Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

livesearchnow redirect virus


  • Please log in to reply
9 replies to this topic

#1 cookyspooky

cookyspooky

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 28 January 2013 - 09:09 PM

My "friend" decided to install uTorrent (among other things) on my computer while visiting me. As soon as I discovered it, I removed it. Now I am stuck with the livesearchnow redirect. Other than being annoying as hell, this is my work computer. I work from home over VPN. I have tried eveything I have seen suggested here, all of the scans, but I'm never sure which files to edit or remove, though, because many of them may affect my work programs. I use IE for work only and Chrome and Firefox for my personal stuff, all of which seem infected no matter what I remove or change. Please help!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 PM

Posted 28 January 2013 - 09:21 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 cookyspooky

cookyspooky
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 29 January 2013 - 10:14 AM

TDSS:

09:29:19.0921 1548 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:29:20.0390 1548 ============================================================
09:29:20.0390 1548 Current date / time: 2013/01/29 09:29:20.0390
09:29:20.0390 1548 SystemInfo:
09:29:20.0390 1548
09:29:20.0390 1548 OS Version: 5.1.2600 ServicePack: 3.0
09:29:20.0390 1548 Product type: Workstation
09:29:20.0390 1548 ComputerName: Gambit
09:29:20.0390 1548 UserName: Havok
09:29:20.0390 1548 Windows directory: C:\WINDOWS
09:29:20.0390 1548 System windows directory: C:\WINDOWS
09:29:20.0390 1548 Processor architecture: Intel x86
09:29:20.0390 1548 Number of processors: 2
09:29:20.0390 1548 Page size: 0x1000
09:29:20.0390 1548 Boot type: Normal boot
09:29:20.0390 1548 ============================================================
09:29:21.0921 1548 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:29:21.0921 1548 Drive \Device\Harddisk1\DR2 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:29:22.0375 1548 ============================================================
09:29:22.0375 1548 \Device\Harddisk0\DR0:
09:29:22.0375 1548 MBR partitions:
09:29:22.0375 1548 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
09:29:22.0375 1548 \Device\Harddisk1\DR2:
09:29:22.0390 1548 MBR partitions:
09:29:22.0390 1548 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x4A852C1
09:29:22.0390 1548 ============================================================
09:29:22.0406 1548 C: <-> \Device\Harddisk0\DR0\Partition1
09:29:22.0406 1548 E: <-> \Device\Harddisk1\DR2\Partition1
09:29:22.0406 1548 ============================================================
09:29:22.0406 1548 Initialize success
09:29:22.0406 1548 ============================================================
09:29:45.0203 1264 ============================================================
09:29:45.0203 1264 Scan started
09:29:45.0203 1264 Mode: Manual;
09:29:45.0203 1264 ============================================================
09:29:45.0640 1264 ================ Scan system memory ========================
09:29:45.0640 1264 System memory - ok
09:29:45.0640 1264 ================ Scan services =============================
09:29:45.0765 1264 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
09:29:45.0765 1264 Aavmker4 - ok
09:29:45.0765 1264 Abiosdsk - ok
09:29:45.0781 1264 abp480n5 - ok
09:29:45.0812 1264 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:29:45.0828 1264 ACPI - ok
09:29:45.0859 1264 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
09:29:45.0859 1264 ACPIEC - ok
09:29:45.0875 1264 [ E850B0A94E8703CCBC980B31594DC408 ] acsint C:\WINDOWS\system32\DRIVERS\acsint.sys
09:29:45.0875 1264 acsint - ok
09:29:45.0890 1264 [ EA2429C90AEAB09D7F3A99B16DA23CED ] acsmux C:\WINDOWS\system32\DRIVERS\acsmux.sys
09:29:45.0890 1264 acsmux - ok
09:29:45.0953 1264 [ 0D4C486A24A711A45FD83ACDF4D18506 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:29:45.0968 1264 AdobeFlashPlayerUpdateSvc - ok
09:29:45.0968 1264 adpu160m - ok
09:29:46.0000 1264 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:29:46.0015 1264 aec - ok
09:29:46.0062 1264 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:29:46.0062 1264 AFD - ok
09:29:46.0062 1264 Aha154x - ok
09:29:46.0078 1264 aic78u2 - ok
09:29:46.0078 1264 aic78xx - ok
09:29:46.0109 1264 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:29:46.0109 1264 Alerter - ok
09:29:46.0140 1264 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
09:29:46.0140 1264 ALG - ok
09:29:46.0140 1264 AliIde - ok
09:29:46.0140 1264 amsint - ok
09:29:46.0171 1264 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
09:29:46.0171 1264 AppMgmt - ok
09:29:46.0171 1264 asc - ok
09:29:46.0187 1264 asc3350p - ok
09:29:46.0187 1264 asc3550 - ok
09:29:46.0250 1264 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:29:46.0250 1264 aspnet_state - ok
09:29:46.0281 1264 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
09:29:46.0281 1264 aswFsBlk - ok
09:29:46.0281 1264 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
09:29:46.0281 1264 aswMon2 - ok
09:29:46.0296 1264 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
09:29:46.0296 1264 AswRdr - ok
09:29:46.0328 1264 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
09:29:46.0328 1264 aswSnx - ok
09:29:46.0359 1264 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
09:29:46.0359 1264 aswSP - ok
09:29:46.0375 1264 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
09:29:46.0375 1264 aswTdi - ok
09:29:46.0406 1264 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:29:46.0406 1264 AsyncMac - ok
09:29:46.0421 1264 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:29:46.0421 1264 atapi - ok
09:29:46.0421 1264 Atdisk - ok
09:29:46.0437 1264 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:29:46.0453 1264 Atmarpc - ok
09:29:46.0468 1264 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:29:46.0468 1264 AudioSrv - ok
09:29:46.0484 1264 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:29:46.0484 1264 audstub - ok
09:29:46.0578 1264 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:29:46.0578 1264 avast! Antivirus - ok
09:29:46.0609 1264 [ BF9C01A3040D75BFB95BEFFA216173DF ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:29:46.0609 1264 b57w2k - ok
09:29:46.0656 1264 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:29:46.0656 1264 Beep - ok
09:29:46.0703 1264 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
09:29:46.0718 1264 BITS - ok
09:29:46.0750 1264 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
09:29:46.0750 1264 Browser - ok
09:29:46.0781 1264 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:29:46.0781 1264 cbidf2k - ok
09:29:46.0796 1264 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:29:46.0796 1264 CCDECODE - ok
09:29:46.0812 1264 cd20xrnt - ok
09:29:46.0812 1264 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:29:46.0828 1264 Cdaudio - ok
09:29:46.0843 1264 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:29:46.0843 1264 Cdfs - ok
09:29:46.0843 1264 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:29:46.0859 1264 Cdrom - ok
09:29:46.0859 1264 cerc6 - ok
09:29:46.0859 1264 Changer - ok
09:29:46.0890 1264 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:29:46.0890 1264 CiSvc - ok
09:29:46.0890 1264 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:29:46.0906 1264 ClipSrv - ok
09:29:46.0937 1264 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:29:46.0937 1264 clr_optimization_v2.0.50727_32 - ok
09:29:46.0937 1264 CmdIde - ok
09:29:46.0937 1264 COMSysApp - ok
09:29:46.0953 1264 Cpqarray - ok
09:29:47.0000 1264 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:29:47.0000 1264 CryptSvc - ok
09:29:47.0015 1264 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
09:29:47.0015 1264 CVirtA - ok
09:29:47.0031 1264 dac2w2k - ok
09:29:47.0031 1264 dac960nt - ok
09:29:47.0078 1264 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:29:47.0093 1264 DcomLaunch - ok
09:29:47.0125 1264 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:29:47.0125 1264 Dhcp - ok
09:29:47.0140 1264 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:29:47.0140 1264 Disk - ok
09:29:47.0156 1264 dmadmin - ok
09:29:47.0187 1264 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:29:47.0203 1264 dmboot - ok
09:29:47.0203 1264 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:29:47.0203 1264 dmio - ok
09:29:47.0234 1264 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:29:47.0234 1264 dmload - ok
09:29:47.0281 1264 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:29:47.0281 1264 dmserver - ok
09:29:47.0328 1264 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:29:47.0328 1264 DMusic - ok
09:29:47.0359 1264 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
09:29:47.0359 1264 DNE - ok
09:29:47.0406 1264 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:29:47.0406 1264 Dnscache - ok
09:29:47.0421 1264 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:29:47.0421 1264 Dot3svc - ok
09:29:47.0437 1264 dpti2o - ok
09:29:47.0453 1264 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:29:47.0453 1264 drmkaud - ok
09:29:47.0484 1264 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:29:47.0484 1264 EapHost - ok
09:29:47.0500 1264 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:29:47.0515 1264 ERSvc - ok
09:29:47.0546 1264 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
09:29:47.0562 1264 Eventlog - ok
09:29:47.0578 1264 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
09:29:47.0593 1264 EventSystem - ok
09:29:47.0625 1264 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:29:47.0625 1264 Fastfat - ok
09:29:47.0656 1264 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:29:47.0671 1264 FastUserSwitchingCompatibility - ok
09:29:47.0703 1264 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
09:29:47.0703 1264 Fdc - ok
09:29:47.0703 1264 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:29:47.0718 1264 Fips - ok
09:29:47.0718 1264 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
09:29:47.0718 1264 Flpydisk - ok
09:29:47.0765 1264 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:29:47.0765 1264 FltMgr - ok
09:29:47.0828 1264 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:29:47.0843 1264 FontCache3.0.0.0 - ok
09:29:47.0859 1264 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:29:47.0859 1264 Fs_Rec - ok
09:29:47.0875 1264 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:29:47.0875 1264 Ftdisk - ok
09:29:47.0921 1264 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:29:47.0921 1264 Gpc - ok
09:29:48.0000 1264 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:29:48.0000 1264 gupdate - ok
09:29:48.0015 1264 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:29:48.0015 1264 gupdatem - ok
09:29:48.0078 1264 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:29:48.0078 1264 helpsvc - ok
09:29:48.0125 1264 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
09:29:48.0125 1264 HidServ - ok
09:29:48.0156 1264 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:29:48.0156 1264 hidusb - ok
09:29:48.0187 1264 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:29:48.0187 1264 hkmsvc - ok
09:29:48.0203 1264 hpn - ok
09:29:48.0312 1264 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
09:29:48.0312 1264 hpqcxs08 - ok
09:29:48.0359 1264 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
09:29:48.0359 1264 hpqddsvc - ok
09:29:48.0406 1264 [ 568E44F6DCFA173F3670172B69379891 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
09:29:48.0421 1264 HPSLPSVC - ok
09:29:48.0453 1264 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:29:48.0453 1264 HPZid412 - ok
09:29:48.0468 1264 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:29:48.0468 1264 HPZipr12 - ok
09:29:48.0484 1264 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:29:48.0484 1264 HPZius12 - ok
09:29:48.0515 1264 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:29:48.0515 1264 HTTP - ok
09:29:48.0546 1264 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:29:48.0562 1264 HTTPFilter - ok
09:29:48.0562 1264 i2omgmt - ok
09:29:48.0562 1264 i2omp - ok
09:29:48.0625 1264 [ 0F0194C4B635C10C3F785E4FEE52D641 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:29:48.0640 1264 ialm - ok
09:29:48.0718 1264 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:29:48.0734 1264 idsvc - ok
09:29:48.0765 1264 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:29:48.0765 1264 Imapi - ok
09:29:48.0796 1264 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
09:29:48.0796 1264 ImapiService - ok
09:29:48.0796 1264 ini910u - ok
09:29:48.0812 1264 IntelIde - ok
09:29:48.0828 1264 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:29:48.0828 1264 intelppm - ok
09:29:48.0859 1264 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:29:48.0859 1264 Ip6Fw - ok
09:29:48.0875 1264 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:29:48.0890 1264 IpFilterDriver - ok
09:29:48.0890 1264 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:29:48.0890 1264 IpInIp - ok
09:29:48.0921 1264 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:29:48.0921 1264 IpNat - ok
09:29:48.0937 1264 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:29:48.0937 1264 IPSec - ok
09:29:48.0968 1264 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:29:48.0968 1264 IRENUM - ok
09:29:49.0000 1264 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:29:49.0000 1264 isapnp - ok
09:29:49.0078 1264 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
09:29:49.0078 1264 JavaQuickStarterService - ok
09:29:49.0109 1264 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:29:49.0109 1264 Kbdclass - ok
09:29:49.0125 1264 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:29:49.0125 1264 kbdhid - ok
09:29:49.0171 1264 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:29:49.0171 1264 kmixer - ok
09:29:49.0203 1264 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:29:49.0218 1264 KSecDD - ok
09:29:49.0234 1264 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
09:29:49.0281 1264 LanmanServer - ok
09:29:49.0312 1264 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:29:49.0328 1264 lanmanworkstation - ok
09:29:49.0328 1264 lbrtfdc - ok
09:29:49.0375 1264 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:29:49.0375 1264 LmHosts - ok
09:29:49.0406 1264 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:29:49.0421 1264 Messenger - ok
09:29:49.0437 1264 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:29:49.0453 1264 mnmdd - ok
09:29:49.0468 1264 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
09:29:49.0484 1264 mnmsrvc - ok
09:29:49.0484 1264 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:29:49.0500 1264 Modem - ok
09:29:49.0515 1264 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:29:49.0515 1264 Mouclass - ok
09:29:49.0562 1264 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:29:49.0562 1264 mouhid - ok
09:29:49.0578 1264 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:29:49.0578 1264 MountMgr - ok
09:29:49.0578 1264 mraid35x - ok
09:29:49.0609 1264 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:29:49.0609 1264 MRxDAV - ok
09:29:49.0656 1264 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:29:49.0656 1264 MRxSmb - ok
09:29:49.0718 1264 [ B03E3F64B70F8031E65EB26DA23DE91A ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
09:29:49.0734 1264 MSCamSvc - ok
09:29:49.0750 1264 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:29:49.0765 1264 MSDTC - ok
09:29:49.0765 1264 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:29:49.0765 1264 Msfs - ok
09:29:49.0796 1264 [ 7A0F9CBDBDB135113B9A3C138E20C85D ] MSHUSBVideo C:\WINDOWS\system32\Drivers\nx6000.sys
09:29:49.0796 1264 MSHUSBVideo - ok
09:29:49.0796 1264 MSIServer - ok
09:29:49.0828 1264 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:29:49.0828 1264 MSKSSRV - ok
09:29:49.0828 1264 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:29:49.0843 1264 MSPCLOCK - ok
09:29:49.0843 1264 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:29:49.0843 1264 MSPQM - ok
09:29:49.0859 1264 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:29:49.0859 1264 mssmbios - ok
09:29:49.0890 1264 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
09:29:49.0906 1264 MSTEE - ok
09:29:49.0921 1264 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:29:49.0921 1264 Mup - ok
09:29:49.0937 1264 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:29:49.0953 1264 NABTSFEC - ok
09:29:49.0968 1264 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
09:29:49.0984 1264 napagent - ok
09:29:50.0015 1264 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:29:50.0015 1264 NDIS - ok
09:29:50.0062 1264 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:29:50.0062 1264 NdisIP - ok
09:29:50.0078 1264 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:29:50.0078 1264 NdisTapi - ok
09:29:50.0093 1264 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:29:50.0093 1264 Ndisuio - ok
09:29:50.0109 1264 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:29:50.0109 1264 NdisWan - ok
09:29:50.0140 1264 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:29:50.0156 1264 NDProxy - ok
09:29:50.0187 1264 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
09:29:50.0203 1264 Net Driver HPZ12 - ok
09:29:50.0234 1264 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:29:50.0234 1264 NetBIOS - ok
09:29:50.0250 1264 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:29:50.0265 1264 NetBT - ok
09:29:50.0281 1264 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
09:29:50.0296 1264 NetDDE - ok
09:29:50.0296 1264 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:29:50.0312 1264 NetDDEdsdm - ok
09:29:50.0343 1264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
09:29:50.0343 1264 Netlogon - ok
09:29:50.0390 1264 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
09:29:50.0406 1264 Netman - ok
09:29:50.0437 1264 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:29:50.0437 1264 NetTcpPortSharing - ok
09:29:50.0468 1264 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
09:29:50.0468 1264 Nla - ok
09:29:50.0484 1264 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:29:50.0484 1264 Npfs - ok
09:29:50.0500 1264 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:29:50.0500 1264 Ntfs - ok
09:29:50.0515 1264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
09:29:50.0515 1264 NtLmSsp - ok
09:29:50.0562 1264 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:29:50.0562 1264 NtmsSvc - ok
09:29:50.0593 1264 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:29:50.0593 1264 Null - ok
09:29:50.0625 1264 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:29:50.0625 1264 NwlnkFlt - ok
09:29:50.0625 1264 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:29:50.0640 1264 NwlnkFwd - ok
09:29:50.0718 1264 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:29:50.0718 1264 ose - ok
09:29:50.0921 1264 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:29:50.0968 1264 osppsvc - ok
09:29:51.0015 1264 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
09:29:51.0015 1264 Parport - ok
09:29:51.0062 1264 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:29:51.0062 1264 PartMgr - ok
09:29:51.0093 1264 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:29:51.0093 1264 ParVdm - ok
09:29:51.0140 1264 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:29:51.0140 1264 PCI - ok
09:29:51.0140 1264 PCIDump - ok
09:29:51.0156 1264 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
09:29:51.0156 1264 PCIIde - ok
09:29:51.0187 1264 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
09:29:51.0187 1264 Pcmcia - ok
09:29:51.0187 1264 PDCOMP - ok
09:29:51.0187 1264 PDFRAME - ok
09:29:51.0203 1264 PDRELI - ok
09:29:51.0203 1264 PDRFRAME - ok
09:29:51.0203 1264 perc2 - ok
09:29:51.0218 1264 perc2hib - ok
09:29:51.0250 1264 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
09:29:51.0250 1264 PlugPlay - ok
09:29:51.0265 1264 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
09:29:51.0281 1264 Pml Driver HPZ12 - ok
09:29:51.0281 1264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:29:51.0281 1264 PolicyAgent - ok
09:29:51.0312 1264 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:29:51.0328 1264 PptpMiniport - ok
09:29:51.0328 1264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:29:51.0328 1264 ProtectedStorage - ok
09:29:51.0359 1264 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:29:51.0359 1264 PSched - ok
09:29:51.0359 1264 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:29:51.0375 1264 Ptilink - ok
09:29:51.0375 1264 ql1080 - ok
09:29:51.0375 1264 Ql10wnt - ok
09:29:51.0390 1264 ql12160 - ok
09:29:51.0390 1264 ql1240 - ok
09:29:51.0390 1264 ql1280 - ok
09:29:51.0406 1264 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:29:51.0421 1264 RasAcd - ok
09:29:51.0437 1264 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:29:51.0453 1264 RasAuto - ok
09:29:51.0453 1264 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:29:51.0453 1264 Rasl2tp - ok
09:29:51.0484 1264 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:29:51.0484 1264 RasMan - ok
09:29:51.0500 1264 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:29:51.0500 1264 RasPppoe - ok
09:29:51.0515 1264 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:29:51.0515 1264 Raspti - ok
09:29:51.0546 1264 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:29:51.0546 1264 Rdbss - ok
09:29:51.0546 1264 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:29:51.0562 1264 RDPCDD - ok
09:29:51.0578 1264 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:29:51.0578 1264 rdpdr - ok
09:29:51.0609 1264 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:29:51.0609 1264 RDPWD - ok
09:29:51.0625 1264 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:29:51.0625 1264 RDSessMgr - ok
09:29:51.0656 1264 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:29:51.0656 1264 redbook - ok
09:29:51.0687 1264 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:29:51.0687 1264 RemoteAccess - ok
09:29:51.0718 1264 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
09:29:51.0734 1264 RemoteRegistry - ok
09:29:51.0750 1264 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
09:29:51.0750 1264 RpcLocator - ok
09:29:51.0781 1264 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
09:29:51.0796 1264 RpcSs - ok
09:29:51.0843 1264 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
09:29:51.0843 1264 RSVP - ok
09:29:51.0859 1264 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
09:29:51.0875 1264 SamSs - ok
09:29:51.0906 1264 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:29:51.0921 1264 SCardSvr - ok
09:29:51.0953 1264 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:29:51.0968 1264 Schedule - ok
09:29:51.0984 1264 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:29:51.0984 1264 Secdrv - ok
09:29:52.0000 1264 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:29:52.0015 1264 seclogon - ok
09:29:52.0093 1264 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
09:29:52.0093 1264 senfilt - ok
09:29:52.0109 1264 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
09:29:52.0109 1264 SENS - ok
09:29:52.0140 1264 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
09:29:52.0140 1264 serenum - ok
09:29:52.0140 1264 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
09:29:52.0140 1264 Serial - ok
09:29:52.0187 1264 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
09:29:52.0187 1264 Sfloppy - ok
09:29:52.0218 1264 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:29:52.0234 1264 SharedAccess - ok
09:29:52.0250 1264 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:29:52.0265 1264 ShellHWDetection - ok
09:29:52.0265 1264 Simbad - ok
09:29:52.0312 1264 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:29:52.0312 1264 SkypeUpdate - ok
09:29:52.0328 1264 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:29:52.0328 1264 SLIP - ok
09:29:52.0359 1264 [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
09:29:52.0359 1264 smwdm - ok
09:29:52.0375 1264 Sparrow - ok
09:29:52.0406 1264 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:29:52.0406 1264 splitter - ok
09:29:52.0437 1264 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:29:52.0453 1264 Spooler - ok
09:29:52.0484 1264 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:29:52.0500 1264 sr - ok
09:29:52.0515 1264 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
09:29:52.0515 1264 srservice - ok
09:29:52.0546 1264 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:29:52.0546 1264 Srv - ok
09:29:52.0578 1264 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:29:52.0593 1264 SSDPSRV - ok
09:29:52.0640 1264 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:29:52.0656 1264 stisvc - ok
09:29:52.0687 1264 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:29:52.0687 1264 streamip - ok
09:29:52.0703 1264 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:29:52.0703 1264 swenum - ok
09:29:52.0750 1264 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:29:52.0750 1264 swmidi - ok
09:29:52.0750 1264 SwPrv - ok
09:29:52.0750 1264 symc810 - ok
09:29:52.0765 1264 symc8xx - ok
09:29:52.0765 1264 sym_hi - ok
09:29:52.0781 1264 sym_u3 - ok
09:29:52.0781 1264 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:29:52.0796 1264 sysaudio - ok
09:29:52.0812 1264 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:29:52.0828 1264 SysmonLog - ok
09:29:52.0859 1264 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:29:52.0859 1264 TapiSrv - ok
09:29:52.0906 1264 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:29:52.0906 1264 Tcpip - ok
09:29:52.0937 1264 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:29:52.0937 1264 TDPIPE - ok
09:29:52.0937 1264 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:29:52.0953 1264 TDTCP - ok
09:29:52.0968 1264 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:29:52.0968 1264 TermDD - ok
09:29:53.0015 1264 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
09:29:53.0031 1264 TermService - ok
09:29:53.0062 1264 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
09:29:53.0078 1264 Themes - ok
09:29:53.0093 1264 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
09:29:53.0109 1264 TlntSvr - ok
09:29:53.0109 1264 TosIde - ok
09:29:53.0140 1264 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:29:53.0156 1264 TrkWks - ok
09:29:53.0171 1264 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:29:53.0171 1264 Udfs - ok
09:29:53.0187 1264 ultra - ok
09:29:53.0234 1264 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:29:53.0234 1264 Update - ok
09:29:53.0265 1264 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:29:53.0265 1264 upnphost - ok
09:29:53.0281 1264 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
09:29:53.0281 1264 UPS - ok
09:29:53.0312 1264 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
09:29:53.0328 1264 usbaudio - ok
09:29:53.0328 1264 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:29:53.0343 1264 usbccgp - ok
09:29:53.0375 1264 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:29:53.0375 1264 usbehci - ok
09:29:53.0390 1264 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:29:53.0390 1264 usbhub - ok
09:29:53.0421 1264 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:29:53.0421 1264 usbprint - ok
09:29:53.0437 1264 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:29:53.0437 1264 usbscan - ok
09:29:53.0468 1264 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:29:53.0468 1264 USBSTOR - ok
09:29:53.0468 1264 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:29:53.0468 1264 usbuhci - ok
09:29:53.0500 1264 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
09:29:53.0500 1264 usbvideo - ok
09:29:53.0531 1264 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:29:53.0531 1264 VgaSave - ok
09:29:53.0531 1264 ViaIde - ok
09:29:53.0546 1264 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:29:53.0546 1264 VolSnap - ok
09:29:53.0625 1264 [ E23BC9B12EF85B58083A6985F9BE3C44 ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
09:29:53.0640 1264 vpnagent - ok
09:29:53.0656 1264 [ EA39F36302DACBCDCDB113313718E768 ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys
09:29:53.0656 1264 vpnva - ok
09:29:53.0656 1264 vsdatant - ok
09:29:53.0687 1264 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
09:29:53.0703 1264 VSS - ok
09:29:53.0734 1264 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
09:29:53.0750 1264 W32Time - ok
09:29:53.0765 1264 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:29:53.0765 1264 Wanarp - ok
09:29:53.0765 1264 WDICA - ok
09:29:53.0781 1264 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:29:53.0781 1264 wdmaud - ok
09:29:53.0812 1264 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:29:53.0828 1264 WebClient - ok
09:29:53.0906 1264 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:29:53.0906 1264 winmgmt - ok
09:29:53.0937 1264 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
09:29:53.0953 1264 WmdmPmSN - ok
09:29:53.0984 1264 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
09:29:53.0984 1264 Wmi - ok
09:29:54.0015 1264 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:29:54.0015 1264 WmiApSrv - ok
09:29:54.0046 1264 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:29:54.0062 1264 wscsvc - ok
09:29:54.0093 1264 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:29:54.0093 1264 WSTCODEC - ok
09:29:54.0125 1264 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:29:54.0140 1264 wuauserv - ok
09:29:54.0187 1264 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:29:54.0203 1264 WZCSVC - ok
09:29:54.0234 1264 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:29:54.0250 1264 xmlprov - ok
09:29:54.0250 1264 ================ Scan global ===============================
09:29:54.0281 1264 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:29:54.0328 1264 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:29:54.0343 1264 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:29:54.0375 1264 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:29:54.0375 1264 [Global] - ok
09:29:54.0375 1264 ================ Scan MBR ==================================
09:29:54.0406 1264 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:29:54.0546 1264 \Device\Harddisk0\DR0 - ok
09:29:55.0000 1264 [ E5D1BF267A130BC345536D79674242AB ] \Device\Harddisk1\DR2
09:29:55.0015 1264 \Device\Harddisk1\DR2 - ok
09:29:55.0015 1264 ================ Scan VBR ==================================
09:29:55.0015 1264 [ 50481EC401B58471260EE5153909A2E9 ] \Device\Harddisk0\DR0\Partition1
09:29:55.0015 1264 \Device\Harddisk0\DR0\Partition1 - ok
09:29:55.0015 1264 [ 203C8DC6AB2F0C10B4638CBD25D8CF02 ] \Device\Harddisk1\DR2\Partition1
09:29:55.0015 1264 \Device\Harddisk1\DR2\Partition1 - ok
09:29:55.0015 1264 ============================================================
09:29:55.0015 1264 Scan finished
09:29:55.0015 1264 ============================================================
09:29:55.0031 1828 Detected object count: 0
09:29:55.0031 1828 Actual detected object count: 0
09:32:25.0171 3312 Deinitialize success


aswMBR:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-29 09:32:53
-----------------------------
09:32:53.531 OS Version: Windows 5.1.2600 Service Pack 3
09:32:53.531 Number of processors: 2 586 0x403
09:32:53.531 ComputerName: Gambit UserName:
09:32:54.625 Initialize success
09:32:54.890 AVAST engine defs: 13012901
09:33:03.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
09:33:03.015 Disk 0 Vendor: Hitachi_HDT725025VLA380 V5DOA7BA Size: 238475MB BusType: 3
09:33:03.031 Disk 0 MBR read successfully
09:33:03.031 Disk 0 MBR scan
09:33:03.031 Disk 0 Windows XP default MBR code
09:33:03.031 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
09:33:03.031 Disk 0 scanning sectors +488376000
09:33:03.078 Disk 0 scanning C:\WINDOWS\system32\drivers
09:33:08.250 Service scanning
09:33:20.437 Modules scanning
09:33:34.328 Disk 0 trace - called modules:
09:33:34.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
09:33:34.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a883ab8]
09:33:34.343 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a8c7538]
09:33:35.140 AVAST engine scan C:\WINDOWS
09:33:39.265 AVAST engine scan C:\WINDOWS\system32
09:35:07.359 AVAST engine scan C:\WINDOWS\system32\drivers
09:35:19.250 AVAST engine scan C:\Documents and Settings\Havok
09:35:33.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Havok\Desktop\MBR.dat"
09:35:33.500 The log file has been saved successfully to "C:\Documents and Settings\Havok\Desktop\aswMBR1.txt"


ESET:

C:\Documents and Settings\Guest\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadgdagedfdhdddhgddbgddbdegcgbgd\background.js Win32/TrojanDownloader.Tracur.V trojan
C:\Documents and Settings\Havok\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadgdagedfdhdddhgddbgddbdegcgbgd\background.js Win32/TrojanDownloader.Tracur.V trojan
C:\Documents and Settings\Havok\My Documents\Downloads\Setup.exe a variant of Win32/Adware.iBryte.D application

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 PM

Posted 29 January 2013 - 01:40 PM

Run ESET scan again and make sure to REMOVE THE THREATS

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.



Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

Edited by narenxp, 29 January 2013 - 01:41 PM.


#5 cookyspooky

cookyspooky
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 29 January 2013 - 06:09 PM

Removed ESET threats, reran, no threats.


Malware Bytes:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.21.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Havok :: gambit [administrator]

1/29/2013 4:46:10 PM
mbam-log-2013-01-29 (16-46-10).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 323506
Time elapsed: 45 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Mini Toolbox:
MiniToolBox by Farbar Version:10-01-2013
Ran by Havok (administrator) on 29-01-2013 at 17:29:28
Running from "C:\Documents and Settings\Havok\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows = Cisco AnyConnect Secure Mobility Client Connection (Disconnected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Gambit

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.fl.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.fl.comcast.net.

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-14-22-5C-E8-5B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

Lease Obtained. . . . . . . . . . : Monday, January 28, 2013 8:15:24 PM

Lease Expires . . . . . . . . . . : Monday, February 04, 2013 8:15:24 PM

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 74.125.134.102, 74.125.134.113, 74.125.134.138, 74.125.134.100
74.125.134.101, 74.125.134.139



Pinging google.com [74.125.137.102] with 32 bytes of data:



Reply from 74.125.137.102: bytes=32 time=30ms TTL=44

Reply from 74.125.137.102: bytes=32 time=29ms TTL=44



Ping statistics for 74.125.137.102:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 29ms, Maximum = 30ms, Average = 29ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 98.138.253.109, 206.190.36.45, 98.139.183.24



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=92ms TTL=45

Reply from 206.190.36.45: bytes=32 time=126ms TTL=45



Ping statistics for 206.190.36.45:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 92ms, Maximum = 126ms, Average = 109ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 14 22 5c e8 5b ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.2 10
10.0.0.0 255.255.255.0 10.0.0.2 10.0.0.2 10
10.0.0.2 255.255.255.255 127.0.0.1 127.0.0.1 10
10.255.255.255 255.255.255.255 10.0.0.2 10.0.0.2 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.0.0.2 10.0.0.2 10
255.255.255.255 255.255.255.255 10.0.0.2 10.0.0.2 1
Default Gateway: 10.0.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/22/2013 02:46:04 PM) (Source: MsiInstaller) (User: Gambit)
Description: Product: Java 7 Update 11 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

Error: (01/19/2013 00:21:38 AM) (Source: Application Hang) (User: )
Description: Hanging application MRT.exe, version 4.16.7000.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/11/2013 01:46:06 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: EventType clr20r3, P1 microsoft toolkit.exe, P2 3.5.0.0, P3 4f808449, P4 mscorlib, P5 2.0.0.0, P6 5040540e, P7 3451, P8 26d, P9 clr20r30, P10 clr20r31.

Error: (12/31/2012 08:07:42 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/29/2012 01:22:43 PM) (Source: Application Hang) (User: )
Description: Hanging application AcroRd32.exe, version 10.1.4.38, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/22/2012 08:02:58 AM) (Source: MsiInstaller) (User: Gambit)
Description: Product: Cisco Systems VPN Client 5.0.07.0410 -- Error 27856. Setup canceled by user while waiting for network component management to finish. You must restart the computer before running this install again.

Error: (12/22/2012 07:59:09 AM) (Source: MsiInstaller) (User: Gambit)
Description: Product: Cisco AnyConnect Secure Mobility Client -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action kdf_acsint_Install, location: C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\VACon.exe, command: kdf -install "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\\" acsint

Error: (12/22/2012 07:58:27 AM) (Source: MsiInstaller) (User: Gambit)
Description: Product: Cisco AnyConnect Secure Mobility Client -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action kdf_acsint_Install, location: C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\VACon.exe, command: kdf -install "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\\" acsint

Error: (12/22/2012 07:49:35 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/18/2012 01:15:34 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (01/26/2013 07:30:27 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/25/2013 07:38:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Aavmker4
aswSnx
aswSP
aswTdi
Fips
intelppm

Error: (01/25/2013 07:37:48 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/25/2013 07:37:41 PM) (Source: DCOM) (User: Gambit)
Description: DCOM got error "%%1084" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (01/17/2013 07:14:02 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (01/17/2013 07:13:59 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (01/17/2013 07:11:17 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (01/17/2013 07:11:17 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (01/17/2013 07:10:59 PM) (Source: 0) (User: )
Description: \Device\CdRom0

Error: (01/14/2013 09:41:04 PM) (Source: 0) (User: )
Description: \Device\CdRom0


Microsoft Office Sessions:
=========================
Error: (01/22/2013 02:46:04 PM) (Source: MsiInstaller)(User: Gambit)
Description: Product: Java 7 Update 11 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)

Error: (01/19/2013 00:21:38 AM) (Source: Application Hang)(User: )
Description: MRT.exe4.16.7000.0hungapp0.0.0.000000000

Error: (01/11/2013 01:46:06 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: clr20r3microsoft toolkit.exe3.5.0.04f808449mscorlib2.0.0.05040540e345126dsystem.io.ioexceptionNIL

Error: (12/31/2012 08:07:42 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (12/29/2012 01:22:43 PM) (Source: Application Hang)(User: )
Description: AcroRd32.exe10.1.4.38hungapp0.0.0.000000000

Error: (12/22/2012 08:02:58 AM) (Source: MsiInstaller)(User: Gambit)
Description: Product: Cisco Systems VPN Client 5.0.07.0410 -- Error 27856. Setup canceled by user while waiting for network component management to finish. You must restart the computer before running this install again.(NULL)(NULL)(NULL)

Error: (12/22/2012 07:59:09 AM) (Source: MsiInstaller)(User: Gambit)
Description: Product: Cisco AnyConnect Secure Mobility Client -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action kdf_acsint_Install, location: C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\VACon.exe, command: kdf -install "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\\" acsint (NULL)(NULL)(NULL)

Error: (12/22/2012 07:58:27 AM) (Source: MsiInstaller)(User: Gambit)
Description: Product: Cisco AnyConnect Secure Mobility Client -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action kdf_acsint_Install, location: C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\VACon.exe, command: kdf -install "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\\" acsint (NULL)(NULL)(NULL)

Error: (12/22/2012 07:49:35 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (12/18/2012 01:15:34 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.228)
Adobe Flash Player 11 Plugin (Version: 11.2.202.95)
Adobe Reader X (10.1.5) (Version: 10.1.5)
avast! Free Antivirus (Version: 7.0.1474.0)
Backup & Sharing (Version: 2.3.1521.8159)
BufferChm (Version: 130.0.331.000)
C4700 (Version: 130.0.373.000)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.01065)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.01065)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
Epson Connect
Epson Event Manager (Version: 2.50.0000)
EPSON NX330 Series Printer Uninstall
EPSON Scan
ESET Online Scanner v3
Firefox ActiveX Plugin r37
Frost Digital Deposits Add-on (Version: 1.0.8)
Google Chrome (Version: 24.0.1312.56)
Google Update Helper (Version: 1.3.21.123)
Graph paper printer
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart C4400 All-In-One Driver 11.0 Rel .3 (Version: 11.0)
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Update (Version: 5.003.001.001)
hpPrintProjects (Version: 130.0.303.000)
hpWLPGInstaller (Version: 130.0.303.000)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4543)
Inter-Tel 8602 (Version: 1.0.1120)
J Walk Windows ActiveX Client (Version: 4.1038.1.588)
Java 7 Update 11 (Version: 7.0.110)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
join.me (Version: 1.3.1.431)
LibreOffice 3.4 (Version: 3.4.12)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Access 2010 (Version: 14.0.6029.1000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access 2010 (Version: 14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Word 2010 (Version: 14.0.6029.1000)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 130.0.374.000)
PhraseExpress v9.0.147 (Version: 9.0.147)
PS_AIO_03_C4400_Software_Min (Version: 110.0.201.000)
PS_AIO_06_C4700_SW_Min (Version: 130.0.373.000)
Scan (Version: 13.0.0.0)
Skype™ 6.0 (Version: 6.0.126)
SmartWebPrinting (Version: 130.0.373.000)
Spark 2.5.8
Status (Version: 130.0.373.000)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VLC media player 2.0.1 (Version: 2.0.1)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 130.0.132.017)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)

========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 3574.07 MB
Available physical RAM: 2389.56 MB
Total Pagefile: 5456.65 MB
Available Pagefile: 4367.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.55 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:205.4 GB) NTFS
3 Drive e: (EVERYTHING) (Fixed) (Total:37.25 GB) (Free:24.23 GB) FAT32

========================= Users: ========================================

User accounts for \\Gambit

Administrator Guest HelpAssistant
SUPPORT_388945a0 Havok

========================= Restore Points ==================================

01-11-2012 03:51:48 System Checkpoint
02-11-2012 03:52:21 System Checkpoint
03-11-2012 04:12:42 System Checkpoint
04-11-2012 05:06:27 System Checkpoint
05-11-2012 05:10:59 System Checkpoint
06-11-2012 05:50:16 System Checkpoint
07-11-2012 05:51:59 System Checkpoint
08-11-2012 06:00:21 System Checkpoint
09-11-2012 06:59:15 System Checkpoint
10-11-2012 08:23:15 System Checkpoint
11-11-2012 08:59:15 System Checkpoint
12-11-2012 09:59:15 System Checkpoint
13-11-2012 09:59:23 System Checkpoint
14-11-2012 10:59:23 System Checkpoint
15-11-2012 11:11:23 System Checkpoint
16-11-2012 08:00:14 Software Distribution Service 3.0
17-11-2012 08:26:00 System Checkpoint
18-11-2012 09:26:00 System Checkpoint
19-11-2012 10:26:00 System Checkpoint
20-11-2012 11:26:00 System Checkpoint
21-11-2012 12:27:05 System Checkpoint
22-11-2012 13:32:25 System Checkpoint
23-11-2012 13:46:55 System Checkpoint
24-11-2012 21:54:35 System Checkpoint
25-11-2012 22:09:54 System Checkpoint
26-11-2012 22:26:13 System Checkpoint
27-11-2012 23:08:54 System Checkpoint
28-11-2012 23:20:54 System Checkpoint
29-11-2012 23:41:50 System Checkpoint
01-12-2012 19:52:19 System Checkpoint
03-12-2012 16:07:55 System Checkpoint
04-12-2012 16:42:30 System Checkpoint
05-12-2012 17:33:51 System Checkpoint
06-12-2012 17:45:51 System Checkpoint
07-12-2012 22:49:56 System Checkpoint
08-12-2012 23:33:51 System Checkpoint
10-12-2012 00:33:51 System Checkpoint
11-12-2012 01:31:06 System Checkpoint
12-12-2012 14:30:22 System Checkpoint
13-12-2012 08:00:14 Software Distribution Service 3.0
14-12-2012 08:21:05 System Checkpoint
15-12-2012 09:11:44 System Checkpoint
16-12-2012 09:16:49 System Checkpoint
17-12-2012 10:16:48 System Checkpoint
17-12-2012 13:21:20 Removed Java™ 7 Update 5
17-12-2012 13:21:55 Installed Java 7 Update 9
18-12-2012 08:00:14 Software Distribution Service 3.0
19-12-2012 08:19:36 System Checkpoint
20-12-2012 04:07:51 Removed Support.com Toolbar.
20-12-2012 04:21:04 avast! Free Antivirus Setup
21-12-2012 05:20:55 System Checkpoint
22-12-2012 06:20:54 System Checkpoint
22-12-2012 08:00:14 Software Distribution Service 3.0
22-12-2012 12:57:57 Removed Cisco AnyConnect Secure Mobility Client
22-12-2012 12:58:28 Installed Cisco AnyConnect Secure Mobility Client
22-12-2012 12:59:10 Installed Cisco AnyConnect Secure Mobility Client
22-12-2012 13:02:59 Removed Cisco Systems VPN Client 5.0.07.0410
22-12-2012 13:04:47 Removed Frontier Secure
22-12-2012 13:09:04 Removed Cisco Systems VPN Client 5.0.07.0410
22-12-2012 13:14:35 Installed Cisco AnyConnect Secure Mobility Client
23-12-2012 14:11:21 System Checkpoint
24-12-2012 16:43:41 avast! Free Antivirus Setup
25-12-2012 08:00:15 Software Distribution Service 3.0
26-12-2012 08:00:14 Software Distribution Service 3.0
27-12-2012 08:43:32 System Checkpoint
28-12-2012 09:43:32 System Checkpoint
29-12-2012 11:10:39 System Checkpoint
30-12-2012 11:43:32 System Checkpoint
31-12-2012 11:43:56 System Checkpoint
01-01-2013 19:28:36 System Checkpoint
02-01-2013 20:25:43 System Checkpoint
03-01-2013 20:27:40 System Checkpoint
04-01-2013 21:04:16 System Checkpoint
05-01-2013 08:00:14 Software Distribution Service 3.0
05-01-2013 22:33:07 Installed Microsoft Access 2010
05-01-2013 22:39:35 Installed Microsoft Word 2010
06-01-2013 08:00:20 Software Distribution Service 3.0
07-01-2013 08:00:18 Software Distribution Service 3.0
08-01-2013 08:56:59 System Checkpoint
09-01-2013 17:31:20 System Checkpoint
10-01-2013 08:00:15 Software Distribution Service 3.0
11-01-2013 08:29:48 System Checkpoint
12-01-2013 09:29:47 System Checkpoint
13-01-2013 10:29:47 System Checkpoint
14-01-2013 11:29:47 System Checkpoint
15-01-2013 12:29:47 System Checkpoint
16-01-2013 08:00:14 Software Distribution Service 3.0
17-01-2013 08:27:59 System Checkpoint
18-01-2013 18:57:37 System Checkpoint
19-01-2013 22:16:00 System Checkpoint
20-01-2013 20:43:26 Removed Epson Customer Participation
20-01-2013 20:43:59 Removed 7-Zip 9.21
21-01-2013 21:07:53 System Checkpoint
22-01-2013 19:46:09 Installed Java 7 Update 11
23-01-2013 20:07:30 System Checkpoint
24-01-2013 23:57:24 System Checkpoint
26-01-2013 18:37:50 System Checkpoint
27-01-2013 21:55:48 System Checkpoint
28-01-2013 22:56:38 System Checkpoint

**** End of log ****

FARBAR:


Farbar Service Scanner Version: 16-01-2013
Ran by Havok (administrator) on 29-01-2013 at 17:31:34
Running from "C:\Documents and Settings\havok\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
acsint(10) acsmux(9) aswTdi(13) DNE(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0D000000040000000100000002000000030000000D000000050000000600000007000000080000000A0000000B0000000C00000009000000
IpSec Tag value is correct.

**** End of log ****

AdwCleaner:

# AdwCleaner v2.108 - Logfile created 01/29/2013 at 17:36:27
# Updated 24/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Havok - Gambit
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Havok \My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\Havok \Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\OApps

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\Havok \Application Data\Mozilla\Firefox\Profiles\xumbe39u.default\prefs.js

C:\Documents and Settings\Havok \Application Data\Mozilla\Firefox\Profiles\xumbe39u.default\user.js ... Deleted !

Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");

-\\ Google Chrome v24.0.1312.56

File : C:\Documents and Settings\Havok\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2918 octets] - [25/01/2013 18:57:46]
AdwCleaner[R2].txt - [2869 octets] - [25/01/2013 19:11:50]
AdwCleaner[R3].txt - [3342 octets] - [29/01/2013 17:34:16]
AdwCleaner[S1].txt - [365 octets] - [29/01/2013 17:33:45]
AdwCleaner[S2].txt - [365 octets] - [29/01/2013 17:35:45]
AdwCleaner[S3].txt - [3146 octets] - [29/01/2013 17:36:27]

########## EOF - C:\AdwCleaner[S3].txt - [3206 octets] ##########


JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.2 (01.26.2013:2)
OS: Microsoft Windows XP x86
Ran by Havok on Tue 01/29/2013 at 17:46:00.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Havok\Local Settings\Application Data\updater21804"
Successfully deleted: [Folder] "C:\Documents and Settings\Havok\Local Settings\Application Data\visi_coupon"



~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\Havok\Application Data\mozilla\firefox\profiles\xumbe39u.default\extensions\plugin@selectionlinks.com



~~~ Chrome

Dumping contents of C:\Documents and Settings\Havok\Local Settings\Application Data\Google\Chrome\User Data\Default\Default
C:\Documents and Settings\Havok\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadgdagedfdhdddhgddbgddbdegcgbgd
C:\Documents and Settings\Havok\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\Extensions
C:\Documents and Settings\Havok\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\Preferences
C:\Documents and Settings\Havok\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\Web Data
C:\Documents and Settings\Havok\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadgdagedfdhdddhgddbgddbdegcgbgd\ContentScript.js
C:\Documents and Settings\Havok\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadgdagedfdhdddhgddbgddbdegcgbgd\manifest.json
C:\Documents and Settings\Havok\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Successfully deleted: [Folder] C:\Documents and Settings\Havok\Local Settings\Application Data\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/29/2013 at 17:55:42.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RKill:

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/29/2013 06:00:25 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\sfcfiles.dll [NoSig]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/29/2013 06:01:11 PM
Execution time: 0 hours(s), 0 minute(s), and 45 seconds(s)


Autoruns:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "avast" "avast! Antivirus" "AVAST Software" "c:\program files\avast software\avast\avastui.exe"
+ "BCSSync" "Microsoft Office 2010 component" "Microsoft Corporation" "c:\program files\microsoft office\office14\bcssync.exe"
+ "Cisco AnyConnect Secure Mobility Agent for Windows" "Cisco AnyConnect User Interface" "Cisco Systems, Inc." "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe"
+ "EEventManager" "EEventManager Application" "SEIKO EPSON CORPORATION" "c:\program files\epson software\event manager\eeventmanager.exe"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files\hp\hp software update\hpwuschd2.exe"
+ "igfxhkcmd" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "igfxpers" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "igfxtray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "LifeCam" "LifeExp.exe" "Microsoft Corporation" "c:\program files\microsoft lifecam\lifeexp.exe"
+ "SoundMAXPnP" "SMax4PNP MFC Application" "Analog Devices, Inc." "c:\program files\analog devices\core\smax4pnp.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "PhraseExpress.lnk" "PhraseExpress" "Bartels Media GmbH" "c:\program files\phraseexpress\phraseexpress.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Google Chrome" "Google Chrome" "Google Inc." "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "F-Secure Hoster" "F-Secure Host Process" "F-Secure Corporation" "c:\program files\frontier\backup & sharing\fshoster32.exe"
+ "MSMSGS" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "The Document Foundation" "c:\program files\libreoffice 3.4\basis\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
+ "HP Print Enhancer" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll"
+ "HP Smart BHO Class" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Show or hide HP Smart Web Printing" "HP Smart Web Printing add-on for Internet Explorer" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.2 r202" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AutoKMS.job" "AutoKMS" "" "c:\windows\autokms\autokms.exe"
+ "avast! Emergency Update.job" "avast! Emergency Update" "AVAST Software" "c:\program files\avast software\avast\avastemupdate.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "avast! Antivirus" "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler." "AVAST Software" "c:\program files\avast software\avast\avastsvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "hpqcxs08" "HP CUE Context Manager Objects" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqcxs08.dll"
+ "hpqddsvc" "This service detects and monitors CUE devices on the system." "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpqddsvc.dll"
+ "HPSLPSVC" "Discovers and monitors the state and the configuration of the HP devices attached to your network. If the service is stopped, and your network devices change IP addresses, they might become unavailable" "Hewlett-Packard Co." "c:\program files\hp\digital imaging\bin\hpslpsvc32.dll"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Oracle Corporation" "c:\program files\oracle\javafx 2.1 runtime\bin\jqs.exe"
+ "MSCamSvc" "MsCamSvc.exe" "Microsoft Corporation" "c:\program files\microsoft lifecam\mscams32.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe"
+ "vpnagent" "Cisco AnyConnect Secure Mobility Agent for Windows" "Cisco Systems, Inc." "c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Aavmker4" "avast! Asynchronous Virus Monitor" "AVAST Software" "c:\windows\system32\drivers\aavmker4.sys"
+ "acsint" "Cisco AnyConnect Kernel Driver Framework Socket Layer Interceptor" "Cisco Systems, Inc." "c:\windows\system32\drivers\acsint.sys"
+ "acsmux" "Cisco AnyConnect Kernel Driver Framework Socket Layer Multiplexor" "Cisco Systems, Inc." "c:\windows\system32\drivers\acsmux.sys"
+ "aswFsBlk" "avast! mini-filter driver (aswFsBlk)" "AVAST Software" "c:\windows\system32\drivers\aswfsblk.sys"
+ "aswMon2" "avast! Standard Shield Support" "AVAST Software" "c:\windows\system32\drivers\aswmon2.sys"
+ "AswRdr" "avast! TDI Redirect driver" "AVAST Software" "c:\windows\system32\drivers\aswrdr.sys"
+ "aswSnx" "avast! virtualization driver (aswSnx)" "AVAST Software" "c:\windows\system32\drivers\aswsnx.sys"
+ "aswSP" "avast! Self Protection" "AVAST Software" "c:\windows\system32\drivers\aswsp.sys"
+ "aswTdi" "avast! Network Shield TDI driver" "AVAST Software" "c:\windows\system32\drivers\aswtdi.sys"
+ "b57w2k" "Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57xp32.sys"
+ "cerc6" "" "" "File not found: C:\WINDOWS\System32\Drivers\cerc6.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "CVirtA" "Cisco Systems VPN Adapter" "Cisco Systems, Inc." "c:\windows\system32\drivers\cvirta.sys"
+ "HPZid412" "IEEE-1284.4-1999 Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzid412.sys"
+ "HPZipr12" "IEEE-1284.4-1999 Print Class Driver" "HP" "c:\windows\system32\drivers\hpzipr12.sys"
+ "HPZius12" "1284.4<->Usb Datalink Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzius12.sys"
+ "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
+ "ialm" "Intel Graphics Miniport Driver" "Intel Corporation" "c:\windows\system32\drivers\ialmnt5.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "senfilt" "Creative WDM Audio Driver" "Creative Technology Ltd." "c:\windows\system32\drivers\senfilt.sys"
+ "smwdm" "SoundMAX Integrated Digital Audio " "Analog Devices, Inc." "c:\windows\system32\drivers\smwdm.sys"
+ "vpnva" "Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows" "Cisco Systems, Inc." "c:\windows\system32\drivers\vpnva.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "EPSON NX330 Series 32MonitorBA" "EPSON Bi-directional Monitor x86" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_flbhaa.dll"
+ "hpf3l70v.dll" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpf3l70v.dll"
+ "PCL hpz3l5mu" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3l5mu.dll"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 PM

Posted 29 January 2013 - 06:45 PM

Still redirecting?

#7 cookyspooky

cookyspooky
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 29 January 2013 - 10:24 PM

It seems to not be anymore! Thank you so very much!

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 PM

Posted 29 January 2013 - 11:38 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#9 cookyspooky

cookyspooky
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 03 February 2013 - 01:09 PM

Thank you so very much.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:15 PM

Posted 03 February 2013 - 01:50 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users