Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

www.searchnu.com/421 problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: www.searchnu.com/421 problem

Unread postby askey127 » September 3rd, 2012, 8:17 am

pshaw1993,
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Yontoo 1.10.02

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Re: www.searchnu.com/421 problem

Unread postby pshaw1993 » September 3rd, 2012, 12:09 pm

Hello askey127,

In trying to uninstall Yontoo 1.10.02, when I click "remove" a dialog box entitled "Tarma Installer" pops up and says "Setup initializing error" click ok. Then the add remove program freezes.

pshaw1993
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/421 problem

Unread postby askey127 » September 4th, 2012, 8:08 am

pshaw1993
Please go ahead and run the TDSSK scan and post the results.
We can use other means to get rid of Yontoo.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: www.searchnu.com/421 problem

Unread postby pshaw1993 » September 4th, 2012, 8:53 am

Hi askey127,

I've never been able to "save to desktop" the file downloads and then I'm asked whether to "run" it. I was able to run the TDSSKiller and no threats were found. Was there still a file for me to post and send to you?

pshaw1993
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/421 problem

Unread postby askey127 » September 4th, 2012, 9:08 am

pshaw1993,
The TDSSKiller log is in the main directory of the C: drive
Start > My Computer > double click C:
It will have a name like TDSSKiller_version_03.09.2012_11.15.35_log.txt

----------------------------------------------
Revo Uninstaller
Uninstalls programs and remove remnants left from previous uninstalls.
Tutorial with screen shots available here, if needed.

Please download Revo Uninstaller Free and save it to your desktop.
Double click on "revosetup.exe" to install. Follow/allow default installation.
Vista-W7 Users: You must right-click on "revosetup.exe", select "Run As Administrator" to install. If UAC prompts, allow it.

  1. Double click Revo Uninstaller from the Start Menu programs list, to run it.
  2. From the list of programs click on Yontoo 1.10.02 and choose "Uninstall".
  3. When prompted click Yes.
  4. Make sure the Moderate option is checked... then click Next.
  5. The program will run, when prompted... click Yes... then Next.
  6. Once the program has searched for leftovers click Next.
  7. Check ONLY the bolded items on the list then... click Next... then Yes.
  8. When done click Finish.
    The program entry should now be gone.
.

Revo will succeed many times when regular methods fail.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: www.searchnu.com/421 problem

Unread postby pshaw1993 » September 4th, 2012, 10:52 am

Hello askey127,

Here is the TDSSkiller log you asked for:

08:47:10.0315 2208 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
08:47:10.0612 2208 ============================================================
08:47:10.0612 2208 Current date / time: 2012/09/04 08:47:10.0612
08:47:10.0612 2208 SystemInfo:
08:47:10.0612 2208
08:47:10.0612 2208 OS Version: 5.1.2600 ServicePack: 3.0
08:47:10.0612 2208 Product type: Workstation
08:47:10.0612 2208 ComputerName: HP-D2E6C9939B0A
08:47:10.0612 2208 UserName: Administrator
08:47:10.0612 2208 Windows directory: C:\WINDOWS
08:47:10.0612 2208 System windows directory: C:\WINDOWS
08:47:10.0612 2208 Processor architecture: Intel x86
08:47:10.0612 2208 Number of processors: 4
08:47:10.0612 2208 Page size: 0x1000
08:47:10.0612 2208 Boot type: Normal boot
08:47:10.0612 2208 ============================================================
08:47:11.0112 2208 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:47:11.0112 2208 ============================================================
08:47:11.0112 2208 \Device\Harddisk0\DR0:
08:47:11.0127 2208 MBR partitions:
08:47:11.0127 2208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x950E800
08:47:11.0127 2208 ============================================================
08:47:11.0159 2208 C: <-> \Device\Harddisk0\DR0\Partition1
08:47:11.0159 2208 ============================================================
08:47:11.0159 2208 Initialize success
08:47:11.0159 2208 ============================================================
08:48:12.0206 3360 ============================================================
08:48:12.0206 3360 Scan started
08:48:12.0206 3360 Mode: Manual;
08:48:12.0206 3360 ============================================================
08:48:12.0315 3360 ================ Scan system memory ========================
08:48:12.0315 3360 System memory - ok
08:48:12.0315 3360 ================ Scan services =============================
08:48:12.0377 3360 Abiosdsk - ok
08:48:12.0377 3360 abp480n5 - ok
08:48:12.0424 3360 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:48:12.0424 3360 ACPI - ok
08:48:12.0456 3360 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:48:12.0456 3360 ACPIEC - ok
08:48:12.0502 3360 [ 2DC6FF5DA4EA7CA1D4128A7541734B9F ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
08:48:12.0502 3360 ADIHdAudAddService - ok
08:48:12.0596 3360 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:48:12.0596 3360 AdobeFlashPlayerUpdateSvc - ok
08:48:12.0596 3360 adpu160m - ok
08:48:12.0612 3360 [ 3BC9C8BAF983B583E14088E6FF74A8A1 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
08:48:12.0612 3360 AEAudio - ok
08:48:12.0627 3360 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:48:12.0627 3360 aec - ok
08:48:12.0690 3360 [ F6B7B1ECD7B41736BDB6FF4B092BCB79 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:48:12.0690 3360 AFD - ok
08:48:12.0690 3360 Aha154x - ok
08:48:12.0690 3360 aic78u2 - ok
08:48:12.0706 3360 aic78xx - ok
08:48:12.0737 3360 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:48:12.0737 3360 Alerter - ok
08:48:12.0752 3360 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
08:48:12.0752 3360 ALG - ok
08:48:12.0752 3360 AliIde - ok
08:48:12.0752 3360 amsint - ok
08:48:12.0877 3360 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
08:48:12.0877 3360 AntiVirSchedulerService - ok
08:48:12.0893 3360 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
08:48:12.0893 3360 AntiVirService - ok
08:48:12.0940 3360 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:48:12.0956 3360 Apple Mobile Device - ok
08:48:12.0971 3360 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
08:48:12.0971 3360 AppMgmt - ok
08:48:12.0971 3360 asc - ok
08:48:12.0971 3360 asc3350p - ok
08:48:12.0971 3360 asc3550 - ok
08:48:13.0081 3360 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:48:13.0081 3360 aspnet_state - ok
08:48:13.0096 3360 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:48:13.0112 3360 AsyncMac - ok
08:48:13.0127 3360 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:48:13.0143 3360 atapi - ok
08:48:13.0143 3360 Atdisk - ok
08:48:13.0159 3360 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:48:13.0174 3360 Atmarpc - ok
08:48:13.0190 3360 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:48:13.0190 3360 AudioSrv - ok
08:48:13.0190 3360 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:48:13.0190 3360 audstub - ok
08:48:13.0206 3360 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
08:48:13.0206 3360 avgntflt - ok
08:48:13.0252 3360 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
08:48:13.0252 3360 avipbb - ok
08:48:13.0252 3360 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
08:48:13.0252 3360 avkmgr - ok
08:48:13.0299 3360 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:48:13.0299 3360 Beep - ok
08:48:13.0346 3360 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
08:48:13.0346 3360 BITS - ok
08:48:13.0424 3360 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:48:13.0440 3360 Bonjour Service - ok
08:48:13.0471 3360 [ 7E39A3EDC13B076E70FDB9A6F6D7A4B4 ] Browser C:\WINDOWS\System32\browser.dll
08:48:13.0471 3360 Browser - ok
08:48:13.0518 3360 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:48:13.0518 3360 cbidf2k - ok
08:48:13.0518 3360 cd20xrnt - ok
08:48:13.0518 3360 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:48:13.0518 3360 Cdaudio - ok
08:48:13.0534 3360 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:48:13.0534 3360 Cdfs - ok
08:48:13.0549 3360 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:48:13.0549 3360 Cdrom - ok
08:48:13.0549 3360 Changer - ok
08:48:13.0565 3360 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:48:13.0565 3360 CiSvc - ok
08:48:13.0581 3360 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:48:13.0581 3360 ClipSrv - ok
08:48:13.0627 3360 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:48:13.0627 3360 clr_optimization_v2.0.50727_32 - ok
08:48:13.0706 3360 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:48:13.0706 3360 clr_optimization_v4.0.30319_32 - ok
08:48:13.0706 3360 CmdIde - ok
08:48:13.0706 3360 COMSysApp - ok
08:48:13.0721 3360 Cpqarray - ok
08:48:13.0752 3360 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:48:13.0768 3360 CryptSvc - ok
08:48:13.0768 3360 dac2w2k - ok
08:48:13.0768 3360 dac960nt - ok
08:48:13.0815 3360 [ 9222562D44021B988B9F9F62207FB6F2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:48:13.0831 3360 DcomLaunch - ok
08:48:13.0877 3360 [ C51DE19619D50CBD03708647ACA10E70 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:48:13.0877 3360 Dhcp - ok
08:48:13.0893 3360 [ 47B6AAEC570F2C11D8BAD80A064D8ED1 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:48:13.0893 3360 Disk - ok
08:48:13.0893 3360 dmadmin - ok
08:48:13.0924 3360 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:48:13.0924 3360 dmboot - ok
08:48:13.0940 3360 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:48:13.0940 3360 dmio - ok
08:48:13.0940 3360 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:48:13.0956 3360 dmload - ok
08:48:13.0956 3360 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:48:13.0956 3360 dmserver - ok
08:48:13.0971 3360 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:48:13.0971 3360 DMusic - ok
08:48:14.0018 3360 [ D977659AE4D8ECE5286D99D1ED34614D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:48:14.0018 3360 Dnscache - ok
08:48:14.0034 3360 [ B4109C8C3D54C83246997A777724F318 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:48:14.0049 3360 Dot3svc - ok
08:48:14.0049 3360 dpti2o - ok
08:48:14.0081 3360 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:48:14.0081 3360 drmkaud - ok
08:48:14.0112 3360 [ D60759140694150360BBEFD9CAB7C920 ] e1kexpress C:\WINDOWS\system32\DRIVERS\e1k5132.sys
08:48:14.0112 3360 e1kexpress - ok
08:48:14.0143 3360 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:48:14.0143 3360 EapHost - ok
08:48:14.0143 3360 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:48:14.0143 3360 ERSvc - ok
08:48:14.0190 3360 [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] Eventlog C:\WINDOWS\system32\services.exe
08:48:14.0190 3360 Eventlog - ok
08:48:14.0221 3360 [ F17F6226BDC0CD5F0BEF0DAF84D29BEC ] EventSystem C:\WINDOWS\system32\es.dll
08:48:14.0237 3360 EventSystem - ok
08:48:14.0268 3360 [ 4D893323DAE445E34A4C9038B0551BC9 ] exFat C:\WINDOWS\system32\drivers\exFat.sys
08:48:14.0268 3360 exFat - ok
08:48:14.0299 3360 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:48:14.0299 3360 Fastfat - ok
08:48:14.0346 3360 [ 888CD7B39C37E13A2419BECFAAF0A28C ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:48:14.0346 3360 FastUserSwitchingCompatibility - ok
08:48:14.0346 3360 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
08:48:14.0346 3360 Fdc - ok
08:48:14.0362 3360 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:48:14.0362 3360 Fips - ok
08:48:14.0377 3360 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
08:48:14.0377 3360 Flpydisk - ok
08:48:14.0409 3360 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:48:14.0409 3360 FltMgr - ok
08:48:14.0471 3360 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:48:14.0471 3360 FontCache3.0.0.0 - ok
08:48:14.0487 3360 [ 30D42943A54704EF13E2562911DBFCEA ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:48:14.0487 3360 Fs_Rec - ok
08:48:14.0518 3360 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:48:14.0518 3360 Ftdisk - ok
08:48:14.0549 3360 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:48:14.0549 3360 GEARAspiWDM - ok
08:48:14.0596 3360 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:48:14.0596 3360 Gpc - ok
08:48:14.0612 3360 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:48:14.0612 3360 HDAudBus - ok
08:48:14.0659 3360 [ E4A123AD734A3731D29EBD3A01B3E535 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
08:48:14.0659 3360 HECI - ok
08:48:14.0737 3360 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:48:14.0737 3360 helpsvc - ok
08:48:14.0737 3360 HidServ - ok
08:48:14.0784 3360 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:48:14.0784 3360 hidusb - ok
08:48:14.0799 3360 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:48:14.0799 3360 hkmsvc - ok
08:48:14.0799 3360 hpn - ok
08:48:14.0846 3360 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:48:14.0846 3360 HTTP - ok
08:48:14.0862 3360 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:48:14.0877 3360 HTTPFilter - ok
08:48:14.0877 3360 i2omgmt - ok
08:48:14.0877 3360 i2omp - ok
08:48:14.0909 3360 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:48:14.0909 3360 i8042prt - ok
08:48:15.0096 3360 [ AD3191F675159D3728738E847D4A73EE ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
08:48:15.0252 3360 ialm - ok
08:48:15.0299 3360 [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
08:48:15.0299 3360 iaStor - ok
08:48:15.0346 3360 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:48:15.0377 3360 idsvc - ok
08:48:15.0393 3360 [ 2CDF483F8FC2BF3F7B93E3BDD734CFBD ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
08:48:15.0393 3360 IFXTPM - ok
08:48:15.0424 3360 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:48:15.0424 3360 Imapi - ok
08:48:15.0440 3360 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:48:15.0440 3360 ImapiService - ok
08:48:15.0440 3360 ini910u - ok
08:48:15.0440 3360 IntelIde - ok
08:48:15.0487 3360 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:48:15.0487 3360 intelppm - ok
08:48:15.0502 3360 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:48:15.0502 3360 Ip6Fw - ok
08:48:15.0534 3360 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:48:15.0534 3360 IpFilterDriver - ok
08:48:15.0534 3360 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:48:15.0534 3360 IpInIp - ok
08:48:15.0565 3360 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:48:15.0565 3360 IpNat - ok
08:48:15.0612 3360 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:48:15.0643 3360 iPod Service - ok
08:48:15.0690 3360 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:48:15.0690 3360 IPSec - ok
08:48:15.0721 3360 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:48:15.0721 3360 IRENUM - ok
08:48:15.0752 3360 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:48:15.0752 3360 isapnp - ok
08:48:15.0815 3360 [ C2C1660DDCC9BD67EB98D6D5F91C107F ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
08:48:15.0831 3360 JavaQuickStarterService - ok
08:48:15.0831 3360 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:48:15.0831 3360 Kbdclass - ok
08:48:15.0831 3360 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:48:15.0831 3360 kbdhid - ok
08:48:15.0846 3360 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:48:15.0846 3360 kmixer - ok
08:48:15.0877 3360 [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:48:15.0877 3360 KSecDD - ok
08:48:15.0909 3360 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
08:48:15.0909 3360 LanmanServer - ok
08:48:15.0956 3360 [ 3B9324D60DD321BAB7BF6F77931D3FD1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:48:15.0956 3360 lanmanworkstation - ok
08:48:15.0956 3360 lbrtfdc - ok
08:48:16.0018 3360 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:48:16.0018 3360 LmHosts - ok
08:48:16.0034 3360 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:48:16.0034 3360 Messenger - ok
08:48:16.0096 3360 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
08:48:16.0096 3360 Microsoft Office Groove Audit Service - ok
08:48:16.0127 3360 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:48:16.0127 3360 mnmdd - ok
08:48:16.0174 3360 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
08:48:16.0174 3360 mnmsrvc - ok
08:48:16.0221 3360 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:48:16.0221 3360 Modem - ok
08:48:16.0237 3360 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:48:16.0237 3360 Mouclass - ok
08:48:16.0237 3360 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:48:16.0237 3360 mouhid - ok
08:48:16.0252 3360 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:48:16.0252 3360 MountMgr - ok
08:48:16.0284 3360 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:48:16.0284 3360 MozillaMaintenance - ok
08:48:16.0299 3360 mraid35x - ok
08:48:16.0346 3360 [ 65E818C473E220B6AB762E1966296FD1 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:48:16.0346 3360 MRxDAV - ok
08:48:16.0393 3360 [ FB2FCCC70F7174C7BF64F48E96D3ADF4 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:48:16.0393 3360 MRxSmb - ok
08:48:16.0424 3360 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
08:48:16.0424 3360 MSDTC - ok
08:48:16.0440 3360 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:48:16.0440 3360 Msfs - ok
08:48:16.0440 3360 MSIServer - ok
08:48:16.0471 3360 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:48:16.0471 3360 MSKSSRV - ok
08:48:16.0487 3360 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:48:16.0487 3360 MSPCLOCK - ok
08:48:16.0487 3360 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:48:16.0487 3360 MSPQM - ok
08:48:16.0534 3360 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:48:16.0534 3360 mssmbios - ok
08:48:16.0581 3360 [ F7B1AD991491F02AF6DA70B00B8BF114 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:48:16.0581 3360 Mup - ok
08:48:16.0612 3360 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:48:16.0612 3360 napagent - ok
08:48:16.0643 3360 [ B5B1080D35974C0E718D64280761BCD5 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:48:16.0643 3360 NDIS - ok
08:48:16.0690 3360 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:48:16.0690 3360 NdisTapi - ok
08:48:16.0706 3360 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:48:16.0706 3360 Ndisuio - ok
08:48:16.0706 3360 [ B053A8411045FD0664B389A090CB2BBC ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:48:16.0706 3360 NdisWan - ok
08:48:16.0721 3360 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:48:16.0721 3360 NDProxy - ok
08:48:16.0737 3360 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:48:16.0737 3360 NetBIOS - ok
08:48:16.0768 3360 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:48:16.0768 3360 NetBT - ok
08:48:16.0784 3360 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
08:48:16.0799 3360 NetDDE - ok
08:48:16.0799 3360 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:48:16.0799 3360 NetDDEdsdm - ok
08:48:16.0831 3360 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:48:16.0831 3360 Netlogon - ok
08:48:16.0846 3360 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
08:48:16.0846 3360 Netman - ok
08:48:16.0877 3360 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:48:16.0877 3360 NetTcpPortSharing - ok
08:48:16.0909 3360 [ 290C1A30DEFC723BBE10910AC2D6F6D0 ] Nla C:\WINDOWS\System32\mswsock.dll
08:48:16.0909 3360 Nla - ok
08:48:16.0940 3360 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:48:16.0940 3360 Npfs - ok
08:48:16.0956 3360 [ AE8CAD8F28DB13B515A68510A539B0B8 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:48:16.0956 3360 Ntfs - ok
08:48:16.0971 3360 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
08:48:16.0971 3360 NtLmSsp - ok
08:48:17.0018 3360 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:48:17.0018 3360 NtmsSvc - ok
08:48:17.0065 3360 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:48:17.0065 3360 Null - ok
08:48:17.0081 3360 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:48:17.0081 3360 NwlnkFlt - ok
08:48:17.0096 3360 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:48:17.0096 3360 NwlnkFwd - ok
08:48:17.0190 3360 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:48:17.0190 3360 odserv - ok
08:48:17.0221 3360 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:48:17.0221 3360 ose - ok
08:48:17.0252 3360 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
08:48:17.0252 3360 Parport - ok
08:48:17.0268 3360 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:48:17.0268 3360 PartMgr - ok
08:48:17.0315 3360 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:48:17.0315 3360 ParVdm - ok
08:48:17.0331 3360 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:48:17.0331 3360 PCI - ok
08:48:17.0331 3360 PCIDump - ok
08:48:17.0331 3360 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:48:17.0331 3360 PCIIde - ok
08:48:17.0346 3360 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:48:17.0346 3360 Pcmcia - ok
08:48:17.0346 3360 PDCOMP - ok
08:48:17.0346 3360 PDFRAME - ok
08:48:17.0362 3360 PDRELI - ok
08:48:17.0362 3360 PDRFRAME - ok
08:48:17.0362 3360 perc2 - ok
08:48:17.0362 3360 perc2hib - ok
08:48:17.0393 3360 [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] PlugPlay C:\WINDOWS\system32\services.exe
08:48:17.0393 3360 PlugPlay - ok
08:48:17.0409 3360 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:48:17.0409 3360 PolicyAgent - ok
08:48:17.0440 3360 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:48:17.0440 3360 PptpMiniport - ok
08:48:17.0440 3360 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:48:17.0440 3360 ProtectedStorage - ok
08:48:17.0456 3360 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:48:17.0456 3360 PSched - ok
08:48:17.0471 3360 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:48:17.0471 3360 Ptilink - ok
08:48:17.0471 3360 ql1080 - ok
08:48:17.0471 3360 Ql10wnt - ok
08:48:17.0471 3360 ql12160 - ok
08:48:17.0487 3360 ql1240 - ok
08:48:17.0487 3360 ql1280 - ok
08:48:17.0581 3360 [ 2EE6D9CAB03900646D1D3D9077167BD6 ] RalinkRegistryWriter C:\Program Files\Zoom Wireless-N USB\Common\RaRegistry.exe
08:48:17.0581 3360 RalinkRegistryWriter - ok
08:48:17.0596 3360 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:48:17.0596 3360 RasAcd - ok
08:48:17.0612 3360 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:48:17.0612 3360 RasAuto - ok
08:48:17.0643 3360 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:48:17.0643 3360 Rasl2tp - ok
08:48:17.0659 3360 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:48:17.0659 3360 RasMan - ok
08:48:17.0659 3360 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:48:17.0674 3360 RasPppoe - ok
08:48:17.0674 3360 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:48:17.0674 3360 Raspti - ok
08:48:17.0674 3360 [ 77050C6615F6EB5402F832B27FD695E0 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:48:17.0674 3360 Rdbss - ok
08:48:17.0690 3360 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:48:17.0690 3360 RDPCDD - ok
08:48:17.0737 3360 [ C694A927EB7C354F7AE97955043A9641 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:48:17.0737 3360 rdpdr - ok
08:48:17.0768 3360 [ 997C59B9955F911EC460241DD9E01B04 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:48:17.0768 3360 RDPWD - ok
08:48:17.0784 3360 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:48:17.0784 3360 RDSessMgr - ok
08:48:17.0799 3360 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:48:17.0799 3360 redbook - ok
08:48:17.0846 3360 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:48:17.0846 3360 RemoteAccess - ok
08:48:17.0877 3360 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
08:48:17.0877 3360 RemoteRegistry - ok
08:48:17.0909 3360 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
08:48:17.0909 3360 RpcLocator - ok
08:48:17.0940 3360 [ 9222562D44021B988B9F9F62207FB6F2 ] RpcSs C:\WINDOWS\system32\rpcss.dll
08:48:17.0940 3360 RpcSs - ok
08:48:17.0956 3360 [ 743D7D59767073A617B1DCC6C546F234 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
08:48:17.0956 3360 rspndr - ok
08:48:18.0002 3360 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
08:48:18.0002 3360 RSVP - ok
08:48:18.0049 3360 [ AD0BAD5D585AFC1CB1CD5EAFCAE50ED4 ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
08:48:18.0065 3360 rt2870 - ok
08:48:18.0081 3360 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
08:48:18.0081 3360 SamSs - ok
08:48:18.0127 3360 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:48:18.0127 3360 SCardSvr - ok
08:48:18.0159 3360 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:48:18.0174 3360 Schedule - ok
08:48:18.0221 3360 [ F34C06D1C706A6D9433570B087A18B02 ] Scutum50 C:\WINDOWS\system32\Drivers\Scutum50.sys
08:48:18.0221 3360 Scutum50 - ok
08:48:18.0237 3360 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:48:18.0237 3360 Secdrv - ok
08:48:18.0252 3360 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
08:48:18.0252 3360 seclogon - ok
08:48:18.0252 3360 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
08:48:18.0268 3360 SENS - ok
08:48:18.0268 3360 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
08:48:18.0268 3360 serenum - ok
08:48:18.0284 3360 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
08:48:18.0284 3360 Serial - ok
08:48:18.0299 3360 [ B6401608579B6431994425BA7653F774 ] SFAUDIO C:\WINDOWS\system32\drivers\sfaudio.sys
08:48:18.0299 3360 SFAUDIO - ok
08:48:18.0346 3360 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:48:18.0346 3360 Sfloppy - ok
08:48:18.0362 3360 [ 4F10A2FA76B5BD54CD68AFA94E8ADB39 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
08:48:18.0362 3360 SharedAccess - ok
08:48:18.0377 3360 [ 888CD7B39C37E13A2419BECFAAF0A28C ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:48:18.0377 3360 ShellHWDetection - ok
08:48:18.0377 3360 Simbad - ok
08:48:18.0393 3360 Sparrow - ok
08:48:18.0424 3360 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:48:18.0424 3360 splitter - ok
08:48:18.0471 3360 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:48:18.0471 3360 Spooler - ok
08:48:18.0502 3360 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:48:18.0502 3360 sr - ok
08:48:18.0534 3360 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
08:48:18.0534 3360 srservice - ok
08:48:18.0549 3360 [ 10878ECF68D2806BEBF87D1B087CFF57 ] SRS_PremiumSound_Service C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys
08:48:18.0549 3360 SRS_PremiumSound_Service - ok
08:48:18.0596 3360 [ 9B390283569EA58D43D2586032B892F5 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:48:18.0596 3360 Srv - ok
08:48:18.0612 3360 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:48:18.0612 3360 SSDPSRV - ok
08:48:18.0659 3360 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
08:48:18.0659 3360 ssmdrv - ok
08:48:18.0706 3360 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:48:18.0721 3360 stisvc - ok
08:48:18.0768 3360 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:48:18.0768 3360 swenum - ok
08:48:18.0784 3360 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:48:18.0784 3360 swmidi - ok
08:48:18.0784 3360 SwPrv - ok
08:48:18.0799 3360 symc810 - ok
08:48:18.0799 3360 symc8xx - ok
08:48:18.0799 3360 sym_hi - ok
08:48:18.0799 3360 sym_u3 - ok
08:48:18.0846 3360 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:48:18.0846 3360 sysaudio - ok
08:48:18.0862 3360 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:48:18.0862 3360 SysmonLog - ok
08:48:18.0924 3360 [ E2B32B10ACC5D97623275AAFB67E5F03 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:48:18.0940 3360 TapiSrv - ok
08:48:18.0987 3360 [ 25A740D70E8007814A48D3FA1B34FA34 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:48:18.0987 3360 Tcpip - ok
08:48:19.0018 3360 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:48:19.0018 3360 TDPIPE - ok
08:48:19.0034 3360 [ C0578456F29E5F26285F81B7B71FE57D ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:48:19.0034 3360 TDTCP - ok
08:48:19.0049 3360 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:48:19.0049 3360 TermDD - ok
08:48:19.0081 3360 [ 37981A741AD7B04258E87129FFE79AB9 ] TermService C:\WINDOWS\System32\termsrv.dll
08:48:19.0081 3360 TermService - ok
08:48:19.0127 3360 [ 888CD7B39C37E13A2419BECFAAF0A28C ] Themes C:\WINDOWS\System32\shsvcs.dll
08:48:19.0127 3360 Themes - ok
08:48:19.0159 3360 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
08:48:19.0159 3360 TlntSvr - ok
08:48:19.0159 3360 TosIde - ok
08:48:19.0190 3360 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:48:19.0190 3360 TrkWks - ok
08:48:19.0206 3360 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:48:19.0206 3360 Udfs - ok
08:48:19.0206 3360 ultra - ok
08:48:19.0252 3360 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
08:48:19.0268 3360 Update - ok
08:48:19.0315 3360 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:48:19.0315 3360 upnphost - ok
08:48:19.0331 3360 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
08:48:19.0331 3360 UPS - ok
08:48:19.0362 3360 [ AF9388E736AF0C325067F05EDC350010 ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
08:48:19.0362 3360 usbbus - ok
08:48:19.0393 3360 [ AE30EA96E60E823C7B525DA356283AE8 ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
08:48:19.0393 3360 UsbDiag - ok
08:48:19.0440 3360 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:48:19.0440 3360 usbehci - ok
08:48:19.0440 3360 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:48:19.0440 3360 usbhub - ok
08:48:19.0471 3360 [ 46AC66DF3D6EFE81F69BEA823A53AAB5 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
08:48:19.0471 3360 USBModem - ok
08:48:19.0502 3360 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:48:19.0502 3360 USBSTOR - ok
08:48:19.0502 3360 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:48:19.0502 3360 usbuhci - ok
08:48:19.0549 3360 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
08:48:19.0549 3360 VgaSave - ok
08:48:19.0549 3360 ViaIde - ok
08:48:19.0549 3360 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
08:48:19.0549 3360 VolSnap - ok
08:48:19.0581 3360 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
08:48:19.0581 3360 VSS - ok
08:48:19.0596 3360 [ 9F8A0D0CBB2FA265A754516128C00E22 ] W32Time C:\WINDOWS\system32\w32time.dll
08:48:19.0612 3360 W32Time - ok
08:48:19.0612 3360 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:48:19.0627 3360 Wanarp - ok
08:48:19.0627 3360 WDICA - ok
08:48:19.0674 3360 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
08:48:19.0674 3360 wdmaud - ok
08:48:19.0706 3360 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
08:48:19.0721 3360 WebClient - ok
08:48:19.0799 3360 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
08:48:19.0815 3360 winmgmt - ok
08:48:19.0846 3360 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
08:48:19.0846 3360 WmdmPmSN - ok
08:48:19.0893 3360 [ C8A6C82F90B055149925DC7526B2D78C ] Wmi C:\WINDOWS\System32\advapi32.dll
08:48:19.0909 3360 Wmi - ok
08:48:19.0956 3360 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:48:19.0956 3360 WmiAcpi - ok
08:48:19.0971 3360 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:48:19.0971 3360 WmiApSrv - ok
08:48:20.0049 3360 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
08:48:20.0049 3360 WMPNetworkSvc - ok
08:48:20.0143 3360 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:48:20.0190 3360 WPFFontCache_v0400 - ok
08:48:20.0221 3360 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
08:48:20.0237 3360 wscsvc - ok
08:48:20.0268 3360 [ AAE1A6FFBA2B0436E91795120F48C461 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
08:48:20.0268 3360 wuauserv - ok
08:48:20.0284 3360 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:48:20.0284 3360 WudfPf - ok
08:48:20.0299 3360 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:48:20.0299 3360 WudfRd - ok
08:48:20.0299 3360 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
08:48:20.0299 3360 WudfSvc - ok
08:48:20.0346 3360 [ 349B8D2BB755E8C3B0E3E82A87663E55 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
08:48:20.0346 3360 WZCSVC - ok
08:48:20.0393 3360 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
08:48:20.0393 3360 xmlprov - ok
08:48:20.0393 3360 ================ Scan global ===============================
08:48:20.0409 3360 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:48:20.0471 3360 [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll
08:48:20.0487 3360 [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll
08:48:20.0487 3360 [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] C:\WINDOWS\system32\services.exe
08:48:20.0487 3360 [Global] - ok
08:48:20.0487 3360 ================ Scan MBR ==================================
08:48:20.0518 3360 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:48:20.0690 3360 \Device\Harddisk0\DR0 - ok
08:48:20.0690 3360 ================ Scan VBR ==================================
08:48:20.0690 3360 [ 707DE68D23EC419C61B870089922D2DE ] \Device\Harddisk0\DR0\Partition1
08:48:20.0690 3360 \Device\Harddisk0\DR0\Partition1 - ok
08:48:20.0690 3360 ============================================================
08:48:20.0690 3360 Scan finished
08:48:20.0690 3360 ============================================================
08:48:20.0690 3184 Detected object count: 0
08:48:20.0690 3184 Actual detected object count: 0
08:48:51.0643 1272 Deinitialize success
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/421 problem

Unread postby askey127 » September 6th, 2012, 9:04 am

pshaw1993,
Sorry for the delay.
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software after downloading but BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or an infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • DISABLE AVIRA ANTIVIR
    Please navigate to the system tray on the bottom right hand corner and look for an open umbrella on red background (looks like this:Image )
    • Right click it and untick any of the options AntiVir Guard enable, Antivir Webguard enable, and Antivir Mailguard enable, that are present.
    • You should now see a closed umbrella on a red background (looks like this: Image )
    The AntiVir Guards are now disabled.
  • Now start ComboFix (zzz.exe)
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it.(You would).
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts.
    When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).

    If the Recovery Console is not available via the download, Run the scan anyway.
  • It will run through about 50 procedures, then take a while to assemble its output log.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply, and then Reenable your Antivirus protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

The Recovery Console produces a brief (2 second) black screen at bootup which allows an additional technical resource for repair in case of a major failure. In regular operation, you can ignore it.

Let me know how it's running
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: www.searchnu.com/421 problem

Unread postby askey127 » September 6th, 2012, 1:43 pm

One more thing.....
In searching for more possible sources of adware infections, the Blekko Toolbar came up.
This is owned by an individual implicated in previous viruses.
See here: https://en.wikipedia.org/wiki/Blekko
I would consider using Revo Uninstaller to remove it.
If you need help let me know.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: www.searchnu.com/421 problem

Unread postby pshaw1993 » September 6th, 2012, 4:22 pm

Hi askey 127,

Apologizes not necessary. Should I uninstall the Blekko Toolbar with Revo Installer BEFORE I do your prior instructions?

pshaw1993
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/421 problem

Unread postby pshaw1993 » September 6th, 2012, 4:33 pm

Also. I'm not sure why the last few programs you've asked me to install I can"t (or don't know how) install to the desktop. When the file is downloaded and I double-click on it it just asks me to "run" it.

pshaw1993
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/421 problem

Unread postby askey127 » September 6th, 2012, 5:57 pm

Sure, uninstall the Blekko toolbar as soon as you can.
I'm not sure it will actually GO.
Some of these lovelies don't GO when requested.

If you RUN a program instead of saving it to your desktop, it just means that you would have to download it again in case of "running" it a second time.
I can tell you how to change your Firefox settings to have every download ask you where to save it.
Do you want to use Firefox and have me do that?
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: www.searchnu.com/421 problem

Unread postby pshaw1993 » September 6th, 2012, 11:07 pm

Yes. I'd appreciate that askey127.

pshaw1993
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/421 problem

Unread postby askey127 » September 7th, 2012, 6:29 am

pshaw1993
---------------------------------------------------------
Set Firefox So it Always Asks Where to Save Downloads
Open Firefox, then hit the Alt key once if necessary, so you can see the menu bar at the top.
In the top menu, click on Tools, and select Options.
Click on the General tab, and click the radiobutton labeled "Always ask me where to save files"
Click OK.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: www.searchnu.com/421 problem

Unread postby pshaw1993 » September 7th, 2012, 2:07 pm

Hello askey127,

The log you asked for is posted below:

ComboFix 12-09-07.03 - Administrator 09/07/2012 13:32:21.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1977.944 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\zzz.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\msvcr71.dll.int
.
.
((((((((((((((((((((((((( Files Created from 2012-08-07 to 2012-09-07 )))))))))))))))))))))))))))))))
.
.
2012-09-04 14:54 . 2012-09-04 14:54 -------- d-----w- c:\program files\VS Revo Group
2012-09-01 18:37 . 2012-09-01 18:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2012-09-01 18:36 . 2012-09-01 18:36 -------- d-----w- c:\program files\Common Files\Adobe
2012-08-31 22:55 . 2012-08-31 22:55 -------- d-----w- c:\documents and settings\Administrator\AppData
2012-08-30 21:42 . 2011-09-28 13:20 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2012-08-30 21:42 . 2011-09-28 13:20 15360 ----a-w- c:\windows\system32\inetfr.DLL
2012-08-30 21:42 . 2011-09-28 13:20 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2012-08-30 21:42 . 2012-08-30 22:06 -------- d-----w- c:\program files\Free Easy CD DVD Burner
2012-08-30 21:42 . 2012-08-30 21:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\FreeBurner
2012-08-30 21:42 . 2011-09-28 13:20 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2012-08-30 21:42 . 2011-09-28 13:20 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2012-08-30 21:42 . 2011-09-28 13:20 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2012-08-30 02:32 . 2012-08-30 02:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-08-30 00:44 . 2012-08-30 00:44 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-29 12:20 . 2012-08-29 12:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2012-08-29 12:20 . 2012-08-29 12:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2012-08-29 12:20 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-29 12:20 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-29 12:19 . 2012-08-29 12:19 -------- d-----w- c:\program files\iPod
2012-08-29 12:19 . 2012-08-29 12:20 -------- d-----w- c:\program files\iTunes
2012-08-29 12:19 . 2012-08-29 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-08-29 12:19 . 2012-08-29 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-08-29 12:19 . 2012-08-29 12:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
2012-08-29 12:19 . 2012-08-29 12:19 -------- d-----w- c:\program files\Apple Software Update
2012-08-29 12:19 . 2012-08-29 12:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-08-29 12:18 . 2012-08-29 12:18 -------- d-----w- c:\program files\Bonjour
2012-08-29 12:18 . 2012-08-29 12:19 -------- d-----w- c:\program files\Common Files\Apple
2012-08-29 12:18 . 2012-08-29 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2012-08-20 20:06 . 2012-08-20 20:06 -------- d-----w- c:\program files\SeaMonkey
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 23:16 . 2012-05-26 22:52 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 23:16 . 2012-05-26 22:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-19 14:26 . 2012-06-19 14:24 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2012-08-30 00:44 . 2012-05-14 11:47 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-18 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2009-04-18 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1044480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"LGODDFU"="c:\program files\lg_fwupdate\lgfw.exe" [2012-07-24 27760]
"UpdatePSTShortCut"="c:\program files\CyberLink\Media Suite\MUITransfer\MUIStartMenu.exe" [2011-12-15 222504]
"BYR_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2012-03-15 392280]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher\MailWasherPro.exe [2012-6-11 5662536]
Zoom Wireless-N USB.lnk - c:\program files\Zoom Wireless-N USB\Common\RaUI.exe [2011-12-31 1601536]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 15:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-03-25 08:10 166912 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-03-25 08:10 134656 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-03-25 08:09 136192 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 12:14 PM 24064]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12/21/2011 8:33 PM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/21/2011 8:33 PM 86224]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [12/31/2011 8:38 PM 19072]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [12/21/2011 7:51 PM 144480]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/21/2011 7:48 PM 36608]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [12/21/2011 8:23 PM 246000]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/26/2012 6:52 PM 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/14/2012 7:47 AM 114144]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 11771443
*NewlyCreated* - TRUESIGHT
*Deregistered* - 11771443
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 23:16]
.
2012-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/421
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... 21&sr=0&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-07 13:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1645522239-2111687655-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,19,ce,6e,0f,be,a6,4b,b9,31,2c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,19,ce,6e,0f,be,a6,4b,b9,31,2c,\
.
Completion time: 2012-09-07 13:36:38
ComboFix-quarantined-files.txt 2012-09-07 17:36
.
Pre-Run: 55,986,352,128 bytes free
Post-Run: 55,930,826,752 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B0CCD0B099BF737E76F78F310C94AE0F
pshaw1993
Regular Member
 
Posts: 28
Joined: May 26th, 2012, 10:32 pm

Re: www.searchnu.com/421 problem

Unread postby askey127 » September 7th, 2012, 2:36 pm

pshaw1993,
Open Firefox.
If you cannot see the File menu bar at the top, hit the <Alt> key once.
Click Tools on the top menu, then choose Options
Make sure the General tab is highlighted.
Click inside the box labeled Home Page, and use the Backspace and Delete keys to erase what's in there.
Then type in the following:
http://www.google.com
click the OK button at the bottom of the dialog.

Close Firefox and start it up again. It should go to the Google screen.
Let me know how it behaves.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware