18:45:34.0287 5000 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:45:34.0303 5000 Dhcp - ok
18:45:34.0334 5000 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:45:34.0334 5000 Disk - ok
18:45:34.0349 5000 dmadmin - ok
18:45:34.0396 5000 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:45:34.0412 5000 dmboot - ok
18:45:34.0428 5000 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:45:34.0443 5000 dmio - ok
18:45:34.0459 5000 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:45:34.0459 5000 dmload - ok
18:45:34.0490 5000 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:45:34.0490 5000 dmserver - ok
18:45:34.0521 5000 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:45:34.0537 5000 DMusic - ok
18:45:34.0553 5000 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:45:34.0553 5000 Dnscache - ok
18:45:34.0599 5000 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:45:34.0599 5000 Dot3svc - ok
18:45:34.0615 5000 dpti2o - ok
18:45:34.0615 5000 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:45:34.0631 5000 drmkaud - ok
18:45:34.0678 5000 [ 842C20BA5D00FA40E5A25B20FECD0F57 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:45:34.0678 5000 E100B - ok
18:45:34.0709 5000 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:45:34.0709 5000 EapHost - ok
18:45:34.0771 5000 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:45:34.0771 5000 ERSvc - ok
18:45:34.0834 5000 [ 2407B8164E966755BC6A4242FC9DE31E ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
18:45:34.0834 5000 esgiguard - ok
18:45:34.0849 5000 [ 01CE484FF6D70A39479BC6D619DE7ED6 ] EsgScanner C:\WINDOWS\system32\DRIVERS\EsgScanner.sys
18:45:34.0849 5000 EsgScanner - ok
18:45:34.0881 5000 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:45:34.0896 5000 Eventlog - ok
18:45:34.0943 5000 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
18:45:34.0974 5000 EventSystem - ok
18:45:35.0006 5000 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:45:35.0021 5000 Fastfat - ok
18:45:35.0053 5000 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:45:35.0068 5000 FastUserSwitchingCompatibility - ok
18:45:35.0084 5000 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:45:35.0084 5000 Fdc - ok
18:45:35.0115 5000 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:45:35.0115 5000 Fips - ok
18:45:35.0131 5000 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:45:35.0131 5000 Flpydisk - ok
18:45:35.0178 5000 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:45:35.0178 5000 FltMgr - ok
18:45:35.0256 5000 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:45:35.0256 5000 FontCache3.0.0.0 - ok
18:45:35.0271 5000 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:45:35.0271 5000 Fs_Rec - ok
18:45:35.0287 5000 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:45:35.0287 5000 Ftdisk - ok
18:45:35.0334 5000 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:45:35.0334 5000 Gpc - ok
18:45:35.0396 5000 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:45:35.0412 5000 gupdate - ok
18:45:35.0412 5000 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:45:35.0412 5000 gupdatem - ok
18:45:35.0474 5000 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:45:35.0474 5000 helpsvc - ok
18:45:35.0490 5000 HidServ - ok
18:45:35.0537 5000 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:45:35.0553 5000 hkmsvc - ok
18:45:35.0553 5000 hpn - ok
18:45:35.0599 5000 [ 107A4D4E76BEBA6219A88B09A801E843 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
18:45:35.0631 5000 HPSLPSVC - ok
18:45:35.0678 5000 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:45:35.0678 5000 HPZid412 - ok
18:45:35.0693 5000 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:45:35.0709 5000 HPZipr12 - ok
18:45:35.0740 5000 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:45:35.0740 5000 HPZius12 - ok
18:45:35.0771 5000 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:45:35.0787 5000 HTTP - ok
18:45:35.0818 5000 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:45:35.0834 5000 HTTPFilter - ok
18:45:35.0834 5000 i2omgmt - ok
18:45:35.0849 5000 i2omp - ok
18:45:35.0881 5000 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:45:35.0896 5000 i8042prt - ok
18:45:35.0974 5000 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:45:36.0021 5000 idsvc - ok
18:45:36.0037 5000 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:45:36.0037 5000 Imapi - ok
18:45:36.0084 5000 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:45:36.0084 5000 ImapiService - ok
18:45:36.0099 5000 ini910u - ok
18:45:36.0146 5000 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
18:45:36.0146 5000 IntelIde - ok
18:45:36.0178 5000 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:45:36.0193 5000 intelppm - ok
18:45:36.0224 5000 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
18:45:36.0240 5000 IntuitUpdateService - ok
18:45:36.0271 5000 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
18:45:36.0287 5000 IntuitUpdateServiceV4 - ok
18:45:36.0318 5000 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:45:36.0318 5000 Ip6Fw - ok
18:45:36.0349 5000 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:45:36.0349 5000 IpFilterDriver - ok
18:45:36.0365 5000 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:45:36.0365 5000 IpInIp - ok
18:45:36.0396 5000 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:45:36.0412 5000 IpNat - ok
18:45:36.0428 5000 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:45:36.0428 5000 IPSec - ok
18:45:36.0459 5000 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:45:36.0474 5000 IRENUM - ok
18:45:36.0506 5000 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:45:36.0506 5000 isapnp - ok
18:45:36.0584 5000 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:45:36.0584 5000 JavaQuickStarterService - ok
18:45:36.0599 5000 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:45:36.0615 5000 Kbdclass - ok
18:45:36.0631 5000 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:45:36.0631 5000 kmixer - ok
18:45:36.0662 5000 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:45:36.0693 5000 KSecDD - ok
18:45:36.0740 5000 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:45:36.0756 5000 lanmanserver - ok
18:45:36.0803 5000 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:45:36.0818 5000 lanmanworkstation - ok
18:45:36.0834 5000 lbrtfdc - ok
18:45:36.0881 5000 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:45:36.0881 5000 LmHosts - ok
18:45:36.0912 5000 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:45:36.0928 5000 Messenger - ok
18:45:36.0959 5000 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:45:36.0959 5000 mnmdd - ok
18:45:37.0006 5000 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:45:37.0021 5000 mnmsrvc - ok
18:45:37.0037 5000 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:45:37.0053 5000 Modem - ok
18:45:37.0084 5000 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:45:37.0084 5000 Mouclass - ok
18:45:37.0115 5000 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:45:37.0115 5000 MountMgr - ok
18:45:37.0131 5000 mraid35x - ok
18:45:37.0146 5000 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:45:37.0146 5000 MRxDAV - ok
18:45:37.0193 5000 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:45:37.0209 5000 MRxSmb - ok
18:45:37.0224 5000 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:45:37.0240 5000 MSDTC - ok
18:45:37.0256 5000 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:45:37.0256 5000 Msfs - ok
18:45:37.0271 5000 MSIServer - ok
18:45:37.0287 5000 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:45:37.0287 5000 MSKSSRV - ok
18:45:37.0303 5000 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:45:37.0303 5000 MSPCLOCK - ok
18:45:37.0318 5000 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:45:37.0318 5000 MSPQM - ok
18:45:37.0349 5000 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:45:37.0349 5000 mssmbios - ok
18:45:37.0381 5000 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:45:37.0381 5000 Mup - ok
18:45:37.0428 5000 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:45:37.0443 5000 napagent - ok
18:45:37.0459 5000 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:45:37.0459 5000 NDIS - ok
18:45:37.0490 5000 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:45:37.0490 5000 NdisTapi - ok
18:45:37.0521 5000 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:45:37.0521 5000 Ndisuio - ok
18:45:37.0537 5000 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:45:37.0537 5000 NdisWan - ok
18:45:37.0568 5000 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:45:37.0568 5000 NDProxy - ok
18:45:37.0599 5000 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
18:45:37.0615 5000 Net Driver HPZ12 - ok
18:45:37.0631 5000 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:45:37.0631 5000 NetBIOS - ok
18:45:37.0646 5000 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:45:37.0678 5000 NetBT - ok
18:45:37.0709 5000 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
18:45:37.0724 5000 NetDDE - ok
18:45:37.0724 5000 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:45:37.0740 5000 NetDDEdsdm - ok
18:45:37.0771 5000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:45:37.0771 5000 Netlogon - ok
18:45:37.0818 5000 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
18:45:37.0834 5000 Netman - ok
18:45:37.0865 5000 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:45:37.0865 5000 NetTcpPortSharing - ok
18:45:37.0896 5000 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:45:37.0896 5000 NIC1394 - ok
18:45:37.0959 5000 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:45:37.0974 5000 Nla - ok
18:45:38.0021 5000 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:45:38.0021 5000 Npfs - ok
18:45:38.0068 5000 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:45:38.0099 5000 Ntfs - ok
18:45:38.0099 5000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:45:38.0115 5000 NtLmSsp - ok
18:45:38.0162 5000 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:45:38.0178 5000 NtmsSvc - ok
18:45:38.0209 5000 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:45:38.0209 5000 Null - ok
18:45:38.0490 5000 [ 18C9B152DA7BEA76B2F9E4B6412E0AAF ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:45:38.0834 5000 nv - ok
18:45:38.0865 5000 [ A8C1E6FF53FB0628A302843EA5FA5AB6 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
18:45:38.0896 5000 nvsvc - ok
18:45:38.0928 5000 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:45:38.0928 5000 NwlnkFlt - ok
18:45:38.0974 5000 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:45:38.0990 5000 NwlnkFwd - ok
18:45:39.0021 5000 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:45:39.0021 5000 ohci1394 - ok
18:45:39.0099 5000 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:45:39.0131 5000 ose - ok
18:45:39.0209 5000 [ E433C553D00D76FBC616294B60A7A530 ] P16X C:\WINDOWS\system32\drivers\P16X.sys
18:45:39.0240 5000 P16X - ok
18:45:39.0287 5000 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:45:39.0287 5000 Parport - ok
18:45:39.0303 5000 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:45:39.0303 5000 PartMgr - ok
18:45:39.0349 5000 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:45:39.0349 5000 ParVdm - ok
18:45:39.0365 5000 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:45:39.0365 5000 PCI - ok
18:45:39.0381 5000 PCIDump - ok
18:45:39.0381 5000 PCIIde - ok
18:45:39.0412 5000 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:45:39.0412 5000 Pcmcia - ok
18:45:39.0428 5000 PDCOMP - ok
18:45:39.0506 5000 [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
18:45:39.0521 5000 PDFProFiltSrvPP - ok
18:45:39.0537 5000 PDFRAME - ok
18:45:39.0537 5000 PDRELI - ok
18:45:39.0553 5000 PDRFRAME - ok
18:45:39.0553 5000 perc2 - ok
18:45:39.0568 5000 perc2hib - ok
18:45:39.0615 5000 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:45:39.0615 5000 PlugPlay - ok
18:45:39.0662 5000 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
18:45:39.0662 5000 Pml Driver HPZ12 - ok
18:45:39.0693 5000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:45:39.0693 5000 PolicyAgent - ok
18:45:39.0740 5000 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:45:39.0740 5000 PptpMiniport - ok
18:45:39.0756 5000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:45:39.0756 5000 ProtectedStorage - ok
18:45:39.0771 5000 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:45:39.0771 5000 PSched - ok
18:45:39.0803 5000 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:45:39.0803 5000 Ptilink - ok
18:45:39.0865 5000 [ 4080E220EB20D87AE74D12570B8A8027 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
18:45:39.0865 5000 QBCFMonitorService - ok
18:45:39.0943 5000 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
18:45:39.0959 5000 QBFCService - ok
18:45:40.0068 5000 [ 25FC19BADF78B7FB1D835AAC4B0B91A5 ] QBVSS C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
18:45:40.0131 5000 QBVSS - ok
18:45:40.0146 5000 ql1080 - ok
18:45:40.0162 5000 Ql10wnt - ok
18:45:40.0162 5000 ql12160 - ok
18:45:40.0178 5000 ql1240 - ok
18:45:40.0178 5000 ql1280 - ok
18:45:40.0209 5000 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:45:40.0209 5000 RasAcd - ok
18:45:40.0240 5000 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:45:40.0256 5000 RasAuto - ok
18:45:40.0287 5000 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:45:40.0287 5000 Rasl2tp - ok
18:45:40.0334 5000 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:45:40.0365 5000 RasMan - ok
18:45:40.0365 5000 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:45:40.0381 5000 RasPppoe - ok
18:45:40.0381 5000 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:45:40.0396 5000 Raspti - ok
18:45:40.0428 5000 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:45:40.0428 5000 Rdbss - ok
18:45:40.0443 5000 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:45:40.0443 5000 RDPCDD - ok
18:45:40.0506 5000 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:45:40.0506 5000 rdpdr - ok
18:45:40.0553 5000 [ 5B3055DAA788BD688594D2F5981F2A83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:45:40.0553 5000 RDPWD - ok
18:45:40.0584 5000 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:45:40.0599 5000 RDSessMgr - ok
18:45:40.0615 5000 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:45:40.0615 5000 redbook - ok
18:45:40.0662 5000 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:45:40.0662 5000 RemoteAccess - ok
18:45:40.0724 5000 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:45:40.0724 5000 RemoteRegistry - ok
18:45:40.0756 5000 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
18:45:40.0771 5000 RpcLocator - ok
18:45:40.0803 5000 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
18:45:40.0818 5000 RpcSs - ok
18:45:40.0865 5000 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:45:40.0881 5000 RSVP - ok
18:45:40.0912 5000 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:45:40.0912 5000 SamSs - ok
18:45:40.0943 5000 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:45:40.0959 5000 SCardSvr - ok
18:45:40.0990 5000 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:45:41.0006 5000 Schedule - ok
18:45:41.0053 5000 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:45:41.0053 5000 Secdrv - ok
18:45:41.0068 5000 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:45:41.0084 5000 seclogon - ok
18:45:41.0099 5000 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
18:45:41.0115 5000 SENS - ok
18:45:41.0131 5000 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:45:41.0131 5000 serenum - ok
18:45:41.0146 5000 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:45:41.0146 5000 Serial - ok
18:45:41.0209 5000 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:45:41.0209 5000 Sfloppy - ok
18:45:41.0256 5000 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:45:41.0271 5000 SharedAccess - ok
18:45:41.0287 5000 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:45:41.0303 5000 ShellHWDetection - ok
18:45:41.0318 5000 Simbad - ok
18:45:41.0334 5000 Sparrow - ok
18:45:41.0365 5000 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:45:41.0365 5000 splitter - ok
18:45:41.0396 5000 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:45:41.0412 5000 Spooler - ok
18:45:41.0459 5000 [ B7A8148CA23C6A55712002ED317A75D9 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
18:45:41.0490 5000 SpyHunter 4 Service - ok
18:45:41.0521 5000 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:45:41.0521 5000 sr - ok
18:45:41.0568 5000 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:45:41.0584 5000 srservice - ok
18:45:41.0615 5000 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:45:41.0646 5000 Srv - ok
18:45:41.0678 5000 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:45:41.0693 5000 SSDPSRV - ok
18:45:41.0740 5000 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
18:45:41.0740 5000 StillCam - ok
18:45:41.0803 5000 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:45:41.0834 5000 stisvc - ok
18:45:41.0849 5000 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:45:41.0865 5000 swenum - ok
18:45:41.0881 5000 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:45:41.0881 5000 swmidi - ok
18:45:41.0896 5000 SwPrv - ok
18:45:41.0912 5000 symc810 - ok
18:45:41.0928 5000 symc8xx - ok
18:45:41.0928 5000 sym_hi - ok
18:45:41.0943 5000 sym_u3 - ok
18:45:41.0990 5000 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:45:41.0990 5000 sysaudio - ok
18:45:42.0021 5000 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:45:42.0037 5000 SysmonLog - ok
18:45:42.0084 5000 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:45:42.0099 5000 TapiSrv - ok
18:45:42.0146 5000 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:45:42.0178 5000 Tcpip - ok
18:45:42.0193 5000 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:45:42.0209 5000 TDPIPE - ok
18:45:42.0240 5000 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:45:42.0240 5000 TDTCP - ok
18:45:42.0256 5000 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:45:42.0256 5000 TermDD - ok
18:45:42.0271 5000 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
18:45:42.0303 5000 TermService - ok
18:45:42.0334 5000 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
18:45:42.0349 5000 Themes - ok
18:45:42.0381 5000 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:45:42.0396 5000 TlntSvr - ok
18:45:42.0396 5000 TosIde - ok
18:45:42.0428 5000 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:45:42.0443 5000 TrkWks - ok
18:45:42.0459 5000 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:45:42.0474 5000 Udfs - ok
18:45:42.0474 5000 ultra - ok
18:45:42.0521 5000 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:45:42.0521 5000 Update - ok
18:45:42.0553 5000 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:45:42.0584 5000 upnphost - ok
18:45:42.0599 5000 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
18:45:42.0615 5000 UPS - ok
18:45:42.0631 5000 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:45:42.0631 5000 usbccgp - ok
18:45:42.0662 5000 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:45:42.0678 5000 usbehci - ok
18:45:42.0709 5000 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:45:42.0724 5000 usbhub - ok
18:45:42.0724 5000 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:45:42.0740 5000 usbprint - ok
18:45:42.0740 5000 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:45:42.0756 5000 usbscan - ok
18:45:42.0803 5000 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:45:42.0803 5000 USBSTOR - ok
18:45:42.0849 5000 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:45:42.0849 5000 usbuhci - ok
18:45:42.0881 5000 [ BFA4AE30B3AC10E9223830BF103F5A3F ] vcdrom C:\WINDOWS\system32\VCdRom.sys
18:45:42.0896 5000 vcdrom - ok
18:45:42.0943 5000 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:45:42.0943 5000 VgaSave - ok
18:45:42.0959 5000 ViaIde - ok
18:45:42.0974 5000 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:45:42.0974 5000 VolSnap - ok
18:45:43.0021 5000 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
18:45:43.0053 5000 VSS - ok
18:45:43.0084 5000 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
18:45:43.0115 5000 W32Time - ok
18:45:43.0146 5000 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:45:43.0146 5000 Wanarp - ok
18:45:43.0162 5000 WDICA - ok
18:45:43.0178 5000 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:45:43.0178 5000 wdmaud - ok
18:45:43.0193 5000 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:45:43.0209 5000 WebClient - ok
18:45:43.0287 5000 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:45:43.0287 5000 winmgmt - ok
18:45:43.0365 5000 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
18:45:43.0365 5000 WmdmPmSN - ok
18:45:43.0412 5000 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:45:43.0428 5000 Wmi - ok
18:45:43.0459 5000 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:45:43.0459 5000 WmiApSrv - ok
18:45:43.0568 5000 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:45:43.0599 5000 WPFFontCache_v0400 - ok
18:45:43.0646 5000 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:45:43.0646 5000 WS2IFSL - ok
18:45:43.0693 5000 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:45:43.0709 5000 wscsvc - ok
18:45:43.0756 5000 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:45:43.0803 5000 wuauserv - ok
18:45:43.0849 5000 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:45:43.0881 5000 WZCSVC - ok
18:45:43.0928 5000 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:45:43.0959 5000 xmlprov - ok
18:45:43.0990 5000 ================ Scan global ===============================
18:45:44.0021 5000 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:45:44.0037 5000 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:45:44.0084 5000 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:45:44.0099 5000 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:45:44.0115 5000 [Global] - ok
18:45:44.0115 5000 ================ Scan MBR ==================================
18:45:44.0131 5000 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:45:44.0396 5000 \Device\Harddisk0\DR0 - ok
18:45:44.0412 5000 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:45:44.0678 5000 \Device\Harddisk1\DR1 - ok
18:45:44.0678 5000 ================ Scan VBR ==================================
18:45:44.0678 5000 [ 78F130FAE5FE336CDDC30D2A2684A19E ] \Device\Harddisk0\DR0\Partition1
18:45:44.0678 5000 \Device\Harddisk0\DR0\Partition1 - ok
18:45:44.0724 5000 [ 58C1CFC6A55FA8BCEC38FF7159B64DAE ] \Device\Harddisk1\DR1\Partition1
18:45:44.0724 5000 \Device\Harddisk1\DR1\Partition1 - ok
18:45:44.0724 5000 ============================================================
18:45:44.0724 5000 Scan finished
18:45:44.0724 5000 ============================================================
18:45:44.0740 4844 Detected object count: 0
18:45:44.0740 4844 Actual detected object count: 0

aswMBR Log;

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-15 19:33:06
-----------------------------
19:33:06.553 OS Version: Windows 5.1.2600 Service Pack 3
19:33:06.553 Number of processors: 1 586 0x207
19:33:06.553 ComputerName: PAULS-OFFICE-PC UserName: Paul
19:33:11.537 Initialize success
19:33:16.303 AVAST engine defs: 12111501
19:33:20.459 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
19:33:20.459 Disk 0 Vendor: WDC_WD3200AAJB-00J3A0 01.03E01 Size: 305245MB BusType: 3
19:33:20.459 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
19:33:20.459 Disk 1 Vendor: IC35L120AVV207-0 V24OA66A Size: 114440MB BusType: 3
19:33:20.474 Disk 0 MBR read successfully
19:33:20.490 Disk 0 MBR scan
19:33:20.506 Disk 0 Windows XP default MBR code
19:33:20.521 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
19:33:20.521 Disk 0 scanning sectors +625121280
19:33:20.599 Disk 0 scanning C:\WINDOWS\system32\drivers
19:33:34.021 Service scanning
19:34:03.037 Modules scanning
19:34:21.615 Disk 0 trace - called modules:
19:34:22.162 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
19:34:22.162 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f79ab8]
19:34:22.162 3 CLASSPNP.SYS[f7581fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86fa2b00]
19:34:23.662 AVAST engine scan C:\WINDOWS
19:34:32.615 AVAST engine scan C:\WINDOWS\system32
19:39:04.709 AVAST engine scan C:\WINDOWS\system32\drivers
19:39:29.006 AVAST engine scan C:\Documents and Settings\Paul
19:44:13.787 AVAST engine scan C:\Documents and Settings\All Users
19:46:44.568 Scan finished successfully
19:46:59.974 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Paul\My Documents\MBR.dat"
19:46:59.974 The log file has been saved successfully to "C:\Documents and Settings\Paul\My Documents\aswMBR.txt"

ESET threats found; (it says they were cleanted)

C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aapncdfocfledaokddinflahbdnccomn\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\temp\7zip_installer_d162802.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\temp\tdsskiller-s32-downloader.exe a variant of Win32/Soft32Downloader.A application cleaned by deleting - quarantined



Let me know what you think. (7 zip was downloaded by mistake when downloading aswMBR. It wasn't installed).
Thanks. Paul.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:53 AM

Posted 16 November 2012 - 09:17 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 PabloRock

PabloRock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 16 November 2012 - 01:18 PM

Malwarebytes log;

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.16.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Paul :: PAULS-OFFICE-PC [administrator]

11/16/2012 9:41:39 AM
mbam-log-2012-11-16 (09-41-39).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 303384
Time elapsed: 1 hour(s), 15 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MiniToolBox log;

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by Paul (administrator) on 16-11-2012 at 12:35:26
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Disconnected)
Dual-Band Wireless A+G PCI Adapter = Wireless Network Connection 2 (Disconnected)
Intel® PRO/100 M Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : pauls-office-pc

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 M Network Connection

Physical Address. . . . . . . . . : 00-07-E9-E4-6F-DA

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Wednesday, November 14, 2012 2:50:17 PM

Lease Expires . . . . . . . . . . : Sunday, November 18, 2012 2:50:17 PM

Server: SABRESERV
Address: 192.168.2.1

Name: google.com
Addresses: 173.194.43.46, 173.194.43.38, 173.194.43.37, 173.194.43.33
173.194.43.40, 173.194.43.39, 173.194.43.35, 173.194.43.41, 173.194.43.34
173.194.43.36, 173.194.43.32



Pinging google.com [173.194.43.46] with 32 bytes of data:



Reply from 173.194.43.46: bytes=32 time=12ms TTL=54

Reply from 173.194.43.46: bytes=32 time=12ms TTL=54



Ping statistics for 173.194.43.46:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 12ms, Maximum = 12ms, Average = 12ms

Server: SABRESERV
Address: 192.168.2.1

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=80ms TTL=49

Reply from 98.138.253.109: bytes=32 time=132ms TTL=49



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 80ms, Maximum = 132ms, Average = 106ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 07 e9 e4 6f da ...... Intel® PRO/100 M Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.100 192.168.2.100 20
192.168.2.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.100 192.168.2.100 20
224.0.0.0 240.0.0.0 192.168.2.100 192.168.2.100 20
255.255.255.255 255.255.255.255 192.168.2.100 192.168.2.100 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/14/2012 05:01:20 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (11/14/2012 05:01:20 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (11/14/2012 05:01:20 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (11/14/2012 00:47:55 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (11/14/2012 00:47:55 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (11/14/2012 00:47:55 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (11/12/2012 09:29:24 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (11/12/2012 09:29:24 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (11/12/2012 09:29:24 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (11/09/2012 11:32:19 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle


System errors:
=============
Error: (11/15/2012 01:58:32 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (11/14/2012 00:44:28 PM) (Source: Service Control Manager) (User: )
Description: The Intuit Update Service v4 service failed to start due to the following error:
%%1053

Error: (11/14/2012 00:44:28 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Intuit Update Service v4 service to connect.

Error: (11/14/2012 00:44:28 PM) (Source: Service Control Manager) (User: )
Description: The Intuit Update Service service failed to start due to the following error:
%%1053

Error: (11/14/2012 00:44:28 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Intuit Update Service service to connect.

Error: (11/12/2012 09:23:02 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/09/2012 01:30:12 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Aavmker4
aswSnx
aswSP
aswTdi
Avgldx86
Avgmfx86
Fips
intelppm

Error: (11/09/2012 01:29:12 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/09/2012 09:34:51 AM) (Source: Service Control Manager) (User: )
Description: The Intuit Update Service v4 service hung on starting.

Error: (11/09/2012 09:28:49 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (11/14/2012 05:01:20 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (11/14/2012 05:01:20 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (11/14/2012 05:01:20 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (11/14/2012 00:47:55 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (11/14/2012 00:47:55 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (11/14/2012 00:47:55 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (11/12/2012 09:29:24 AM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (11/12/2012 09:29:24 AM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (11/12/2012 09:29:24 AM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (11/09/2012 11:32:19 AM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle


=========================== Installed Programs ============================

2X Client (Version: 10.1.1275)
32 Bit HP CIO Components Installer (Version: 1.0.0)
ABC Amber vCard Converter
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Artisteer 2 (Version: 2.5)
Artisteer 3 (Version: 3.0)
avast! Free Antivirus (Version: 7.0.1474.0)
AVG 2012 (Version: 12.0.2126)
AVG 2012 (Version: 12.0.2127)
AVG 2012 (Version: 12.0.2169)
AVG 2012 (Version: 12.0.2171)
AVG 2012 (Version: 12.0.2176)
AVG 2012 (Version: 12.0.2178)
AVG 2012 (Version: 12.0.2180)
AVG 2012 (Version: 12.0.2193)
AVG 2012 (Version: 12.0.2195)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.2409)
AVG 2012 (Version: 12.0.2441)
AVG 2012 (Version: 2012.0.2221)
Brother MFL-Pro Suite MFC-J6710DW (Version: 1.0.20.0)
CCleaner (Version: 3.10)
CorelDRAW Graphics Suite X3 (Version: 13.0)
Dell Driver Download Manager (Version: 3.0.0.0)
doPDF 7.2 printer
Dual-Band Wireless A+G PCI Adapter
EN (Version: 13.0)
ESET Online Scanner v3
FontNav (Version: 5.0)
Free DWG Viewer 7.1 (Version: 7.1)
Google Chrome (Version: 23.0.1271.64)
Google Update Helper (Version: 1.3.21.123)
GPL Ghostscript 8.63
HijackThis 1.99.1 (Version: 1.99.1)
HitmanPro 3.6 (Version: 3.6.2.174)
HP Officejet Pro K5300/5400 Series (Version: 1.0)
Intel® PRO Ethernet Adapter and Software
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 37 (Version: 6.0.370)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Expression Blend 3 (Version: 3.0.1927.0)
Microsoft Expression Blend 3 SDK (Version: 1.0.1327.0)
Microsoft Expression Studio 3 (Version: 3.0.1061.0)
Microsoft Expression Web 3 (Version: 3.0.1762.0)
Microsoft Office 2003 Primary Interop Assemblies (Version: 11.0.6553.0)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40624.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero 6 Ultra Edition
NetDeviceManager (Version: 90.0.192.000)
Nuance PaperPort 12 (Version: 12.1.0000)
Nuance PDF Viewer Plus (Version: 5.30.3290)
NVIDIA Control Panel 266.58 (Version: 266.58)
NVIDIA Graphics Driver 266.58 (Version: 266.58)
NVIDIA Install Application (Version: 2.265.39.0)
NVIDIA nView 135.50 (Version: 135.50)
NVIDIA nView Desktop Manager (Version: 6.14.10.13550)
PaperPort Image Printer (Version: 1.00.0001)
PDFill PDF Editor with FREE Writer and FREE Tools (Version: 8.0)
QuickBooks (Version: 22.0.4005.2206)
QuickBooks Pro 2012 (Version: 22.0.4005.2206)
QuickBooks Product Listing Service (Version: 2.0.148)
QuickBooks Simple Start 2009 (Version: 19.0.4001.703)
Scansoft PDF Professional
Spybot - Search & Destroy (Version: 1.6.2)
SpyHunter (Version: 4.11.10.4138)
SupportSoft Assisted Service (Version: 15)
The Extractor (Version: 1.4.3)
TurboTax 2010
TurboTax 2010 wctiper (Version: 010.000.1308)
TurboTax 2010 wctpbpm (Version: 010.000.0382)
TurboTax 2010 WinBizFedFormset (Version: 010.000.1599)
TurboTax 2010 WinBizReleaseEngine (Version: 010.000.0287)
TurboTax 2010 WinBizTaxSupport (Version: 010.000.1122)
TurboTax 2010 WinPerFedFormset (Version: 010.000.4227)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0483)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0214)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2011
TurboTax 2011 wctiper (Version: 011.000.1611)
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0495)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214)
TurboTax 2011 wnyiper (Version: 011.000.1628)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax Business 2010
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Manager (Version: 4.60)
VBA (Version: 6.2)
Visual Studio 2005 Tools for Office Second Edition Runtime
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows XP Service Pack 3 (Version: 20080414.031525)
WPF Toolkit June 2009 (Version 3.5.40619.1) (Version: 3.5.40619.1)
XML Paper Specification Shared Components Pack 1.0
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 71%
Total physical RAM: 1022.98 MB
Available physical RAM: 288.51 MB
Total Pagefile: 2464.87 MB
Available Pagefile: 1542.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.91 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:298.08 GB) (Free:250.87 GB) NTFS
4 Drive e: () (Fixed) (Total:111.73 GB) (Free:60.91 GB) NTFS

========================= Users: ========================================

User accounts for \\PAULS-OFFICE-PC

Administrator ASPNET Guest
HelpAssistant Paul SUPPORT_388945a0

========================= Restore Points ==================================

18-08-2012 17:39:45 System Checkpoint
19-08-2012 18:42:17 System Checkpoint
20-08-2012 18:49:36 System Checkpoint
21-08-2012 19:39:00 System Checkpoint
22-08-2012 19:40:48 System Checkpoint
23-08-2012 19:58:34 System Checkpoint
24-08-2012 20:39:43 System Checkpoint
25-08-2012 21:40:48 System Checkpoint
26-08-2012 22:39:43 System Checkpoint
28-08-2012 00:27:16 System Checkpoint
29-08-2012 00:39:42 System Checkpoint
30-08-2012 01:40:49 System Checkpoint
31-08-2012 02:39:42 System Checkpoint
01-09-2012 03:40:48 System Checkpoint
02-09-2012 04:39:42 System Checkpoint
03-09-2012 05:39:44 System Checkpoint
04-09-2012 06:39:42 System Checkpoint
04-09-2012 13:10:29 Software Distribution Service 3.0
04-09-2012 14:28:35 Removed 2X Client
04-09-2012 14:29:12 Installed 2X Client
05-09-2012 19:45:53 System Checkpoint
06-09-2012 20:29:57 System Checkpoint
07-09-2012 21:48:33 System Checkpoint
08-09-2012 22:13:28 System Checkpoint
09-09-2012 22:13:40 System Checkpoint
10-09-2012 22:16:51 System Checkpoint
11-09-2012 22:59:50 System Checkpoint
12-09-2012 23:43:05 System Checkpoint
14-09-2012 00:22:34 System Checkpoint
15-09-2012 00:38:40 System Checkpoint
16-09-2012 01:22:32 System Checkpoint
17-09-2012 02:34:01 System Checkpoint
18-09-2012 03:32:13 System Checkpoint
19-09-2012 04:22:36 System Checkpoint
20-09-2012 05:22:35 System Checkpoint
21-09-2012 05:38:06 System Checkpoint
22-09-2012 06:38:06 System Checkpoint
23-09-2012 07:39:09 System Checkpoint
24-09-2012 08:39:08 System Checkpoint
25-09-2012 09:38:07 System Checkpoint
26-09-2012 10:38:07 System Checkpoint
27-09-2012 11:10:53 System Checkpoint
28-09-2012 12:11:58 System Checkpoint
29-09-2012 12:49:27 System Checkpoint
30-09-2012 13:49:24 System Checkpoint
01-10-2012 16:31:43 System Checkpoint
02-10-2012 18:21:35 System Checkpoint
03-10-2012 18:26:29 System Checkpoint
04-10-2012 19:26:32 System Checkpoint
05-10-2012 19:36:04 System Checkpoint
06-10-2012 19:54:37 System Checkpoint
07-10-2012 20:54:13 System Checkpoint
08-10-2012 23:06:07 System Checkpoint
09-10-2012 23:55:19 System Checkpoint
11-10-2012 00:54:15 System Checkpoint
12-10-2012 01:12:46 System Checkpoint
13-10-2012 01:54:39 System Checkpoint
14-10-2012 02:54:09 System Checkpoint
15-10-2012 03:54:08 System Checkpoint
16-10-2012 04:38:02 System Checkpoint
17-10-2012 04:39:06 System Checkpoint
18-10-2012 05:38:01 System Checkpoint
18-10-2012 21:31:53 Removed Java™ 6 Update 24
18-10-2012 21:32:38 Installed Java™ 6 Update 37
19-10-2012 21:50:10 System Checkpoint
20-10-2012 22:25:04 System Checkpoint
21-10-2012 23:25:04 System Checkpoint
23-10-2012 00:25:05 System Checkpoint
24-10-2012 01:26:09 System Checkpoint
25-10-2012 02:25:04 System Checkpoint
26-10-2012 02:41:29 System Checkpoint
27-10-2012 03:41:27 System Checkpoint
28-10-2012 04:41:23 System Checkpoint
29-10-2012 05:41:24 System Checkpoint
24-02-2003 05:02:38 System Checkpoint
30-10-2012 22:46:56 System Checkpoint
31-10-2012 23:17:35 System Checkpoint
31-10-2012 20:51:26 System Checkpoint
01-11-2012 21:39:17 Installed Free DWG Viewer
02-11-2012 22:10:21 System Checkpoint
03-11-2012 23:10:21 System Checkpoint
05-11-2012 00:10:21 System Checkpoint
06-11-2012 00:24:51 System Checkpoint
07-11-2012 01:10:21 System Checkpoint
08-11-2012 02:11:26 System Checkpoint
09-11-2012 17:36:35 System Checkpoint
12-11-2012 16:04:14 Installed SpyHunter
13-11-2012 16:39:23 System Checkpoint
14-11-2012 19:52:31 Restore Operation
15-11-2012 21:43:52 System Checkpoint

**** End of log ****


Farbar log;

Farbar Service Scanner Version: 09-11-2012
Ran by Paul (administrator) on 16-11-2012 at 12:38:40
Running from "C:\Documents and Settings\Paul\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

adwCleaner log;

# AdwCleaner v2.007 - Logfile created 11/16/2012 at 12:43:08
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Paul - PAULS-OFFICE-PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Paul\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Ask.com.tmp

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [778 octets] - [16/11/2012 12:43:08]

########## EOF - C:\AdwCleaner[S2].txt - [837 octets] ##########


Junkware removal tool log;

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.1.1 (11.15.2012)
OS: Microsoft Windows XP x86
Ran by Paul on Fri 11/16/2012 at 12:55:20.12
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1935655697-616249376-725345543-1003\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/16/2012 at 13:10:27.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Let me know if there is anything else you may need.

Thanks a lot. Paul.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:53 AM

Posted 16 November 2012 - 01:50 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 PabloRock

PabloRock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 16 November 2012 - 03:47 PM

Rkill log;

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/16/2012 03:38:23 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/16/2012 03:39:25 PM
Execution time: 0 hours(s), 1 minute(s), and 2 seconds(s)


Autorun log;

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "avast" "avast! Antivirus" "AVAST Software" "c:\program files\alwil software\avast5\avastui.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgtray.exe"
+ "BrStsMon00" "Brother Status Monitor Application" "Brother Industries, Ltd." "c:\program files\browny02\brother\brstmonw.exe"
+ "ControlCenter4" "ControlCenter Launcher" "Brother Industries, Ltd." "c:\program files\controlcenter4\brccboot.exe"
+ "IndexSearch" "PaperPort IndexSearch" "Nuance Communications, Inc." "c:\program files\nuance\paperport\indexsearch.exe"
+ "Intuit SyncManager" "IntuitSyncManager" "Intuit Inc. All rights reserved." "c:\program files\common files\intuit\sync\intuitsyncmanager.exe"
+ "ISUSPM Startup" "InstallShield Update Service Update Manager" "Macrovision Corporation" "c:\program files\common files\installshield\updateservice\isuspm.exe"
+ "ISUSScheduler" "InstallShield Update Service Scheduler" "Macrovision Corporation" "c:\program files\common files\installshield\updateservice\issch.exe"
+ "NeroFilterCheck" "NeroCheck" "Ahead Software Gmbh" "c:\windows\system32\nerocheck.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "c:\windows\system32\nvmctray.dll"
+ "nwiz" "NVIDIA nView Wizard, Version 135.50 " "NVIDIA Corporation" "c:\program files\nvidia corporation\nview\nwiz.exe"
+ "PaperPort PTD" "PaperPort Print to Desktop for NT" "Nuance Communications, Inc." "c:\program files\nuance\paperport\pptd40nt.exe"
+ "PDF5 Registry Controller" "PDF Converter Registry Controller" "Nuance Communications, Inc." "c:\program files\nuance\pdf viewer plus\registrycontroller.exe"
+ "PDFHook" "PdfCreateHook Application" "Nuance Communications, Inc." "c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe"
+ "PPort12reminder" "Ereg" "Nuance Communications, Inc." "c:\program files\nuance\paperport\ereg\ereg.exe"
+ "SpyHunter Security Suite" "SpyHunter4 application" "Enigma Software Group USA, LLC." "c:\program files\enigma software group\spyhunter\spyhunter4.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "Intuit Data Protect.lnk" "Intuit Data Protect" "Intuit Inc." "c:\program files\common files\intuit\dataprotect\intuitdataprotect.exe"
+ "QuickBooks Update Agent.lnk" "QuickBooks Automatic Update" "Intuit Inc." "c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe"
+ "QuickBooks_Standard_21.lnk" "QuickBooks" "Intuit Inc." "c:\program files\intuit\quickbooks 2012\qbw32.exe"
"C:\Documents and Settings\Paul\Start Menu\Programs\Startup" "" "" ""
+ "2X Client.lnk" "2X Client" "2X Software Ltd." "c:\program files\2x\client\appserverclient.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "ISUSPM" "Acresso Software Manager" "Acresso Corporation" "c:\documents and settings\all users\application data\flexnet\connect\11\isuspm.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "intu-help-qb2" "QuickBooks Assistance Library" "Intuit, Inc." "c:\program files\intuit\quickbooks 2009\helpasyncpluggableprotocol.dll"
+ "intu-help-qb5" "QuickBooks Assistance Library" "Intuit, Inc." "c:\program files\intuit\quickbooks 2012\helpasyncpluggableprotocol.dll"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\alwil software\avast5\ashshell.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "TextPad" "TextPad shell extension DLL" "Helios Software Solutions" "e:\program files\textpad 4\system\shellext.dll"
+ "The Extractor" "CMD Context Menu Extension" "" "c:\program files\the extractor\extcmh.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\alwil software\avast5\ashshell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "The Extractor" "CMD Context Menu Extension" "" "c:\program files\the extractor\extcmh.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 135.50 " "NVIDIA Corporation" "c:\program files\nvidia corporation\nview\nvshell.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\alwil software\avast5\ashshell.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "The Extractor" "CMD Context Menu Extension" "" "c:\program files\the extractor\extcmh.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\alwil software\avast5\ashshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\alwil software\avast5\aswwebrepie.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "PlusIEEventHelper Class" "PlusIEContextMenu.dll" "Zeon Corporation" "c:\program files\nuance\pdf viewer plus\bin\plusiecontextmenu.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\alwil software\avast5\aswwebrepie.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "PDFill PDF Editor" "Download PDF Files" "PlotSoft LLC" "c:\program files\pdfill\downloadpdf.exe"
"Task Scheduler" "" "" ""
+ "avast! Emergency Update.job" "avast! Emergency Update" "AVAST Software" "c:\program files\alwil software\avast5\avastemupdate.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "2X SSO Service" "2X SSO Service provides support for automatic authorisation" "2X Software Ltd." "c:\program files\2x\client\tuxcredprov.exe"
+ "avast! Antivirus" "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler." "AVAST Software" "c:\program files\alwil software\avast5\avastsvc.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgwdsvc.exe"
+ "BrYNSvc" "BrYNCSvc" "Brother Industries, Ltd." "c:\program files\browny02\brynsvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "HPSLPSVC" "Discovers and monitors the state and the configuration of the HP devices attached to your network. If the service is stopped, and your network devices change IP addresses, they might become unavailable" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpslpsvc32.dll"
+ "IntuitUpdateService" "Helps Intuit applications automatically update themselves." "Intuit Inc." "c:\program files\common files\intuit\update service\intuitupdateservice.exe"
+ "IntuitUpdateServiceV4" "Helps Intuit applications automatically update themselves." "Intuit Inc." "c:\program files\common files\intuit\update service v4\intuitupdateservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "PDFProFiltSrvPP" "PDFPro IFilter Service" "Nuance Communications, Inc." "c:\program files\nuance\paperport\pdfprofiltsrvpp.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "QBCFMonitorService" "QuickBooks Company File Monitoring Service" "Intuit" "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe"
+ "QBFCService" "QuickBooks FCS module" "Intuit Inc." "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe"
+ "QBVSS" "Enables standard users to access Intuit Data Protect service." "Intuit Inc." "c:\program files\common files\intuit\dataprotect\qbidpservice.exe"
+ "SpyHunter 4 Service" "SpyHunter 4 Helper Service" "Enigma Software Group USA, LLC." "c:\program files\enigma software group\spyhunter\sh4service.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Aavmker4" "avast! Asynchronous Virus Monitor" "AVAST Software" "c:\windows\system32\drivers\aavmker4.sys"
+ "AR5211" "Driver for Atheros AR5001 Wireless Network Adapter" "Atheros Communications, Inc." "c:\windows\system32\drivers\ar5211.sys"
+ "aswFsBlk" "avast! mini-filter driver (aswFsBlk)" "AVAST Software" "c:\windows\system32\drivers\aswfsblk.sys"
+ "aswMon2" "avast! Standard Shield Support" "AVAST Software" "c:\windows\system32\drivers\aswmon2.sys"
+ "aswRdr" "avast! TDI Redirect driver" "AVAST Software" "c:\windows\system32\drivers\aswrdr.sys"
+ "aswSnx" "avast! virtualization driver (aswSnx)" "AVAST Software" "c:\windows\system32\drivers\aswsnx.sys"
+ "aswSP" "avast! Self Protection" "AVAST Software" "c:\windows\system32\drivers\aswsp.sys"
+ "aswTdi" "avast! Network Shield TDI driver" "AVAST Software" "c:\windows\system32\drivers\aswtdi.sys"
+ "AVGIDSHX" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidshx.sys"
+ "Avgldx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "Avgmfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "Avgrkx86" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx86.sys"
+ "catchme" "" "" "File not found: C:\DOCUME~1\Paul\LOCALS~1\Temp\catchme.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "E100B" "NDIS 5 driver" "Intel Corporation" "c:\windows\system32\drivers\e100b325.sys"
+ "esgiguard" "" "" "c:\program files\enigma software group\spyhunter\esgiguard.sys"
+ "EsgScanner" "Enigma Scan filter" "" "c:\windows\system32\drivers\esgscanner.sys"
+ "HPZid412" "IEEE-1284.4-1999 Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzid412.sys"
+ "HPZipr12" "IEEE-1284.4-1999 Print Class Driver" "HP" "c:\windows\system32\drivers\hpzipr12.sys"
+ "HPZius12" "1284.4<->Usb Datalink Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzius12.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 266.58 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "P16X" "WDM Audio Miniport" "Creative Technology Ltd." "c:\windows\system32\drivers\p16x.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "IndeoŽ audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "CinepakŽ Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "IndeoŽ video 4.4 Compression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "IndeoŽ video 4.4 Compression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "IndeoŽ video 4.4 Decompression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "IndeoŽ video 4.4 Decompression Filter" "Intel IndeoŽ Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "IndeoŽ audio software" "IndeoŽ audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "IndeoŽ video 5.10 Compression Filter" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "IndeoŽ video 5.10 Decompression Filter" "Intel IndeoŽ video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Nero Audio CD Filter" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio CD Navigator" "Nero Audio CD Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio Processor" "Nero Audio Processor" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudioconv.ax"
+ "Nero Audio Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Digital Audio Decoder" "Nero Audio Decoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\neaudio.ax"
+ "Nero Digital AVC Audio Encoder" "AAC LC/HE Audio Encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendaud.ax"
+ "Nero Digital AVC File Writer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Muxer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Null Renderer" "NeroDigital File Format Muxer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital Parser" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero DV Splitter" "DV Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvsplitter.ax"
+ "Nero DVD Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero DVD Navigator" "DVD Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nedvd.ax"
+ "Nero ES Video Reader" "NeroDigital / mp4 / avi / mov parser" "Nero AG" "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero File Source" "Nero SVCD source filter" "Nero AG " "c:\program files\common files\ahead\dsfilter\nefilesrc.ax"
+ "Nero File Source (Async.)" "NeFileSourceAsync" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nefilesourceasync.ax"
+ "Nero File Source / Splitter" "Push Mode VOB Source Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nefsource.ax"
+ "Nero Format Converter" "Frame rate / Color space converter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neroformatconv.ax"
+ "Nero Frame Capture" "Direct Show frame grabber filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\necapture.ax"
+ "Nero Mpeg2 Encoder" "MPEG 1/2 Video Encoder" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcr.ax"
+ "Nero Photo Source" "NePhotoSource" "Ahead Software AG" "c:\program files\common files\ahead\dsfilter\nephotosource.ax"
+ "Nero PS Muxer" "PS Muxer Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nepsmuxer.ax"
+ "Nero QuickTime™ Audio Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero QuickTime™ Video Decoder" "QuickTime™ Decoder Wrapper" "Nero AG" "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero Resize" "Nero Resizing Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\neresize.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Scene Change Detector" "Scene Change Detector" "Nero AG" "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Splitter" "Splitter Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nesplitter.ax"
+ "Nero Vcd Navigator" "Nero Vcd Navigator Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevcd.ax"
+ "Nero Video Analyzer" "Nero Video Analyzer" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideoanalyzer.ax"
+ "Nero Video Decoder" "MPEG-1/2/4 & AVC video decoder w/ DxVA" "Nero AG" "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero Video Processor" "Resize / Deinterlace / Color Correction / Film Effect / Frame Capture Filter" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerovideoproc.ax"
+ "Nero Video Source" "Nero Library" "Nero AG" "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance" "" "" ""
+ "Photoshop Codec" "PSDCodec" "Microsoft Corporation" "c:\program files\microsoft expression\common\imaging\3.0.269.0\psdcodec.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgrsx.exe"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "doPDF 7 Monitor" "doPDF Port Monitor" "Softland" "c:\windows\system32\dopdfmn7.dll"
+ "PCL hpz3l589" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3l589.dll"
+ "PDFill Writer Monitor" "DDK Local Monitor DLL" "Windows ® Codename Longhorn DDK provider" "c:\program files\pdfill\pdfwriter\driver\pdfillwritermon.dll"

Thanks. Paul.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:53 AM

Posted 16 November 2012 - 04:37 PM

Current issues?

#9 PabloRock

PabloRock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 17 November 2012 - 01:15 PM

I just did a bunch of random searches and haven't been redirected (but it didn't happen every search before). I will continue to try random stuff to see if still occurs, but it looks good. Searches also seem quicker.

But if I bring up IE, the images still do not show up. My default page also changed to google from msn (not that I want msn as my default). It's not every image, just some of them. The google logo is one that doesn't show. But when they had one of their special logos, it did show up. I was just on a random blog page and there were a bunch of links at the bottom with images. Some of the images showed, some of them didn't. On the bleepingcompter, the home page shows the logo and all the ads, but none of the logos in the "follow" and "share" sections.

Let me know if there is anything else I should do.
Thanks for all your help. Paul.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:53 AM

Posted 17 November 2012 - 01:24 PM

Reset Internet explorer

http://support.microsoft.com/kb/923737

Any changes?

#11 PabloRock

PabloRock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 17 November 2012 - 02:55 PM

No, that didn't do it (I tried that when I first noticed the problem).

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:53 AM

Posted 17 November 2012 - 03:16 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#13 PabloRock

PabloRock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 17 November 2012 - 03:27 PM

Thanks for the info. I will try everything you mentioned. I was planning on getting rid of my extra anti-virus software once I fixed my problem (a lot of opinions on what to run to get rid of the re-diret). Thanks for all your help.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:53 AM

Posted 17 November 2012 - 03:42 PM

Lets try reinstalling Internet explorer

Press Windows+R key and type

appwiz.cpl and click ok

Right click on windows internet explorer 8-uninstall

Restart the PC and check IE

Edited by narenxp, 17 November 2012 - 03:45 PM.


#15 PabloRock

PabloRock
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:53 AM

Posted 19 November 2012 - 03:16 PM

I'm running XP, so I don't have a "windows" button. I uninstalled IE 8 and for some reason I now have IE 6. It seems to look ok, and I will probably use Chrome for the foreseeable future, so I will probably leave it as is (unless you think I should try to upgrade it).

Also, I currently have CCleaner for temp clean up (which I've always run on a regular basis [prior to CC I used ATF-Cleaner]). If you think TFC is a better option, I'll start to use that (although it requires a reboot, so it's not as convenient).

Thank you for all your help. Your are a great resource.
Paul.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users