Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google and Firefox re-directed to adds


  • Please log in to reply
18 replies to this topic

#1 mulderator

mulderator

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 23 November 2012 - 03:02 PM

I have tried everything--researched, downloaded all kinds of malware and spyware programs and cannot get rid of this hi-jacking that occurs in Firefox and Google clicks (not sure where the problem is). Any advice would be appreciated.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:39 PM

Posted 23 November 2012 - 03:16 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 mulderator

mulderator
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 23 November 2012 - 04:50 PM

Here is TDSSkiller:

13:32:20.0546 2728 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:32:21.0218 2728 ============================================================
13:32:21.0218 2728 Current date / time: 2012/11/23 13:32:21.0218
13:32:21.0218 2728 SystemInfo:
13:32:21.0218 2728
13:32:21.0218 2728 OS Version: 5.1.2600 ServicePack: 3.0
13:32:21.0218 2728 Product type: Workstation
13:32:21.0218 2728 ComputerName: FANNY_LAPPIE
13:32:21.0218 2728 UserName: Fanny
13:32:21.0218 2728 Windows directory: C:\WINDOWS
13:32:21.0218 2728 System windows directory: C:\WINDOWS
13:32:21.0218 2728 Processor architecture: Intel x86
13:32:21.0218 2728 Number of processors: 2
13:32:21.0218 2728 Page size: 0x1000
13:32:21.0218 2728 Boot type: Normal boot
13:32:21.0218 2728 ============================================================
13:32:22.0265 2728 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:32:22.0265 2728 ============================================================
13:32:22.0265 2728 \Device\Harddisk0\DR0:
13:32:22.0265 2728 MBR partitions:
13:32:22.0265 2728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
13:32:22.0265 2728 ============================================================
13:32:22.0296 2728 C: <-> \Device\Harddisk0\DR0\Partition1
13:32:22.0296 2728 ============================================================
13:32:22.0296 2728 Initialize success
13:32:22.0296 2728 ============================================================
13:32:47.0421 1792 ============================================================
13:32:47.0421 1792 Scan started
13:32:47.0421 1792 Mode: Manual; TDLFS;
13:32:47.0421 1792 ============================================================
13:32:47.0843 1792 ================ Scan system memory ========================
13:32:48.0375 1792 System memory - ok
13:32:48.0375 1792 ================ Scan services =============================
13:32:48.0453 1792 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:32:48.0453 1792 !SASCORE - ok
13:32:48.0546 1792 [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys
13:32:48.0562 1792 61883 - ok
13:32:48.0562 1792 Abiosdsk - ok
13:32:48.0562 1792 abp480n5 - ok
13:32:48.0593 1792 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:32:48.0593 1792 ACPI - ok
13:32:48.0609 1792 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:32:48.0609 1792 ACPIEC - ok
13:32:48.0671 1792 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:32:48.0671 1792 AdobeFlashPlayerUpdateSvc - ok
13:32:48.0671 1792 adpu160m - ok
13:32:48.0734 1792 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:32:48.0734 1792 aec - ok
13:32:48.0765 1792 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:32:48.0765 1792 AFD - ok
13:32:48.0781 1792 Aha154x - ok
13:32:48.0781 1792 aic78u2 - ok
13:32:48.0781 1792 aic78xx - ok
13:32:48.0812 1792 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:32:48.0812 1792 Alerter - ok
13:32:48.0828 1792 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:32:48.0828 1792 ALG - ok
13:32:48.0843 1792 AliIde - ok
13:32:48.0843 1792 amsint - ok
13:32:48.0875 1792 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
13:32:48.0875 1792 AppMgmt - ok
13:32:48.0906 1792 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:32:48.0906 1792 Arp1394 - ok
13:32:48.0921 1792 asc - ok
13:32:48.0921 1792 asc3350p - ok
13:32:48.0921 1792 asc3550 - ok
13:32:49.0000 1792 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:32:49.0000 1792 aspnet_state - ok
13:32:49.0031 1792 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:32:49.0031 1792 AsyncMac - ok
13:32:49.0062 1792 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:32:49.0062 1792 atapi - ok
13:32:49.0062 1792 Atdisk - ok
13:32:49.0062 1792 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:32:49.0062 1792 Atmarpc - ok
13:32:49.0109 1792 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:32:49.0109 1792 AudioSrv - ok
13:32:49.0140 1792 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:32:49.0140 1792 audstub - ok
13:32:49.0156 1792 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys
13:32:49.0156 1792 Avc - ok
13:32:49.0171 1792 [ E625773D7B950842D582F713656859C0 ] AVCSTRM C:\WINDOWS\system32\DRIVERS\avcstrm.sys
13:32:49.0187 1792 AVCSTRM - ok
13:32:49.0421 1792 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
13:32:49.0625 1792 AVGIDSAgent - ok
13:32:49.0656 1792 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
13:32:49.0656 1792 AVGIDSDriver - ok
13:32:49.0703 1792 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
13:32:49.0703 1792 AVGIDSFilter - ok
13:32:49.0718 1792 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
13:32:49.0718 1792 AVGIDSHX - ok
13:32:49.0734 1792 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
13:32:49.0734 1792 AVGIDSShim - ok
13:32:49.0765 1792 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
13:32:49.0765 1792 Avgldx86 - ok
13:32:49.0781 1792 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
13:32:49.0781 1792 Avgmfx86 - ok
13:32:49.0796 1792 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
13:32:49.0796 1792 Avgrkx86 - ok
13:32:49.0812 1792 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
13:32:49.0828 1792 Avgtdix - ok
13:32:49.0859 1792 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
13:32:49.0875 1792 avgwd - ok
13:32:49.0906 1792 [ F96038AA1EC4013A93D2420FC689D1E9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
13:32:49.0906 1792 b57w2k - ok
13:32:49.0953 1792 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:32:49.0953 1792 Beep - ok
13:32:49.0984 1792 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:32:50.0000 1792 BITS - ok
13:32:50.0046 1792 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:32:50.0046 1792 Browser - ok
13:32:50.0062 1792 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:32:50.0062 1792 cbidf2k - ok
13:32:50.0093 1792 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:32:50.0093 1792 CCDECODE - ok
13:32:50.0109 1792 cd20xrnt - ok
13:32:50.0109 1792 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:32:50.0109 1792 Cdaudio - ok
13:32:50.0156 1792 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:32:50.0156 1792 Cdfs - ok
13:32:50.0187 1792 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:32:50.0187 1792 Cdrom - ok
13:32:50.0203 1792 Changer - ok
13:32:50.0218 1792 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:32:50.0218 1792 CiSvc - ok
13:32:50.0234 1792 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:32:50.0234 1792 ClipSrv - ok
13:32:50.0265 1792 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:32:50.0265 1792 clr_optimization_v4.0.30319_32 - ok
13:32:50.0296 1792 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:32:50.0296 1792 CmBatt - ok
13:32:50.0296 1792 CmdIde - ok
13:32:50.0328 1792 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:32:50.0328 1792 Compbatt - ok
13:32:50.0328 1792 COMSysApp - ok
13:32:50.0343 1792 Cpqarray - ok
13:32:50.0375 1792 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:32:50.0375 1792 CryptSvc - ok
13:32:50.0375 1792 dac2w2k - ok
13:32:50.0390 1792 dac960nt - ok
13:32:50.0437 1792 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:32:50.0437 1792 DcomLaunch - ok
13:32:50.0468 1792 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:32:50.0468 1792 Dhcp - ok
13:32:50.0468 1792 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:32:50.0468 1792 Disk - ok
13:32:50.0484 1792 dmadmin - ok
13:32:50.0531 1792 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:32:50.0562 1792 dmboot - ok
13:32:50.0578 1792 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:32:50.0593 1792 dmio - ok
13:32:50.0625 1792 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:32:50.0625 1792 dmload - ok
13:32:50.0640 1792 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:32:50.0640 1792 dmserver - ok
13:32:50.0671 1792 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:32:50.0671 1792 DMusic - ok
13:32:50.0734 1792 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:32:50.0734 1792 Dnscache - ok
13:32:50.0765 1792 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:32:50.0765 1792 Dot3svc - ok
13:32:50.0765 1792 dpti2o - ok
13:32:50.0781 1792 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:32:50.0796 1792 drmkaud - ok
13:32:50.0812 1792 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:32:50.0812 1792 EapHost - ok
13:32:50.0828 1792 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:32:50.0828 1792 ERSvc - ok
13:32:50.0859 1792 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:32:50.0875 1792 Eventlog - ok
13:32:50.0906 1792 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
13:32:50.0921 1792 EventSystem - ok
13:32:51.0031 1792 [ C37B83B51CDF10E5BB6F78A7E4FED11A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:32:51.0078 1792 EvtEng - ok
13:32:51.0109 1792 [ 0DD24DABB0B8C4AC0D8F2EBF0492276A ] fanio C:\WINDOWS\system32\drivers\fanio.sys
13:32:51.0109 1792 fanio - ok
13:32:51.0140 1792 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:32:51.0140 1792 Fastfat - ok
13:32:51.0203 1792 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:32:51.0203 1792 FastUserSwitchingCompatibility - ok
13:32:51.0234 1792 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
13:32:51.0250 1792 Fdc - ok
13:32:51.0250 1792 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:32:51.0250 1792 Fips - ok
13:32:51.0265 1792 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
13:32:51.0265 1792 Flpydisk - ok
13:32:51.0296 1792 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:32:51.0296 1792 FltMgr - ok
13:32:51.0296 1792 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:32:51.0296 1792 Fs_Rec - ok
13:32:51.0328 1792 [ AAE37F0F2F613218DCE17B42A18C38DB ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
13:32:51.0328 1792 FTDIBUS - ok
13:32:51.0343 1792 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:32:51.0343 1792 Ftdisk - ok
13:32:51.0359 1792 [ 48BFD1BA45C9C9E7AB339E25ABFBA1D2 ] FTSER2K C:\WINDOWS\system32\drivers\ftser2k.sys
13:32:51.0375 1792 FTSER2K - ok
13:32:51.0390 1792 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:32:51.0390 1792 Gpc - ok
13:32:51.0421 1792 [ C0BDAB85F3E8B2138C513255E2BCC4D8 ] guardian2 C:\WINDOWS\system32\Drivers\oz776.sys
13:32:51.0421 1792 guardian2 - ok
13:32:51.0484 1792 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:32:51.0484 1792 gupdate - ok
13:32:51.0500 1792 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:32:51.0500 1792 gupdatem - ok
13:32:51.0531 1792 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:32:51.0546 1792 HDAudBus - ok
13:32:51.0578 1792 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:32:51.0578 1792 helpsvc - ok
13:32:51.0593 1792 HidServ - ok
13:32:51.0625 1792 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:32:51.0625 1792 hkmsvc - ok
13:32:51.0625 1792 hpn - ok
13:32:51.0656 1792 [ 290CDBB05903742EA06B7203C5A662F5 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
13:32:51.0671 1792 HSFHWAZL - ok
13:32:51.0718 1792 [ 7AB812355F98858B9ECDD46E6FCC221F ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
13:32:51.0765 1792 HSF_DPV - ok
13:32:51.0796 1792 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:32:51.0812 1792 HTTP - ok
13:32:51.0843 1792 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:32:51.0859 1792 HTTPFilter - ok
13:32:51.0859 1792 i2omgmt - ok
13:32:51.0859 1792 i2omp - ok
13:32:51.0890 1792 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:32:51.0906 1792 i8042prt - ok
13:32:51.0906 1792 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:32:51.0906 1792 Imapi - ok
13:32:51.0953 1792 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:32:51.0953 1792 ImapiService - ok
13:32:51.0953 1792 ini910u - ok
13:32:51.0968 1792 IntelIde - ok
13:32:52.0000 1792 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:32:52.0000 1792 intelppm - ok
13:32:52.0015 1792 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:32:52.0031 1792 Ip6Fw - ok
13:32:52.0046 1792 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:32:52.0046 1792 IpFilterDriver - ok
13:32:52.0062 1792 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:32:52.0062 1792 IpInIp - ok
13:32:52.0078 1792 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:32:52.0093 1792 IpNat - ok
13:32:52.0125 1792 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:32:52.0125 1792 IPSec - ok
13:32:52.0140 1792 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:32:52.0156 1792 IRENUM - ok
13:32:52.0187 1792 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:32:52.0187 1792 isapnp - ok
13:32:52.0265 1792 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
13:32:52.0265 1792 JavaQuickStarterService - ok
13:32:52.0296 1792 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:32:52.0312 1792 Kbdclass - ok
13:32:52.0343 1792 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:32:52.0343 1792 kmixer - ok
13:32:52.0375 1792 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:32:52.0390 1792 KSecDD - ok
13:32:52.0406 1792 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
13:32:52.0421 1792 LanmanServer - ok
13:32:52.0453 1792 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:32:52.0453 1792 lanmanworkstation - ok
13:32:52.0468 1792 lbrtfdc - ok
13:32:52.0500 1792 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:32:52.0500 1792 LmHosts - ok
13:32:52.0531 1792 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
13:32:52.0531 1792 MBAMProtector - ok
13:32:52.0593 1792 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:32:52.0593 1792 MBAMScheduler - ok
13:32:52.0640 1792 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:32:52.0671 1792 MBAMService - ok
13:32:52.0703 1792 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:32:52.0718 1792 mdmxsdk - ok
13:32:52.0750 1792 [ 1968AA72F5C23C5010A126B5EE0C3539 ] MEITUNER C:\WINDOWS\system32\DRIVERS\meistb.sys
13:32:52.0765 1792 MEITUNER - ok
13:32:52.0781 1792 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:32:52.0781 1792 Messenger - ok
13:32:52.0828 1792 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:32:52.0828 1792 Microsoft Office Groove Audit Service - ok
13:32:52.0875 1792 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:32:52.0875 1792 mnmdd - ok
13:32:52.0906 1792 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:32:52.0906 1792 mnmsrvc - ok
13:32:52.0921 1792 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:32:52.0921 1792 Modem - ok
13:32:52.0937 1792 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:32:52.0937 1792 Mouclass - ok
13:32:52.0953 1792 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:32:52.0953 1792 MountMgr - ok
13:32:53.0000 1792 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:32:53.0000 1792 MozillaMaintenance - ok
13:32:53.0000 1792 mraid35x - ok
13:32:53.0015 1792 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:32:53.0015 1792 MRxDAV - ok
13:32:53.0062 1792 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:32:53.0093 1792 MRxSmb - ok
13:32:53.0125 1792 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:32:53.0125 1792 MSDTC - ok
13:32:53.0156 1792 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:32:53.0156 1792 Msfs - ok
13:32:53.0156 1792 MSIServer - ok
13:32:53.0203 1792 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:32:53.0203 1792 MSKSSRV - ok
13:32:53.0234 1792 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:32:53.0234 1792 MSPCLOCK - ok
13:32:53.0265 1792 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:32:53.0265 1792 MSPQM - ok
13:32:53.0312 1792 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:32:53.0312 1792 mssmbios - ok
13:32:53.0343 1792 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:32:53.0359 1792 MSTEE - ok
13:32:53.0375 1792 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:32:53.0375 1792 Mup - ok
13:32:53.0406 1792 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:32:53.0406 1792 NABTSFEC - ok
13:32:53.0453 1792 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:32:53.0453 1792 napagent - ok
13:32:53.0484 1792 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:32:53.0484 1792 NDIS - ok
13:32:53.0500 1792 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:32:53.0515 1792 NdisIP - ok
13:32:53.0546 1792 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:32:53.0546 1792 NdisTapi - ok
13:32:53.0578 1792 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:32:53.0578 1792 Ndisuio - ok
13:32:53.0578 1792 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:32:53.0593 1792 NdisWan - ok
13:32:53.0625 1792 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:32:53.0625 1792 NDProxy - ok
13:32:53.0656 1792 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:32:53.0656 1792 NetBIOS - ok
13:32:53.0671 1792 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:32:53.0671 1792 NetBT - ok
13:32:53.0703 1792 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:32:53.0718 1792 NetDDE - ok
13:32:53.0718 1792 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:32:53.0718 1792 NetDDEdsdm - ok
13:32:53.0750 1792 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:32:53.0750 1792 Netlogon - ok
13:32:53.0796 1792 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:32:53.0796 1792 Netman - ok
13:32:54.0000 1792 [ 91F027C242D3FF6E5C09F92A0518297F ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
13:32:54.0187 1792 NETw5x32 - ok
13:32:54.0187 1792 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:32:54.0203 1792 NIC1394 - ok
13:32:54.0234 1792 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:32:54.0234 1792 Nla - ok
13:32:54.0265 1792 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:32:54.0265 1792 Npfs - ok
13:32:54.0312 1792 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:32:54.0328 1792 Ntfs - ok
13:32:54.0359 1792 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:32:54.0359 1792 NtLmSsp - ok
13:32:54.0390 1792 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:32:54.0406 1792 NtmsSvc - ok
13:32:54.0421 1792 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:32:54.0421 1792 Null - ok
13:32:54.0859 1792 [ 18C9B152DA7BEA76B2F9E4B6412E0AAF ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:32:55.0234 1792 nv - ok
13:32:55.0281 1792 [ A8C1E6FF53FB0628A302843EA5FA5AB6 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
13:32:55.0296 1792 nvsvc - ok
13:32:55.0312 1792 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:32:55.0312 1792 NwlnkFlt - ok
13:32:55.0312 1792 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:32:55.0328 1792 NwlnkFwd - ok
13:32:55.0406 1792 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:32:55.0406 1792 odserv - ok
13:32:55.0421 1792 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:32:55.0421 1792 ohci1394 - ok
13:32:55.0453 1792 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:32:55.0468 1792 ose - ok
13:32:55.0500 1792 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
13:32:55.0500 1792 Parport - ok
13:32:55.0500 1792 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:32:55.0500 1792 PartMgr - ok
13:32:55.0531 1792 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:32:55.0531 1792 ParVdm - ok
13:32:55.0578 1792 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:32:55.0578 1792 PCI - ok
13:32:55.0578 1792 PCIDump - ok
13:32:55.0593 1792 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:32:55.0593 1792 PCIIde - ok
13:32:55.0593 1792 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
13:32:55.0609 1792 Pcmcia - ok
13:32:55.0609 1792 PDCOMP - ok
13:32:55.0609 1792 PDFRAME - ok
13:32:55.0609 1792 PDRELI - ok
13:32:55.0609 1792 PDRFRAME - ok
13:32:55.0625 1792 perc2 - ok
13:32:55.0625 1792 perc2hib - ok
13:32:55.0812 1792 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\ComboFix\pev.3XE
13:32:55.0812 1792 PEVSystemStart - ok
13:32:55.0828 1792 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:32:55.0843 1792 PlugPlay - ok
13:32:55.0843 1792 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:32:55.0843 1792 PolicyAgent - ok
13:32:55.0859 1792 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:32:55.0875 1792 PptpMiniport - ok
13:32:55.0875 1792 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:32:55.0875 1792 ProtectedStorage - ok
13:32:55.0890 1792 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:32:55.0890 1792 PSched - ok
13:32:55.0890 1792 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:32:55.0890 1792 Ptilink - ok
13:32:55.0906 1792 ql1080 - ok
13:32:55.0906 1792 Ql10wnt - ok
13:32:55.0906 1792 ql12160 - ok
13:32:55.0921 1792 ql1240 - ok
13:32:55.0921 1792 ql1280 - ok
13:32:55.0937 1792 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:32:55.0953 1792 RasAcd - ok
13:32:55.0984 1792 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:32:55.0984 1792 RasAuto - ok
13:32:56.0015 1792 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:32:56.0015 1792 Rasl2tp - ok
13:32:56.0046 1792 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:32:56.0046 1792 RasMan - ok
13:32:56.0046 1792 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:32:56.0062 1792 RasPppoe - ok
13:32:56.0062 1792 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:32:56.0062 1792 Raspti - ok
13:32:56.0093 1792 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:32:56.0093 1792 Rdbss - ok
13:32:56.0093 1792 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:32:56.0109 1792 RDPCDD - ok
13:32:56.0140 1792 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:32:56.0156 1792 rdpdr - ok
13:32:56.0187 1792 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:32:56.0203 1792 RDPWD - ok
13:32:56.0234 1792 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:32:56.0234 1792 RDSessMgr - ok
13:32:56.0265 1792 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:32:56.0265 1792 redbook - ok
13:32:56.0328 1792 [ C96980CCCF84329824623B0B50383703 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:32:56.0343 1792 RegSrvc - ok
13:32:56.0375 1792 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:32:56.0375 1792 RemoteAccess - ok
13:32:56.0406 1792 [ 7553D60B85AC53BD4486C418A0FBFCDF ] RemoteControl-USBLAN C:\WINDOWS\system32\DRIVERS\rcblan.sys
13:32:56.0406 1792 RemoteControl-USBLAN - ok
13:32:56.0453 1792 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
13:32:56.0453 1792 RemoteRegistry - ok
13:32:56.0468 1792 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
13:32:56.0484 1792 RimUsb - ok
13:32:56.0515 1792 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:32:56.0515 1792 RpcLocator - ok
13:32:56.0546 1792 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:32:56.0546 1792 RpcSs - ok
13:32:56.0593 1792 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:32:56.0593 1792 RSVP - ok
13:32:56.0656 1792 [ 0FCB7EEB0E81A777735A5AF185F56C2B ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
13:32:56.0687 1792 S24EventMonitor - ok
13:32:56.0718 1792 [ 96B4494D4734970F47C566E098C4F527 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
13:32:56.0718 1792 s24trans - ok
13:32:56.0734 1792 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:32:56.0750 1792 SamSs - ok
13:32:56.0781 1792 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:32:56.0781 1792 SASDIFSV - ok
13:32:56.0781 1792 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:32:56.0781 1792 SASKUTIL - ok
13:32:56.0812 1792 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:32:56.0828 1792 SCardSvr - ok
13:32:56.0859 1792 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:32:56.0859 1792 Schedule - ok
13:32:56.0875 1792 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:32:56.0875 1792 Secdrv - ok
13:32:56.0906 1792 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:32:56.0906 1792 seclogon - ok
13:32:56.0921 1792 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:32:56.0921 1792 SENS - ok
13:32:56.0937 1792 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:32:56.0937 1792 serenum - ok
13:32:56.0953 1792 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:32:56.0953 1792 Serial - ok
13:32:56.0968 1792 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:32:56.0984 1792 Sfloppy - ok
13:32:57.0000 1792 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:32:57.0015 1792 SharedAccess - ok
13:32:57.0046 1792 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:32:57.0062 1792 ShellHWDetection - ok
13:32:57.0062 1792 Simbad - ok
13:32:57.0093 1792 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:32:57.0109 1792 SLIP - ok
13:32:57.0109 1792 Sparrow - ok
13:32:57.0140 1792 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:32:57.0156 1792 splitter - ok
13:32:57.0187 1792 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:32:57.0203 1792 Spooler - ok
13:32:57.0218 1792 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:32:57.0234 1792 sr - ok
13:32:57.0250 1792 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:32:57.0250 1792 srservice - ok
13:32:57.0281 1792 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:32:57.0281 1792 Srv - ok
13:32:57.0312 1792 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:32:57.0312 1792 SSDPSRV - ok
13:32:57.0343 1792 [ 6F855B5625A47F3AC731A262FDC379A6 ] STacSV C:\WINDOWS\system32\StacSV.exe
13:32:57.0343 1792 STacSV - ok
13:32:57.0421 1792 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
13:32:57.0468 1792 STHDA - ok
13:32:57.0500 1792 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:32:57.0515 1792 stisvc - ok
13:32:57.0531 1792 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:32:57.0531 1792 streamip - ok
13:32:57.0546 1792 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:32:57.0546 1792 swenum - ok
13:32:57.0562 1792 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:32:57.0562 1792 swmidi - ok
13:32:57.0578 1792 SwPrv - ok
13:32:57.0578 1792 symc810 - ok
13:32:57.0578 1792 symc8xx - ok
13:32:57.0593 1792 sym_hi - ok
13:32:57.0593 1792 sym_u3 - ok
13:32:57.0609 1792 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:32:57.0609 1792 sysaudio - ok
13:32:57.0625 1792 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:32:57.0640 1792 SysmonLog - ok
13:32:57.0671 1792 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:32:57.0671 1792 TapiSrv - ok
13:32:57.0718 1792 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:32:57.0718 1792 Tcpip - ok
13:32:57.0750 1792 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:32:57.0750 1792 TDPIPE - ok
13:32:57.0765 1792 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:32:57.0765 1792 TDTCP - ok
13:32:57.0765 1792 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:32:57.0765 1792 TermDD - ok
13:32:57.0796 1792 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:32:57.0796 1792 TermService - ok
13:32:57.0828 1792 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:32:57.0843 1792 Themes - ok
13:32:57.0875 1792 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
13:32:57.0890 1792 TlntSvr - ok
13:32:57.0890 1792 TosIde - ok
13:32:57.0921 1792 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:32:57.0921 1792 TrkWks - ok
13:32:57.0953 1792 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:32:57.0953 1792 Udfs - ok
13:32:57.0953 1792 ultra - ok
13:32:58.0000 1792 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:32:58.0015 1792 Update - ok
13:32:58.0046 1792 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:32:58.0062 1792 upnphost - ok
13:32:58.0093 1792 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:32:58.0093 1792 UPS - ok
13:32:58.0140 1792 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:32:58.0140 1792 usbccgp - ok
13:32:58.0171 1792 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:32:58.0187 1792 usbehci - ok
13:32:58.0187 1792 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:32:58.0187 1792 usbhub - ok
13:32:58.0234 1792 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:32:58.0234 1792 usbscan - ok
13:32:58.0265 1792 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:32:58.0265 1792 USBSTOR - ok
13:32:58.0281 1792 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:32:58.0281 1792 usbuhci - ok
13:32:58.0296 1792 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:32:58.0296 1792 VgaSave - ok
13:32:58.0312 1792 ViaIde - ok
13:32:58.0343 1792 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:32:58.0343 1792 VolSnap - ok
13:32:58.0390 1792 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:32:58.0390 1792 VSS - ok
13:32:58.0437 1792 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
13:32:58.0453 1792 W32Time - ok
13:32:58.0468 1792 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:32:58.0484 1792 Wanarp - ok
13:32:58.0484 1792 WDICA - ok
13:32:58.0546 1792 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:32:58.0546 1792 wdmaud - ok
13:32:58.0578 1792 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:32:58.0578 1792 WebClient - ok
13:32:58.0625 1792 [ A8596CF86D445269A42ECC08B7066A4C ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:32:58.0671 1792 winachsf - ok
13:32:58.0734 1792 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:32:58.0734 1792 winmgmt - ok
13:32:58.0781 1792 [ C9B9942EECA0B82E35D60627E365510A ] WLANKEEPER C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
13:32:58.0796 1792 WLANKEEPER - ok
13:32:58.0843 1792 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:32:58.0843 1792 WmdmPmSN - ok
13:32:58.0875 1792 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
13:32:58.0890 1792 Wmi - ok
13:32:58.0921 1792 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:32:58.0921 1792 WmiAcpi - ok
13:32:58.0953 1792 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:32:58.0953 1792 WmiApSrv - ok
13:32:59.0046 1792 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
13:32:59.0093 1792 WMPNetworkSvc - ok
13:32:59.0187 1792 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:32:59.0250 1792 WPFFontCache_v0400 - ok
13:32:59.0281 1792 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:32:59.0281 1792 WS2IFSL - ok
13:32:59.0312 1792 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:32:59.0328 1792 wscsvc - ok
13:32:59.0359 1792 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:32:59.0359 1792 WSTCODEC - ok
13:32:59.0390 1792 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:32:59.0390 1792 wuauserv - ok
13:32:59.0437 1792 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:32:59.0437 1792 WudfPf - ok
13:32:59.0453 1792 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:32:59.0453 1792 WudfRd - ok
13:32:59.0468 1792 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:32:59.0468 1792 WudfSvc - ok
13:32:59.0515 1792 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:32:59.0531 1792 WZCSVC - ok
13:32:59.0562 1792 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:32:59.0562 1792 xmlprov - ok
13:32:59.0578 1792 ================ Scan global ===============================
13:32:59.0609 1792 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:32:59.0656 1792 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:32:59.0671 1792 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:32:59.0687 1792 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:32:59.0703 1792 [Global] - ok
13:32:59.0703 1792 ================ Scan MBR ==================================
13:32:59.0718 1792 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:32:59.0968 1792 \Device\Harddisk0\DR0 - ok
13:32:59.0968 1792 ================ Scan VBR ==================================
13:32:59.0984 1792 [ 67141B7EA359F1C3CDFD949E2C9A3CC7 ] \Device\Harddisk0\DR0\Partition1
13:32:59.0984 1792 \Device\Harddisk0\DR0\Partition1 - ok
13:32:59.0984 1792 ============================================================
13:32:59.0984 1792 Scan finished
13:32:59.0984 1792 ============================================================
13:33:00.0000 3016 Detected object count: 0
13:33:00.0000 3016 Actual detected object count: 0
13:34:14.0796 3408 Deinitialize success

Here is aswMBR:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-23 13:35:51
-----------------------------
13:35:51.390 OS Version: Windows 5.1.2600 Service Pack 3
13:35:51.390 Number of processors: 2 586 0xF0B
13:35:51.390 ComputerName: FANNY_LAPPIE UserName: Fanny
13:35:51.859 Initialize success
13:39:20.453 AVAST engine defs: 12112302
13:39:26.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
13:39:26.734 Disk 0 Vendor: ST96023AS 8.04 Size: 57231MB BusType: 3
13:39:26.890 Disk 0 MBR read successfully
13:39:26.890 Disk 0 MBR scan
13:39:26.921 Disk 0 Windows XP default MBR code
13:39:26.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
13:39:26.937 Disk 0 scanning sectors +117210240
13:39:27.421 Disk 0 scanning C:\WINDOWS\system32\drivers
13:39:36.828 Service scanning
13:39:53.171 Modules scanning
13:39:58.687 Disk 0 trace - called modules:
13:39:58.703 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
13:39:58.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a553ab8]
13:39:58.703 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a516500]
13:39:59.328 AVAST engine scan C:\WINDOWS
13:40:04.312 AVAST engine scan C:\WINDOWS\system32
13:41:33.625 AVAST engine scan C:\WINDOWS\system32\drivers
13:41:44.015 AVAST engine scan C:\Documents and Settings\Fanny
13:42:09.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Fanny\Desktop\Bleeping\MBR.dat"
13:42:09.312 The log file has been saved successfully to "C:\Documents and Settings\Fanny\Desktop\Bleeping\aswMBR.txt"


Will post the last one when its finished.

#4 mulderator

mulderator
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 23 November 2012 - 05:17 PM

Here is ESET:

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

So it cleaned the Yontoo.B Application--was that the problem?

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:39 PM

Posted 23 November 2012 - 05:19 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#6 mulderator

mulderator
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 23 November 2012 - 06:01 PM

Malwarebytes:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.23.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Fanny :: FANNY_LAPPIE [administrator]

11/23/2012 2:20:15 AM
mbam-log-2012-11-23 (02-20-15).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224815
Time elapsed: 29 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 mulderator

mulderator
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 23 November 2012 - 06:07 PM

MiniToolBox:

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by Fanny (administrator) on 23-11-2012 at 15:03:20
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15266 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection 4 (Connected)
1394 Net Adapter = 1394 Connection 2 (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 4"

set address name="Wireless Network Connection 4" source=dhcp
set dns name="Wireless Network Connection 4" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 4" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : fanny_lappie

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : oc.cox.net



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-1C-23-20-01-07



Ethernet adapter Wireless Network Connection 4:



Connection-specific DNS Suffix . : oc.cox.net

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-1C-BF-75-11-7A

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.103

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

68.105.28.12

68.105.29.12

Lease Obtained. . . . . . . . . . : Friday, November 23, 2012 2:32:16 PM

Lease Expires . . . . . . . . . . : Saturday, November 24, 2012 2:32:16 PM

Server: cdns2.cox.net
Address: 68.105.28.12

Name: google.com
Addresses: 74.125.227.128, 74.125.227.129, 74.125.227.130, 74.125.227.131
74.125.227.132, 74.125.227.133, 74.125.227.134, 74.125.227.135, 74.125.227.136
74.125.227.137, 74.125.227.142



Pinging google.com [74.125.227.14] with 32 bytes of data:



Reply from 74.125.227.14: bytes=32 time=45ms TTL=52

Reply from 74.125.227.14: bytes=32 time=46ms TTL=52



Ping statistics for 74.125.227.14:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 46ms, Average = 45ms

Server: cdns2.cox.net
Address: 68.105.28.12

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=28ms TTL=54

Reply from 72.30.38.140: bytes=32 time=123ms TTL=54



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 28ms, Maximum = 123ms, Average = 75ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1c 23 20 01 07 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x3 ...00 1c bf 75 11 7a ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.103 192.168.1.103 25
192.168.1.103 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.103 192.168.1.103 25
224.0.0.0 240.0.0.0 192.168.1.103 192.168.1.103 25
255.255.255.255 255.255.255.255 192.168.1.103 2 1
255.255.255.255 255.255.255.255 192.168.1.103 192.168.1.103 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/23/2012 02:18:03 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 16.0.2.4680, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/14/2012 08:32:46 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (3612) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error: (11/14/2012 08:32:46 PM) (Source: ESENT) (User: )
Description: wuauclt (3612) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/14/2012 08:32:36 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (3612) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error: (11/14/2012 08:32:36 PM) (Source: ESENT) (User: )
Description: wuauclt (3612) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/08/2012 08:36:43 AM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.4.38, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/08/2012 08:30:54 AM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.4.38, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/05/2012 07:17:14 PM) (Source: Application Hang) (User: )
Description: Hanging application calibre.exe, version 0.8.63.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/01/2012 07:46:45 AM) (Source: Application Hang) (User: )
Description: Hanging application OUTLOOK.EXE, version 12.0.6607.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/01/2012 07:46:45 AM) (Source: Application Hang) (User: )
Description: Hanging application OUTLOOK.EXE, version 12.0.6607.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (11/23/2012 03:06:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (11/23/2012 01:39:36 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1

Error: (11/23/2012 01:46:38 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx86
Avgmfx86
Fips
intelppm
SASDIFSV
SASKUTIL

Error: (11/23/2012 01:45:18 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/23/2012 01:34:09 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (11/07/2012 09:21:47 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.5.502.110)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Agent Ransack 2010
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.2629)
AVG 2012 (Version: 2012.0.2221)
AVG PC Tuneup (Version: 10.0.0.27)
Broadcom Gigabit Integrated Controller (Version: 10.15.08)
Bullzip PDF Printer 7.2.0.1320 (Version: 7.2.0.1320)
calibre (Version: 0.8.63)
Conexant HDA D330 MDC V.92 Modem
ESET Online Scanner v3
EVEREST Ultimate Edition v4.60 (Version: 4.60)
Google Chrome (Version: 23.0.1271.64)
Google Update Helper (Version: 1.3.21.123)
GPL Ghostscript (Version: 9.05)
I8kfanGUI V3.1 (Version: 3.1)
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software (Version: 12.04.4000)
IrfanView (remove only) (Version: 4.30)
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 37 (Version: 6.0.370)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
NVIDIA Control Panel 266.58 (Version: 266.58)
NVIDIA Graphics Driver 266.58 (Version: 266.58)
NVIDIA Install Application (Version: 2.265.36.0)
NVIDIA nView 135.50 (Version: 135.50)
NVIDIA nView Desktop Manager (Version: 6.14.10.13550)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
OZ776 SCR Driver V1.1.4.202 (Version: 1.1.4.202)
Remote Control USB Driver (Version: 2.3.2.317)
ScanTool.net for Windows v1.13 (Version: v1.13)
SigmaTel Audio (Version: 5.10.5210.0)
Sothink FLV Player (Version: 2.3)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.6.1014)
swMSM (Version: 12.0.0.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
VideoLAN VLC media player 0.8.6f (Version: 0.8.6f)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 22%
Total physical RAM: 3069.89 MB
Available physical RAM: 2380.48 MB
Total Pagefile: 4955.88 MB
Available Pagefile: 4331.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.98 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:55.89 GB) (Free:34.63 GB) NTFS
2 Drive d: (Dana's UCSB Graduation 06/16/201) (CDROM) (Total:0.66 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\FANNY_LAPPIE

Administrator ASPNET Fanny
Guest HelpAssistant SUPPORT_388945a0

========================= Restore Points ==================================

28-09-2012 05:16:48 System Checkpoint
29-09-2012 05:24:18 System Checkpoint
30-09-2012 06:46:40 System Checkpoint
01-10-2012 05:48:56 Installed Remote Control USB Driver
01-10-2012 05:49:56 Installed Logitech Harmony Remote Software 7
02-10-2012 06:58:22 System Checkpoint
03-10-2012 08:15:43 System Checkpoint
04-10-2012 08:25:30 System Checkpoint
05-10-2012 15:52:43 System Checkpoint
06-10-2012 16:47:08 System Checkpoint
07-10-2012 18:00:37 System Checkpoint
08-10-2012 19:55:21 System Checkpoint
10-10-2012 04:20:46 System Checkpoint
11-10-2012 04:35:27 System Checkpoint
11-10-2012 15:25:07 Software Distribution Service 3.0
12-10-2012 16:53:07 System Checkpoint
13-10-2012 17:37:34 System Checkpoint
14-10-2012 17:51:48 System Checkpoint
15-10-2012 18:41:01 System Checkpoint
16-10-2012 20:31:55 System Checkpoint
18-10-2012 02:38:20 System Checkpoint
19-10-2012 06:45:56 System Checkpoint
20-10-2012 09:38:37 System Checkpoint
21-10-2012 20:16:25 System Checkpoint
22-10-2012 04:18:18 Installed Java™ 6 Update 37
23-10-2012 08:12:56 System Checkpoint
24-10-2012 15:54:59 System Checkpoint
25-10-2012 16:12:48 System Checkpoint
26-10-2012 16:41:52 System Checkpoint
27-10-2012 18:09:18 System Checkpoint
28-10-2012 18:37:28 System Checkpoint
30-10-2012 03:50:26 System Checkpoint
31-10-2012 04:06:34 System Checkpoint
01-11-2012 07:05:46 System Checkpoint
02-11-2012 08:14:28 System Checkpoint
03-11-2012 09:13:21 System Checkpoint
04-11-2012 20:09:53 System Checkpoint
06-11-2012 05:16:35 System Checkpoint
08-11-2012 09:06:21 System Checkpoint
09-11-2012 09:33:57 System Checkpoint
10-11-2012 09:37:07 System Checkpoint
11-11-2012 19:06:28 System Checkpoint
13-11-2012 02:28:35 System Checkpoint
14-11-2012 17:16:16 System Checkpoint
15-11-2012 11:00:43 Software Distribution Service 3.0
16-11-2012 16:44:16 System Checkpoint
17-11-2012 18:11:04 System Checkpoint
18-11-2012 18:52:21 System Checkpoint
19-11-2012 19:12:18 System Checkpoint
21-11-2012 00:15:09 System Checkpoint
22-11-2012 07:00:21 System Checkpoint
23-11-2012 10:36:20 System Checkpoint

**** End of log ****

#8 mulderator

mulderator
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 23 November 2012 - 06:09 PM

Farbar:

Farbar Service Scanner Version: 09-11-2012
Ran by Fanny (administrator) on 23-11-2012 at 15:08:26
Running from "C:\Documents and Settings\Fanny\Desktop\Spyware\Bleeping"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

#9 mulderator

mulderator
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 23 November 2012 - 06:15 PM

Adware Cleaner:

# AdwCleaner v2.008 - Logfile created 11/23/2012 at 15:10:54
# Updated 17/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Fanny - FANNY_LAPPIE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Fanny\Desktop\Spyware\Bleeping\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\Software\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Fanny\Application Data\Mozilla\Firefox\Profiles\sc30r909.default\prefs.js

C:\Documents and Settings\Fanny\Application Data\Mozilla\Firefox\Profiles\sc30r909.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Fanny\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1463 octets] - [23/11/2012 15:10:54]

########## EOF - C:\AdwCleaner[S1].txt - [1523 octets] ##########

#10 mulderator

mulderator
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 23 November 2012 - 06:23 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.4.8 (11.22.2012)
OS: Microsoft Windows XP x86
Ran by Fanny on Fri 11/23/2012 at 15:16:39.89
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/23/2012 at 15:22:51.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#11 mulderator

mulderator
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 23 November 2012 - 06:25 PM

So removing Yontoo did not solve the problem--Firefox is still getting hijacked when clicking on links--occasionally goes to adds instead.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:39 PM

Posted 23 November 2012 - 06:39 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#13 mulderator

mulderator
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 23 November 2012 - 10:47 PM

Rkill:

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/23/2012 07:45:02 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

20 out of 15286 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 11/23/2012 07:45:33 PM
Execution time: 0 hours(s), 0 minute(s), and 31 seconds(s)

#14 mulderator

mulderator
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 23 November 2012 - 10:50 PM

Autoruns.txt:


"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgtray.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "c:\windows\system32\nvmctray.dll"
+ "nwiz" "NVIDIA nView Wizard, Version 135.50 " "NVIDIA Corporation" "c:\program files\nvidia corporation\nview\nwiz.exe"
+ "SigmatelSysTrayApp" "Sigmatel Audio system tray application" "SigmaTel, Inc." "c:\program files\sigmatel\c-major audio\wdm\stsystra.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "i8kfangui" "Dell Inspiron/Latitude/Precision fan control" "Christian Diefer" "c:\program files\i8kfangui\i8kfangui.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgpp.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "AgentRansack" "Agent Ransack Shell Extensions" "Mythicsoft Ltd" "c:\program files\mythicsoft\agent ransack\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "00nView" "NVIDIA Desktop Explorer, Version 135.50 " "NVIDIA Corporation" "c:\program files\nvidia corporation\nview\nvshell.dll"
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AgentRansack" "Agent Ransack Shell Extensions" "Mythicsoft Ltd" "c:\program files\mythicsoft\agent ransack\shellext.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgdtiex.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgssie.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgdtiex.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
+ "Spybot - Search & Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.5 r502" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AVG PC Tuneup Integrator Start On Fanny Logon.job" "PC Tuneup 2011" "AVG" "c:\program files\avg\avg pc tuneup\boostspeed.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgwdsvc.exe"
+ "EvtEng" "Manages the event trace messages for all the Intel® PROSet/Wireless Software components." "Intel® Corporation" "c:\program files\intel\wifi\bin\evteng.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "Microsoft Office Groove Audit Service" "Groove Audit Service" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveauditservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvsvc32.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "PEVSystemStart" "" "" "c:\combofix\pev.3xe"
+ "RegSrvc" "Provides registry access to all Intel® PROSet/Wireless Software components" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\regsrvc.exe"
+ "S24EventMonitor" "Wireless Management Service for Intel® PROSet/Wireless WiFi Software" "Intel® Corporation" "c:\program files\intel\wifi\bin\s24evmon.exe"
+ "STacSV" "Manages SigmaTel Audio Universal Jack configurations." "SigmaTel, Inc." "c:\windows\system32\stacsv.exe"
+ "WLANKEEPER" "Provides Single Sign On (SSO) functionality." "Intel® Corporation" "c:\program files\intel\wifi\bin\wlkeeper.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdriverx.sys"
+ "AVGIDSFilter" "AVG Technologies IDS Application Activity Monitor Filter Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsfilterx.sys"
+ "AVGIDSHX" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidshx.sys"
+ "AVGIDSShim" "AVG Technologies IDS Application Activity Monitor Shim Loader Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsshimx.sys"
+ "Avgldx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "Avgmfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "Avgrkx86" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx86.sys"
+ "Avgtdix" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdix.sys"
+ "b57w2k" "Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57xp32.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "fanio" "I8k Fan I/O" "Christian Diefer" "c:\windows\system32\drivers\fanio.sys"
+ "FTDIBUS" "FTDIBUS USB Driver" "FTDI Ltd." "c:\windows\system32\drivers\ftdibus.sys"
+ "FTSER2K" "FTDIBUS Serial Device Driver" "FTDI Ltd." "c:\windows\system32\drivers\ftser2k.sys"
+ "guardian2" "O2Micro USB CCID SmartCard Reader" "O2Micro" "c:\windows\system32\drivers\oz776.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dpv.sys"
+ "HSFHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwazl.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "mdmxsdk" "Diagnostic Interface x86 Driver" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "MEITUNER" "Panasonic D-VHS driver" "Matsubleepa Electric Industorial Co.,Ltd." "c:\windows\system32\drivers\meistb.sys"
+ "NETw5x32" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5x32.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 266.58 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "RemoteControl-USBLAN" "Windows USBLAN Host Driver" "Belcarra Technologies" "c:\windows\system32\drivers\rcblan.sys"
+ "RimUsb" "BlackBerry Device Driver" "Research In Motion Limited" "c:\windows\system32\drivers\rimusb.sys"
+ "s24trans" "WLAN Transport" "Intel Corporation" "c:\windows\system32\drivers\s24trans.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "STHDA" "NDRC" "SigmaTel, Inc." "c:\windows\system32\drivers\sthda.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Ligos MPEG Splitter" "MPEG Parser Filter" "Ligos Corporation" "c:\windows\system32\mpeg2parser.ax"
+ "Ligos MPEG Splitter" "MPEG Parser Filter" "Ligos Corporation" "c:\windows\system32\mpeg2parser.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Ligos MPEG2 Video Decoder" "MPEG Decoder Filter" "Ligos Corporation" "c:\windows\system32\mpeg2decoder.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgrsx.exe"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Bullzip PDF Print Monitor" "Bullzip PDF Writer" "Bullzip" "c:\windows\system32\bzpdf.dll"
+ "HP 5912 Status Monitor" "Print Status Language Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpinksts5912lm.dll"
+ "PCL hpf3l02t" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpf3l02t.dll"
+ "PCL hpf3l082" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpf3l082.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "IntelNetProvCredMan" "IntelNetProvCredMan" "Intel® Corporation" "c:\windows\system32\netprovcredman.dll"

Edited by mulderator, 23 November 2012 - 10:50 PM.


#15 mulderator

mulderator
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 23 November 2012 - 10:53 PM

I would add here that I've run lots of spyware programs--in addition to what you guys have me running here, I've run HiJackThis, Spybot, and SuperAntiSpyware--in addition to having AVG running. I don't think this is something that's going to be found by a spyware program based on what I've read. I'm fine to keep running these programs, just not sure its going to do anything.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users