Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

links in google redirecting me to ad sites


  • Please log in to reply
19 replies to this topic

#1 PZ9ers

PZ9ers

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 29 November 2012 - 11:06 PM

I have Windows XP SP3. Malwarebytes scans show no problems. Ad Aware says that I have a virus called Trojan Win32 Generic. Doing a quarantine and "clean" doesn't remove it. When I click on links in Google, they take me to random ad sites. Help!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 PM

Posted 30 November 2012 - 09:54 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 PZ9ers

PZ9ers
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 01 December 2012 - 01:17 AM

Thank you so much for your help! Here are the logs to the various scans...

TDSSKiller said no threats found, here is the log:

19:54:07.0406 3660 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:54:07.0843 3660 ============================================================
19:54:07.0843 3660 Current date / time: 2012/11/30 19:54:07.0843
19:54:07.0843 3660 SystemInfo:
19:54:07.0843 3660
19:54:07.0843 3660 OS Version: 5.1.2600 ServicePack: 3.0
19:54:07.0843 3660 Product type: Workstation
19:54:07.0843 3660 ComputerName: SEANLAPTOP
19:54:07.0843 3660 UserName: Sean Clark
19:54:07.0843 3660 Windows directory: C:\WINDOWS
19:54:07.0843 3660 System windows directory: C:\WINDOWS
19:54:07.0843 3660 Processor architecture: Intel x86
19:54:07.0843 3660 Number of processors: 1
19:54:07.0843 3660 Page size: 0x1000
19:54:07.0843 3660 Boot type: Normal boot
19:54:07.0843 3660 ============================================================
19:54:09.0203 3660 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:54:09.0203 3660 ============================================================
19:54:09.0203 3660 \Device\Harddisk0\DR0:
19:54:09.0203 3660 MBR partitions:
19:54:09.0203 3660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAB6C936
19:54:09.0203 3660 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0xAB70836, BlocksNum 0xEE060B
19:54:09.0203 3660 ============================================================
19:54:09.0234 3660 C: <-> \Device\Harddisk0\DR0\Partition1
19:54:09.0250 3660 D: <-> \Device\Harddisk0\DR0\Partition2
19:54:09.0250 3660 ============================================================
19:54:09.0250 3660 Initialize success
19:54:09.0250 3660 ============================================================
19:54:53.0125 3428 ============================================================
19:54:53.0125 3428 Scan started
19:54:53.0125 3428 Mode: Manual; TDLFS;
19:54:53.0125 3428 ============================================================
19:54:53.0437 3428 ================ Scan system memory ========================
19:54:53.0437 3428 System memory - ok
19:54:53.0437 3428 ================ Scan services =============================
19:54:53.0640 3428 [ 914A9709FC3BF419AD2F85547F2A4832 ] 61883 C:\WINDOWS\system32\DRIVERS\61883.sys
19:54:53.0640 3428 61883 - ok
19:54:53.0656 3428 Abiosdsk - ok
19:54:53.0671 3428 abp480n5 - ok
19:54:53.0703 3428 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:54:53.0703 3428 ACPI - ok
19:54:53.0750 3428 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:54:53.0750 3428 ACPIEC - ok
19:54:53.0843 3428 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:54:53.0843 3428 AdobeFlashPlayerUpdateSvc - ok
19:54:53.0859 3428 adpu160m - ok
19:54:53.0875 3428 adwarealert - ok
19:54:53.0921 3428 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:54:53.0921 3428 aec - ok
19:54:53.0953 3428 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:54:53.0968 3428 AFD - ok
19:54:53.0984 3428 Aha154x - ok
19:54:53.0984 3428 aic78u2 - ok
19:54:54.0000 3428 aic78xx - ok
19:54:54.0046 3428 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:54:54.0046 3428 Alerter - ok
19:54:54.0078 3428 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:54:54.0078 3428 ALG - ok
19:54:54.0125 3428 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
19:54:54.0125 3428 AliIde - ok
19:54:54.0156 3428 [ 59301936898AE62245A6F09C0ABA9475 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
19:54:54.0156 3428 AmdK8 - ok
19:54:54.0171 3428 amsint - ok
19:54:54.0281 3428 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:54:54.0281 3428 Apple Mobile Device - ok
19:54:54.0296 3428 AppMgmt - ok
19:54:54.0343 3428 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:54:54.0343 3428 Arp1394 - ok
19:54:54.0343 3428 asc - ok
19:54:54.0359 3428 asc3350p - ok
19:54:54.0375 3428 asc3550 - ok
19:54:54.0515 3428 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:54:54.0515 3428 aspnet_state - ok
19:54:54.0546 3428 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:54:54.0546 3428 AsyncMac - ok
19:54:54.0609 3428 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:54:54.0609 3428 atapi - ok
19:54:54.0625 3428 Atdisk - ok
19:54:54.0703 3428 [ B395912B170A709DC1B6E113E378C554 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
19:54:54.0718 3428 Ati HotKey Poller - ok
19:54:54.0796 3428 [ 287B11A781F2B7A28F283FD4B7434DAF ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:54:54.0906 3428 ati2mtag - ok
19:54:54.0937 3428 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:54:54.0937 3428 Atmarpc - ok
19:54:54.0984 3428 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:54:54.0984 3428 AudioSrv - ok
19:54:55.0046 3428 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:54:55.0046 3428 audstub - ok
19:54:55.0062 3428 [ F8E6956A614F15A0860474C5E2A7DE6B ] Avc C:\WINDOWS\system32\DRIVERS\avc.sys
19:54:55.0062 3428 Avc - ok
19:54:55.0171 3428 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
19:54:55.0171 3428 BBSvc - ok
19:54:55.0234 3428 [ 30D20FC98BCFD52E1DA778CF19B223D4 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
19:54:55.0250 3428 BCM43XX - ok
19:54:55.0265 3428 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:54:55.0281 3428 Beep - ok
19:54:55.0343 3428 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:54:55.0359 3428 BITS - ok
19:54:55.0406 3428 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:54:55.0406 3428 Browser - ok
19:54:55.0437 3428 [ E76DC88F00D50F46072FEB2371769978 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
19:54:55.0437 3428 BTWUSB - ok
19:54:55.0500 3428 [ C2EF37F09CFEE9665E6CD7C0B0AFB84F ] CAMCAUD C:\WINDOWS\system32\drivers\camc6aud.sys
19:54:55.0500 3428 CAMCAUD - ok
19:54:55.0578 3428 [ 512DF898DE5C0654647ACD5C82F0BD99 ] CAMCHALA C:\WINDOWS\system32\drivers\camc6hal.sys
19:54:55.0578 3428 CAMCHALA - ok
19:54:55.0609 3428 catchme - ok
19:54:55.0640 3428 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:54:55.0640 3428 cbidf2k - ok
19:54:55.0671 3428 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:54:55.0671 3428 CCDECODE - ok
19:54:55.0687 3428 cd20xrnt - ok
19:54:55.0734 3428 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:54:55.0734 3428 Cdaudio - ok
19:54:55.0765 3428 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:54:55.0765 3428 Cdfs - ok
19:54:55.0812 3428 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:54:55.0812 3428 Cdrom - ok
19:54:55.0828 3428 Changer - ok
19:54:55.0875 3428 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:54:55.0875 3428 CiSvc - ok
19:54:55.0906 3428 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:54:55.0906 3428 ClipSrv - ok
19:54:55.0953 3428 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:54:55.0968 3428 clr_optimization_v2.0.50727_32 - ok
19:54:55.0984 3428 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:54:55.0984 3428 CmBatt - ok
19:54:56.0000 3428 CmdIde - ok
19:54:56.0031 3428 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:54:56.0031 3428 Compbatt - ok
19:54:56.0046 3428 COMSysApp - ok
19:54:56.0078 3428 Cpqarray - ok
19:54:56.0093 3428 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:54:56.0093 3428 CryptSvc - ok
19:54:56.0109 3428 dac2w2k - ok
19:54:56.0125 3428 dac960nt - ok
19:54:56.0187 3428 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:54:56.0203 3428 DcomLaunch - ok
19:54:56.0250 3428 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:54:56.0250 3428 Dhcp - ok
19:54:56.0265 3428 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:54:56.0265 3428 Disk - ok
19:54:56.0281 3428 dmadmin - ok
19:54:56.0328 3428 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:54:56.0343 3428 dmboot - ok
19:54:56.0359 3428 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:54:56.0375 3428 dmio - ok
19:54:56.0406 3428 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:54:56.0406 3428 dmload - ok
19:54:56.0437 3428 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:54:56.0437 3428 dmserver - ok
19:54:56.0468 3428 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:54:56.0468 3428 DMusic - ok
19:54:56.0531 3428 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:54:56.0531 3428 Dnscache - ok
19:54:56.0578 3428 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:54:56.0578 3428 Dot3svc - ok
19:54:56.0593 3428 dpti2o - ok
19:54:56.0625 3428 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:54:56.0625 3428 drmkaud - ok
19:54:56.0671 3428 [ C6ACA0190EE7B614673EE0C91863B1EB ] eabfiltr C:\WINDOWS\system32\drivers\EABFiltr.sys
19:54:56.0671 3428 eabfiltr - ok
19:54:56.0703 3428 [ DA1011DB09AD641DE40CD5CCA70C0C43 ] eabusb C:\WINDOWS\system32\drivers\eabusb.sys
19:54:56.0703 3428 eabusb - ok
19:54:56.0734 3428 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:54:56.0734 3428 EapHost - ok
19:54:56.0796 3428 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:54:56.0796 3428 ERSvc - ok
19:54:56.0859 3428 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:54:56.0859 3428 Eventlog - ok
19:54:56.0921 3428 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:54:56.0921 3428 EventSystem - ok
19:54:56.0968 3428 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:54:56.0984 3428 Fastfat - ok
19:54:57.0046 3428 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:54:57.0046 3428 FastUserSwitchingCompatibility - ok
19:54:57.0078 3428 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:54:57.0078 3428 Fdc - ok
19:54:57.0125 3428 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:54:57.0125 3428 Fips - ok
19:54:57.0140 3428 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:54:57.0140 3428 Flpydisk - ok
19:54:57.0203 3428 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:54:57.0203 3428 FltMgr - ok
19:54:57.0281 3428 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:54:57.0281 3428 FontCache3.0.0.0 - ok
19:54:57.0328 3428 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:54:57.0343 3428 Fs_Rec - ok
19:54:57.0359 3428 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:54:57.0359 3428 Ftdisk - ok
19:54:57.0406 3428 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:54:57.0406 3428 GEARAspiWDM - ok
19:54:57.0421 3428 [ 483924F92E55A5F9423201EC635E2CED ] gfibto C:\WINDOWS\system32\drivers\gfibto.sys
19:54:57.0421 3428 gfibto - ok
19:54:57.0468 3428 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:54:57.0468 3428 Gpc - ok
19:54:57.0562 3428 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:54:57.0562 3428 gusvc - ok
19:54:57.0671 3428 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:54:57.0671 3428 helpsvc - ok
19:54:57.0687 3428 HidServ - ok
19:54:57.0734 3428 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:54:57.0734 3428 HidUsb - ok
19:54:57.0781 3428 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:54:57.0781 3428 hkmsvc - ok
19:54:57.0796 3428 hpn - ok
19:54:57.0875 3428 [ 16CF6F0847C36FF3A85930ECBC4D3C43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
19:54:57.0875 3428 hpqwmiex - ok
19:54:57.0937 3428 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:54:57.0937 3428 HPZid412 - ok
19:54:57.0984 3428 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:54:57.0984 3428 HPZipr12 - ok
19:54:58.0031 3428 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:54:58.0031 3428 HPZius12 - ok
19:54:58.0093 3428 [ 14794F142BEFC962AB142584607A6631 ] HSFHWATI C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
19:54:58.0109 3428 HSFHWATI - ok
19:54:58.0187 3428 [ F99BB4E2B462198B2B0A82D0949F0C41 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
19:54:58.0234 3428 HSF_DP - ok
19:54:58.0296 3428 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:54:58.0312 3428 HTTP - ok
19:54:58.0359 3428 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:54:58.0359 3428 HTTPFilter - ok
19:54:58.0375 3428 i2omgmt - ok
19:54:58.0390 3428 i2omp - ok
19:54:58.0421 3428 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:54:58.0421 3428 i8042prt - ok
19:54:58.0531 3428 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:54:58.0531 3428 IDriverT - ok
19:54:58.0703 3428 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:54:58.0734 3428 idsvc - ok
19:54:58.0781 3428 [ 3D8A88BD1E6A640807691198A8342E8C ] IKFileSec C:\WINDOWS\system32\drivers\ikfilesec.sys
19:54:58.0781 3428 IKFileSec - ok
19:54:58.0812 3428 [ 7583E2211097D273FCA4E3FCE04F639F ] IKSysFlt C:\WINDOWS\system32\drivers\iksysflt.sys
19:54:58.0812 3428 IKSysFlt - ok
19:54:58.0828 3428 [ 2402F65F1ECA5159C8F0F16066F4BDED ] IKSysSec C:\WINDOWS\system32\drivers\iksyssec.sys
19:54:58.0843 3428 IKSysSec - ok
19:54:58.0890 3428 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:54:58.0890 3428 Imapi - ok
19:54:58.0953 3428 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:54:58.0968 3428 ImapiService - ok
19:54:58.0984 3428 ini910u - ok
19:54:59.0031 3428 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:54:59.0031 3428 IntelIde - ok
19:54:59.0062 3428 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:54:59.0062 3428 Ip6Fw - ok
19:54:59.0109 3428 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:54:59.0109 3428 IpFilterDriver - ok
19:54:59.0140 3428 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:54:59.0140 3428 IpInIp - ok
19:54:59.0171 3428 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:54:59.0171 3428 IpNat - ok
19:54:59.0265 3428 [ 0CA8C2E721617AA2F923A8151C96FB33 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:54:59.0312 3428 iPod Service - ok
19:54:59.0359 3428 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:54:59.0359 3428 IPSec - ok
19:54:59.0375 3428 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:54:59.0375 3428 IRENUM - ok
19:54:59.0421 3428 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:54:59.0421 3428 isapnp - ok
19:54:59.0453 3428 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:54:59.0453 3428 Kbdclass - ok
19:54:59.0484 3428 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:54:59.0484 3428 kmixer - ok
19:54:59.0515 3428 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:54:59.0515 3428 KSecDD - ok
19:54:59.0578 3428 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:54:59.0578 3428 lanmanserver - ok
19:54:59.0609 3428 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:54:59.0625 3428 lanmanworkstation - ok
19:54:59.0640 3428 lbrtfdc - ok
19:54:59.0765 3428 [ 258CACA1DAADE43978E2ECC9BDC94E1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:54:59.0765 3428 LightScribeService - ok
19:54:59.0828 3428 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:54:59.0828 3428 LmHosts - ok
19:54:59.0906 3428 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
19:54:59.0921 3428 MatSvc - ok
19:54:59.0968 3428 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
19:54:59.0968 3428 MBAMProtector - ok
19:55:00.0062 3428 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:55:00.0078 3428 MBAMScheduler - ok
19:55:00.0156 3428 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:55:00.0218 3428 MBAMService - ok
19:55:00.0312 3428 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
19:55:00.0312 3428 McComponentHostService - ok
19:55:00.0359 3428 [ 5BB01B9F582259D1FB7653C5C1DA3653 ] MCSTRM C:\WINDOWS\system32\drivers\MCSTRM.sys
19:55:00.0359 3428 MCSTRM - ok
19:55:00.0468 3428 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:55:00.0484 3428 MDM - ok
19:55:00.0515 3428 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:55:00.0515 3428 mdmxsdk - ok
19:55:00.0578 3428 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:55:00.0578 3428 Messenger - ok
19:55:00.0640 3428 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:55:00.0640 3428 mnmdd - ok
19:55:00.0703 3428 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:55:00.0703 3428 mnmsrvc - ok
19:55:00.0750 3428 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:55:00.0750 3428 Modem - ok
19:55:00.0781 3428 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:55:00.0781 3428 Mouclass - ok
19:55:00.0843 3428 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:55:00.0843 3428 mouhid - ok
19:55:00.0875 3428 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:55:00.0875 3428 MountMgr - ok
19:55:00.0937 3428 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
19:55:00.0937 3428 MPE - ok
19:55:00.0953 3428 mraid35x - ok
19:55:01.0015 3428 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:55:01.0015 3428 MRxDAV - ok
19:55:01.0093 3428 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:55:01.0109 3428 MRxSmb - ok
19:55:01.0156 3428 [ 1477849772712BAC69C144DCF2C9CE81 ] MSDV C:\WINDOWS\system32\DRIVERS\msdv.sys
19:55:01.0171 3428 MSDV - ok
19:55:01.0187 3428 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:55:01.0187 3428 Msfs - ok
19:55:01.0203 3428 MSIServer - ok
19:55:01.0234 3428 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:55:01.0234 3428 MSKSSRV - ok
19:55:01.0265 3428 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:55:01.0265 3428 MSPCLOCK - ok
19:55:01.0312 3428 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:55:01.0328 3428 MSPQM - ok
19:55:01.0343 3428 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:55:01.0343 3428 mssmbios - ok
19:55:01.0390 3428 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:55:01.0390 3428 MSTEE - ok
19:55:01.0437 3428 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:55:01.0437 3428 Mup - ok
19:55:01.0468 3428 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:55:01.0468 3428 NABTSFEC - ok
19:55:01.0531 3428 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:55:01.0546 3428 napagent - ok
19:55:01.0609 3428 [ A3BFED4704B045217315123A2AD4B252 ] NCUpdateSvc C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
19:55:01.0609 3428 NCUpdateSvc - ok
19:55:01.0671 3428 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:55:01.0671 3428 NDIS - ok
19:55:01.0703 3428 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:55:01.0703 3428 NdisIP - ok
19:55:01.0750 3428 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:55:01.0750 3428 NdisTapi - ok
19:55:01.0796 3428 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:55:01.0812 3428 Ndisuio - ok
19:55:01.0859 3428 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:55:01.0859 3428 NdisWan - ok
19:55:01.0906 3428 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:55:01.0906 3428 NDProxy - ok
19:55:01.0968 3428 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:55:01.0968 3428 NetBIOS - ok
19:55:02.0000 3428 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:55:02.0000 3428 NetBT - ok
19:55:02.0062 3428 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:55:02.0062 3428 NetDDE - ok
19:55:02.0078 3428 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:55:02.0093 3428 NetDDEdsdm - ok
19:55:02.0171 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:55:02.0171 3428 Netlogon - ok
19:55:02.0218 3428 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:55:02.0218 3428 Netman - ok
19:55:02.0296 3428 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:55:02.0312 3428 NetTcpPortSharing - ok
19:55:02.0359 3428 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:55:02.0359 3428 NIC1394 - ok
19:55:02.0421 3428 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:55:02.0421 3428 Nla - ok
19:55:02.0453 3428 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:55:02.0453 3428 Npfs - ok
19:55:02.0531 3428 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:55:02.0562 3428 Ntfs - ok
19:55:02.0593 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:55:02.0593 3428 NtLmSsp - ok
19:55:02.0656 3428 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:55:02.0671 3428 NtmsSvc - ok
19:55:02.0718 3428 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:55:02.0718 3428 Null - ok
19:55:02.0750 3428 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:55:02.0750 3428 NwlnkFlt - ok
19:55:02.0765 3428 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:55:02.0781 3428 NwlnkFwd - ok
19:55:02.0812 3428 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:55:02.0812 3428 ohci1394 - ok
19:55:02.0875 3428 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:55:02.0890 3428 ose - ok
19:55:02.0921 3428 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:55:02.0937 3428 Parport - ok
19:55:02.0968 3428 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:55:02.0968 3428 PartMgr - ok
19:55:03.0015 3428 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:55:03.0015 3428 ParVdm - ok
19:55:03.0062 3428 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:55:03.0062 3428 PCI - ok
19:55:03.0078 3428 PCIDump - ok
19:55:03.0125 3428 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:55:03.0125 3428 PCIIde - ok
19:55:03.0156 3428 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:55:03.0156 3428 Pcmcia - ok
19:55:03.0171 3428 PDCOMP - ok
19:55:03.0187 3428 PDFRAME - ok
19:55:03.0218 3428 PDRELI - ok
19:55:03.0234 3428 PDRFRAME - ok
19:55:03.0250 3428 perc2 - ok
19:55:03.0281 3428 perc2hib - ok
19:55:03.0375 3428 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:55:03.0375 3428 PlugPlay - ok
19:55:03.0406 3428 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
19:55:03.0421 3428 Pml Driver HPZ12 - ok
19:55:03.0437 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:55:03.0437 3428 PolicyAgent - ok
19:55:03.0484 3428 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:55:03.0484 3428 PptpMiniport - ok
19:55:03.0500 3428 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:55:03.0500 3428 Processor - ok
19:55:03.0500 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:55:03.0500 3428 ProtectedStorage - ok
19:55:03.0562 3428 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe
19:55:03.0562 3428 ProtexisLicensing - ok
19:55:03.0593 3428 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:55:03.0593 3428 PSched - ok
19:55:03.0640 3428 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:55:03.0640 3428 Ptilink - ok
19:55:03.0687 3428 [ 86724469CD077901706854974CD13C3E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:55:03.0687 3428 PxHelp20 - ok
19:55:03.0703 3428 ql1080 - ok
19:55:03.0718 3428 Ql10wnt - ok
19:55:03.0734 3428 ql12160 - ok
19:55:03.0734 3428 ql1240 - ok
19:55:03.0765 3428 ql1280 - ok
19:55:03.0781 3428 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:55:03.0781 3428 RasAcd - ok
19:55:03.0843 3428 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:55:03.0843 3428 RasAuto - ok
19:55:03.0875 3428 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
19:55:03.0875 3428 Rasirda - ok
19:55:03.0906 3428 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:55:03.0906 3428 Rasl2tp - ok
19:55:03.0953 3428 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:55:03.0953 3428 RasMan - ok
19:55:03.0984 3428 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:55:03.0984 3428 RasPppoe - ok
19:55:04.0000 3428 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:55:04.0000 3428 Raspti - ok
19:55:04.0031 3428 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:55:04.0031 3428 Rdbss - ok
19:55:04.0046 3428 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:55:04.0046 3428 RDPCDD - ok
19:55:04.0093 3428 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:55:04.0093 3428 RDPWD - ok
19:55:04.0156 3428 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:55:04.0156 3428 RDSessMgr - ok
19:55:04.0171 3428 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:55:04.0171 3428 redbook - ok
19:55:04.0234 3428 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:55:04.0234 3428 RemoteAccess - ok
19:55:04.0296 3428 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
19:55:04.0296 3428 ROOTMODEM - ok
19:55:04.0328 3428 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:55:04.0328 3428 RpcLocator - ok
19:55:04.0375 3428 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:55:04.0375 3428 RpcSs - ok
19:55:04.0421 3428 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:55:04.0437 3428 RSVP - ok
19:55:04.0484 3428 [ 7889E3981E0A5D347E037ABD467D53A5 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
19:55:04.0500 3428 RTL8023xp - ok
19:55:04.0515 3428 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:55:04.0515 3428 SamSs - ok
19:55:04.0578 3428 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:55:04.0578 3428 SCardSvr - ok
19:55:04.0640 3428 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:55:04.0640 3428 Schedule - ok
19:55:04.0765 3428 [ 7A95E655EF27C9A4321B520471866783 ] sdAuxService C:\Program Files\Spyware Doctor\pctsAuxs.exe
19:55:04.0765 3428 sdAuxService - ok
19:55:04.0812 3428 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
19:55:04.0812 3428 sdbus - ok
19:55:04.0890 3428 [ 4A5FEB6E495E54EFBE9FE1E7B7E1F657 ] sdCoreService C:\Program Files\Spyware Doctor\pctsSvc.exe
19:55:04.0984 3428 sdCoreService - ok
19:55:05.0062 3428 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
19:55:05.0062 3428 SeaPort - ok
19:55:05.0125 3428 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:55:05.0125 3428 Secdrv - ok
19:55:05.0171 3428 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:55:05.0171 3428 seclogon - ok
19:55:05.0203 3428 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:55:05.0218 3428 SENS - ok
19:55:05.0265 3428 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:55:05.0265 3428 serenum - ok
19:55:05.0296 3428 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:55:05.0312 3428 Serial - ok
19:55:05.0359 3428 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:55:05.0359 3428 Sfloppy - ok
19:55:05.0437 3428 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:55:05.0453 3428 SharedAccess - ok
19:55:05.0484 3428 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:55:05.0484 3428 ShellHWDetection - ok
19:55:05.0500 3428 Simbad - ok
19:55:05.0515 3428 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:55:05.0531 3428 SLIP - ok
19:55:05.0578 3428 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
19:55:05.0578 3428 SMCIRDA - ok
19:55:05.0625 3428 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
19:55:05.0640 3428 SONYPVU1 - ok
19:55:05.0640 3428 Sparrow - ok
19:55:05.0671 3428 [ 39F61829594254A6252C131D2155A2BA ] SPCA508A C:\WINDOWS\system32\DRIVERS\SPCA508A.SYS
19:55:05.0671 3428 SPCA508A - ok
19:55:05.0718 3428 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:55:05.0718 3428 splitter - ok
19:55:05.0781 3428 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:55:05.0781 3428 Spooler - ok
19:55:05.0812 3428 [ 03D7AD16AC204C48640CBE6ED8281A65 ] spupdsvc C:\WINDOWS\system32\spupdsvc.exe
19:55:05.0812 3428 spupdsvc - ok
19:55:05.0843 3428 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:55:05.0843 3428 sr - ok
19:55:05.0906 3428 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:55:05.0906 3428 srservice - ok
19:55:05.0968 3428 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:55:05.0968 3428 Srv - ok
19:55:06.0031 3428 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:55:06.0031 3428 SSDPSRV - ok
19:55:06.0062 3428 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:55:06.0078 3428 stisvc - ok
19:55:06.0125 3428 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:55:06.0125 3428 streamip - ok
19:55:06.0171 3428 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:55:06.0171 3428 swenum - ok
19:55:06.0218 3428 [ 5230AAB3A00B0A1B89580D8ED85B5BFA ] swivsp C:\WINDOWS\system32\DRIVERS\swivspnt.sys
19:55:06.0218 3428 swivsp - ok
19:55:06.0250 3428 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:55:06.0250 3428 swmidi - ok
19:55:06.0281 3428 [ 57BBAEF27DC790160245B43EB6DCD576 ] swmsflt C:\WINDOWS\System32\drivers\swmsflt.sys
19:55:06.0281 3428 swmsflt - ok
19:55:06.0296 3428 [ AC41C4005F0F9C327719D945C62D16B2 ] SWNC8U51 C:\WINDOWS\system32\DRIVERS\swnc8u51.sys
19:55:06.0296 3428 SWNC8U51 - ok
19:55:06.0328 3428 SwPrv - ok
19:55:06.0359 3428 SWUMX20 - ok
19:55:06.0406 3428 [ D1930779033657480CC1D3CF92B52400 ] SWUMX51 C:\WINDOWS\system32\DRIVERS\swumx51.sys
19:55:06.0406 3428 SWUMX51 - ok
19:55:06.0468 3428 symc810 - ok
19:55:06.0484 3428 symc8xx - ok
19:55:06.0531 3428 SYMIDSCO - ok
19:55:06.0546 3428 sym_hi - ok
19:55:06.0578 3428 sym_u3 - ok
19:55:06.0625 3428 [ F484C77F748729129D5CC9C965D9F701 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:55:06.0640 3428 SynTP - ok
19:55:06.0687 3428 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:55:06.0687 3428 sysaudio - ok
19:55:06.0781 3428 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:55:06.0781 3428 SysmonLog - ok
19:55:06.0828 3428 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:55:06.0828 3428 TapiSrv - ok
19:55:06.0906 3428 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:55:06.0906 3428 Tcpip - ok
19:55:06.0953 3428 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:55:06.0953 3428 TDPIPE - ok
19:55:06.0968 3428 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:55:06.0984 3428 TDTCP - ok
19:55:07.0000 3428 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:55:07.0015 3428 TermDD - ok
19:55:07.0046 3428 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:55:07.0062 3428 TermService - ok
19:55:07.0093 3428 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:55:07.0093 3428 Themes - ok
19:55:07.0140 3428 [ 9179E07503630D6FB2E4162FF0196191 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
19:55:07.0156 3428 tifm21 - ok
19:55:07.0171 3428 TosIde - ok
19:55:07.0187 3428 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:55:07.0203 3428 TrkWks - ok
19:55:07.0218 3428 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:55:07.0218 3428 Udfs - ok
19:55:07.0234 3428 ultra - ok
19:55:07.0296 3428 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:55:07.0312 3428 Update - ok
19:55:07.0359 3428 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:55:07.0359 3428 upnphost - ok
19:55:07.0390 3428 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:55:07.0390 3428 UPS - ok
19:55:07.0468 3428 [ 01F43DDC94653CD68D2794EC4500DEBC ] USB28xxBGA C:\WINDOWS\system32\DRIVERS\emBDA.sys
19:55:07.0484 3428 USB28xxBGA - ok
19:55:07.0500 3428 [ F887C3EEE7ABACD594B5F73B862C45FC ] USB28xxOEM C:\WINDOWS\system32\DRIVERS\emOEM.sys
19:55:07.0500 3428 USB28xxOEM - ok
19:55:07.0562 3428 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:55:07.0562 3428 usbaudio - ok
19:55:07.0578 3428 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:55:07.0578 3428 usbccgp - ok
19:55:07.0609 3428 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:55:07.0609 3428 usbehci - ok
19:55:07.0640 3428 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:55:07.0640 3428 usbhub - ok
19:55:07.0656 3428 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:55:07.0656 3428 usbohci - ok
19:55:07.0671 3428 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:55:07.0671 3428 usbprint - ok
19:55:07.0718 3428 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:55:07.0718 3428 usbscan - ok
19:55:07.0734 3428 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:55:07.0734 3428 USBSTOR - ok
19:55:07.0765 3428 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:55:07.0765 3428 usbuhci - ok
19:55:07.0796 3428 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:55:07.0796 3428 VgaSave - ok
19:55:07.0812 3428 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
19:55:07.0828 3428 ViaIde - ok
19:55:07.0828 3428 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:55:07.0828 3428 VolSnap - ok
19:55:07.0890 3428 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:55:07.0906 3428 VSS - ok
19:55:07.0953 3428 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:55:07.0968 3428 W32Time - ok
19:55:08.0015 3428 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:55:08.0015 3428 Wanarp - ok
19:55:08.0062 3428 [ 4C0B8EF721783F52F8E531FBDC4B1F74 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
19:55:08.0062 3428 wceusbsh - ok
19:55:08.0062 3428 WDICA - ok
19:55:08.0109 3428 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:55:08.0109 3428 wdmaud - ok
19:55:08.0156 3428 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:55:08.0156 3428 WebClient - ok
19:55:08.0203 3428 [ 214BC3AD84907AD6AD655AC5465F449A ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:55:08.0234 3428 winachsf - ok
19:55:08.0328 3428 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:55:08.0328 3428 winmgmt - ok
19:55:08.0468 3428 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:55:08.0531 3428 wlidsvc - ok
19:55:08.0578 3428 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:55:08.0578 3428 WmdmPmSN - ok
19:55:08.0609 3428 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:55:08.0609 3428 WmiAcpi - ok
19:55:08.0656 3428 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:55:08.0656 3428 WmiApSrv - ok
19:55:08.0796 3428 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:55:08.0890 3428 WMPNetworkSvc - ok
19:55:08.0953 3428 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:55:08.0953 3428 WS2IFSL - ok
19:55:09.0000 3428 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:55:09.0015 3428 wscsvc - ok
19:55:09.0062 3428 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:55:09.0062 3428 WSTCODEC - ok
19:55:09.0093 3428 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:55:09.0093 3428 wuauserv - ok
19:55:09.0140 3428 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:55:09.0140 3428 WudfPf - ok
19:55:09.0171 3428 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:55:09.0171 3428 WudfRd - ok
19:55:09.0234 3428 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:55:09.0234 3428 WudfSvc - ok
19:55:09.0312 3428 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:55:09.0328 3428 WZCSVC - ok
19:55:09.0375 3428 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:55:09.0375 3428 xmlprov - ok
19:55:09.0421 3428 ================ Scan global ===============================
19:55:09.0468 3428 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:55:09.0515 3428 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:55:09.0546 3428 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:55:09.0578 3428 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:55:09.0578 3428 [Global] - ok
19:55:09.0593 3428 ================ Scan MBR ==================================
19:55:09.0625 3428 [ 5AE5A393505CFFD37FE98C4A7922908D ] \Device\Harddisk0\DR0
19:55:09.0968 3428 \Device\Harddisk0\DR0 - ok
19:55:09.0968 3428 ================ Scan VBR ==================================
19:55:09.0968 3428 [ F5E21E77DB12B4A4E079B9ECD2B0FB15 ] \Device\Harddisk0\DR0\Partition1
19:55:09.0968 3428 \Device\Harddisk0\DR0\Partition1 - ok
19:55:09.0984 3428 [ 89FA4D53689DF953C6AD01D6A4E24028 ] \Device\Harddisk0\DR0\Partition2
19:55:09.0984 3428 \Device\Harddisk0\DR0\Partition2 - ok
19:55:09.0984 3428 ============================================================
19:55:09.0984 3428 Scan finished
19:55:09.0984 3428 ============================================================
19:55:10.0000 2008 Detected object count: 0
19:55:10.0000 2008 Actual detected object count: 0


aswMBR results showing an infected dll file:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-25 19:52:31
-----------------------------
19:52:31.328 OS Version: Windows 5.1.2600 Service Pack 3
19:52:31.328 Number of processors: 1 586 0x2402
19:52:31.328 ComputerName: SEANLAPTOP UserName: Sean Clark
19:52:31.828 Initialize success
19:55:58.218 AVAST engine defs: 12112501
19:57:09.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:57:09.046 Disk 0 Vendor: ST9100823A 3.02 Size: 95396MB BusType: 3
19:57:09.156 Disk 0 MBR read successfully
19:57:09.171 Disk 0 MBR scan
19:57:09.187 Disk 0 unknown MBR code
19:57:09.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 87769 MB offset 63
19:57:09.234 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 7616 MB offset 179767350
19:57:09.265 Disk 0 scanning sectors +195366465
19:57:09.328 Disk 0 scanning C:\WINDOWS\system32\drivers
19:57:22.421 Service scanning
19:57:48.593 Modules scanning
19:57:58.171 Disk 0 trace - called modules:
19:57:58.234 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:57:58.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a50aab8]
19:57:58.781 3 CLASSPNP.SYS[f74f7fd7] -> nt!IofCallDriver -> \Device\00000077[0x8a4b7f18]
19:57:58.796 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a4f8d98]
19:57:59.296 AVAST engine scan C:\WINDOWS
19:58:23.078 AVAST engine scan C:\WINDOWS\system32
20:01:26.093 AVAST engine scan C:\WINDOWS\system32\drivers
20:01:44.906 AVAST engine scan C:\Documents and Settings\Sean Clark
20:08:29.390 AVAST engine scan C:\Documents and Settings\All Users
20:09:44.093 Scan finished successfully
20:10:11.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sean Clark\Desktop\MBR.dat"
20:10:11.031 The log file has been saved successfully to "C:\Documents and Settings\Sean Clark\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-30 20:02:00
-----------------------------
20:02:00.953 OS Version: Windows 5.1.2600 Service Pack 3
20:02:00.953 Number of processors: 1 586 0x2402
20:02:00.953 ComputerName: SEANLAPTOP UserName: Sean Clark
20:02:01.515 Initialize success
20:09:07.671 AVAST engine defs: 12113001
20:09:43.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:09:43.640 Disk 0 Vendor: ST9100823A 3.02 Size: 95396MB BusType: 3
20:09:43.734 Disk 0 MBR read successfully
20:09:43.734 Disk 0 MBR scan
20:09:43.796 Disk 0 unknown MBR code
20:09:43.812 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 87769 MB offset 63
20:09:43.859 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 7616 MB offset 179767350
20:09:43.890 Disk 0 scanning sectors +195366465
20:09:43.984 Disk 0 scanning C:\WINDOWS\system32\drivers
20:10:02.921 Service scanning
20:10:25.968 Modules scanning
20:10:40.640 Disk 0 trace - called modules:
20:10:40.687 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:10:41.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a50aab8]
20:10:41.218 3 CLASSPNP.SYS[f74f7fd7] -> nt!IofCallDriver -> \Device\00000077[0x8a4b7f18]
20:10:41.234 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a4f8d98]
20:10:41.781 AVAST engine scan C:\WINDOWS
20:10:58.484 AVAST engine scan C:\WINDOWS\system32
20:11:27.078 File: C:\WINDOWS\system32\docprop2Y.dll **INFECTED** Win32:Malware-gen
20:15:15.593 AVAST engine scan C:\WINDOWS\system32\drivers
20:15:46.781 AVAST engine scan C:\Documents and Settings\Sean Clark
20:22:30.234 AVAST engine scan C:\Documents and Settings\All Users
20:24:25.500 Scan finished successfully
20:29:51.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sean Clark\Desktop\MBR.dat"
20:29:51.218 The log file has been saved successfully to "C:\Documents and Settings\Sean Clark\Desktop\aswMBR.txt"


ESET Online Scanner log:

Operating memory probably a variant of Win32/Ponmocup.AA trojan

Thanks again for your help with this!!

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 PM

Posted 01 December 2012 - 07:37 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 PZ9ers

PZ9ers
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 01 December 2012 - 04:02 PM

Here are the results of the various scans:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.01.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Sean Clark :: SEANLAPTOP [administrator]

12/1/2012 11:27:23 AM
mbam-log-2012-12-01 (11-27-23).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 321941
Time elapsed: 1 hour(s), 6 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MiniToolBox by Farbar Version: 25-11-2012
Ran by Sean Clark (administrator) on 01-12-2012 at 12:37:55
Running from "C:\Documents and Settings\Sean Clark\Local Settings\Temporary Internet Files\Content.IE5\CUITC806"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15280 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Broadcom 802.11b/g WLAN = Wireless Network Connection 2 (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : SeanLaptop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-16-D4-46-4F-5E



Ethernet adapter Wireless Network Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN

Physical Address. . . . . . . . . : 00-14-A5-FE-E2-F6

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.4

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

75.75.75.75

Lease Obtained. . . . . . . . . . : Saturday, December 01, 2012 11:18:45 AM

Lease Expires . . . . . . . . . . : Sunday, December 02, 2012 11:18:45 AM

Server: my.router
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.33.38, 173.194.33.36, 173.194.33.33, 173.194.33.40
173.194.33.34, 173.194.33.41, 173.194.33.35, 173.194.33.37, 173.194.33.32
173.194.33.39, 173.194.33.46



Pinging google.com [173.194.33.38] with 32 bytes of data:



Reply from 173.194.33.38: bytes=32 time=14ms TTL=55

Reply from 173.194.33.38: bytes=32 time=14ms TTL=55



Ping statistics for 173.194.33.38:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 14ms, Maximum = 14ms, Average = 14ms

Server: my.router
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 98.138.253.109, 72.30.38.140



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=760ms TTL=47

Reply from 98.139.183.24: bytes=32 time=950ms TTL=49



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 760ms, Maximum = 950ms, Average = 855ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 d4 46 4f 5e ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 14 a5 fe e2 f6 ...... Broadcom 802.11b/g WLAN - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.4 192.168.1.4 25
192.168.1.4 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.4 192.168.1.4 25
224.0.0.0 240.0.0.0 192.168.1.4 192.168.1.4 25
255.255.255.255 255.255.255.255 192.168.1.4 2 1
255.255.255.255 255.255.255.255 192.168.1.4 192.168.1.4 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/25/2012 00:08:28 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/24/2012 11:59:03 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x043e5710.
Processing media-specific event for [explorer.exe!ws!]

Error: (11/24/2012 11:58:54 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x043e5710.
Processing media-specific event for [explorer.exe!ws!]

Error: (11/24/2012 10:44:55 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x0269b710.
Processing media-specific event for [explorer.exe!ws!]

Error: (11/24/2012 10:44:46 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x0269b710.
Processing media-specific event for [explorer.exe!ws!]

Error: (11/24/2012 10:43:31 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x067f7710.
Processing media-specific event for [explorer.exe!ws!]

Error: (11/24/2012 10:43:19 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x067f7710.
Processing media-specific event for [explorer.exe!ws!]

Error: (11/18/2012 06:33:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16250

Error: (11/18/2012 06:33:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16250

Error: (11/18/2012 06:33:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (12/01/2012 11:20:51 AM) (Source: System Error) (User: )
Description: Error code 10000050, parameter1 f7993000, parameter2 00000000, parameter3 80506fdd, parameter4 00000000.

Error: (12/01/2012 11:19:26 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
adwarealert

Error: (12/01/2012 11:19:26 AM) (Source: Service Control Manager) (User: )
Description: The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error:
%%1058

Error: (11/29/2012 06:56:46 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1

Error: (11/28/2012 08:22:41 PM) (Source: PlugPlayManager) (User: )
Description: The device 'HL-DT-ST DVDRAM GSA-4084N' (IDE\CdRomHL-DT-ST_DVDRAM_GSA-4084N_______________KQ09____\304b36384b383434353520342020202020202020) disappeared from the system without first being prepared for removal.

Error: (11/28/2012 08:22:41 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1

Error: (11/28/2012 08:22:36 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1

Error: (11/28/2012 08:22:27 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1

Error: (11/28/2012 08:16:37 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1

Error: (11/25/2012 08:18:20 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1


Microsoft Office Sessions:
=========================
Error: (11/25/2012 00:08:28 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (11/24/2012 11:59:03 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.0043e5710

Error: (11/24/2012 11:58:54 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.0043e5710

Error: (11/24/2012 10:44:55 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.00269b710

Error: (11/24/2012 10:44:46 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.00269b710

Error: (11/24/2012 10:43:31 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.0067f7710

Error: (11/24/2012 10:43:19 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.0067f7710

Error: (11/18/2012 06:33:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16250

Error: (11/18/2012 06:33:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16250

Error: (11/18/2012 06:33:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


=========================== Installed Programs ============================

8 Ways to Avoid Probate
Abacast Distributed Live (Version: 2.2b1)
Abacast Distributed On-Demand
AC3Filter (remove only)
ACT!
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Reader 8.1.6 (Version: 8.1.6)
Adobe Shockwave Player 11.5 (Version: 11.5)
AdwareAlert (Version: 1.9.3019)
Age of Castles (Version: WT018181)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.3.127)
Athlon 64 Processor Driver (Version: 1.2.2.2)
ATI Control Panel (Version: 6.14.10.5171)
ATI Display Driver (Version: 8.193-051110a1-028580C-HP)
Bing Bar (Version: 7.0.609.0)
BufferChm (Version: 70.0.170.000)
Byki (Version: 4.0)
Byki Express
CleanUp!
Comcast Universal Installer v1.2 (Version: 30)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant AC-Link Audio
Corel Paint Shop Pro Photo XI (Version: 11.20.0000)
CP_AtenaShokunin1Config (Version: 60.0.155.000)
CP_CalendarTemplates1 (Version: 60.0.155.000)
cp_LightScribeConfig (Version: 60.0.155.000)
cp_OnlineProjectsConfig (Version: 60.0.155.000)
CP_Package_Basic1 (Version: 60.0.155.000)
CP_Package_Variety1 (Version: 60.0.155.000)
CP_Package_Variety2 (Version: 60.0.155.000)
CP_Package_Variety3 (Version: 60.0.155.000)
CP_Panorama1Config (Version: 60.0.155.000)
cp_PosterPrintConfig (Version: 60.0.155.000)
cp_UpdateProjectsConfig (Version: 60.0.155.000)
Critical Update for Windows Media Player 11 (KB959772)
CueTour (Version: 60.0.155.000)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680)
CutePDF Writer 2.7
Destinations (Version: 60.0.155.000)
Destiny Media Player (Version: 1.61.01)
DivX
DVR Client Program
ESET Online Scanner v3
Football Playbook 010
Full Tilt Poker (Version: 4.17.11.WIN.FullTilt.Real)
FullDPAppQFolder (Version: 1.00.0000)
Google Earth (Version: 4.2.181.2634)
Google Toolbar for Internet Explorer (Version: 1.0.0)
honestech VHS to DVD 3.0 Deluxe (Version: 3.0)
HP DVD Play 2.0
HP Help and Support (Version: 4.2.0006)
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Photosmart and Deskjet 7.0 Software (Version: 7.1)
HP Photosmart Essential (Version: 1.9.1.2)
HP Photosmart Premier Software 6.0 (Version: 6.0)
HP Rhapsody
HP Update (Version: 4.000.012.001)
HP User Guides--System Recovery (Version: 1.00.0001)
HP User Guides 0025 (Version: 1.00.0000)
HP Wireless Assistant 2.00 C1 (Version: 2.00 C1)
hph_software_req (Version: 70.0.260.000)
HpSdpAppCoreApp (Version: 3.00.0000)
iCam320
ICS Viewer 6.0
InstantShareDevices (Version: 60.0.155.000)
Internet Explorer (Enable DEP)
iTunes (Version: 10.1.0.56)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60)
Java™ 6 Update 2 (Version: 1.6.0.20)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
KWizCom SharePoint Template Language Converter (Version: 1.0.04)
LightScribe 1.4.56.1 (Version: 1.4.56.1)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Default Manager (Version: 2.1.55.0)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006 (Version: 15)
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Works (Version: 08.04.0623)
MOBOTIX MxControlCenter (Version: 1.5.8)
MSN SideGuide (Version: 1.1.0424)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 4.5 (Version: 4.50.050)
MySpaceIM (Version: 1.0.789.0)
Netscape Browser (remove only)
Netscape Internet Service
Netscape Web Accelerator
Office 2003 Trial Assistant (Version: 1.0.0)
OptionalContentQFolder (Version: 1.00.0000)
PhotoGallery (Version: 60.0.155.000)
ProxyChecker (remove only)
Quick Launch Buttons 5.20 G1 (Version: 5.20 G1)
Quicken 2006 (Version: 15.1.3.1)
Quicken Lawyer 2002 Wills
QuickTime (Version: 7.71.80.42)
RadioDestiny Broadcaster (Version: 3.1.30318)
RandMap (Version: 60.0.155.000)
Rhapsody Player Engine (Version: 1.0.604)
SE CNC Converter Professional 3.7.52 (remove only) (Version: 3.7.52)
SecuMan2.0
Sid Meier's SimGolf
Sierra Wireless 3G Watcher (Version: 5.0.1618.2)
SkinsHP1 (Version: 60.0.155.000)
Soft Data Fax Modem with SmartCP
Sonic Audio Module (Version: 2.0.4)
Sonic Copy Module (Version: 2.0.4)
Sonic Data Module (Version: 2.0.4)
Sonic Express Labeler (Version: 2.0.0)
Sonic MyDVD Plus (Version: 6.2.0)
Sonic Update Manager (Version: 3.0.0)
Sonic_PrimoSDK (Version: 60.0.155.000)
Splendid City Sports Scheduler v6.6.5.1
Spyware Doctor 5.5 (Version: 5.5)
Synaptics Pointing Device Driver (Version: 8.0.13.0)
System Requirements Lab
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 1.15.0000)
TIPCI (Version: 1.15.0000)
Toolbox (Version: 70.0.170.000)
TourSetup (Version: 1.0.0)
Unload (Version: 6.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB2.0 VIDBOX NW03 (Version: 1.00)
Walgreens PictureMover (Version: 3.7.0.5)
WebFldrs XP (Version: 9.50.7523)
West Coast Offense
Windows Driver Package - eMPIA Technology (USB28xxBGA) Media (06/22/2007 6.22.0116.0) (Version: 06/22/2007 6.22.0116.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Messenger (Version: 8.1.0178.00)
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinZip (Version: 9.0 SR-1 (6224))
Wireless Home Network Setup (Version: 1.1.154.1)
YahELite 329 (Version: 329)
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 63%
Total physical RAM: 1534.17 MB
Available physical RAM: 556.92 MB
Total Pagefile: 2152.16 MB
Available Pagefile: 1426.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.22 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:85.71 GB) (Free:11.36 GB) NTFS
2 Drive d: (PRESARIO_RP) (Fixed) (Total:7.42 GB) (Free:1 GB) FAT32

========================= Users: ========================================

User accounts for \\SEANLAPTOP

Administrator ASPNET Guest
HelpAssistant Sean Clark SUPPORT_388945a0

========================= Restore Points ==================================

23-11-2012 09:30:58 System Checkpoint
23-11-2012 09:42:03 Software Distribution Service 3.0
24-11-2012 08:38:26 Installed %1 %2.
24-11-2012 08:49:07 Removed AdwareAlert
24-11-2012 08:49:31 Removed AdwareAlert
24-11-2012 08:50:40 Removed Bonjour
24-11-2012 08:53:29 Removed DVSS4Client
01-12-2012 03:43:50 Removed Ad-Aware Antivirus.

**** End of log ****


Farbar Service Scanner Version: 01-12-2012 02
Ran by Sean Clark (administrator) on 01-12-2012 at 12:43:36
Running from "C:\Documents and Settings\Sean Clark\Local Settings\Temporary Internet Files\Content.IE5\NUET52OE"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(7) IPSec(5) NetBT(6) PSched(8) Tcpip(4)
0x080000000500000001000000020000000300000004000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****


# AdwCleaner v2.010 - Logfile created 12/01/2012 at 12:46:46
# Updated 29/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Sean Clark - SEANLAPTOP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Sean Clark\Local Settings\Temporary Internet Files\Content.IE5\CUITC806\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKU\S-1-5-21-2464928682-3140429748-1818154608-1006\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [2428 octets] - [01/12/2012 12:46:46]

########## EOF - C:\AdwCleaner[S1].txt - [2488 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.7.1 (12.01.2012:1)
OS: Microsoft Windows XP x86
Ran by Sean Clark on Sat 12/01/2012 at 12:52:58.60
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\SearchProtection
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/01/2012 at 12:58:52.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 PM

Posted 01 December 2012 - 04:55 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 PZ9ers

PZ9ers
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 01 December 2012 - 06:55 PM

Thanks! Here you go:

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/01/2012 03:46:05 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\HPZipm12.exe (PID: 408) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Security Center (wscsvc) is not Running.
Startup Type set to: Disabled

* MSDTC [Missing Service]

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

20 out of 15300 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 12/01/2012 03:46:53 PM
Execution time: 0 hours(s), 0 minute(s), and 48 seconds(s)



"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 8.0\reader\reader_sl.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "ATIPTA" "ATI Desktop Control Panel" "ATI Technologies, Inc." "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
+ "Cpqset" "" "" "c:\program files\hpq\default settings\cpqset.exe"
+ "eabconfg.cpl" "Quick Launch Buttons" "Hewlett-Packard " "c:\program files\hpq\quick launch buttons\eabservr.exe"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files\hp\hp software update\hpwuschd2.exe"
+ "hpWirelessAssistant" "hp Wireless Assistant Module" "Hewlett-Packard Development Company, L.P." "c:\program files\hpq\hp wireless assistant\hp wireless assistant.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "Microsoft Default Manager" "Microsoft Default Manager" "Microsoft Corporation" "c:\program files\microsoft\search enhancement pack\default manager\defmgr.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "RecGuard" "Recguard Application" "" "c:\windows\sminst\recguard.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics, Inc." "c:\program files\synaptics\syntp\syntpenh.exe"
+ "WatcherHelper" "WatcherHelper Application" "Sierra Wireless Inc." "c:\program files\sierra wireless inc\3g watcher\wahelper.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "McAfee Security Scan Plus.lnk" "McAfee Security Scanner Scheduler" "McAfee, Inc." "c:\program files\mcafee security scan\2.0.181\ssscheduler.exe"
+ "Snapfish PictureMover.lnk" "PictureMover Application" "Hewlett-Packard Company" "c:\program files\walgreens picturemover\bin\picturemover.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AbacastDistributedOnDemand:11" "Abacast Distributed On-Demand" "Abacast, Inc." "c:\documents and settings\sean clark\local settings\application data\abacastdistributedondemand\node\11\abacastdistributedondemand.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "livecall" "MSN Messenger Protocol Handler" "Microsoft Corporation" "c:\program files\msn messenger\msgrapp.8.1.0178.00.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "msnim" "MSN Messenger Protocol Handler" "Microsoft Corporation" "c:\program files\msn messenger\msgrapp.8.1.0178.00.dll"
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
+ "mso-offdap11" "Microsoft Office Web Components 2003" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
+ "Yahoo! Mail" "Yahoo! Mail" "Yahoo! Inc." "c:\program files\yahoo!\common\ymmapi.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Reader Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
+ "Bing Bar Helper" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll"
+ "SSVHelper Class" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre1.6.0_03\bin\ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
+ "Yahoo! IE Services Button" "Yahoo! IE Services" "Yahoo! Inc." "c:\program files\yahoo!\common\yiesrvc.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Sun Java Console" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre1.6.0_03\bin\ssv.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
+ "Yahoo! Services" "Yahoo! IE Services" "Yahoo! Inc." "c:\program files\yahoo!\common\yiesrvc.dll"
"Task Scheduler" "" "" ""
+ "Ad-Aware Antivirus Scheduled Scan.job" "" "" "File not found: C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe --scan=full"
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Rzxab.job" "" "" "c:\windows\system32\docprop2y.dll"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll"
+ "Ati HotKey Poller" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "BBSvc" "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar." "Microsoft Corporation." "c:\program files\microsoft\bingbar\bbsvc.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "hpqwmiex" "hpqwmiex Module" "Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\shared\hpqwmiex.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MatSvc" "Microsoft Automated Troubleshooting Service" "Microsoft Corporation" "c:\program files\microsoft fix it center\matsvc.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "McComponentHostService" "McAfee Security Scan Component Host Service" "McAfee, Inc." "c:\program files\mcafee security scan\2.0.181\mcchsvc.exe"
+ "MDM" "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly." "Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
+ "NCUpdateSvc" "Netscape Update Service" "Netscape Communications Corporation" "c:\program files\netscape internet service\ncupdatesvc.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPZ12" "PML Driver" "HP" "c:\windows\system32\hpzipm12.exe"
+ "sdAuxService" "Provides auxiliary PC Tools Security services. If this service is disabled spyware protection will be reduced." "PC Tools" "c:\program files\spyware doctor\pctsauxs.exe"
+ "sdCoreService" "Provides spyware and malware protection for the system. If this service is disabled spyware protection will be disabled." "PC Tools" "c:\program files\spyware doctor\pctssvc.exe"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar." "Microsoft Corporation" "c:\program files\microsoft\bingbar\seaport.exe"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adwarealert" "adwarealert system protection" "" "File not found: system32\DRIVERS\adwarealert.sys"
+ "AliIde" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "AmdK8" "AMD Processor Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdk8.sys"
+ "ati2mtag" "ATI Radeon WindowsNT Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mtag.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl5.sys"
+ "BTWUSB" "Driver for Bluetooth USB Devices" "Broadcom Corporation." "c:\windows\system32\drivers\btwusb.sys"
+ "CAMCAUD" "Conexant WDM AC97 Audio Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\camc6aud.sys"
+ "CAMCHALA" "Conexant AmcHal Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\camc6hal.sys"
+ "catchme" "" "" "File not found: C:\ComboFix\catchme.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "eabfiltr" "QLB PS/2 Keyboard filter driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\eabfiltr.sys"
+ "eabusb" "QLB USB Keyboard filter driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\eabusb.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "gfibto" "GFI Boot Time Operations Driver" "GFI Software" "c:\windows\system32\drivers\gfibto.sys"
+ "HPZid412" "IEEE-1284.4-1999 Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzid412.sys"
+ "HPZipr12" "IEEE-1284.4-1999 Print Class Driver" "HP" "c:\windows\system32\drivers\hpzipr12.sys"
+ "HPZius12" "1284.4<->Usb Datalink Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzius12.sys"
+ "HSF_DP" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dp.sys"
+ "HSFHWATI" "HSFHWATI WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwati.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "IKFileSec" "File Security Device Driver" "PCTools Research Pty Ltd." "c:\windows\system32\drivers\ikfilesec.sys"
+ "IKSysFlt" "System Filter Device Driver" "PCTools Research Pty Ltd." "c:\windows\system32\drivers\iksysflt.sys"
+ "IKSysSec" "System Security Device Driver" "PCTools Research Pty Ltd." "c:\windows\system32\drivers\iksyssec.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "MCSTRM" "RealNetworks Virtual Path Manager®" "RealNetworks, Inc." "c:\windows\system32\drivers\mcstrm.sys"
+ "mdmxsdk" "Diagnostic Interface DRIVER" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "RTL8023xp" "Realtek 10/100/1000 NDIS 5.1 Driver " "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtnicxp.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SMCIRDA" "SMC IrCC NDIS 5.0 IrDA FIR Device Driver" "SMC" "c:\windows\system32\drivers\smcirda.sys"
+ "SONYPVU1" "Sony USB Lower Filter driver" "Sony Corporation" "c:\windows\system32\drivers\sonypvu1.sys"
+ "SPCA508A" "SPCA508A Camera Driver " "Sunplus Technology Co. LTD." "c:\windows\system32\drivers\spca508a.sys"
+ "swivsp" "Sierra Wireless Virtual Serial Port Driver" "Sierra Wireless Inc." "c:\windows\system32\drivers\swivspnt.sys"
+ "swmsflt" "Sierra Wireless USB Mass Storage Filter Driver" "" "c:\windows\system32\drivers\swmsflt.sys"
+ "SWNC8U51" "Sierra Wireless NDIS Driver" "Sierra Wireless Inc." "c:\windows\system32\drivers\swnc8u51.sys"
+ "SWUMX20" "" "" "File not found: system32\DRIVERS\swumx20.sys"
+ "SWUMX51" "Sierra Wireless USB MUX Driver" "Sierra Wireless Inc." "c:\windows\system32\drivers\swumx51.sys"
+ "SYMIDSCO" "" "" "File not found: C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics, Inc." "c:\windows\system32\drivers\syntp.sys"
+ "tifm21" "tifm21.sys" "Texas Instruments" "c:\windows\system32\drivers\tifm21.sys"
+ "USB28xxBGA" "USB 28xx BDA Driver" "eMPIA Technology, Inc." "c:\windows\system32\drivers\embda.sys"
+ "USB28xxOEM" "USB 28xx BDA Lower filter" "eMPIA Technology, Inc." "c:\windows\system32\drivers\emoem.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.LEAD" "" "" "File not found: LCODCCMP.DLL"
+ "vidc.MJPC" "" "" "File not found: mjpg32_C.dll"
+ "vidc.MJPD" "" "" "File not found: mjpg32_D.dll"
+ "vidc.MJPE" "" "" "File not found: mjpg32_E.dll"
+ "VIDC.MJPG" "PICVideo Motion JPEG Compressor" "Pegasus Imaging Corporation" "c:\windows\system32\pvmjpg21.dll"
+ "vidc.mp42" "Picasoic MPEG4 Video Codec" "Picasoic" "c:\windows\system32\kmpeg4.dll"
+ "VIDC.SP62" "Sunplus 32-bit AVI decompression driver" "Sunplus Technology Corporation" "c:\windows\system32\sp6x_32.dll"
+ "vidc.XVID" "" "" "File not found: xvidvfw.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "AC3Filter" "ac3filter" "" "c:\program files\ac3filter\ac3filter.ax"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CoreCaption Filter" "CoreCaption DLL" "Corel Software, Inc." "c:\program files\common files\corel\directshowcomponents\corecaption.ax"
+ "CoreImgSrc" "COREIMGFLT DLL" "Corel Software, Inc." "c:\program files\common files\corel\directshowcomponents\coreimgsrc.ax"
+ "CoreMovSrc" "COREMOVFLT DLL" "Corel Software, Inc." "c:\program files\common files\corel\directshowcomponents\coremovsrc.ax"
+ "CoreNullXfrm Filter" "CORENULLXFRM DLL" "Corel Software, Inc." "c:\program files\common files\corel\directshowcomponents\corenullxfrm.ax"
+ "CoreVolume Filter" "COREVOLUME DLL" "Corel Software, Inc." "c:\program files\common files\corel\directshowcomponents\corevolume.ax"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\claud.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer (HP_QP2005)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clline21.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clauts.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\hp\quickplay\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clvsd.ax"
+ "DirectShow Tap" "Sonic DirectShow Tap Filter" "Sonic Solutions" "c:\program files\muvee technologies\muvee autoproducer 4.5 - se\directshowtap.ax"
+ "DivX Decoder Filter" "DivX® Decoder Filter" "DivXNetworks, Inc." "c:\windows\system32\divxdec.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "honestech LPCM Decode" "htLPCMdec" "honest Technology" "c:\program files\honestech vhs to dvd 3.0 deluxe\htlpcmdec.ax"
+ "honestech Mpeg1/2 Recorder Filter" "htmpeg2enc.ax" "Honest Technology" "c:\program files\honestech vhs to dvd 3.0 deluxe\htmpeg2enc.ax"
+ "Honestech StillCapture" "Honestech StillCapture" "Honest Technology" "c:\program files\honestech vhs to dvd 3.0 deluxe\htstillcap.ax"
+ "Honestech Video Invert Filter" "ht_invert.ax" "honest technology" "c:\program files\honestech vhs to dvd 3.0 deluxe\ht_invert.ax"
+ "HP Frame Grabber Filter" "Videotoolkit - Directshow Filters" "Hewlett-Packard Development Company, L.P." "c:\program files\hp\digital imaging\bin\hpqdsftr.ax"
+ "HP MPEG-1 Encoder" "Videotoolkit - Directshow Filters" "Hewlett-Packard Development Company, L.P." "c:\program files\hp\digital imaging\bin\hpqdsftr.ax"
+ "HP Resize Filter" "Videotoolkit - Directshow Filters" "Hewlett-Packard Development Company, L.P." "c:\program files\hp\digital imaging\bin\hpqdsftr.ax"
+ "HP Rotate Filter" "Videotoolkit - Directshow Filters" "Hewlett-Packard Development Company, L.P." "c:\program files\hp\digital imaging\bin\hpqdsftr.ax"
+ "HT Color Space Converter" "HT Color Space Converter" "Honest Technology" "c:\program files\honestech vhs to dvd 3.0 deluxe\htcolorspaceconverter.ax"
+ "HT Dump3" "HT File Dump3 Filter" "Honest Technology" "c:\program files\honestech vhs to dvd 3.0 deluxe\htdump3.ax"
+ "HT MP3 Encoder" "HT MP3 Encoder" "" "c:\program files\honestech vhs to dvd 3.0 deluxe\htmp3enc.ax"
+ "HT Thumbnail Filter" "HT Thumbnail Filter" "Honest Technology" "c:\program files\honestech vhs to dvd 3.0 deluxe\htthumbnail.ax"
+ "HT Video Downsampler" "" "Honest Technology" "c:\program files\honestech vhs to dvd 3.0 deluxe\htvideodownsampler.ax"
+ "HT Video LogoRemover" "" "Honest Technology" "c:\program files\honestech vhs to dvd 3.0 deluxe\htvideologoremover.ax"
+ "HT_AudioPicker_Filter" "HT Audio Picker Filter" "honestech" "c:\program files\honestech vhs to dvd 3.0 deluxe\htaudiopicker.ax"
+ "htAudioTransFilter" "Special Effects Sample" "Microsoft Corporation" "c:\program files\honestech vhs to dvd 3.0 deluxe\htaudiotransfilter.ax"
+ "htmpeg2splitter" "HT Mpeg Splitter" "Honest Technology" "c:\program files\honestech vhs to dvd 3.0 deluxe\htmpeg2splitter.ax"
+ "htMPEG2VideoDecoder" "honetech Mpeg2 Video Decoder " "Honest Technology" "c:\program files\honestech vhs to dvd 3.0 deluxe\htmpg2video.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "LEAD MCMP/MJPEG Codec" "LEAD MCMP/MJPEG Codec" "LEAD Technologies, Inc." "c:\program files\hp\digital imaging\bin\lcodccmp.dll"
+ "LEAD MCMP/MJPEG Decoder" "LEAD MCMP/MJPEG Codec" "LEAD Technologies, Inc." "c:\program files\hp\digital imaging\bin\lcodccmp.dll"
+ "MainConcept MPEG Audio Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept\mcdsmpeg.ax"
+ "MainConcept MPEG Splitter" "Mpeg I/II Splitter" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept\mcspmpeg.ax"
+ "MainConcept MPEG Video Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept\mcdsmpeg.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "muvee HXImage Filter" "HXImage Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\hximagefilter.ax"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvmanalyse.ax"
+ "muvee Video Analyser" "Video Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvvanalyse.ax"
+ "PICVideo MJPEG Compressor" "PICVideo Motion JPEG Compressor" "Pegasus Imaging Corporation" "c:\windows\system32\pvmjpg21.dll"
+ "PICVideo MJPEG Decompressor" "PICVideo Motion JPEG Compressor" "Pegasus Imaging Corporation" "c:\windows\system32\pvmjpg21.dll"
+ "QuickTime Encoder" "QuickTime Encoder" "muvee Technologies" "c:\program files\common files\muvee technologies\030625\quicktimesink.ax"
+ "QuickTime Source Filter" "QuickTimeSource Module" "" "c:\program files\common files\muvee technologies\030625\quicktimesource.dll"
+ "QuickTimeRenderer Filter" "QuickTimeRenderer Filter" "muvee Technologies Pte. Ltd." "c:\program files\common files\muvee technologies\030625\quicktimerenderer.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "RTStreamSink" "RTStream Sink Filter" "Sonic Solutions" "c:\program files\muvee technologies\muvee autoproducer 4.5 - se\rtstreamsink.ax"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Sonic Audio Depth Converter" "AudioDepthConverter" "Sonic Solutions" "c:\program files\muvee technologies\muvee autoproducer 4.5 - se\audiodepthconverter.ax"
+ "Sonic Cinemaster MPEG Splitter" "Sonic MPEG Splitter" "" "c:\program files\muvee technologies\muvee autoproducer 4.5 - se\sonicmpegsplitter.dll"
+ "Sonic MPEG Audio Decoder" "SonicMPEGAudio" "Sonic Solutions" "c:\program files\muvee technologies\muvee autoproducer 4.5 - se\sonicmpegaudio.dll"
+ "Sonic MPEG Video Decoder" "SonicMPEGVideo" "Sonic Solutions" "c:\program files\muvee technologies\muvee autoproducer 4.5 - se\sonicmpegvideo.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Tivo DirectShow Source Filter" "TiVo DirectShow Filter" "TiVo Inc." "c:\program files\common files\tivo shared\directshow\tivodirectshowfilter.dll"
+ "WAV Dest" "" "" "c:\program files\honestech vhs to dvd 3.0 deluxe\h_wavdest.ax"
+ "WAV Dest" "" "" "c:\program files\honestech vhs to dvd 3.0 deluxe\wavdest.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMplug" "" "" "File not found: C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "AtiExtEvent" "ATI External Event Utility DLL Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "CutePDF Writer Monitor" "" "" "c:\windows\system32\cpwmon2k.dll"
+ "PCL hpz3l4pi" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3l4pi.dll"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 PM

Posted 02 December 2012 - 11:11 AM

Current issues?

#9 PZ9ers

PZ9ers
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 02 December 2012 - 04:59 PM

I typed a search into my google toolbar about links bringing up ads. The first item on my list was a bleepingcomputer article. "Hovering" over the link shows it will take me to the bleepingcomputer website (in the bottom left corner). However, clicking on it takes me to a different ad website. Is my cache corrupted somehow?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 PM

Posted 02 December 2012 - 05:09 PM

which browser?

#11 PZ9ers

PZ9ers
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 02 December 2012 - 08:02 PM

I have Internet Explorer 8

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 PM

Posted 03 December 2012 - 01:30 AM

Run this fixit

http://go.microsoft.com/?linkid=9646978

Restart the PC and check IE.Still having issues?

#13 PZ9ers

PZ9ers
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 03 December 2012 - 03:12 AM

Ran fixit, prompted me to reset IE (which I did), rebooted computer. Still have the same problem unfortunately.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 PM

Posted 03 December 2012 - 03:41 AM

Press Windows+R key and type

appwiz.cpl and click ok

Uninstall Windows Internet Explorer 8

Restart the PC.This should rollback IE 8 to IE7.

Do you still have issue?

#15 PZ9ers

PZ9ers
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 03 December 2012 - 11:33 PM

The problem still exists. If I click on a link after a google search, it still takes me to advertising websites. I'm having to copy and paste the link into the address bar in order to go to the website. however, once I am actually on the website, the links within the website seem to work.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users