Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple attack attempts from proxy empire


  • Please log in to reply
11 replies to this topic

#1 Deep_Thought

Deep_Thought

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:03 AM

Posted 09 January 2013 - 11:36 PM

Hi. Things had been good since the last time I came here for help until tonight. Kaspersky is going nuts alerting me about an attempted trojan/redirector attack from a site called proxyempire dot com. (Not typing the full link for obvious reasons.) Kaspersky seems like it keeps denying or blocking the attack, but the alerts keep coming up every single time I try to open a new tab or browse any sites in Firefox. I tried using Internet Explorer for a little while, and nothing happened while using that. I'm not sure what to do here. I ran a few quick scans which didn't detect anything on my computer, but something is trying really hard to infect me.

I'm including links to some screenshots I took earlier to help show you what I'm talking about.

http://i1282.photobucket.com/albums/a529/Deep_Th0ught/AV%20screenshots/proxyempire_attempted_attack.jpg

http://i1282.photobucket.com/albums/a529/Deep_Th0ught/AV%20screenshots/Kaspersky_detected_threats.jpg

Please help.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:03 AM

Posted 10 January 2013 - 12:49 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Deep_Thought

Deep_Thought
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:03 AM

Posted 12 January 2013 - 02:43 AM

Here are the logs. ESET didn't find anything, so it doesn't have one. From what I'm seeing so far, there isn't a virus on my computer, but something keeps trying to infect my computer whenever I use Firefox.

TDSSKiller log

04:08:07.0203 2232 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
04:08:09.0000 2232 ============================================================
04:08:09.0000 2232 Current date / time: 2013/01/10 04:08:09.0000
04:08:09.0000 2232 SystemInfo:
04:08:09.0000 2232
04:08:09.0000 2232 OS Version: 5.1.2600 ServicePack: 3.0
04:08:09.0000 2232 Product type: Workstation
04:08:09.0000 2232 ComputerName: C0MPUTER
04:08:09.0000 2232 UserName: Me
04:08:09.0000 2232 Windows directory: C:\WINDOWS
04:08:09.0000 2232 System windows directory: C:\WINDOWS
04:08:09.0000 2232 Processor architecture: Intel x86
04:08:09.0000 2232 Number of processors: 1
04:08:09.0000 2232 Page size: 0x1000
04:08:09.0000 2232 Boot type: Normal boot
04:08:09.0015 2232 ============================================================
04:08:15.0390 2232 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
04:08:15.0406 2232 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
04:08:15.0437 2232 ============================================================
04:08:15.0437 2232 \Device\Harddisk1\DR1:
04:08:15.0437 2232 MBR partitions:
04:08:15.0437 2232 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
04:08:15.0437 2232 \Device\Harddisk0\DR0:
04:08:15.0437 2232 MBR partitions:
04:08:15.0437 2232 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x36EE8318
04:08:15.0437 2232 ============================================================
04:08:15.0515 2232 C: <-> \Device\Harddisk1\DR1\Partition1
04:08:15.0515 2232 F: <-> \Device\Harddisk0\DR0\Partition1
04:08:15.0515 2232 ============================================================
04:08:15.0515 2232 Initialize success
04:08:15.0515 2232 ============================================================
04:08:37.0312 5624 ============================================================
04:08:37.0312 5624 Scan started
04:08:37.0312 5624 Mode: Manual; TDLFS;
04:08:37.0312 5624 ============================================================
04:08:46.0000 5624 ================ Scan system memory ========================
04:08:46.0015 5624 System memory - ok
04:08:46.0015 5624 ================ Scan services =============================
04:08:49.0968 5624 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\_Anti-virus 02\SUPERAntiSpyware\SASCORE.EXE
04:08:50.0046 5624 !SASCORE - ok
04:08:54.0296 5624 Abiosdsk - ok
04:08:54.0312 5624 abp480n5 - ok
04:08:54.0359 5624 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
04:08:54.0812 5624 ACPI - ok
04:08:54.0859 5624 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
04:08:54.0859 5624 ACPIEC - ok
04:08:54.0890 5624 [ 4D426790FB0728FF666608FB74B69C24 ] ADM8211 C:\WINDOWS\system32\DRIVERS\ADM8211.sys
04:08:54.0890 5624 ADM8211 - ok
04:08:54.0921 5624 adpu160m - ok
04:08:54.0953 5624 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
04:08:54.0968 5624 aec - ok
04:08:55.0015 5624 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
04:08:55.0031 5624 AFD - ok
04:08:55.0078 5624 [ 14BA5CA5D11771CE8E8B6CC6830A2436 ] afw C:\WINDOWS\system32\DRIVERS\afw.sys
04:08:55.0078 5624 afw - ok
04:08:55.0109 5624 [ 1F3D61965A9BD278A205D3062176E45C ] afwcore C:\WINDOWS\system32\drivers\afwcore.sys
04:08:55.0453 5624 afwcore - ok
04:08:55.0468 5624 Aha154x - ok
04:08:55.0484 5624 aic78u2 - ok
04:08:55.0515 5624 aic78xx - ok
04:08:55.0546 5624 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
04:08:55.0546 5624 Alerter - ok
04:08:55.0593 5624 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
04:08:55.0593 5624 ALG - ok
04:08:55.0609 5624 AliIde - ok
04:08:55.0625 5624 amsint - ok
04:08:55.0656 5624 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
04:08:55.0671 5624 AppMgmt - ok
04:08:55.0687 5624 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
04:08:55.0703 5624 Arp1394 - ok
04:08:55.0718 5624 asc - ok
04:08:55.0734 5624 asc3350p - ok
04:08:55.0750 5624 asc3550 - ok
04:08:55.0828 5624 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
04:08:55.0843 5624 aspnet_state - ok
04:08:55.0890 5624 [ 722213A5C09B21C0E6E61F4082F0C683 ] ASWFilt C:\WINDOWS\system32\Filt\ASWFilt.dll
04:08:55.0906 5624 ASWFilt - ok
04:08:55.0937 5624 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
04:08:55.0937 5624 AsyncMac - ok
04:08:55.0984 5624 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
04:08:55.0984 5624 atapi - ok
04:08:56.0000 5624 Atdisk - ok
04:08:56.0046 5624 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
04:08:56.0046 5624 Atmarpc - ok
04:08:56.0078 5624 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
04:08:56.0078 5624 AudioSrv - ok
04:08:56.0125 5624 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
04:08:56.0125 5624 audstub - ok
04:08:56.0265 5624 [ 3D19081FEDE8E9EF5B4FBB5F88EE4544 ] AVP C:\_Anti-virus 02\Kaspersky\avp.exe
04:08:56.0265 5624 AVP - ok
04:08:56.0343 5624 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
04:08:56.0343 5624 Beep - ok
04:08:56.0406 5624 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
04:08:56.0421 5624 BITS - ok
04:08:56.0468 5624 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
04:08:56.0468 5624 Browser - ok
04:08:56.0546 5624 catchme - ok
04:08:56.0578 5624 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
04:08:56.0593 5624 cbidf2k - ok
04:08:56.0625 5624 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
04:08:56.0625 5624 CCDECODE - ok
04:08:56.0640 5624 cd20xrnt - ok
04:08:56.0687 5624 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
04:08:56.0687 5624 Cdaudio - ok
04:08:56.0734 5624 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
04:08:56.0734 5624 Cdfs - ok
04:08:56.0781 5624 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
04:08:56.0781 5624 Cdrom - ok
04:08:56.0812 5624 Changer - ok
04:08:56.0843 5624 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
04:08:56.0843 5624 CiSvc - ok
04:08:56.0875 5624 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
04:08:56.0875 5624 ClipSrv - ok
04:08:56.0906 5624 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:08:56.0953 5624 clr_optimization_v2.0.50727_32 - ok
04:08:56.0968 5624 CmdIde - ok
04:08:57.0000 5624 [ EF44C32B1AEF62380426B260BF2C66F1 ] COMMONFX C:\WINDOWS\system32\drivers\COMMONFX.SYS
04:08:57.0765 5624 COMMONFX - ok
04:08:57.0796 5624 [ EF44C32B1AEF62380426B260BF2C66F1 ] COMMONFX.SYS C:\WINDOWS\System32\drivers\COMMONFX.SYS
04:08:57.0796 5624 COMMONFX.SYS - ok
04:08:57.0828 5624 COMSysApp - ok
04:08:57.0859 5624 Cpqarray - ok
04:08:57.0875 5624 cpuz134 - ok
04:08:57.0937 5624 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
04:08:57.0953 5624 Creative Audio Engine Licensing Service - ok
04:08:57.0984 5624 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
04:08:57.0984 5624 CryptSvc - ok
04:08:58.0031 5624 [ 5CBF20674BE8364FEBB6A13451A42F0A ] CSCrySec C:\WINDOWS\system32\DRIVERS\CSCrySec.sys
04:08:58.0046 5624 CSCrySec - ok
04:08:58.0109 5624 [ 6E5B42219F1FE4A3D087D9D501E343D5 ] CSObjectsSrv C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
04:08:58.0125 5624 CSObjectsSrv - ok
04:08:58.0187 5624 [ 2C3F213EDDD231099FB779A45D7680E0 ] CSVirtualDiskDrv C:\WINDOWS\system32\DRIVERS\CSVirtualDiskDrv.sys
04:08:58.0187 5624 CSVirtualDiskDrv - ok
04:08:58.0265 5624 [ 357C534B38019B597F51C8BF7186C118 ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
04:08:58.0281 5624 ctac32k - ok
04:08:58.0343 5624 [ 691F8259A1F9C983356D8DB2CDE8043C ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
04:08:58.0359 5624 ctaud2k - ok
04:08:58.0421 5624 [ 7FC78AA6521EF3D9F16E51EFAB0BF13B ] CTAUDFX C:\WINDOWS\system32\drivers\CTAUDFX.SYS
04:08:58.0437 5624 CTAUDFX - ok
04:08:58.0468 5624 [ 7FC78AA6521EF3D9F16E51EFAB0BF13B ] CTAUDFX.SYS C:\WINDOWS\System32\drivers\CTAUDFX.SYS
04:08:58.0484 5624 CTAUDFX.SYS - ok
04:08:58.0562 5624 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
04:08:58.0578 5624 CTAudSvcService - ok
04:08:58.0640 5624 [ 8545D70B0335A05498F34E7E3F8CA9A2 ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys
04:08:58.0640 5624 ctdvda2k - ok
04:08:58.0671 5624 [ 16F448354067914E7DEAEA709011BD60 ] CTERFXFX C:\WINDOWS\system32\drivers\CTERFXFX.SYS
04:08:58.0687 5624 CTERFXFX - ok
04:08:58.0703 5624 [ 16F448354067914E7DEAEA709011BD60 ] CTERFXFX.SYS C:\WINDOWS\System32\drivers\CTERFXFX.SYS
04:08:58.0703 5624 CTERFXFX.SYS - ok
04:08:58.0750 5624 [ 4D71541283AEA28FB839007BE90B5FC7 ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
04:08:58.0765 5624 ctprxy2k - ok
04:08:58.0812 5624 [ 64C83684661BE137023F5186A612CF34 ] CTSBLFX C:\WINDOWS\system32\drivers\CTSBLFX.SYS
04:08:58.0828 5624 CTSBLFX - ok
04:08:58.0875 5624 [ 64C83684661BE137023F5186A612CF34 ] CTSBLFX.SYS C:\WINDOWS\System32\drivers\CTSBLFX.SYS
04:08:58.0875 5624 CTSBLFX.SYS - ok
04:08:58.0906 5624 [ 632194572EBDE8D461728CF382A7E964 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
04:08:58.0906 5624 ctsfm2k - ok
04:08:58.0937 5624 dac2w2k - ok
04:08:58.0953 5624 dac960nt - ok
04:08:59.0000 5624 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
04:08:59.0015 5624 DcomLaunch - ok
04:08:59.0062 5624 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
04:08:59.0062 5624 Dhcp - ok
04:08:59.0109 5624 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
04:08:59.0109 5624 Disk - ok
04:08:59.0125 5624 dmadmin - ok
04:08:59.0203 5624 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
04:08:59.0218 5624 dmboot - ok
04:08:59.0250 5624 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
04:08:59.0265 5624 dmio - ok
04:08:59.0296 5624 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
04:08:59.0296 5624 dmload - ok
04:08:59.0343 5624 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
04:08:59.0343 5624 dmserver - ok
04:08:59.0390 5624 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
04:08:59.0390 5624 DMusic - ok
04:08:59.0437 5624 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
04:08:59.0437 5624 Dnscache - ok
04:08:59.0484 5624 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
04:08:59.0484 5624 Dot3svc - ok
04:08:59.0515 5624 dpti2o - ok
04:08:59.0546 5624 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
04:08:59.0546 5624 drmkaud - ok
04:08:59.0562 5624 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
04:08:59.0562 5624 EapHost - ok
04:08:59.0609 5624 [ BACD9CC06D7A787E529E7EBF56B671AA ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
04:09:00.0265 5624 emupia - ok
04:09:00.0312 5624 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
04:09:00.0312 5624 ERSvc - ok
04:09:00.0343 5624 esgiguard - ok
04:09:00.0390 5624 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
04:09:00.0390 5624 Eventlog - ok
04:09:00.0437 5624 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
04:09:00.0453 5624 EventSystem - ok
04:09:00.0468 5624 EVUAMC - ok
04:09:00.0515 5624 [ 3EF58F2EAE3AECAB45D682152DB2F67D ] exFat C:\WINDOWS\system32\drivers\exFat.sys
04:09:00.0515 5624 exFat - ok
04:09:00.0562 5624 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
04:09:00.0578 5624 Fastfat - ok
04:09:00.0609 5624 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
04:09:00.0625 5624 FastUserSwitchingCompatibility - ok
04:09:00.0671 5624 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
04:09:00.0687 5624 Fdc - ok
04:09:00.0718 5624 [ 20FE03294AC1429AE88A64C2F754B0D4 ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
04:09:00.0734 5624 FilterService - ok
04:09:00.0765 5624 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
04:09:00.0765 5624 Fips - ok
04:09:00.0812 5624 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
04:09:00.0812 5624 Flpydisk - ok
04:09:00.0859 5624 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
04:09:00.0875 5624 FltMgr - ok
04:09:00.0921 5624 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
04:09:00.0921 5624 FontCache3.0.0.0 - ok
04:09:00.0968 5624 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
04:09:01.0140 5624 Fs_Rec - ok
04:09:01.0203 5624 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
04:09:01.0203 5624 Ftdisk - ok
04:09:01.0234 5624 [ 3A74C423CF6BCCA6982715878F450A3B ] gagp30kx C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
04:09:01.0250 5624 gagp30kx - ok
04:09:01.0281 5624 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
04:09:01.0296 5624 Gpc - ok
04:09:01.0359 5624 [ 70606233F3ED0E53CB3EA17F846D6A4F ] ha10kx2k C:\WINDOWS\system32\drivers\ha10kx2k.sys
04:09:01.0375 5624 ha10kx2k - ok
04:09:01.0421 5624 [ A0C69AD2A61E576B0207ACDD9626E167 ] hap16v2k C:\WINDOWS\system32\drivers\hap16v2k.sys
04:09:01.0421 5624 hap16v2k - ok
04:09:01.0453 5624 [ 2EE89452C574D259ADA4FC9FC1C07243 ] hap17v2k C:\WINDOWS\system32\drivers\hap17v2k.sys
04:09:01.0468 5624 hap17v2k - ok
04:09:01.0531 5624 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
04:09:01.0531 5624 helpsvc - ok
04:09:01.0578 5624 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
04:09:01.0578 5624 HidServ - ok
04:09:01.0609 5624 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
04:09:02.0046 5624 hidusb - ok
04:09:02.0093 5624 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
04:09:02.0093 5624 hkmsvc - ok
04:09:02.0109 5624 hpn - ok
04:09:02.0156 5624 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
04:09:02.0671 5624 HTTP - ok
04:09:02.0734 5624 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
04:09:02.0734 5624 HTTPFilter - ok
04:09:02.0750 5624 i2omgmt - ok
04:09:02.0765 5624 i2omp - ok
04:09:02.0812 5624 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
04:09:02.0812 5624 i8042prt - ok
04:09:02.0890 5624 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
04:09:02.0921 5624 idsvc - ok
04:09:02.0968 5624 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe
04:09:02.0984 5624 IISADMIN - ok
04:09:03.0031 5624 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
04:09:03.0031 5624 Imapi - ok
04:09:03.0062 5624 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
04:09:03.0078 5624 ImapiService - ok
04:09:03.0109 5624 ini910u - ok
04:09:03.0140 5624 IntelIde - ok
04:09:03.0171 5624 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
04:09:03.0187 5624 Ip6Fw - ok
04:09:03.0234 5624 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
04:09:03.0234 5624 IpFilterDriver - ok
04:09:03.0265 5624 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
04:09:03.0265 5624 IpInIp - ok
04:09:03.0312 5624 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
04:09:03.0312 5624 IpNat - ok
04:09:03.0359 5624 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
04:09:03.0359 5624 IPSec - ok
04:09:03.0406 5624 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
04:09:03.0406 5624 IRENUM - ok
04:09:03.0453 5624 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
04:09:03.0453 5624 isapnp - ok
04:09:03.0531 5624 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
04:09:03.0546 5624 JavaQuickStarterService - ok
04:09:03.0562 5624 JQXYTRHTX - ok
04:09:03.0593 5624 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
04:09:03.0593 5624 Kbdclass - ok
04:09:03.0640 5624 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
04:09:03.0640 5624 kbdhid - ok
04:09:03.0671 5624 [ F992818A90C8D79092EE72328968B141 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
04:09:03.0687 5624 KL1 - ok
04:09:03.0718 5624 [ 7AAD8F20AF01797F0A3C61AB727214E1 ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys
04:09:03.0718 5624 kl2 - ok
04:09:03.0781 5624 [ 47F6C0C75528CCD5104C6DDA23314367 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
04:09:03.0796 5624 KLIF - ok
04:09:03.0812 5624 [ 96A7EC308A93DA26DFE481308BAAC2A2 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
04:09:03.0828 5624 klim5 - ok
04:09:03.0843 5624 [ 3959530F69E19DA56F1F24F2C89F1E2C ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
04:09:03.0859 5624 klmouflt - ok
04:09:03.0875 5624 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
04:09:03.0890 5624 kmixer - ok
04:09:03.0921 5624 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
04:09:03.0921 5624 KSecDD - ok
04:09:03.0968 5624 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
04:09:03.0968 5624 lanmanserver - ok
04:09:04.0031 5624 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
04:09:04.0031 5624 lanmanworkstation - ok
04:09:04.0046 5624 lbrtfdc - ok
04:09:04.0140 5624 [ BCDF72DCE41874B3AD9143D537B493B2 ] Linksys_adapter_H C:\WINDOWS\system32\DRIVERS\AE2500xp.sys
04:09:04.0171 5624 Linksys_adapter_H - ok
04:09:04.0218 5624 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
04:09:04.0218 5624 LmHosts - ok
04:09:04.0281 5624 [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
04:09:04.0281 5624 LPDSVC - ok
04:09:04.0312 5624 [ AF280405C10F0D20F37670B7432E5C2F ] lvpopflt C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
04:09:04.0312 5624 lvpopflt - ok
04:09:04.0359 5624 [ 8BE71D7EDB8C7494913722059F760DD0 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
04:09:04.0359 5624 LVPr2Mon - ok
04:09:04.0390 5624 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
04:09:04.0406 5624 LVRS - ok
04:09:04.0562 5624 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
04:09:05.0125 5624 LVUVC - ok
04:09:05.0156 5624 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
04:09:05.0171 5624 Messenger - ok
04:09:05.0218 5624 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
04:09:05.0218 5624 mnmdd - ok
04:09:05.0265 5624 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
04:09:05.0265 5624 mnmsrvc - ok
04:09:05.0281 5624 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
04:09:05.0296 5624 Modem - ok
04:09:05.0328 5624 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
04:09:05.0343 5624 Mouclass - ok
04:09:05.0359 5624 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
04:09:05.0375 5624 mouhid - ok
04:09:05.0406 5624 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
04:09:05.0406 5624 MountMgr - ok
04:09:05.0453 5624 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
04:09:05.0468 5624 MozillaMaintenance - ok
04:09:05.0515 5624 [ 70C14F5CCA5CF73F8A645C73A01D8726 ] MQAC C:\WINDOWS\system32\drivers\mqac.sys
04:09:05.0531 5624 MQAC - ok
04:09:05.0546 5624 mraid35x - ok
04:09:05.0578 5624 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
04:09:05.0578 5624 MRxDAV - ok
04:09:05.0656 5624 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
04:09:05.0859 5624 MRxSmb - ok
04:09:05.0906 5624 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
04:09:05.0921 5624 MSDTC - ok
04:09:05.0953 5624 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
04:09:05.0953 5624 Msfs - ok
04:09:05.0968 5624 MSIServer - ok
04:09:06.0015 5624 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
04:09:06.0015 5624 MSKSSRV - ok
04:09:06.0046 5624 [ AFB909B537AAE1BEAE7BBDB6A36D40B0 ] MSMQ C:\WINDOWS\system32\mqsvc.exe
04:09:06.0046 5624 MSMQ - ok
04:09:06.0078 5624 [ 7F955FF3B1BB93376EBE75D5ACCDC6DB ] MSMQTriggers C:\WINDOWS\system32\mqtgsvc.exe
04:09:06.0078 5624 MSMQTriggers - ok
04:09:06.0125 5624 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
04:09:06.0125 5624 MSPCLOCK - ok
04:09:06.0171 5624 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
04:09:06.0171 5624 MSPQM - ok
04:09:06.0218 5624 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
04:09:06.0218 5624 mssmbios - ok
04:09:06.0250 5624 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
04:09:06.0250 5624 MSTEE - ok
04:09:06.0296 5624 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
04:09:06.0312 5624 Mup - ok
04:09:06.0328 5624 MVNKNTQXU - ok
04:09:06.0359 5624 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
04:09:06.0375 5624 NABTSFEC - ok
04:09:06.0406 5624 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
04:09:06.0421 5624 napagent - ok
04:09:06.0468 5624 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
04:09:06.0718 5624 NDIS - ok
04:09:06.0750 5624 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
04:09:06.0765 5624 NdisIP - ok
04:09:06.0796 5624 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
04:09:06.0812 5624 NdisTapi - ok
04:09:06.0859 5624 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
04:09:06.0859 5624 Ndisuio - ok
04:09:06.0875 5624 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
04:09:06.0890 5624 NdisWan - ok
04:09:06.0937 5624 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
04:09:06.0937 5624 NDProxy - ok
04:09:06.0968 5624 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
04:09:06.0968 5624 NetBIOS - ok
04:09:07.0015 5624 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
04:09:07.0031 5624 NetBT - ok
04:09:07.0062 5624 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
04:09:07.0062 5624 NetDDE - ok
04:09:07.0078 5624 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
04:09:07.0093 5624 NetDDEdsdm - ok
04:09:07.0125 5624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
04:09:07.0140 5624 Netlogon - ok
04:09:07.0187 5624 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
04:09:07.0187 5624 Netman - ok
04:09:07.0234 5624 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:09:07.0250 5624 NetTcpPortSharing - ok
04:09:07.0265 5624 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
04:09:07.0281 5624 NIC1394 - ok
04:09:07.0328 5624 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
04:09:07.0328 5624 Nla - ok
04:09:07.0375 5624 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
04:09:07.0375 5624 Npfs - ok
04:09:07.0453 5624 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
04:09:07.0468 5624 Ntfs - ok
04:09:07.0500 5624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
04:09:07.0515 5624 NtLmSsp - ok
04:09:07.0546 5624 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
04:09:07.0562 5624 NtmsSvc - ok
04:09:07.0593 5624 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
04:09:07.0593 5624 Null - ok
04:09:07.0687 5624 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
04:09:08.0187 5624 nv - ok
04:09:08.0218 5624 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
04:09:08.0218 5624 NwlnkFlt - ok
04:09:08.0234 5624 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
04:09:08.0250 5624 NwlnkFwd - ok
04:09:08.0296 5624 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
04:09:08.0296 5624 ohci1394 - ok
04:09:08.0343 5624 [ AE896073E1BBF98FEFC2EC52F62C0FBA ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
04:09:08.0359 5624 ossrv - ok
04:09:08.0390 5624 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
04:09:08.0390 5624 Parport - ok
04:09:08.0406 5624 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
04:09:08.0421 5624 PartMgr - ok
04:09:08.0453 5624 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
04:09:08.0453 5624 ParVdm - ok
04:09:08.0468 5624 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
04:09:08.0484 5624 PCI - ok
04:09:08.0500 5624 PCIDump - ok
04:09:08.0515 5624 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
04:09:08.0515 5624 PCIIde - ok
04:09:08.0546 5624 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
04:09:08.0562 5624 Pcmcia - ok
04:09:08.0578 5624 PDCOMP - ok
04:09:08.0593 5624 PDFRAME - ok
04:09:08.0609 5624 PDRELI - ok
04:09:08.0640 5624 PDRFRAME - ok
04:09:08.0656 5624 perc2 - ok
04:09:08.0671 5624 perc2hib - ok
04:09:08.0734 5624 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
04:09:08.0734 5624 PlugPlay - ok
04:09:08.0765 5624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
04:09:08.0765 5624 PolicyAgent - ok
04:09:08.0812 5624 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
04:09:08.0812 5624 PptpMiniport - ok
04:09:08.0843 5624 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
04:09:08.0843 5624 Processor - ok
04:09:08.0875 5624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
04:09:08.0875 5624 ProtectedStorage - ok
04:09:08.0890 5624 ProtexisLicensing - ok
04:09:08.0906 5624 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
04:09:08.0921 5624 PSched - ok
04:09:08.0937 5624 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
04:09:08.0937 5624 Ptilink - ok
04:09:08.0984 5624 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
04:09:08.0984 5624 PxHelp20 - ok
04:09:09.0015 5624 ql1080 - ok
04:09:09.0031 5624 Ql10wnt - ok
04:09:09.0046 5624 ql12160 - ok
04:09:09.0062 5624 ql1240 - ok
04:09:09.0078 5624 ql1280 - ok
04:09:09.0093 5624 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
04:09:09.0109 5624 RasAcd - ok
04:09:09.0140 5624 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
04:09:09.0156 5624 RasAuto - ok
04:09:09.0171 5624 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
04:09:09.0171 5624 Rasl2tp - ok
04:09:09.0234 5624 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
04:09:09.0234 5624 RasMan - ok
04:09:09.0265 5624 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
04:09:09.0265 5624 RasPppoe - ok
04:09:09.0281 5624 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
04:09:09.0296 5624 Raspti - ok
04:09:09.0343 5624 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
04:09:09.0343 5624 Rdbss - ok
04:09:09.0375 5624 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
04:09:09.0375 5624 RDPCDD - ok
04:09:09.0406 5624 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
04:09:09.0406 5624 rdpdr - ok
04:09:09.0468 5624 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
04:09:09.0468 5624 RDPWD - ok
04:09:09.0500 5624 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
04:09:09.0515 5624 RDSessMgr - ok
04:09:09.0546 5624 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
04:09:09.0546 5624 redbook - ok
04:09:09.0593 5624 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
04:09:09.0593 5624 RemoteAccess - ok
04:09:09.0640 5624 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
04:09:09.0640 5624 RemoteRegistry - ok
04:09:09.0687 5624 [ 12BB7D971D047FDF4CBAA4F3C909E4DB ] RFWARP C:\WINDOWS\system32\DRIVERS\rfwarp.sys
04:09:09.0687 5624 RFWARP - ok
04:09:09.0734 5624 [ 1A4207F8FE50FA478972CC4778E0169F ] RFWNDIS C:\WINDOWS\system32\DRIVERS\rfwndis.sys
04:09:10.0000 5624 RFWNDIS - ok
04:09:10.0234 5624 rfwtdi - ok
04:09:10.0281 5624 [ 96F7A9A7BF0C9C0440A967440065D33C ] RMCAST C:\WINDOWS\system32\drivers\RMCast.sys
04:09:10.0281 5624 RMCAST - ok
04:09:10.0328 5624 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
04:09:10.0328 5624 RpcLocator - ok
04:09:10.0359 5624 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
04:09:10.0375 5624 RpcSs - ok
04:09:10.0390 5624 rsfwdrv - ok
04:09:10.0406 5624 RsRISMon - ok
04:09:10.0453 5624 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
04:09:10.0468 5624 RSVP - ok
04:09:10.0500 5624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
04:09:10.0500 5624 SamSs - ok
04:09:10.0562 5624 [ E5118CD3FEEDE70318A78D7D7A613DA9 ] SandBox C:\WINDOWS\system32\drivers\SandBox.sys
04:09:10.0593 5624 SandBox - ok
04:09:10.0625 5624 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\_Anti-virus 02\SUPERAntiSpyware\SASDIFSV.SYS
04:09:10.0625 5624 SASDIFSV - ok
04:09:10.0640 5624 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\_Anti-virus 02\SUPERAntiSpyware\SASKUTIL.SYS
04:09:10.0656 5624 SASKUTIL - ok
04:09:10.0687 5624 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
04:09:10.0687 5624 SCardSvr - ok
04:09:10.0734 5624 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
04:09:10.0750 5624 Schedule - ok
04:09:10.0781 5624 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
04:09:10.0781 5624 Secdrv - ok
04:09:10.0828 5624 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
04:09:10.0828 5624 seclogon - ok
04:09:10.0859 5624 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
04:09:10.0859 5624 SENS - ok
04:09:10.0906 5624 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
04:09:10.0906 5624 serenum - ok
04:09:10.0921 5624 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
04:09:11.0078 5624 Serial - ok
04:09:11.0156 5624 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
04:09:11.0187 5624 Sfloppy - ok
04:09:11.0250 5624 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
04:09:11.0250 5624 SharedAccess - ok
04:09:11.0296 5624 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
04:09:11.0296 5624 ShellHWDetection - ok
04:09:11.0312 5624 Simbad - ok
04:09:11.0343 5624 [ 3FBB6EF8B5A71A2FA11F5F461BB73219 ] SISNIC C:\WINDOWS\system32\DRIVERS\sisnic.sys
04:09:11.0343 5624 SISNIC - ok
04:09:11.0375 5624 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
04:09:11.0687 5624 SLIP - ok
04:09:11.0734 5624 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] SMTPSVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
04:09:11.0734 5624 SMTPSVC - ok
04:09:11.0781 5624 [ 60C377BE6B3CC83F6A8584934B181D2E ] SNMP C:\WINDOWS\System32\snmp.exe
04:09:11.0781 5624 SNMP - ok
04:09:11.0828 5624 [ 80A050795A107A76C2B1CD4CFBE010E6 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
04:09:11.0828 5624 SNMPTRAP - ok
04:09:11.0859 5624 Sparrow - ok
04:09:11.0890 5624 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
04:09:11.0906 5624 splitter - ok
04:09:11.0953 5624 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
04:09:11.0953 5624 Spooler - ok
04:09:12.0000 5624 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
04:09:12.0015 5624 sr - ok
04:09:12.0078 5624 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
04:09:12.0078 5624 srservice - ok
04:09:12.0125 5624 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
04:09:12.0140 5624 Srv - ok
04:09:12.0171 5624 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
04:09:12.0187 5624 SSDPSRV - ok
04:09:12.0218 5624 [ 7F4FB8D168A19EB7B4B55C73212025F0 ] stdriver C:\WINDOWS\system32\DRIVERS\stdriver32.sys
04:09:12.0234 5624 stdriver - ok
04:09:12.0312 5624 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
04:09:12.0328 5624 stisvc - ok
04:09:12.0359 5624 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
04:09:12.0359 5624 streamip - ok
04:09:12.0406 5624 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
04:09:12.0406 5624 swenum - ok
04:09:12.0437 5624 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
04:09:12.0437 5624 swmidi - ok
04:09:12.0468 5624 SwPrv - ok
04:09:12.0500 5624 symc810 - ok
04:09:12.0515 5624 symc8xx - ok
04:09:12.0531 5624 sym_hi - ok
04:09:12.0546 5624 sym_u3 - ok
04:09:12.0609 5624 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
04:09:12.0609 5624 sysaudio - ok
04:09:12.0656 5624 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
04:09:12.0656 5624 SysmonLog - ok
04:09:12.0703 5624 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
04:09:12.0703 5624 TapiSrv - ok
04:09:12.0750 5624 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
04:09:12.0765 5624 Tcpip - ok
04:09:12.0796 5624 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
04:09:12.0796 5624 TDPIPE - ok
04:09:12.0843 5624 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
04:09:12.0843 5624 TDTCP - ok
04:09:12.0875 5624 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
04:09:12.0890 5624 TermDD - ok
04:09:12.0921 5624 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
04:09:12.0937 5624 TermService - ok
04:09:12.0968 5624 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
04:09:12.0984 5624 Themes - ok
04:09:13.0015 5624 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
04:09:13.0015 5624 TlntSvr - ok
04:09:13.0031 5624 TosIde - ok
04:09:13.0078 5624 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
04:09:13.0109 5624 TrkWks - ok
04:09:13.0171 5624 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
04:09:13.0171 5624 Udfs - ok
04:09:13.0203 5624 UJRCJLMOTWPF - ok
04:09:13.0218 5624 ultra - ok
04:09:13.0312 5624 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
04:09:13.0312 5624 UMVPFSrv - ok
04:09:13.0375 5624 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
04:09:13.0390 5624 Update - ok
04:09:13.0421 5624 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
04:09:13.0421 5624 upnphost - ok
04:09:13.0453 5624 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
04:09:13.0468 5624 UPS - ok
04:09:13.0500 5624 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
04:09:13.0500 5624 usbaudio - ok
04:09:13.0546 5624 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
04:09:13.0546 5624 usbccgp - ok
04:09:13.0578 5624 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
04:09:13.0578 5624 usbehci - ok
04:09:13.0625 5624 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
04:09:13.0625 5624 usbhub - ok
04:09:13.0656 5624 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
04:09:13.0671 5624 usbohci - ok
04:09:13.0687 5624 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
04:09:13.0703 5624 usbscan - ok
04:09:13.0750 5624 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
04:09:13.0750 5624 USBSTOR - ok
04:09:13.0796 5624 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
04:09:13.0796 5624 usbvideo - ok
04:09:13.0843 5624 [ 8DFCD62C767741576BB9CD8DA9854517 ] VBEngNT C:\WINDOWS\system32\drivers\VBEngNT.sys
04:09:13.0843 5624 VBEngNT - ok
04:09:13.0890 5624 [ 9F6F36560ADDF4300E526E83813CAC16 ] VBFilt C:\WINDOWS\system32\Filt\VBFilt.dll
04:09:13.0890 5624 VBFilt - ok
04:09:13.0937 5624 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
04:09:13.0937 5624 VgaSave - ok
04:09:13.0953 5624 ViaIde - ok
04:09:14.0015 5624 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
04:09:14.0015 5624 VolSnap - ok
04:09:14.0078 5624 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
04:09:14.0093 5624 VSS - ok
04:09:14.0156 5624 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
04:09:14.0156 5624 W32Time - ok
04:09:14.0203 5624 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] W3SVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
04:09:14.0203 5624 W3SVC - ok
04:09:14.0234 5624 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
04:09:14.0281 5624 Wanarp - ok
04:09:14.0296 5624 WDICA - ok
04:09:14.0328 5624 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
04:09:14.0343 5624 wdmaud - ok
04:09:14.0375 5624 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
04:09:14.0390 5624 WebClient - ok
04:09:14.0468 5624 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
04:09:14.0468 5624 winmgmt - ok
04:09:14.0546 5624 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
04:09:14.0562 5624 WinRM - ok
04:09:14.0625 5624 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
04:09:14.0625 5624 WmdmPmSN - ok
04:09:14.0687 5624 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
04:09:14.0703 5624 Wmi - ok
04:09:14.0765 5624 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
04:09:14.0765 5624 WmiApSrv - ok
04:09:14.0859 5624 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
04:09:14.0875 5624 WMPNetworkSvc - ok
04:09:14.0921 5624 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
04:09:14.0921 5624 WS2IFSL - ok
04:09:14.0968 5624 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
04:09:14.0968 5624 wscsvc - ok
04:09:15.0000 5624 WSearch - ok
04:09:15.0046 5624 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
04:09:15.0062 5624 WSTCODEC - ok
04:09:15.0093 5624 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
04:09:15.0109 5624 wuauserv - ok
04:09:15.0156 5624 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
04:09:15.0156 5624 WudfPf - ok
04:09:15.0203 5624 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
04:09:15.0203 5624 WudfRd - ok
04:09:15.0250 5624 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
04:09:15.0250 5624 WudfSvc - ok
04:09:15.0328 5624 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
04:09:15.0343 5624 WZCSVC - ok
04:09:15.0375 5624 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
04:09:15.0390 5624 xmlprov - ok
04:09:15.0453 5624 ================ Scan global ===============================
04:09:15.0484 5624 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
04:09:15.0515 5624 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
04:09:15.0546 5624 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
04:09:15.0578 5624 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
04:09:15.0578 5624 [Global] - ok
04:09:15.0593 5624 ================ Scan MBR ==================================
04:09:15.0609 5624 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
04:09:15.0812 5624 \Device\Harddisk1\DR1 - ok
04:09:15.0843 5624 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
04:09:16.0046 5624 \Device\Harddisk0\DR0 - ok
04:09:16.0046 5624 ================ Scan VBR ==================================
04:09:16.0062 5624 [ B25290BFE0CCFF223CC85666B65938F1 ] \Device\Harddisk1\DR1\Partition1
04:09:16.0062 5624 \Device\Harddisk1\DR1\Partition1 - ok
04:09:16.0062 5624 [ BD96C2FC688F46C5A1BCF56286FC84BC ] \Device\Harddisk0\DR0\Partition1
04:09:16.0078 5624 \Device\Harddisk0\DR0\Partition1 - ok
04:09:16.0078 5624 ============================================================
04:09:16.0078 5624 Scan finished
04:09:16.0078 5624 ============================================================
04:09:16.0109 0320 Detected object count: 0
04:09:16.0109 0320 Actual detected object count: 0


aswMBR log

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-10 04:15:53
-----------------------------
04:15:53.562 OS Version: Windows 5.1.2600 Service Pack 3
04:15:53.562 Number of processors: 1 586 0xC00
04:15:53.562 ComputerName: C0MPUTER UserName: Me
04:16:01.843 Initialize success
04:29:25.859 AVAST engine defs: 13010901
04:32:56.921 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
04:32:56.921 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476940MB BusType: 3
04:32:56.937 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-13
04:32:56.937 Disk 1 Vendor: Hitachi_HDS721616PLAT80 P22OA8BA Size: 152627MB BusType: 3
04:32:56.953 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-1b
04:32:56.953 Disk 2 Vendor: IOMEGA_ZIP_100 03.H Size: 152627MB BusType: 2
04:32:56.984 Disk 1 MBR read successfully
04:32:56.984 Disk 1 MBR scan
04:32:57.015 Disk 1 Windows XP default MBR code
04:32:57.031 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
04:32:57.046 Disk 1 scanning sectors +312560640
04:32:57.125 Disk 1 scanning C:\WINDOWS\system32\drivers
04:33:30.703 Service scanning
04:33:39.437 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
04:33:39.562 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
04:33:39.750 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
04:33:39.796 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
04:33:53.234 Modules scanning
04:34:02.343 Disk 1 trace - called modules:
04:34:02.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
04:34:02.359 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a85bab8]
04:34:02.359 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000089[0x8a8b33c8]
04:34:02.359 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-13[0x8a883d98]
04:34:02.812 AVAST engine scan C:\WINDOWS
04:34:17.656 AVAST engine scan C:\WINDOWS\system32
04:39:31.796 AVAST engine scan C:\WINDOWS\system32\drivers
04:39:55.421 AVAST engine scan C:\Documents and Settings\Me
04:51:25.000 AVAST engine scan C:\Documents and Settings\All Users
04:56:48.156 Scan finished successfully
05:00:13.625 Disk 1 MBR has been saved successfully to "C:\_Anti-virus 02\aswMBR\MBR.dat"
05:00:13.625 The log file has been saved successfully to "C:\_Anti-virus 02\aswMBR\aswMBR_log_03.txt"



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:03 AM

Posted 12 January 2013 - 08:53 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#5 Deep_Thought

Deep_Thought
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:03 AM

Posted 12 January 2013 - 11:39 PM

Malwarebytes

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.12.05

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Me :: C0MPUTER [administrator]

1/12/2013 1:20:08 AM
mbam-log-2013-01-12 (01-20-08).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 301639
Time elapsed: 24 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MiniToolBox

MiniToolBox by Farbar Version: 23-07-2012
Ran by Me (administrator) on 12-01-2013 at 19:22:37
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

SiS 900-Based PCI Fast Ethernet Adapter = Local Area Connection (Disconnected)
802.11b Wireless PCI Card = Wireless Network Connection 2 (Disconnected)
Linksys AE2500 = Wireless Network Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : c0mputer

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain.actdsltmp



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : domain.actdsltmp

Description . . . . . . . . . . . : Linksys AE2500

Physical Address. . . . . . . . . : C0-C1-C0-5E-62-44

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

205.171.3.25

Lease Obtained. . . . . . . . . . : Saturday, January 12, 2013 5:31:27 PM

Lease Expires . . . . . . . . . . : Saturday, January 19, 2013 5:31:27 PM

Server: qwestmodem.domain.actdsltmp
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.225.192, 74.125.225.193, 74.125.225.194, 74.125.225.195
74.125.225.196, 74.125.225.197, 74.125.225.198, 74.125.225.199, 74.125.225.200
74.125.225.201, 74.125.225.206



Pinging google.com [74.125.225.197] with 32 bytes of data:



Reply from 74.125.225.197: bytes=32 time=30ms TTL=57

Reply from 74.125.225.197: bytes=32 time=29ms TTL=57



Ping statistics for 74.125.225.197:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 29ms, Maximum = 30ms, Average = 29ms

Server: qwestmodem.domain.actdsltmp
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=87ms TTL=53

Reply from 98.138.253.109: bytes=32 time=89ms TTL=53



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 87ms, Maximum = 89ms, Average = 88ms

Server: qwestmodem.domain.actdsltmp
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...c0 c1 c0 5e 62 44 ...... Linksys AE2500 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.5 192.168.0.5 25
192.168.0.5 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.5 192.168.0.5 25
224.0.0.0 240.0.0.0 192.168.0.5 192.168.0.5 25
255.255.255.255 255.255.255.255 192.168.0.5 192.168.0.5 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/29/2012 04:09:00 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x05879290.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/28/2012 08:16:49 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x038c9290.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/28/2012 06:57:44 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module divxdech264.ax, version 9.0.1.21, fault address 0x00009292.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/25/2012 06:41:10 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module divxdech264.ax, version 9.0.1.21, fault address 0x00039297.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/16/2012 07:58:04 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module user32.dll, version 5.1.2600.5512, fault address 0x00009dda.
Processing media-specific event for [explorer.exe!ws!]

Error: (12/16/2012 07:57:27 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\WINDOWS\system32\spider.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Spider because of this error.

Program: Spider
File: C:\WINDOWS\system32\spider.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000185
Disk type: 3

Error: (12/12/2012 06:31:41 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/11/2012 04:03:30 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/11/2012 04:03:30 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (12/11/2012 04:03:30 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established


System errors:
=============
Error: (01/12/2013 02:14:00 AM) (Source: 0) (User: )
Description: \Device\Harddisk1\D

Error: (01/12/2013 02:14:00 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1

Error: (01/12/2013 02:13:58 AM) (Source: 0) (User: )
Description: \Device\Harddisk1\D

Error: (01/12/2013 02:13:58 AM) (Source: 0) (User: )
Description: \Device\Harddisk1\D

Error: (01/12/2013 02:13:57 AM) (Source: 0) (User: )
Description: \Device\Harddisk1\D

Error: (01/12/2013 02:13:57 AM) (Source: 0) (User: )
Description: \Device\Harddisk1\D

Error: (01/12/2013 02:13:56 AM) (Source: 0) (User: )
Description: \Device\Harddisk1\D

Error: (01/12/2013 01:57:16 AM) (Source: Service Control Manager) (User: )
Description: The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).

Error: (01/12/2013 01:55:58 AM) (Source: 0) (User: )
Description: 1394 Net Adapter

Error: (01/12/2013 01:55:45 AM) (Source: Service Control Manager) (User: )
Description: The rsfwdrv service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (12/29/2012 04:09:00 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.005879290

Error: (12/28/2012 08:16:49 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.0038c9290

Error: (12/28/2012 06:57:44 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512divxdech264.ax9.0.1.2100009292

Error: (12/25/2012 06:41:10 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512divxdech264.ax9.0.1.2100039297

Error: (12/16/2012 07:58:04 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512user32.dll5.1.2600.551200009dda

Error: (12/16/2012 07:57:27 AM) (Source: Application Error)(User: )
Description: C:\WINDOWS\system32\spider.exeSpiderC00001853

Error: (12/12/2012 06:31:41 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (12/11/2012 04:03:30 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (12/11/2012 04:03:30 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (12/11/2012 04:03:30 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtA connection with the server could not be established


=========================== Installed Programs ============================

Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Adobe Reader X (10.1.5) (Version: 10.1.5)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
CameraHelperMsi (Version: 13.31.1038.0)
Cleaner 5 EZ
Creative Audio Console (Version: 1.33)
Creative Software AutoUpdate (Version: 1.40)
D-i-v-X AVI Codec Pack Pro 2.4.0
Debut Video Capture Software
DivX Setup (Version: 2.4.0.6)
Doxillion Document Converter
erLT (Version: 1.20.138.34)
ESET Online Scanner v3
Express Burn Disc Burning Software
Express Zip File Compression Software
FlashMute
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Kaspersky PURE 2.0 (Version: 12.0.1.288)
Logitech Vid (Version: 1.70.1044)
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.31.1038.0)
LWS Gallery (Version: 13.31.1038.0)
LWS Help_main (Version: 13.31.1044.0)
LWS Launcher (Version: 13.31.1038.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.31.1038.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Works 6-9 Converter (Version: 9.7.0621)
Mobipocket Reader 6.2 (Version: 6.2.608)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Opera 12.11 (Version: 12.11.1661)
Paint.NET v3.5.10 (Version: 3.60.0)
Pixillion Image Converter
Prism Video File Converter
QuickTime (Version: 7.72.80.56)
RealOne Player
Remove on Reboot Shell Extension
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49 (Version: v2011.build.49)
SUPERAntiSpyware (Version: 5.6.1008)
swMSM (Version: 12.0.0.1)
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VideoPad Video Editor
Visual Pinball (Version: 1.0.0)
VLC media player 2.0.4 (Version: 2.0.4)
WebFldrs XP (Version: 9.50.7523)
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 1)
Windows Support Tools (Version: 5.1.2600.2180)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinZip 16.0 (Version: 16.0.9661)

========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 1535.48 MB
Available physical RAM: 915.62 MB
Total Pagefile: 3426.68 MB
Available Pagefile: 2756.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.11 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:149.04 GB) (Free:124.03 GB) NTFS
4 Drive f: () (Fixed) (Total:439.45 GB) (Free:325.06 GB) NTFS

========================= Users: ========================================

User accounts for \\C0MPUTER

Me Administrator ASPNET
User2 Guest HelpAssistant
IUSR_C0MPUTER IWAM_C0MPUTER SUPPORT_388945a0

========================= Restore Points ==================================

12-10-2012 13:13:43 System Checkpoint
14-10-2012 11:33:29 System Checkpoint
17-10-2012 03:08:46 System Checkpoint
19-10-2012 03:31:02 System Checkpoint
20-10-2012 13:06:36 Installed Java 7 Update 9
22-10-2012 07:24:46 System Checkpoint
23-10-2012 12:09:27 System Checkpoint
27-10-2012 02:06:11 System Checkpoint
29-10-2012 03:58:31 System Checkpoint
30-10-2012 04:23:49 System Checkpoint
31-10-2012 04:48:58 System Checkpoint
01-11-2012 05:43:31 System Checkpoint
02-11-2012 14:48:34 System Checkpoint
04-11-2012 03:42:25 System Checkpoint
05-11-2012 03:52:55 System Checkpoint
06-11-2012 04:35:45 System Checkpoint
07-11-2012 11:16:14 Software Distribution Service 3.0
09-11-2012 00:52:08 System Checkpoint
10-11-2012 03:31:09 System Checkpoint
11-11-2012 08:52:17 System Checkpoint
13-11-2012 01:28:12 System Checkpoint
14-11-2012 04:43:55 System Checkpoint
15-11-2012 04:46:16 System Checkpoint
17-11-2012 03:07:27 System Checkpoint
18-11-2012 11:31:18 System Checkpoint
20-11-2012 02:37:35 System Checkpoint
21-11-2012 03:45:53 System Checkpoint
25-11-2012 05:31:14 System Checkpoint
27-11-2012 04:31:10 System Checkpoint
28-11-2012 05:20:13 System Checkpoint
29-11-2012 08:02:07 Software Distribution Service 3.0
01-12-2012 04:07:14 System Checkpoint
02-12-2012 05:27:30 System Checkpoint
04-12-2012 03:56:49 System Checkpoint
05-12-2012 04:00:51 System Checkpoint
06-12-2012 04:39:47 System Checkpoint
08-12-2012 03:50:02 System Checkpoint
09-12-2012 12:31:44 System Checkpoint
12-12-2012 09:00:59 Software Distribution Service 3.0
14-12-2012 04:23:25 System Checkpoint
16-12-2012 03:52:46 System Checkpoint
17-12-2012 04:16:04 System Checkpoint
19-12-2012 03:43:30 System Checkpoint
20-12-2012 04:01:39 System Checkpoint
21-12-2012 04:23:17 System Checkpoint
22-12-2012 01:07:58 Software Distribution Service 3.0
23-12-2012 01:25:44 System Checkpoint
24-12-2012 02:13:59 System Checkpoint
25-12-2012 06:56:59 System Checkpoint
27-12-2012 00:23:16 System Checkpoint
28-12-2012 01:08:02 System Checkpoint
01-01-2013 03:26:37 System Checkpoint
03-01-2013 02:22:04 System Checkpoint
04-01-2013 04:14:57 Software Distribution Service 3.0
06-01-2013 03:36:12 System Checkpoint
08-01-2013 03:40:59 System Checkpoint
09-01-2013 03:48:36 System Checkpoint
09-01-2013 12:59:47 Software Distribution Service 3.0
13-01-2013 01:05:47 System Checkpoint

**** End of log ****


Farbar Service Scanner

Farbar Service Scanner Version: 05-01-2013
Ran by Me (administrator) on 12-01-2013 at 19:36:26
Running from "C:\_Anti-virus 02\Farbar Service Scanner"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) kl2(15) NetBT(6) PSched(7) RFWNDIS(13) Tcpip(4)
0x0F0000000F000000050000000E00000001000000020000000300000004000000060000000700000008000000090000000A0000000B0000000C0000000D000000


**** End of log ****


AdWare Cleaner

# AdwCleaner v2.003 - Logfile created 01/12/2013 at 19:38:51
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Me - C0MPUTER
# Boot Mode : Normal
# Running from : C:\_Anti-virus 02\AdWare Cleaner\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\hhfwif36.default\prefs.js

Deleted : user_pref("extensions.addonfox.addit.remoteInstallItems", "{ \"software\": {\"15\": {\"id\": \"15\",[...]

Profile name : default
File : C:\Documents and Settings\User2\Application Data\Mozilla\Firefox\Profiles\acr11v9x.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\55607wp6.default\prefs.js

[OK] File is clean.

-\\ Opera v12.11.1661.0

File : C:\Documents and Settings\Me\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2302 octets] - [07/10/2012 17:40:41]
AdwCleaner[R2].txt - [2362 octets] - [10/10/2012 18:37:46]
AdwCleaner[S1].txt - [2800 octets] - [10/10/2012 19:08:50]
AdwCleaner[S2].txt - [1609 octets] - [12/01/2013 19:38:51]

########## EOF - C:\AdwCleaner[S2].txt - [1669 octets] ##########


Junkware removal tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Microsoft Windows XP x86
Ran by Me on Sat 01/12/2013 at 19:51:19.48
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\billp studios\detected\startup



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Me\Application Data\mozilla\firefox\profiles\hhfwif36.default\prefs.js

user_pref("extensions.ghostery.uiLog", "{\"type\":\"pixel_block\",\"ref\":\"forums.cnet.com/7723-21574_102-546820/win32-installcore-d-win32-opencandy/\",\"to\":\"http://adlog.
user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"http://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"http://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAIAEBAAAAEAIABoBAAAJgAAACAgAAABACAAqBAAAI4EAAAoAAAAEAAAACAAAAABACAAAAAAAAAEAAASCwAAEgsAAAAAAAAAAAAA9IVCS
Emptied folder: C:\Documents and Settings\Me\Application Data\mozilla\firefox\profiles\hhfwif36.default\minidumps [2 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/12/2013 at 20:32:02.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


RKILL

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/12/2013 08:34:33 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\CTHELPER.EXE (PID: 1028) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/12/2013 08:35:28 PM
Execution time: 0 hours(s), 0 minute(s), and 55 seconds(s)


Autoruns

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "avp" "Kaspersky Anti-Virus" "Kaspersky Lab ZAO" "c:\_anti-virus 02\kaspersky\avp.exe"
+ "CTHelper" "CtHelper Application" "Creative Technology Ltd" "c:\windows\system32\cthelper.exe"
+ "PHIME2002A" "" "" "File not found: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName"
+ "PHIME2002ASync" "" "" "File not found: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "WinPatrol" "WinPatrol System Monitor" "BillP Studios" "c:\_anti-virus 02\winpatrol\winpatrol.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AIM" "AOL Instant Messenger" "America Online, Inc." "f:\my_stuff\programs\aim\aim.exe"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\_anti-virus 02\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "ExpressZip" "" "" "c:\program files\nch software\expresszip\ezcm.dll"
+ "Kaspersky Anti-Virus" "Windows Shell Extension" "Kaspersky Lab ZAO" "c:\_anti-virus 02\kaspersky\shellex.dll"
+ "M2WShlExMenu" "Mp3 to Wave Converter Plus Shell Extension DLL" "Acoustica" "f:\my_stuff\programs\acoustica mp3 to wave converter plus\m2wshlex.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\_anti-virus 02\superantispyware\sasctxmn.dll"
+ "Trojan Remover" "Trojan Remover Shell Extension" "Simply Super Software" "f:\_anti-virus\trojan remover\trshlex.dll"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "f:\my_stuff\programs\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "f:\my_stuff\programs\winzip\wzshlstb.dll"
+ "ZFAdd" "WinAce-Archiver Shell Extension " "e-merge GmbH" "f:\my_stuff\programs\winace\arcext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "FAExt" "FileASSASSIN Shell Extension" "Malwarebytes" "f:\_anti-virus\malwarebytes' anti-malware\fileassassin\fileassassinext.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\_anti-virus 02\malwarebytes' anti-malware\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "Kaspersky Anti-Virus" "Windows Shell Extension" "Kaspersky Lab ZAO" "c:\_anti-virus 02\kaspersky\shellex.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\_anti-virus 02\superantispyware\sasctxmn.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "f:\my_stuff\programs\winzip\wzshlstb.dll"
+ "ZFAdd" "WinAce-Archiver Shell Extension " "e-merge GmbH" "f:\my_stuff\programs\winace\arcext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "f:\my_stuff\programs\winzip\wzshlstb.dll"
+ "ZFDragDrop" "WinAce-Archiver Shell Extension " "e-merge GmbH" "f:\my_stuff\programs\winace\arcext.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "Haali Column Provider" "" "" "c:\windows\system32\mmfinfo.dll"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "ExpressZip" "" "" "c:\program files\nch software\expresszip\ezcm.dll"
+ "Kaspersky Anti-Virus" "Windows Shell Extension" "Kaspersky Lab ZAO" "c:\_anti-virus 02\kaspersky\shellex.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\_anti-virus 02\malwarebytes' anti-malware\malwarebytes' anti-malware\mbamext.dll"
+ "MP3ToWave" "Mp3 to Wave Converter Plus Shell Extension DLL" "Acoustica" "f:\my_stuff\programs\acoustica mp3 to wave converter plus\m2wshlex.dll"
+ "Trojan Remover" "Trojan Remover Shell Extension" "Simply Super Software" "f:\_anti-virus\trojan remover\trshlex.dll"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "f:\my_stuff\programs\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "f:\my_stuff\programs\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "f:\my_stuff\programs\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "f:\my_stuff\programs\winzip\wzshlstb.dll"
+ "ZFDragDrop" "WinAce-Archiver Shell Extension " "e-merge GmbH" "f:\my_stuff\programs\winace\arcext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "KAVOverlayIcon" "Windows Shell Extension" "Kaspersky Lab ZAO" "c:\_anti-virus 02\kaspersky\shellex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "FilterBHO Class" "WebToolBar component" "Kaspersky Lab ZAO" "c:\_anti-virus 02\kaspersky\klwtbbho.dll"
+ "IEVkbdBHO Class" "IE Virtual Keyboard" "Kaspersky Lab ZAO" "c:\_anti-virus 02\kaspersky\ievkbd.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Virtual Keyboard" "IE Virtual Keyboard" "Kaspersky Lab ZAO" "c:\_anti-virus 02\kaspersky\ievkbd.dll"
+ "AIM" "AOL Instant Messenger" "America Online, Inc." "f:\my_stuff\programs\aim\aim.exe"
+ "URLs c&heck" "WebToolBar component" "Kaspersky Lab ZAO" "c:\_anti-virus 02\kaspersky\klwtbbho.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "debutShakeIcon.job" "Debut Video Capture Software" "NCH Software" "c:\program files\nch software\debut\debut.exe"
+ "doxillionSevenDays.job" "Doxillion Document Converter" "NCH Software" "c:\program files\nch software\doxillion\doxillion.exe"
+ "expressburnSevenDays.job" "Express Burn Disc Burning Software" "NCH Software" "c:\program files\nch swift sound\expressburn\expressburn.exe"
+ "expressburnShakeIcon.job" "Express Burn Disc Burning Software" "NCH Software" "c:\program files\nch swift sound\expressburn\expressburn.exe"
+ "expresszipShakeIcon.job" "Express Zip File Compression Software" "NCH Software" "c:\program files\nch software\expresszip\expresszip.exe"
+ "prismShakeIcon.job" "Prism Video File Converter" "NCH Software" "c:\program files\nch software\prism\prism.exe"
+ "videopadShakeIcon.job" "VideoPad Video Editor" "NCH Software" "c:\program files\nch software\videopad\videopad.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\_anti-virus 02\superantispyware\sascore.exe"
+ "AVP" "Provides computer protection against viruses, dangerous software, network attacks, internet fraud and spam." "Kaspersky Lab ZAO" "c:\_anti-virus 02\kaspersky\avp.exe"
+ "Creative Audio Engine Licensing Service" "Provides licensing services for Creative Audio Engine." "Creative Labs" "c:\program files\common files\creative labs shared\service\ctaelicensing.exe"
+ "CSObjectsSrv" "Control protected objects of the CryptoStorage system and manage drivers" "Infowatch" "c:\program files\common files\infowatch\cryptostorage\protectedobjectssrv.exe"
+ "CTAudSvcService" "Creative Audio Service" "Creative Technology Ltd" "c:\program files\creative\shared files\ctaudsvc.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\java\jre7\bin\jqs.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "RsRISMon" "" "" "File not found: F:\_Anti-virus\Rising\RIS\RavMonD.exe"
+ "UJRCJLMOTWPF" "" "" "File not found: C:\DOCUME~1\Me\LOCALS~1\Temp\UJRCJLMOTWPF.exe"
+ "UMVPFSrv" "UMVPF is a user mode Logitech driver" "Logitech Inc." "c:\program files\common files\logishrd\lvmvfm\umvpfsrv.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ADM8211" "802.11b Wireless PCI Card Driver" "PCI Wireless" "c:\windows\system32\drivers\adm8211.sys"
+ "afw" "Agnitum Firewall NDIS Driver" "Agnitum Ltd." "c:\windows\system32\drivers\afw.sys"
+ "afwcore" "Agnitum Firewall Core Driver" "Agnitum Ltd." "c:\windows\system32\drivers\afwcore.sys"
+ "ASWFilt" "Host Protection Component" "Agnitum Ltd." "c:\windows\system32\filt\aswfilt.dll"
+ "catchme" "" "" "File not found: C:\DOCUME~1\Me\LOCALS~1\Temp\catchme.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "COMMONFX" "Creative Common FX Plug-in" "Creative Technology Ltd" "c:\windows\system32\drivers\commonfx.sys"
+ "COMMONFX.SYS" "Creative Common FX Plug-in" "Creative Technology Ltd" "c:\windows\system32\drivers\commonfx.sys"
+ "cpuz134" "" "" "File not found: C:\DOCUME~1\Me\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys"
+ "CSCrySec" "Cryptographic Algorithm Lib Driver." "Infowatch" "c:\windows\system32\drivers\cscrysec.sys"
+ "CSVirtualDiskDrv" "Virtual Volume Container Driver (wxp)" "Infowatch" "c:\windows\system32\drivers\csvirtualdiskdrv.sys"
+ "ctac32k" "Creative AC3 SW Decoder Device Driver (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\ctac32k.sys"
+ "ctaud2k" "Creative WDM Audio Device Driver" "Creative Technology Ltd" "c:\windows\system32\drivers\ctaud2k.sys"
+ "CTAUDFX" "Creative SB FX Plug-in" "Creative Technology Ltd" "c:\windows\system32\drivers\ctaudfx.sys"
+ "CTAUDFX.SYS" "Creative SB FX Plug-in" "Creative Technology Ltd" "c:\windows\system32\drivers\ctaudfx.sys"
+ "ctdvda2k" "Creative DVD-Audio Device Driver (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\ctdvda2k.sys"
+ "CTERFXFX" "E-MU E-DSP Effects Plugin Module" "Creative Technology Ltd" "c:\windows\system32\drivers\cterfxfx.sys"
+ "CTERFXFX.SYS" "E-MU E-DSP Effects Plugin Module" "Creative Technology Ltd" "c:\windows\system32\drivers\cterfxfx.sys"
+ "ctprxy2k" "Creative Proxy Device Driver (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\ctprxy2k.sys"
+ "CTSBLFX" "Creative SB FX Plug-in" "Creative Technology Ltd" "c:\windows\system32\drivers\ctsblfx.sys"
+ "CTSBLFX.SYS" "Creative SB FX Plug-in" "Creative Technology Ltd" "c:\windows\system32\drivers\ctsblfx.sys"
+ "ctsfm2k" "SoundFont® Manager (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\ctsfm2k.sys"
+ "emupia" "E-mu Plug-in Architecture Driver (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\emupia2k.sys"
+ "esgiguard" "" "" "File not found: C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys"
+ "FilterService" "Logitech USB Video Class Filter Driver" "Logitech Inc." "c:\windows\system32\drivers\lvuvcflt.sys"
+ "ha10kx2k" "Creative EMU10KX HAL (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\ha10kx2k.sys"
+ "hap16v2k" "Creative EMU10KX-P16v HAL (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\hap16v2k.sys"
+ "hap17v2k" "Creative EMU10KX-P17v HAL (WDM)" "Creative Technology Ltd" "c:\windows\system32\drivers\hap17v2k.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "KL1" "Kaspersky Unified Driver" "Kaspersky Lab ZAO" "c:\windows\system32\drivers\kl1.sys"
+ "kl2" "Kaspersky Unified Driver" "Kaspersky Lab ZAO" "c:\windows\system32\drivers\kl2.sys"
+ "KLIF" "Kaspersky Lab Interceptor and Filter" "Kaspersky Lab" "c:\windows\system32\drivers\klif.sys"
+ "klim5" "Kaspersky Lab Intermediate Network Driver" "Kaspersky Lab ZAO" "c:\windows\system32\drivers\klim5.sys"
+ "klmouflt" "Kaspersky Lab Mouse Class Filter" "Kaspersky Lab" "c:\windows\system32\drivers\klmouflt.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "Linksys_adapter_H" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\ae2500xp.sys"
+ "lvpopflt" "Logitech AudioProcessing Filter Driver" "Logitech Inc." "c:\windows\system32\drivers\lvpopflt.sys"
+ "LVPr2Mon" "Logitech ProcMon Driver" "Logitech Inc." "c:\windows\system32\drivers\lvpr2mon.sys"
+ "LVRS" "Logitech Kernel Audio Improvement Filter Driver" "Logitech Inc." "c:\windows\system32\drivers\lvrs.sys"
+ "LVUVC" "Logitech USB Video Class Driver" "Logitech Inc." "c:\windows\system32\drivers\lvuvc.sys"
+ "nv" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 " "NVIDIA Corporation" "c:\windows\system32\drivers\nv4_mini.sys"
+ "ossrv" "Creative OS Services Driver (WDM)" "Creative Technology Ltd." "c:\windows\system32\drivers\ctoss2k.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "RFWARP" "Rising RfwARP Driver" "Beijing Rising Information Technology Co., Ltd." "c:\windows\system32\drivers\rfwarp.sys"
+ "RFWNDIS" "rfwndis5.sys" "Beijing Rising Information Technology Co., Ltd." "c:\windows\system32\drivers\rfwndis.sys"
+ "rfwtdi" "" "" "File not found: F:\_Anti-virus\Rising\RIS\rfwtdi.sys"
+ "rsfwdrv" "" "" "File not found: F:\_Anti-virus\Rising\RIS\rsfwdrv.sys"
+ "SandBox" "Host Protection Component" "Agnitum Ltd." "c:\windows\system32\drivers\sandbox.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\_anti-virus 02\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\_anti-virus 02\superantispyware\saskutil.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SISNIC" "SiS PCI Fast Ethernet Adapter Driver" "SiS Corporation" "c:\windows\system32\drivers\sisnic.sys"
+ "stdriver" "stdriver.sys" "NCH Software" "c:\windows\system32\drivers\stdriver32.sys"
+ "VBEngNT" "VirusBuster Loader SYS for Windows NT/2000/XP" "VirusBuster Kft." "c:\windows\system32\drivers\vbengnt.sys"
+ "VBFilt" "Host Protection Component" "Agnitum Ltd." "c:\windows\system32\filt\vbfilt.dll"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ac3filter" "" "" "c:\windows\system32\ac3filter.acm"
+ "msacm.divxa32" "DivX;-) Audio Codec" "Packed With Joy !" "c:\windows\system32\divxa32.acm"
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.lameacm" "Lame MP3 codec engine" "http://www.mp3dev.org/" "c:\windows\system32\lameacm.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
+ "vidc.ffds" "" "" "c:\windows\system32\ff_vfw.dll"
+ "vidc.I420" "Helix I420 YUV Codec" "www.helixcommunity.org" "c:\windows\system32\i420vfw.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.vp60" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp6vfw.dll"
+ "vidc.vp61" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp6vfw.dll"
+ "vidc.vp62" "VP6 VIDEO FOR WINDOWS CODEC " "On2.com" "c:\windows\system32\vp6vfw.dll"
+ "vidc.xvid" "" "" "c:\windows\system32\xvidvfw.dll"
+ "vidc.yv12" "Helix YV12 YUV Codec" "www.helixcommunity.org" "c:\windows\system32\yv12vfw.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "aac_parser" "Direct show parser filter for ADTS" "" "c:\windows\system32\aac_parser.ax"
+ "AC3File" "" "" "c:\windows\system32\ac3file.ax"
+ "AC3Filter" "ac3filter" "" "c:\windows\system32\ac3filter.ax"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CoreAAC Audio Decoder" "CoreAAC" "" "c:\windows\system32\coreaac.ax"
+ "CoreAVC Video Decoder" "CoreAVC DirectShow Video Decoder" "CoreCodec" "c:\windows\system32\avcdx.ax"
+ "CoreVorbis Audio Decoder" "CoreVorbis" "-" "c:\windows\system32\corevorbis.ax"
+ "DC-Bass Source" "DirectShow™ Audio Decoder" "http://www.dsp-worx.de" "c:\windows\system32\dcbasssource.ax"
+ "Dirac Source" "Dirac Splitter" "Gabest" "c:\windows\system32\diracsplitter.ax"
+ "Dirac Splitter" "Dirac Splitter" "Gabest" "c:\windows\system32\diracsplitter.ax"
+ "Dirac Video Decoder" "Dirac Splitter" "Gabest" "c:\windows\system32\diracsplitter.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\windows\system32\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "Gabest" "c:\windows\system32\vsfilter.dll"
+ "DivX AAC Decoder" "AAC Audio Decoder Filter" "DivX, Inc." "f:\my_stuff\programs\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "f:\my_stuff\programs\divx\divx codec\divxdec.ax"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "f:\my_stuff\programs\divx\divx plus directshow filters\divxdech264.ax"
+ "DivX MKV Demux" "DivX MKV Splitter" "" "f:\my_stuff\programs\divx\divx plus directshow filters\dmfsource.ax"
+ "DivX MKV Demux (unrestricted)" "DivX MKV Splitter" "" "f:\my_stuff\programs\divx\divx plus directshow filters\dmfsource.ax"
+ "DvPlayTee" "Adobe Premiere Plug-in" "Adobe Systems Incorporated" "f:\my_stuff\programs\adobe premier\plug-ins\dvsupport.prm"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\windows\system32\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\windows\system32\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\windows\system32\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\windows\system32\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\windows\system32\ffdshow.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Generic Render" "" "" "f:\my_stuff\programs\adobe premier\plug-ins\dx-genrender.prm"
+ "Generic Source" "" "" "f:\my_stuff\programs\adobe premier\plug-ins\dx-gensource.prm"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\windows\system32\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\windows\system32\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\windows\system32\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\windows\system32\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\windows\system32\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\windows\system32\splitter.ax"
+ "Indeo Video ® 5.1 Progressive Download Source" "Intel Indeo® video IVF Source Filter 5.10" "Intel Corporation" "c:\windows\system32\ivfsrc.ax"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "InterVideo Navigator" "IVINAV LOGID.35321" "InterVideo Inc." "c:\windows\system32\ivinav.ax"
+ "InterVideo Video Decoder" "IVIVIDEO LOGID.36709" " InterVideo Inc." "c:\windows\system32\ivivideo.ax"
+ "MPC - AVI<->AC3/DTS" "AVI <-> AC3/DTS Converter" "Gabest" "c:\windows\system32\avi2ac3filter.ax"
+ "MPC - CDXA Reader" "CDXA Reader Filter" "Gabest" "c:\windows\system32\cdxareader.ax"
+ "MPC - DTS/AC3/DD+ Source" "DTS/AC3 Source Filter" "Gabest" "c:\windows\system32\dtsac3source.ax"
+ "MPC - FLV Source (Gabest)" "FLV Splitter" "Gabest" "c:\windows\system32\flvsplitter.ax"
+ "MPC - FLV Splitter (Gabest)" "FLV Splitter" "Gabest" "c:\windows\system32\flvsplitter.ax"
+ "MPC - Matroska Source" "Matroska Splitter" "Gabest" "c:\windows\system32\matroskasplitter.ax"
+ "MPC - Matroska Splitter" "Matroska Splitter" "Gabest" "c:\windows\system32\matroskasplitter.ax"
+ "MPC - Ogg Source" "Ogg Splitter" "Gabest" "c:\windows\system32\oggsplitter.ax"
+ "MPC - Ogg Splitter" "Ogg Splitter" "Gabest" "c:\windows\system32\oggsplitter.ax"
+ "MPC - RealAudio Decoder" "RealMedia Splitter" "Gabest" "c:\windows\system32\realmediasplitter.ax"
+ "MPC - RealMedia Source" "RealMedia Splitter" "Gabest" "c:\windows\system32\realmediasplitter.ax"
+ "MPC - RealMedia Splitter" "RealMedia Splitter" "Gabest" "c:\windows\system32\realmediasplitter.ax"
+ "MPC - RealVideo Decoder" "RealMedia Splitter" "Gabest" "c:\windows\system32\realmediasplitter.ax"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "RadLight OptimFROG DirectShow Filter" "RLOFRDec" "RadLight" "c:\windows\system32\rlofrdec.ax"
+ "RadLight Speex Decoder" "RadLight Speex Decoder" "" "c:\windows\system32\rlspeexdec.ax"
+ "RadLight Theora Decoder" "RadLight Theora Decoder" "RadLight, LLC" "c:\windows\system32\rltheoradec.ax"
+ "RadLight Vorbis Decoder" "RLVorbisDec.ax" "RadLight" "c:\windows\system32\rlvorbisdec.ax"
+ "RealPlayer Audio Filter" "DirectShow Playback Support" "RealNetworks, Inc." "f:\my_stuff\programs\realplayer\rpplugins\rpds3260.dll"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "T" "VP6 Decompression Filter" "On2.com Inc." "c:\windows\system32\vp6dec.ax"
+ "T" "VP7 Decompression Filter" "On2.com Inc." "c:\windows\system32\vp7dec.ax"
+ "TAK SourceFilter" "" "" "c:\windows\system32\takdsdecoder.ax"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Xing® VideoCD Navigator" "DirectShow Playback Support" "RealNetworks, Inc." "f:\my_stuff\programs\realplayer\rpplugins\rpds3260.dll"
"HKLM\SYSTEM\Setup\CmdLine" "" "" ""
+ "/update" "" "" "File not found: /update"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "klogon" "Logon Visualizer" "Kaspersky Lab ZAO" "c:\windows\system32\klogon.dll"
"HKCU\Control Panel\Desktop\Scrnsave.exe" "" "" ""
+ "C:\WINDOWS\system32\EB.scr" "EB" "" "c:\windows\system32\EB.scr"



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:03 AM

Posted 13 January 2013 - 12:13 AM

Run malwarebytes in normal mode and post the log

Current issues?

#7 Deep_Thought

Deep_Thought
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:03 AM

Posted 13 January 2013 - 08:08 AM

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.12.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Me :: C0MPUTER [administrator]

1/13/2013 3:22:06 AM
mbam-log-2013-01-13 (03-22-06).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 303746
Time elapsed: 1 hour(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I was waiting to see what you said before I used Firefox again. I tried starting it up after reading this and got this alert from one of my add-ons, BrowserProtect.

http://i1282.photobucket.com/albums/a529/Deep_Th0ught/AV%20screenshots/Potential_hijack_details.jpg

I blocked the hijack attempt and Firefox restarted. I browsed a few random websites and didn't have any alerts pop up, but then Kaspersky started updating itself and was being much slower than normal, which made everything else on my computer run super slow, almost to the point of being non-responsive. It's slowed things down before, but never that much. When I checked it using Windows Task Manager, it was at 99% CPU Usage, even when I closed most of my other programs.

After that, the update seemed stuck at 15%, so I tried to stop it, and after a while, some alerts from Kaspersky popped up saying it denied another attack. After I stopped the update, I restarted my computer and tried to update it manually, and it succeeded with no problems this time. Here's another pic of the report Kaspersky is giving me.

http://i1282.photobucket.com/albums/a529/Deep_Th0ught/AV%20screenshots/Kaspersky_blocking_proxyempire_again.jpg

I'm still not sure what's going on here. There's no virus on my computer, but something has infected or is trying to infect Firefox every time I use it? Should I just completely uninstall and reinstall it, or is there another way to stop this thing?

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:03 AM

Posted 13 January 2013 - 11:06 AM

Try this

Export your bookmarks from firefox

http://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

After exporting it

Uninstall firefox

Makesure to checkmark Remove my personal data option

Reinstall firefox and import your bookmarks

Let me know if that helps

#9 Deep_Thought

Deep_Thought
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:03 AM

Posted 14 January 2013 - 03:20 AM

I uninstalled and reinstalled Firefox, then browsed a few sites. Everything seemed to be working fine with no problems or alerts. Then I went to reinstall some of my add-ons, and when BrowserProtect was reinstalled, it gave me an alert, which I forgot to take a screencap of this time. I blocked the attack and restarted, and have been browsing a few more random sites without anymore alerts popping up from BrowserProtect or Kaspersky, but I'm still a little concerned. I wonder if maybe one of the add-ons I installed could be infected, but I've used most or all of them before without this happening. What do you think?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:03 AM

Posted 14 January 2013 - 03:53 AM

Browse for a day or two,come back and let me know.

If you still have issues

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#11 Deep_Thought

Deep_Thought
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:03 AM

Posted 14 January 2013 - 04:10 AM

All right. Thank you for your help.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:03 AM

Posted 14 January 2013 - 10:58 AM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users