Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus On my computer.


  • Please log in to reply
8 replies to this topic

#1 tatanka7

tatanka7

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 10 December 2012 - 12:01 AM

Hi guys,

I am hoping you guys will be able to help me. I think I have the Google Redirect Virus on my computer because the first time I try to click on a link in google (whether it be IE or Firefox; I don't use Chrome) for the day, it always redirects me to advertising or some weird site. After the first time, it usually is fine, but sometimes it recurs during the day. I've also noticed that sites are slower to load, and I think (may be my imagination) that some sites have additional tracking/cookie links when they are loading (like if I'm reading a newspaper site or chow.com or some usually reliable site). Some other things I've noticed: sometimes when a website is loading, it'll freeze up and a box will come up saying that there is something wrong with a script and would I like to continue or stop the script. Also in my search for trying to figure out what is going on, I've also noticed that if i try to bring up my Add/Remove Programs window, it freezes up on me and does not load unless it's the very first thing I do when I turn on my computer.

My computer is Windows XP and my antivirus program is Avast. I've run Avast, but they didn't find anything. I've also run TDSSKiller without any results (no threats detected). Thanks in advance for helping me!

Edited by tatanka7, 10 December 2012 - 12:11 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:30 AM

Posted 10 December 2012 - 08:14 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 tatanka7

tatanka7
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 12 December 2012 - 01:14 AM

From TDSS Killer:

21:15:50.0078 2024 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:15:52.0093 2024 ============================================================
21:15:52.0093 2024 Current date / time: 2012/12/11 21:15:52.0093
21:15:52.0093 2024 SystemInfo:
21:15:52.0093 2024
21:15:52.0093 2024 OS Version: 5.1.2600 ServicePack: 3.0
21:15:52.0093 2024 Product type: Workstation
21:15:52.0093 2024 ComputerName: ZEPHYR
21:15:52.0093 2024 UserName: Cherie
21:15:52.0093 2024 Windows directory: C:\WINDOWS
21:15:52.0093 2024 System windows directory: C:\WINDOWS
21:15:52.0093 2024 Processor architecture: Intel x86
21:15:52.0093 2024 Number of processors: 2
21:15:52.0093 2024 Page size: 0x1000
21:15:52.0093 2024 Boot type: Normal boot
21:15:52.0093 2024 ============================================================
21:15:59.0828 2024 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:15:59.0843 2024 ============================================================
21:15:59.0843 2024 \Device\Harddisk0\DR0:
21:15:59.0859 2024 MBR partitions:
21:15:59.0859 2024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1402800, BlocksNum 0x11616800
21:15:59.0859 2024 ============================================================
21:16:00.0000 2024 C: <-> \Device\Harddisk0\DR0\Partition1
21:16:00.0015 2024 ============================================================
21:16:00.0015 2024 Initialize success
21:16:00.0015 2024 ============================================================
21:16:33.0203 2336 ============================================================
21:16:33.0203 2336 Scan started
21:16:33.0203 2336 Mode: Manual; TDLFS;
21:16:33.0203 2336 ============================================================
21:16:33.0828 2336 ================ Scan system memory ========================
21:16:33.0843 2336 System memory - ok
21:16:33.0843 2336 ================ Scan services =============================
21:16:37.0015 2336 [ 0B27AE82C113D3687024D18459440426 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
21:16:37.0578 2336 Aavmker4 - ok
21:16:37.0593 2336 Abiosdsk - ok
21:16:37.0765 2336 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:16:38.0062 2336 abp480n5 - ok
21:16:38.0156 2336 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:16:38.0234 2336 ACPI - ok
21:16:38.0250 2336 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:16:38.0343 2336 ACPIEC - ok
21:16:38.0593 2336 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:16:39.0281 2336 AdobeFlashPlayerUpdateSvc - ok
21:16:39.0390 2336 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:16:39.0906 2336 adpu160m - ok
21:16:39.0968 2336 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:16:40.0140 2336 aec - ok
21:16:40.0234 2336 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:16:40.0265 2336 AFD - ok
21:16:40.0343 2336 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
21:16:40.0703 2336 agp440 - ok
21:16:40.0781 2336 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:16:40.0859 2336 agpCPQ - ok
21:16:40.0906 2336 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:16:41.0375 2336 Aha154x - ok
21:16:41.0453 2336 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:16:41.0750 2336 aic78u2 - ok
21:16:41.0796 2336 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:16:42.0125 2336 aic78xx - ok
21:16:42.0187 2336 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:16:42.0531 2336 Alerter - ok
21:16:42.0562 2336 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:16:42.0843 2336 ALG - ok
21:16:42.0906 2336 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
21:16:43.0421 2336 AliIde - ok
21:16:43.0468 2336 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:16:43.0531 2336 alim1541 - ok
21:16:43.0656 2336 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
21:16:44.0296 2336 Ambfilt - ok
21:16:44.0390 2336 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:16:44.0500 2336 amdagp - ok
21:16:44.0546 2336 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
21:16:44.0859 2336 amsint - ok
21:16:44.0875 2336 AppMgmt - ok
21:16:44.0937 2336 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
21:16:45.0328 2336 asc - ok
21:16:45.0453 2336 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:16:45.0687 2336 asc3350p - ok
21:16:45.0796 2336 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:16:46.0078 2336 asc3550 - ok
21:16:46.0484 2336 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:16:46.0796 2336 aspnet_state - ok
21:16:46.0875 2336 [ 1C1F3D6DDDC046C920C493A779649F66 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:16:47.0453 2336 aswFsBlk - ok
21:16:47.0625 2336 [ 9E912FE7B41650701EF2B227ACA440F3 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
21:16:48.0125 2336 aswMon2 - ok
21:16:48.0203 2336 [ 982E275D1C5801042FE94209FB0160FB ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
21:16:48.0640 2336 aswRdr - ok
21:16:48.0781 2336 [ 73DBCF808E00580F2A47F93DD9B03876 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
21:16:49.0640 2336 aswSnx - ok
21:16:49.0781 2336 [ 6CBD7D3A33F498D09C831CDD732DA2E0 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
21:16:50.0312 2336 aswSP - ok
21:16:50.0375 2336 [ 7109A9AA551F37CD168C02368465957E ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
21:16:51.0078 2336 aswTdi - ok
21:16:51.0109 2336 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:16:51.0187 2336 AsyncMac - ok
21:16:51.0281 2336 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:16:51.0812 2336 atapi - ok
21:16:51.0828 2336 Atdisk - ok
21:16:51.0875 2336 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:16:51.0921 2336 Atmarpc - ok
21:16:51.0968 2336 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:16:52.0093 2336 AudioSrv - ok
21:16:52.0156 2336 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:16:52.0218 2336 audstub - ok
21:16:52.0546 2336 [ 2F7C0F3E39C45E0127FB78B2F18A41F3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:16:52.0953 2336 avast! Antivirus - ok
21:16:53.0531 2336 [ FE4ED785396EAA554C561992106A35FA ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:16:54.0765 2336 BCM43XX - ok
21:16:54.0875 2336 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:16:54.0953 2336 Beep - ok
21:16:55.0171 2336 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:16:55.0562 2336 BITS - ok
21:16:55.0625 2336 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
21:16:55.0625 2336 Browser - ok
21:16:55.0703 2336 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:16:55.0921 2336 cbidf - ok
21:16:55.0968 2336 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:16:55.0968 2336 cbidf2k - ok
21:16:56.0015 2336 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:16:56.0406 2336 CCDECODE - ok
21:16:56.0437 2336 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:16:56.0703 2336 cd20xrnt - ok
21:16:56.0734 2336 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:16:56.0796 2336 Cdaudio - ok
21:16:56.0843 2336 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:16:56.0921 2336 Cdfs - ok
21:16:57.0000 2336 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\drivers\Cdrom.sys
21:16:57.0515 2336 Cdrom - ok
21:16:57.0531 2336 Changer - ok
21:16:57.0609 2336 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:16:57.0671 2336 CiSvc - ok
21:16:57.0718 2336 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:16:57.0828 2336 ClipSrv - ok
21:16:58.0015 2336 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:16:58.0218 2336 clr_optimization_v2.0.50727_32 - ok
21:16:58.0265 2336 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:16:58.0468 2336 CmBatt - ok
21:16:58.0515 2336 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:16:58.0593 2336 CmdIde - ok
21:16:58.0625 2336 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:16:58.0812 2336 Compbatt - ok
21:16:58.0828 2336 COMSysApp - ok
21:16:58.0906 2336 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:16:59.0031 2336 Cpqarray - ok
21:16:59.0125 2336 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:16:59.0468 2336 CryptSvc - ok
21:16:59.0578 2336 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:16:59.0687 2336 dac2w2k - ok
21:16:59.0687 2336 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:16:59.0921 2336 dac960nt - ok
21:17:00.0015 2336 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:17:00.0234 2336 DcomLaunch - ok
21:17:00.0296 2336 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:17:00.0296 2336 Dhcp - ok
21:17:00.0375 2336 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:17:00.0609 2336 Disk - ok
21:17:00.0671 2336 [ 08D30AF92C270F2E76787C81589DBAD6 ] DKbFltr C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
21:17:01.0078 2336 DKbFltr - ok
21:17:01.0109 2336 dmadmin - ok
21:17:01.0437 2336 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:17:01.0546 2336 dmboot - ok
21:17:01.0609 2336 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:17:01.0890 2336 dmio - ok
21:17:01.0937 2336 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:17:02.0359 2336 dmload - ok
21:17:02.0421 2336 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:17:02.0734 2336 dmserver - ok
21:17:02.0828 2336 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:17:03.0187 2336 DMusic - ok
21:17:03.0265 2336 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:17:03.0281 2336 Dnscache - ok
21:17:03.0359 2336 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:17:03.0812 2336 Dot3svc - ok
21:17:03.0859 2336 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:17:04.0015 2336 dpti2o - ok
21:17:04.0187 2336 [ 5C918D413F5837E67A85775C9873775E ] DritekPortIO C:\PROGRA~1\LAUNCH~1\DPortIO.sys
21:17:04.0609 2336 DritekPortIO - ok
21:17:04.0703 2336 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:17:04.0906 2336 drmkaud - ok
21:17:04.0984 2336 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:17:05.0140 2336 EapHost - ok
21:17:05.0187 2336 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:17:05.0328 2336 ERSvc - ok
21:17:05.0390 2336 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:17:05.0468 2336 Eventlog - ok
21:17:05.0546 2336 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
21:17:05.0578 2336 EventSystem - ok
21:17:05.0640 2336 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:17:05.0812 2336 Fastfat - ok
21:17:05.0906 2336 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:17:05.0921 2336 FastUserSwitchingCompatibility - ok
21:17:06.0078 2336 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
21:17:06.0250 2336 Fax - ok
21:17:06.0296 2336 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:17:06.0343 2336 Fdc - ok
21:17:06.0406 2336 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:17:06.0546 2336 Fips - ok
21:17:06.0593 2336 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:17:06.0843 2336 Flpydisk - ok
21:17:06.0906 2336 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:17:06.0953 2336 FltMgr - ok
21:17:07.0234 2336 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:17:07.0296 2336 FontCache3.0.0.0 - ok
21:17:07.0375 2336 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:17:07.0406 2336 Fs_Rec - ok
21:17:07.0453 2336 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:17:07.0500 2336 Ftdisk - ok
21:17:07.0671 2336 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:17:08.0062 2336 Gpc - ok
21:17:08.0328 2336 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:17:08.0765 2336 gupdate - ok
21:17:08.0843 2336 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:17:08.0843 2336 gupdatem - ok
21:17:08.0984 2336 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:17:09.0328 2336 gusvc - ok
21:17:09.0390 2336 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:17:09.0406 2336 HDAudBus - ok
21:17:09.0562 2336 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:17:09.0796 2336 helpsvc - ok
21:17:09.0812 2336 HidServ - ok
21:17:09.0859 2336 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:17:10.0156 2336 HidUsb - ok
21:17:10.0203 2336 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:17:10.0437 2336 hkmsvc - ok
21:17:10.0515 2336 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
21:17:10.0843 2336 hpn - ok
21:17:10.0937 2336 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:17:10.0968 2336 HTTP - ok
21:17:11.0218 2336 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:17:11.0421 2336 HTTPFilter - ok
21:17:11.0593 2336 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
21:17:11.0812 2336 i2omgmt - ok
21:17:11.0859 2336 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:17:12.0078 2336 i2omp - ok
21:17:12.0156 2336 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:17:12.0187 2336 i8042prt - ok
21:17:12.0453 2336 [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:17:13.0046 2336 IAANTMON - ok
21:17:15.0937 2336 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:17:20.0031 2336 ialm - ok
21:17:20.0187 2336 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
21:17:20.0234 2336 iaStor - ok
21:17:20.0765 2336 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:17:21.0812 2336 idsvc - ok
21:17:21.0875 2336 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\drivers\Imapi.sys
21:17:22.0343 2336 Imapi - ok
21:17:22.0453 2336 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:17:22.0687 2336 ImapiService - ok
21:17:22.0750 2336 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:17:23.0187 2336 ini910u - ok
21:17:25.0859 2336 [ 3FA02C6E3E9EBE8523A2D4E51D0ECE1F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:17:29.0109 2336 IntcAzAudAddService - ok
21:17:29.0187 2336 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:17:29.0421 2336 IntelIde - ok
21:17:29.0468 2336 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:17:29.0468 2336 intelppm - ok
21:17:29.0500 2336 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:17:29.0812 2336 Ip6Fw - ok
21:17:29.0875 2336 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:17:30.0203 2336 IpFilterDriver - ok
21:17:30.0250 2336 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:17:30.0328 2336 IpInIp - ok
21:17:30.0390 2336 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:17:30.0406 2336 IpNat - ok
21:17:30.0484 2336 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:17:30.0796 2336 IPSec - ok
21:17:30.0843 2336 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:17:31.0078 2336 IRENUM - ok
21:17:31.0187 2336 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:17:31.0687 2336 isapnp - ok
21:17:31.0984 2336 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
21:17:32.0171 2336 JavaQuickStarterService - ok
21:17:32.0250 2336 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:17:32.0515 2336 Kbdclass - ok
21:17:32.0546 2336 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:17:32.0796 2336 kmixer - ok
21:17:32.0859 2336 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:17:32.0875 2336 KSecDD - ok
21:17:32.0953 2336 [ 6C8658587E91EA25B0FD2E71781AD228 ] L1c C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
21:17:32.0968 2336 L1c - ok
21:17:33.0046 2336 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
21:17:33.0078 2336 LanmanServer - ok
21:17:33.0234 2336 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:17:33.0281 2336 lanmanworkstation - ok
21:17:33.0312 2336 lbrtfdc - ok
21:17:33.0406 2336 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:17:33.0640 2336 LmHosts - ok
21:17:33.0812 2336 [ C226CE46CD17FCE6261A9DE406F01C8B ] McAfee SiteAdvisor Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
21:17:34.0062 2336 McAfee SiteAdvisor Service - ok
21:17:34.0218 2336 [ 0FC36E77D779F8D021D338BDC7368181 ] mcmscsvc C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
21:17:34.0250 2336 mcmscsvc - ok
21:17:34.0437 2336 [ 2988E515570E4F8B9D9B256137F8E8F4 ] McNASvc c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
21:17:34.0890 2336 McNASvc - ok
21:17:35.0046 2336 [ 35180C22036174B76B448EE42747F6F0 ] McODS C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
21:17:35.0078 2336 McODS - ok
21:17:35.0171 2336 [ C85968D24449E37653B891B03188140C ] McProxy c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
21:17:35.0171 2336 McProxy - ok
21:17:35.0250 2336 [ D075DF11C65F1D370FCC5D3B976E6E72 ] McShield C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
21:17:35.0265 2336 McShield - ok
21:17:35.0359 2336 [ F2A433E0EA959028E349FB1D5BAE01E7 ] McSysmon C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
21:17:35.0406 2336 McSysmon - ok
21:17:35.0484 2336 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:17:35.0875 2336 Messenger - ok
21:17:35.0937 2336 [ BAFDD5E28BAEA99D7F4772AF2F5EC7EE ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
21:17:35.0937 2336 mfeavfk - ok
21:17:36.0000 2336 [ 1D003E3056A43D881597D6763E83B943 ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
21:17:36.0000 2336 mfebopk - ok
21:17:36.0078 2336 [ 3F138A1C8A0659F329F242D1E389B2CF ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
21:17:36.0078 2336 mfehidk - ok
21:17:36.0140 2336 [ 41FE2F288E05A6C8AB85DD56770FFBAD ] mferkdk C:\WINDOWS\system32\drivers\mferkdk.sys
21:17:36.0156 2336 mferkdk - ok
21:17:36.0218 2336 [ 096B52EA918AA909BA5903D79E129005 ] mfesmfk C:\WINDOWS\system32\drivers\mfesmfk.sys
21:17:36.0250 2336 mfesmfk - ok
21:17:36.0328 2336 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:17:36.0390 2336 mnmdd - ok
21:17:36.0453 2336 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:17:36.0562 2336 mnmsrvc - ok
21:17:36.0593 2336 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:17:37.0000 2336 Modem - ok
21:17:37.0968 2336 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
21:17:38.0984 2336 Monfilt - ok
21:17:39.0046 2336 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:17:39.0156 2336 Mouclass - ok
21:17:39.0250 2336 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:17:39.0328 2336 mouhid - ok
21:17:39.0437 2336 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:17:39.0500 2336 MountMgr - ok
21:17:39.0578 2336 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:17:39.0781 2336 MozillaMaintenance - ok
21:17:39.0859 2336 [ 136157E79849B9E5316BA4008D6075A8 ] MPFP C:\WINDOWS\system32\Drivers\Mpfp.sys
21:17:39.0859 2336 MPFP - ok
21:17:40.0015 2336 [ DB4D0DFE069E995B3F45CE4623ABFDD9 ] MpfService C:\Program Files\McAfee\MPF\MPFSrv.exe
21:17:40.0109 2336 MpfService - ok
21:17:40.0171 2336 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:17:40.0515 2336 mraid35x - ok
21:17:40.0593 2336 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:17:40.0718 2336 MRxDAV - ok
21:17:40.0828 2336 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:17:40.0843 2336 MRxSmb - ok
21:17:40.0921 2336 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:17:41.0000 2336 MSDTC - ok
21:17:41.0046 2336 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:17:41.0093 2336 Msfs - ok
21:17:41.0109 2336 MSIServer - ok
21:17:41.0250 2336 [ CF3C267356F458BE85C5034BFC382022 ] MSK80Service C:\Program Files\McAfee\MSK\MskSrver.exe
21:17:41.0250 2336 MSK80Service - ok
21:17:41.0312 2336 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:17:41.0687 2336 MSKSSRV - ok
21:17:41.0734 2336 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:17:41.0968 2336 MSPCLOCK - ok
21:17:42.0046 2336 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:17:42.0281 2336 MSPQM - ok
21:17:42.0375 2336 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:17:42.0390 2336 mssmbios - ok
21:17:42.0453 2336 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:17:42.0796 2336 MSTEE - ok
21:17:42.0859 2336 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:17:42.0890 2336 Mup - ok
21:17:42.0953 2336 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:17:43.0171 2336 NABTSFEC - ok
21:17:43.0234 2336 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:17:43.0531 2336 napagent - ok
21:17:43.0593 2336 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:17:44.0125 2336 NDIS - ok
21:17:44.0187 2336 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:17:44.0500 2336 NdisIP - ok
21:17:44.0593 2336 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:17:44.0609 2336 NdisTapi - ok
21:17:44.0718 2336 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:17:44.0781 2336 Ndisuio - ok
21:17:44.0843 2336 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:17:44.0984 2336 NdisWan - ok
21:17:45.0312 2336 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:17:45.0312 2336 NDProxy - ok
21:17:45.0421 2336 [ ED6B76CFBCF297054D478A8051124A88 ] NEOFLTR_719_20893 C:\WINDOWS\system32\Drivers\NEOFLTR_719_20893.SYS
21:17:45.0937 2336 NEOFLTR_719_20893 - ok
21:17:46.0046 2336 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:17:46.0281 2336 NetBIOS - ok
21:17:46.0343 2336 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:17:46.0875 2336 NetBT - ok
21:17:46.0953 2336 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:17:47.0093 2336 NetDDE - ok
21:17:47.0125 2336 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:17:47.0156 2336 NetDDEdsdm - ok
21:17:47.0234 2336 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:17:47.0250 2336 Netlogon - ok
21:17:47.0343 2336 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:17:47.0640 2336 Netman - ok
21:17:47.0765 2336 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:17:47.0843 2336 NetTcpPortSharing - ok
21:17:47.0937 2336 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:17:47.0984 2336 Nla - ok
21:17:48.0093 2336 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:17:48.0406 2336 Npfs - ok
21:17:48.0843 2336 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:17:49.0203 2336 Ntfs - ok
21:17:49.0250 2336 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:17:49.0312 2336 NtLmSsp - ok
21:17:49.0390 2336 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:17:49.0953 2336 NtmsSvc - ok
21:17:50.0031 2336 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:17:50.0093 2336 Null - ok
21:17:50.0140 2336 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:17:50.0203 2336 NwlnkFlt - ok
21:17:50.0359 2336 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:17:50.0750 2336 NwlnkFwd - ok
21:17:51.0046 2336 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:17:51.0421 2336 odserv - ok
21:17:51.0500 2336 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:17:51.0812 2336 ose - ok
21:17:51.0921 2336 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
21:17:52.0187 2336 Parport - ok
21:17:52.0250 2336 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:17:52.0593 2336 PartMgr - ok
21:17:52.0671 2336 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:17:52.0750 2336 ParVdm - ok
21:17:52.0859 2336 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:17:53.0046 2336 PCI - ok
21:17:53.0078 2336 PCIDump - ok
21:17:53.0109 2336 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:17:53.0203 2336 PCIIde - ok
21:17:53.0265 2336 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:17:53.0531 2336 Pcmcia - ok
21:17:53.0546 2336 PDCOMP - ok
21:17:53.0562 2336 PDFRAME - ok
21:17:53.0593 2336 PDRELI - ok
21:17:53.0609 2336 PDRFRAME - ok
21:17:53.0687 2336 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
21:17:54.0000 2336 perc2 - ok
21:17:54.0062 2336 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:17:54.0125 2336 perc2hib - ok
21:17:54.0218 2336 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:17:54.0265 2336 PlugPlay - ok
21:17:54.0281 2336 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:17:54.0296 2336 PolicyAgent - ok
21:17:54.0359 2336 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:17:54.0437 2336 PptpMiniport - ok
21:17:54.0453 2336 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:17:54.0484 2336 ProtectedStorage - ok
21:17:54.0531 2336 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:17:55.0046 2336 PSched - ok
21:17:55.0093 2336 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:17:55.0171 2336 Ptilink - ok
21:17:55.0234 2336 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:17:55.0281 2336 ql1080 - ok
21:17:55.0359 2336 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:17:55.0390 2336 Ql10wnt - ok
21:17:55.0453 2336 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:17:55.0531 2336 ql12160 - ok
21:17:55.0593 2336 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:17:55.0718 2336 ql1240 - ok
21:17:55.0828 2336 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:17:56.0046 2336 ql1280 - ok
21:17:56.0093 2336 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:17:56.0218 2336 RasAcd - ok
21:17:56.0296 2336 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:17:56.0921 2336 RasAuto - ok
21:17:57.0046 2336 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:17:57.0906 2336 Rasl2tp - ok
21:17:58.0062 2336 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:17:58.0468 2336 RasMan - ok
21:17:58.0546 2336 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:17:58.0625 2336 RasPppoe - ok
21:17:58.0687 2336 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:17:58.0765 2336 Raspti - ok
21:17:58.0875 2336 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:17:59.0187 2336 Rdbss - ok
21:17:59.0250 2336 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:17:59.0625 2336 RDPCDD - ok
21:17:59.0765 2336 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:17:59.0906 2336 rdpdr - ok
21:18:00.0093 2336 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:18:00.0250 2336 RDPWD - ok
21:18:00.0359 2336 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:18:00.0968 2336 RDSessMgr - ok
21:18:01.0015 2336 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:18:01.0062 2336 RemoteAccess - ok
21:18:01.0125 2336 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:18:01.0453 2336 RpcLocator - ok
21:18:01.0625 2336 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:18:01.0921 2336 RpcSs - ok
21:18:02.0062 2336 [ 7FFA9821B1C5E0E0667E0A2685CFB89F ] RSUSBSTOR C:\WINDOWS\system32\Drivers\RtsUStor.sys
21:18:02.0843 2336 RSUSBSTOR - ok
21:18:03.0000 2336 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:18:03.0703 2336 RSVP - ok
21:18:03.0984 2336 [ 8E250687E5F020CD337CC9D8252C0B56 ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe
21:18:04.0437 2336 RS_Service - ok
21:18:04.0468 2336 Rts516xIR - ok
21:18:04.0640 2336 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:18:04.0656 2336 SamSs - ok
21:18:04.0734 2336 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:18:04.0859 2336 SCardSvr - ok
21:18:04.0968 2336 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:18:05.0593 2336 Schedule - ok
21:18:05.0718 2336 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:18:05.0796 2336 Secdrv - ok
21:18:06.0015 2336 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:18:06.0390 2336 seclogon - ok
21:18:06.0500 2336 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:18:07.0031 2336 SENS - ok
21:18:07.0125 2336 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
21:18:07.0531 2336 Serial - ok
21:18:07.0671 2336 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:18:07.0796 2336 Sfloppy - ok
21:18:08.0000 2336 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:18:08.0828 2336 SharedAccess - ok
21:18:08.0921 2336 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:18:08.0984 2336 ShellHWDetection - ok
21:18:09.0000 2336 Simbad - ok
21:18:09.0078 2336 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:18:09.0156 2336 sisagp - ok
21:18:09.0203 2336 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:18:09.0765 2336 SLIP - ok
21:18:10.0546 2336 [ C792610F7D2009352721C1AE38DA0619 ] SNP2UVC C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
21:18:11.0687 2336 SNP2UVC - ok
21:18:11.0796 2336 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:18:11.0937 2336 Sparrow - ok
21:18:11.0984 2336 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:18:12.0109 2336 splitter - ok
21:18:12.0218 2336 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:18:12.0265 2336 Spooler - ok
21:18:12.0375 2336 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:18:12.0765 2336 sr - ok
21:18:12.0984 2336 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:18:13.0390 2336 srservice - ok
21:18:13.0625 2336 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:18:13.0703 2336 Srv - ok
21:18:13.0843 2336 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:18:14.0468 2336 SSDPSRV - ok
21:18:14.0640 2336 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:18:14.0984 2336 stisvc - ok
21:18:15.0046 2336 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:18:15.0265 2336 streamip - ok
21:18:15.0343 2336 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:18:15.0765 2336 swenum - ok
21:18:15.0843 2336 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:18:16.0218 2336 swmidi - ok
21:18:16.0234 2336 SwPrv - ok
21:18:16.0296 2336 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
21:18:16.0609 2336 symc810 - ok
21:18:16.0671 2336 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:18:16.0984 2336 symc8xx - ok
21:18:17.0031 2336 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:18:17.0109 2336 sym_hi - ok
21:18:17.0203 2336 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:18:17.0609 2336 sym_u3 - ok
21:18:17.0734 2336 [ 5C3E900F41426A372DE60675AFC8AA07 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:18:18.0203 2336 SynTP - ok
21:18:18.0265 2336 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:18:18.0296 2336 sysaudio - ok
21:18:18.0343 2336 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:18:18.0609 2336 SysmonLog - ok
21:18:18.0734 2336 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:18:18.0984 2336 TapiSrv - ok
21:18:19.0093 2336 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:18:19.0250 2336 Tcpip - ok
21:18:19.0312 2336 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:18:19.0578 2336 TDPIPE - ok
21:18:19.0640 2336 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:18:20.0078 2336 TDTCP - ok
21:18:20.0171 2336 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:18:20.0515 2336 TermDD - ok
21:18:20.0671 2336 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:18:20.0921 2336 TermService - ok
21:18:20.0984 2336 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:18:21.0015 2336 Themes - ok
21:18:21.0093 2336 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
21:18:21.0140 2336 TosIde - ok
21:18:21.0234 2336 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:18:21.0453 2336 TrkWks - ok
21:18:21.0578 2336 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:18:21.0890 2336 Udfs - ok
21:18:21.0984 2336 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
21:18:22.0484 2336 ultra - ok
21:18:22.0609 2336 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
21:18:22.0796 2336 UMWdf - ok
21:18:23.0046 2336 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:18:23.0640 2336 Update - ok
21:18:23.0750 2336 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:18:24.0453 2336 upnphost - ok
21:18:24.0546 2336 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:18:25.0000 2336 UPS - ok
21:18:25.0140 2336 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:18:25.0593 2336 usbccgp - ok
21:18:25.0609 2336 USBCCID - ok
21:18:25.0703 2336 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:18:25.0906 2336 usbehci - ok
21:18:25.0984 2336 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:18:26.0328 2336 usbhub - ok
21:18:26.0406 2336 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:18:26.0500 2336 USBSTOR - ok
21:18:26.0578 2336 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:18:26.0984 2336 usbuhci - ok
21:18:27.0078 2336 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
21:18:27.0468 2336 usbvideo - ok
21:18:27.0640 2336 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:18:27.0953 2336 VgaSave - ok
21:18:28.0015 2336 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:18:28.0375 2336 viaagp - ok
21:18:28.0453 2336 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
21:18:28.0812 2336 ViaIde - ok
21:18:28.0890 2336 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:18:29.0421 2336 VolSnap - ok
21:18:29.0484 2336 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:18:30.0421 2336 VSS - ok
21:18:30.0531 2336 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
21:18:30.0796 2336 W32Time - ok
21:18:30.0875 2336 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:18:30.0937 2336 Wanarp - ok
21:18:31.0093 2336 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
21:18:31.0656 2336 Wdf01000 - ok
21:18:31.0687 2336 WDICA - ok
21:18:31.0765 2336 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:18:32.0078 2336 wdmaud - ok
21:18:32.0171 2336 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:18:32.0531 2336 WebClient - ok
21:18:32.0828 2336 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:18:32.0906 2336 winmgmt - ok
21:18:33.0109 2336 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:18:33.0500 2336 WmdmPmSN - ok
21:18:33.0578 2336 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:18:33.0609 2336 WmiAcpi - ok
21:18:33.0687 2336 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:18:33.0796 2336 WmiApSrv - ok
21:18:33.0906 2336 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:18:34.0406 2336 wscsvc - ok
21:18:34.0453 2336 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:18:34.0515 2336 WSTCODEC - ok
21:18:34.0625 2336 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:18:34.0921 2336 wuauserv - ok
21:18:35.0062 2336 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:18:35.0500 2336 WZCSVC - ok
21:18:35.0609 2336 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:18:35.0843 2336 xmlprov - ok
21:18:35.0875 2336 ================ Scan global ===============================
21:18:35.0953 2336 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:18:36.0250 2336 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:18:36.0453 2336 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:18:36.0546 2336 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:18:36.0562 2336 [Global] - ok
21:18:36.0562 2336 ================ Scan MBR ==================================
21:18:36.0609 2336 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:18:44.0671 2336 \Device\Harddisk0\DR0 - ok
21:18:44.0671 2336 ================ Scan VBR ==================================
21:18:44.0718 2336 [ 561323FD71E5A27C214C57C8CB710780 ] \Device\Harddisk0\DR0\Partition1
21:18:44.0765 2336 \Device\Harddisk0\DR0\Partition1 - ok
21:18:44.0765 2336 ============================================================
21:18:44.0765 2336 Scan finished
21:18:44.0765 2336 ============================================================
21:18:44.0796 2328 Detected object count: 0
21:18:44.0796 2328 Actual detected object count: 0
21:34:02.0453 2460 Deinitialize success



From ASW:


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-11 22:04:12
-----------------------------
22:04:12.750 OS Version: Windows 5.1.2600 Service Pack 3
22:04:12.750 Number of processors: 2 586 0x1C02
22:04:12.750 ComputerName: ZEPHYR UserName: Cherie
22:04:13.625 Initialize success
22:04:14.328 AVAST engine defs: 12090101
22:04:18.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:04:18.171 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
22:04:18.218 Disk 0 MBR read successfully
22:04:18.218 Disk 0 MBR scan
22:04:18.234 Disk 0 Windows VISTA default MBR code
22:04:18.234 Disk 0 Partition 1 00 12 Compaq diag NTFS 10244 MB offset 63
22:04:18.250 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142381 MB offset 20981760
22:04:18.281 Disk 0 scanning sectors +312578048
22:04:18.406 Disk 0 scanning C:\WINDOWS\system32\drivers
22:04:39.109 Service scanning
22:05:07.500 Modules scanning
22:05:25.562 Disk 0 trace - called modules:
22:05:25.593 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
22:05:25.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8635c030]
22:05:25.625 3 CLASSPNP.SYS[f767dfd7] -> nt!IofCallDriver -> \Device\0000006b[0x86334200]
22:05:25.640 5 ACPI.sys[f75f4620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86354030]
22:05:26.468 AVAST engine scan C:\WINDOWS
22:05:59.640 AVAST engine scan C:\WINDOWS\system32
22:08:52.437 AVAST engine scan C:\WINDOWS\system32\drivers
22:09:07.328 AVAST engine scan C:\Documents and Settings\Cherie
22:25:09.734 AVAST engine scan C:\Documents and Settings\All Users
22:26:30.515 Scan finished successfully
22:26:51.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Cherie\My Documents\MBR.dat"
22:26:51.640 The log file has been saved successfully to "C:\Documents and Settings\Cherie\My Documents\aswMBR.txt"



From ESET:

C:\Documents and Settings\Cherie\Local Settings\Temp\0.22773268252013656 a variant of Win32/Kryptik.AIZP trojan cleaned by deleting - quarantined



Thanks in advance!

#4 tatanka7

tatanka7
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 12 December 2012 - 01:25 AM

Still occasionally redirecting. Thanks.

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:30 AM

Posted 13 December 2012 - 01:49 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#6 tatanka7

tatanka7
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 20 December 2012 - 12:42 AM

Sorry. Holidays interfered.

From Malwarebytes:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.13.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Cherie :: ZEPHYR [administrator]

12/13/2012 12:07:45 PM
mbam-log-2012-12-13 (12-07-45).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 259470
Time elapsed: 1 hour(s), 38 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


From Mini-Toolbox:


MiniToolBox by Farbar Version: 25-11-2012
Ran by Cherie (administrator) on 13-12-2012 at 14:03:27
Running from "C:\Documents and Settings\Cherie\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 802.11g Network Adapter = Wireless Network Connection (Connected)
Atheros AR8132 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : Zephyr Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : netgear.comEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Atheros AR8132 PCI-E Fast Ethernet Controller Physical Address. . . . . . . . . : 00-26-22-74-44-89Ethernet adapter Wireless Network Connection: Connection-specific DNS Suffix . : netgear.com Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter Physical Address. . . . . . . . . : 0C-EE-E6-D3-43-67 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.254.23 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.254.254 DHCP Server . . . . . . . . . . . : 192.168.254.254 DNS Servers . . . . . . . . . . . : 192.168.254.254 Lease Obtained. . . . . . . . . . : Thursday, December 13, 2012 10:52:09 AM Lease Expires . . . . . . . . . . : Friday, December 14, 2012 10:52:09 AMServer: dslrouter.netgear.com
Address: 192.168.254.254

Name: google.com
Addresses: 74.125.225.8, 74.125.225.9, 74.125.225.14, 74.125.225.0
74.125.225.1, 74.125.225.2, 74.125.225.3, 74.125.225.4, 74.125.225.5
74.125.225.6, 74.125.225.7

Pinging google.com [74.125.225.7] with 32 bytes of data:Reply from 74.125.225.7: bytes=32 time=48ms TTL=56Reply from 74.125.225.7: bytes=32 time=50ms TTL=56Ping statistics for 74.125.225.7: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 48ms, Maximum = 50ms, Average = 49msServer: dslrouter.netgear.com
Address: 192.168.254.254

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:Reply from 72.30.38.140: bytes=32 time=173ms TTL=52Reply from 72.30.38.140: bytes=32 time=115ms TTL=52Ping statistics for 72.30.38.140: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 115ms, Maximum = 173ms, Average = 144msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 26 22 74 44 89 ...... Atheros AR8132 PCI-E Fast Ethernet Controller - Packet Scheduler Miniport
0x3 ...0c ee e6 d3 43 67 ...... Broadcom 802.11g Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.254.254 192.168.254.23 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.254.0 255.255.255.0 192.168.254.23 192.168.254.23 25
192.168.254.23 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.254.255 255.255.255.255 192.168.254.23 192.168.254.23 25
224.0.0.0 240.0.0.0 192.168.254.23 192.168.254.23 25
255.255.255.255 255.255.255.255 192.168.254.23 192.168.254.23 1
255.255.255.255 255.255.255.255 192.168.254.23 2 1
Default Gateway: 192.168.254.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/07/2012 09:55:41 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/07/2012 09:55:41 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/07/2012 09:55:41 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/07/2012 09:55:41 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/07/2012 09:55:41 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/07/2012 09:55:41 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/07/2012 09:55:40 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/07/2012 09:55:40 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/07/2012 09:55:40 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/07/2012 09:55:40 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (12/09/2012 02:57:47 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.77 for the Network Card with network address 0CEEE6D34367 has been
denied by the DHCP server 10.42.0.198 (The DHCP Server sent a DHCPNACK message).

Error: (11/26/2012 08:16:22 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.3 for the Network Card with network address 0CEEE6D34367 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (11/24/2012 00:14:24 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Error: (11/14/2012 09:27:17 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.3 for the Network Card with network address 0CEEE6D34367 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (11/11/2012 02:21:21 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (11/11/2012 02:21:21 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (11/11/2012 02:21:21 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (11/11/2012 02:21:21 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (11/11/2012 02:21:21 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (11/11/2012 02:21:21 AM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Acer Crystal Eye webcam (Version: 0.73)
Acer eRecovery Management (Version: 4.00.3010)
Acer ScreenSaver (Version: 1.0.3.0303)
Acer VCM (Version: 4.00.3009)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Digital Editions 2.0 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.16)
avast! Free Antivirus (Version: 7.0.1456.0)
Bookworm Adventures
C:\Program Files\Acer GameZone\GameConsole (Version: 3.0.0.1)
Cake Mania 2
Chicken Invaders 2
Choice Guard (Version: 1.2.87.0)
Citrix XenApp Web Plugin (Version: 11.0.150.5357)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
doPDF 7.2 printer
Dream Day First Home
ESET Online Scanner v3
eSobi v2 (Version: 2.0.3.000224)
Fizzball
Galapago
Gold Miner Vegas
Google Update Helper (Version: 1.3.21.123)
GoToMeeting 5.2.0.952 (Version: 5.2.0.952)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 29 (Version: 6.0.290)
JavaFX 2.1.0 (Version: 2.1.0)
Jewelleria
Juniper Citrix Services Client (Version: 7.1.9.20893)
Juniper Networks Secure Application Manager (Version: 7.1.9.20893)
Juniper Networks, Inc. Setup Client (Version: 7.1.9.20595)
Juniper Networks, Inc. Setup Client Activex Control (Version: 2.1.1.1)
Junk Mail filter update (Version: 14.0.8064.206)
Launch Manager (Version: 2.0.07)
Luxor - Amun Rising
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
McAfee SecurityCenter
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Realtek High Definition Audio Driver (Version: 5.10.0.5928)
Segoe UI (Version: 14.0.4327.805)
Supercow
Synaptics Pointing Device Driver (Version: 12.2.2.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB971930) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB2.0 Card Reader Software (Version: 6.0.6000.81)
Usmleworld QBank
WebCam (Version: 5.8.52.004)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8064.0206)
Windows Live Essentials (Version: 14.0.8064.206)
Windows Live Mail (Version: 14.0.8064.0206)
Windows Live Messenger (Version: 14.0.8064.0206)
Windows Live Photo Gallery (Version: 14.0.8064.206)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8064.0206)
Windows Media Format Runtime
Windows Media Player 10
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 55%
Total physical RAM: 1013.87 MB
Available physical RAM: 454.83 MB
Total Pagefile: 2443.91 MB
Available Pagefile: 1987.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.31 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:139.04 GB) (Free:117.45 GB) NTFS

========================= Users: ========================================

User accounts for \\ZEPHYR

Administrator Cherie Guest
HelpAssistant SUPPORT_388945a0

========================= Restore Points ==================================

15-09-2012 00:39:52 Software Distribution Service 3.0
16-09-2012 03:43:43 Software Distribution Service 3.0
18-09-2012 00:24:42 Software Distribution Service 3.0
19-09-2012 01:14:32 System Checkpoint
20-09-2012 01:33:55 Software Distribution Service 3.0
21-09-2012 03:58:44 Software Distribution Service 3.0
22-09-2012 05:08:45 System Checkpoint
22-09-2012 06:32:46 Software Distribution Service 3.0
22-09-2012 14:24:58 Software Distribution Service 3.0
23-09-2012 07:03:41 Software Distribution Service 3.0
23-09-2012 14:37:50 Software Distribution Service 3.0
25-09-2012 02:57:23 Software Distribution Service 3.0
26-09-2012 23:38:52 Software Distribution Service 3.0
28-09-2012 00:30:29 Software Distribution Service 3.0
01-10-2012 06:04:21 Software Distribution Service 3.0
02-10-2012 06:09:35 Software Distribution Service 3.0
03-10-2012 00:54:59 Software Distribution Service 3.0
04-10-2012 05:44:58 Software Distribution Service 3.0
06-10-2012 00:30:45 Software Distribution Service 3.0
07-10-2012 20:33:41 Software Distribution Service 3.0
09-10-2012 02:38:20 Software Distribution Service 3.0
10-10-2012 04:05:34 Restore Operation
11-10-2012 06:30:23 Software Distribution Service 3.0
12-10-2012 05:42:28 Software Distribution Service 3.0
13-10-2012 15:31:27 System Checkpoint
15-10-2012 03:29:41 System Checkpoint
16-10-2012 03:36:42 System Checkpoint
16-10-2012 23:26:59 Installed Java 7 Update 9
18-10-2012 00:14:19 System Checkpoint
19-10-2012 00:30:52 System Checkpoint
22-10-2012 17:04:51 System Checkpoint
24-10-2012 00:20:38 System Checkpoint
25-10-2012 02:21:59 System Checkpoint
26-10-2012 03:15:47 System Checkpoint
30-10-2012 03:30:27 System Checkpoint
01-11-2012 02:07:57 System Checkpoint
02-11-2012 02:09:58 System Checkpoint
06-11-2012 04:56:30 System Checkpoint
07-11-2012 05:58:24 System Checkpoint
09-11-2012 05:25:14 System Checkpoint
11-11-2012 08:20:38 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
13-11-2012 05:45:04 System Checkpoint
14-11-2012 07:17:18 Software Distribution Service 3.0
15-11-2012 07:31:04 System Checkpoint
17-11-2012 07:03:20 System Checkpoint
19-11-2012 05:34:03 System Checkpoint
22-11-2012 02:45:14 System Checkpoint
23-11-2012 05:41:45 System Checkpoint
24-11-2012 19:10:48 System Checkpoint
27-11-2012 02:43:26 System Checkpoint
28-11-2012 03:30:08 System Checkpoint
01-12-2012 06:51:50 System Checkpoint
03-12-2012 02:32:35 System Checkpoint
13-12-2012 16:22:30 Software Distribution Service 3.0

**** End of log ****


From FARBAR service scanner:


Farbar Service Scanner Version: 10-12-2012
Ran by Cherie (administrator) on 13-12-2012 at 14:13:16
Running from "C:\Documents and Settings\Cherie\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(9) Gpc(6) IPSec(4) MPFP(8) NEOFLTR_719_20893(10) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****


From adware cleaner:


# AdwCleaner v2.100 - Logfile created 12/13/2012 at 14:51:42
# Updated 09/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Cherie - ZEPHYR
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Cherie\My Documents\Downloads\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Cherie\Application Data\Mozilla\Firefox\Profiles\t9e3et2a.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Cherie\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1160 octets] - [13/12/2012 14:51:42]

########## EOF - C:\AdwCleaner[S1].txt - [1220 octets] ##########


From Junkware Removal Tool:



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.1.1 (12.13.2012:1)
OS: Microsoft Windows XP x86
Ran by Cherie on Thu 12/13/2012 at 15:15:28.12
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Cherie\Application Data\mozilla\firefox\profiles\t9e3et2a.default\extensions\jhrhspgelb@jhrhspgelb.org.xpi [Tracur]
Successfully deleted the following from C:\Documents and Settings\Cherie\Application Data\mozilla\firefox\profiles\t9e3et2a.default\prefs.js

user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.baidu.com.url", "^http\\:\\/\\/www\\.baidu\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.excite.com.style", "");
user_pref("extensions.wrc.SearchRules.excite.com.url", "^http\\:\\/\\/msxml\\.excite\\.com\\/search\\/.*");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/13/2012 at 15:36:16.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Thanks.

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:30 AM

Posted 23 December 2012 - 10:00 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here


Current issues?

#8 tatanka7

tatanka7
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 30 December 2012 - 03:52 PM

From RKill:

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/30/2012 02:30:27 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/30/2012 02:32:19 PM
Execution time: 0 hours(s), 1 minute(s), and 52 seconds(s)



From Autorun:


"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "avast" "avast! Antivirus" "AVAST Software" "c:\program files\avast software\avast\avastui.exe"
+ "AzMixerSel" "Azalia Mixer Selector" "Realtek Semiconductor Corp." "c:\program files\realtek\audio\drivers\azmixersel.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IAAnotif" "Event Monitor User Notification Tool" "Intel Corporation" "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "LManager" "Launch Manager" "Dritek System Inc." "c:\program files\launch manager\lmanager.exe"
+ "mcagent_exe" "McAfee Integrated Security Platform" "McAfee, Inc." "c:\program files\mcafee.com\agent\mcagent.exe"
+ "MSPY2002" "" "" "c:\windows\system32\ime\pintlgnt\imscinst.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "PLFSetL" "DefaultSettingEXE" "sonix" "c:\windows\plfsetl.exe"
+ "RTHDCPL" "Realtek HD Audio Control Panel" "Realtek Semiconductor Corp." "c:\windows\rthdcpl.exe"
+ "snp2uvc" "The utilities for device installation" " " "c:\windows\system32\csnp2uvc.dll"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "Acer VCM.lnk" "Acer VCM" "Acer Incorporated" "c:\program files\acer\acer vcm\acervcm.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "dssrequest" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8064.0206.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8064.0206.dll"
+ "sacore" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\acer\acer vcm\skype4com.dll"
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "McCtxMenu" "McAfee VirusScan - Context Menu" "McAfee, Inc." "c:\program files\mcafee\virusscan\mcctxmnu.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "McCtxMenu" "McAfee VirusScan - Context Menu" "McAfee, Inc." "c:\program files\mcafee\virusscan\mcctxmnu.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "McAfee Phishing Filter" "" "" "c:\program files\mcafee\msk\mskapbho.dll"
+ "McAfee SiteAdvisor BHO" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
+ "scriptproxy" "VSCore Script Scanner" "McAfee, Inc." "c:\program files\mcafee\virusscan\scriptsn.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "McAfee SiteAdvisor Toolbar" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
+ "McAfee SiteAdvisor" "SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcieplg.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files\windows live\writer\writerbrowserextension.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.5 r502" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "avast! Emergency Update.job" "avast! Emergency Update" "AVAST Software" "c:\program files\avast software\avast\avastemupdate.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "Microsoft Antimalware Scheduled Scan.job" "" "" "File not found: c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll"
+ "avast! Antivirus" "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler." "AVAST Software" "c:\program files\avast software\avast\avastsvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "IAANTMON" "RAID Monitor" "Intel Corporation" "c:\program files\intel\intel matrix storage manager\iaantmon.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\java\jre7\bin\jqs.exe"
+ "McAfee SiteAdvisor Service" "Provides low-level support for McAfee SiteAdvisor" "McAfee, Inc." "c:\program files\mcafee\siteadvisor\mcsacore.exe"
+ "mcmscsvc" "McAfee Services" "McAfee, Inc." "c:\program files\mcafee\msc\mcmscsvc.exe"
+ "McNASvc" "Allows McAfee applications to communicate securely on the local network." "McAfee, Inc." "c:\program files\common files\mcafee\mna\mcnasvc.exe"
+ "McODS" "McAfee Scanner" "McAfee, Inc." "c:\program files\mcafee\virusscan\mcods.exe"
+ "McProxy" "McAfee Proxy Service" "McAfee, Inc." "c:\program files\common files\mcafee\mcproxy\mcproxy.exe"
+ "McShield" "McAfee Real-time Scanner" "McAfee, Inc." "c:\program files\mcafee\virusscan\mcshield.exe"
+ "McSysmon" "McAfee SystemGuards" "McAfee, Inc." "c:\program files\mcafee\virusscan\mcsysmon.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "MpfService" "Helps protect your computer from intrusion and let's you manage your computer's trusted programs." "McAfee, Inc." "c:\program files\mcafee\mpf\mpfsrv.exe"
+ "MSK80Service" "This service filters e-mail messages on your computer" "McAfee, Inc." "c:\program files\mcafee\msk\msksrver.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "RS_Service" "Acer VCM Raw Socket Service" "Acer Incorporated" "c:\program files\acer\acer vcm\rs_service.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Aavmker4" "avast! Asynchronous Virus Monitor" "AVAST Software" "c:\windows\system32\drivers\aavmker4.sys"
+ "Ambfilt" "Creative WDM 3D Audio Driver" "Creative" "c:\windows\system32\drivers\ambfilt.sys"
+ "aswFsBlk" "avast! mini-filter driver (aswFsBlk)" "AVAST Software" "c:\windows\system32\drivers\aswfsblk.sys"
+ "aswMon2" "avast! Standard Shield Support" "AVAST Software" "c:\windows\system32\drivers\aswmon2.sys"
+ "aswRdr" "avast! TDI Redirect driver" "AVAST Software" "c:\windows\system32\drivers\aswrdr.sys"
+ "aswSnx" "avast! virtualization driver (aswSnx)" "AVAST Software" "c:\windows\system32\drivers\aswsnx.sys"
+ "aswSP" "avast! Self Protection" "AVAST Software" "c:\windows\system32\drivers\aswsp.sys"
+ "aswTdi" "avast! Network Shield TDI driver" "AVAST Software" "c:\windows\system32\drivers\aswtdi.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl5.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "DKbFltr" "Dritek PS2 Keyboard Filter Driver" "Dritek System Inc." "c:\windows\system32\drivers\dkbfltr.sys"
+ "DritekPortIO" "General Port I/O" "Dritek System Inc." "c:\program files\launch manager\dportio.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\igxpmp32.sys"
+ "iaStor" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkhdaud.sys"
+ "L1c" "Atheros AR8131/AR8132 PCI-E Ethernet Controller ndis miniport driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\l1c51x86.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "mfeavfk" "Anti-Virus File System Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeavfk.sys"
+ "mfebopk" "Buffer Overflow Protection Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfebopk.sys"
+ "mfehidk" "Host Intrusion Detection Link Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfehidk.sys"
+ "mferkdk" "VSCore Code Analysis Driver" "McAfee, Inc." "c:\windows\system32\drivers\mferkdk.sys"
+ "mfesmfk" "System Monitor Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfesmfk.sys"
+ "Monfilt" "Creative WDM Audio Driver (32-bit)" "Creative Technology Ltd." "c:\windows\system32\drivers\monfilt.sys"
+ "MPFP" "McAfee Personal Firewall Plus Driver" "McAfee, Inc." "c:\windows\system32\drivers\mpfp.sys"
+ "NEOFLTR_719_20893" "NetBIOS Redirector" "Juniper Networks" "c:\windows\system32\drivers\neofltr_719_20893.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys"
+ "Rts516xIR" "" "" "File not found: system32\DRIVERS\Rts516xIR.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SNP2UVC" "UVC Camera Streaming Driver" "" "c:\windows\system32\drivers\snp2uvc.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "USBCCID" "" "" "File not found: system32\DRIVERS\Rts5161ccid.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Acer Siren Decoding Filter" "Acer Siren Audio Decoding Filter" "Acer Incoporated" "c:\program files\acer\acer vcm\acersirendec.dll"
+ "Acer SirenEncoding Filter" "Acer Siren Audio Encoding Filter" "Acer Incoporated" "c:\program files\acer\acer vcm\acersirenenc.dll"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "EXP WMV9 Encoding Filter" "Acer WMV9 Encoding Filter" "Acer Incoporated" "c:\program files\acer\acer vcm\acerwmv9enc.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "doPDF 7 Monitor" "doPDF Port Monitor" "Softland" "c:\windows\system32\dopdfmn7.dll"


Well, I've been playing with the laptop here and there after the big scan (the ones that you had me do last time), and google searches have not been redirected at any time...so I think I might be in the clear? Did you find anything in the files? It's been acting fine for the last week, so I'm thinking one of the big scans that you had me do cleared it up? Thank you so much; I really really appreciate it...you guys are brilliant!

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:30 AM

Posted 01 January 2013 - 08:57 AM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users