Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Widgi Tools and unexpected traffic on connection


  • Please log in to reply
16 replies to this topic

#1 Jonat

Jonat

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 20 December 2012 - 03:34 PM

Two issues :
1. Spybot S&D keeps reporting that I have Widgi Tools on my computer, but it can't get rid of it when requested.
I also tried other methods described on net, but none worked. Registry entries described on net don't seem to
exist on my computer.

2. There often seems to be unexpectedly high traffic on my connection when I don't expect any, even with both
Windows auto update turned off and my Avast Antivirus temporarily turned off to ensure its not looking for virus
definition updates.

I have downloaded HijackThis and DDS, and can provide their reports if needed.

What can I do to resolve the above issues ?
Help will be appreciated.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:22 PM

Posted 20 December 2012 - 07:22 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Jonat

Jonat
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 21 December 2012 - 03:54 AM

Thanks for helping. I've posted the log files in the order you request, namely :
1 checkup.txt
2 FSS.txt
3 Result.txt
4 mbam-log-2012-12-21 (09-59-46).txt
5 MBR.dat

The MBR.dat appears to be binary, but I don't know how to attache the original file to this post.
Note that AVAST is my normal antivirus utility.

Look forward to your response.


-------------------------------------------------------



Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Anti-Virus Free Edition 2012
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
MVPS Hosts File
Spybot - Search & Destroy
Norton Ghost
CCleaner
Java™ 6 Update 15
Java version out of Date!
Adobe Reader 10.1.1 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 25% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

-------------------------------------------------------



Farbar Service Scanner Version: 10-12-2012
Ran by Jonat (administrator) on 21-12-2012 at 09:50:08
Running from "C:\Documents and Settings\Jonat\desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0A00000005000000010000000200000003000000040000000A00000009000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****
-------------------------------------------------------



MiniToolBox by Farbar Version: 25-11-2012
Ran by Jonat (administrator) on 21-12-2012 at 09:53:23
Running from "C:\Documents and Settings\Jonat\desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15288 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC = Local Area Connection 2 (Disconnected)
1394 Net Adapter = 1394 Connection 2 (Disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 7"

set address name="Wireless Network Connection 7" source=dhcp
set dns name="Wireless Network Connection 7" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 7" source=dhcp


popd
# End of interface IP configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : pc-wss-1000gb
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Wireless Network Connection 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Wireless N-lite USB Adapter
Physical Address. . . . . . . . . : CC-5D-4E-02-1D-7F
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 255.255.255.255
Server: UnKnown
Address: 127.0.0.1


Pinging google.com [74.125.233.6] with 32 bytes of data:

Destination host unreachable.
Reply from 74.125.233.6: bytes=32 time=14ms TTL=55

Ping statistics for 74.125.233.6:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 14ms, Average = 14ms
Server: Billion.810VGTX
Address: 10.0.0.2

Name: yahoo.com
Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=417ms TTL=41
Reply from 98.138.253.109: bytes=32 time=391ms TTL=41

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 391ms, Maximum = 417ms, Average = 404ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x40003 ...cc 5d 4e 02 1d 7f ...... Wireless N-lite USB Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.2 10.0.0.101 20
10.0.0.0 255.255.255.0 10.0.0.101 10.0.0.101 20
10.0.0.101 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.0.0.101 10.0.0.101 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 10.0.0.101 10.0.0.101 20
224.0.0.0 240.0.0.0 10.0.0.101 10.0.0.101 20
255.255.255.255 255.255.255.255 10.0.0.101 10.0.0.101 1
Default Gateway: 10.0.0.2
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/21/2012 08:52:08 AM) (Source: VMCService) (User: )
Description: GetLoggedOnUser

Error: (12/15/2012 04:30:57 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module urlmon.dll, version 8.0.6001.19328, fault address 0x00028f1c.
Processing media-specific event for [iexplore.exe!ws!]

Error: (12/13/2012 04:54:54 PM) (Source: Userenv) (User: PC-WSS-1000GB)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (12/13/2012 04:54:53 PM) (Source: Userenv) (User: PC-WSS-1000GB)
Description: Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.

Error: (12/13/2012 04:54:53 PM) (Source: Userenv) (User: PC-WSS-1000GB)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. If this problem persists, contact your network administrator.


DETAIL - The process cannot access the file because it is being used by another process.

Error: (12/13/2012 04:54:53 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.


DETAIL - The process cannot access the file because it is being used by another process. for C:\Documents and Settings\UpdatusUser\ntuser.dat

Error: (12/13/2012 04:06:11 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/13/2012 04:05:56 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (12/13/2012 04:05:56 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/13/2012 04:05:56 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


System errors:
=============
Error: (12/21/2012 08:53:25 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX

Error: (12/21/2012 08:53:25 AM) (Source: Service Control Manager) (User: )
Description: The ICONICS License Server (GenRegistrar) service hung on starting.

Error: (12/21/2012 08:51:58 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (12/19/2012 10:22:50 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX

Error: (12/19/2012 10:22:50 PM) (Source: Service Control Manager) (User: )
Description: The ICONICS License Server (GenRegistrar) service hung on starting.

Error: (12/19/2012 10:21:24 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (12/15/2012 11:55:22 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX

Error: (12/15/2012 11:55:22 AM) (Source: Service Control Manager) (User: )
Description: The ICONICS License Server (GenRegistrar) service hung on starting.

Error: (12/15/2012 11:53:54 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (12/13/2012 04:56:46 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX


Microsoft Office Sessions:
=========================
Error: (12/21/2012 08:52:08 AM) (Source: VMCService)(User: )
Description: GetLoggedOnUser

Error: (12/15/2012 04:30:57 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702urlmon.dll8.0.6001.1932800028f1c

Error: (12/13/2012 04:54:54 PM) (Source: Userenv)(User: PC-WSS-1000GB)
Description:

Error: (12/13/2012 04:54:53 PM) (Source: Userenv)(User: PC-WSS-1000GB)
Description:

Error: (12/13/2012 04:54:53 PM) (Source: Userenv)(User: PC-WSS-1000GB)
Description: The process cannot access the file because it is being used by another process.

Error: (12/13/2012 04:54:53 PM) (Source: Userenv)(User: NT AUTHORITY)
Description: The process cannot access the file because it is being used by another process. C:\Documents and Settings\UpdatusUser\ntuser.dat

Error: (12/13/2012 04:06:11 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/13/2012 04:05:56 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe specified server cannot perform the requested operation.

Error: (12/13/2012 04:05:56 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (12/13/2012 04:05:56 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

@BIOS Ver.2.03 (Version: 2.03)
ACDSee Pro 2 (Version: 2.0.219)
Acrobat.com (Version: 1.6.65)
Ad-Aware
Ad-Aware (Version: 8.2.0)
Ad-Aware Email Scanner for Outlook (Version: 1.0.0)
Adobe AIR (Version: 1.5.0.7220)
Adobe Bridge 1.0 (Version: 001.000.000)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 2.5.0.31)
Apple Software Update (Version: 2.1.1.116)
ArcSoft Panorama Maker 5 (Version: 5.0.1.25)
Audacity 1.3.9 (Unicode)
Autodesk Material Library 2012 (Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2012 (Version: 2.5.0.8)
Autodesk Navisworks Freedom 2012 (Version: 9.0.69.686)
Autodesk Navisworks Freedom 2012 English Language Pack (Version: 9.0.69.686)
AutoHotkey 1.0.48.05 (Version: 1.0.48.05)
avast! Free Antivirus (Version: 7.0.1474.0)
Bandwidth Monitor v3.4 build 757
Beyond Compare Version 3.1.11
Bonjour (Version: 1.0.106)
Brother MFL-Pro Suite (Version: 1.00)
Canon Utilities PhotoStitch 3.1 (Version: 3.1.8)
Capture View (Version: 1.0.0)
CCleaner (Version: 3.00)
Compatibility Pack for the 2007 Office system (Version: 12.0.6215.1000)
D-Link USB Phone
DAEMON Tools Toolbar (Version: 1.1.2.0185)
DMIView B8.0717.01 (Version: 1.4)
Dropbox (Version: 1.4.7)
DubIt (Version: 2.0)
DVD Shrink 3.2
DVD Suite (Version: 5.0.1319)
Energy Saver Advance B8.1208.1 (Version: 1.10.0000)
ffdshow v1.2.4486 [2012-08-25] (Version: 1.2.4486.0)
FlashGet 3.3 (Version: 3.3.0.1092)
FLV Player 2.0 (build 25) (Version: 2.0 (build 25))
free.2 V 1.1.4.20
FreeRIP v3.1 (Version: 3.091)
Gigabyte Raid Configurer (Version: 1.00.0000)
Glary Utilities 2.29.0.1032 (Version: 2.29.0.1032)
GoldWave v5.52
Google Earth (Version: 4.1.7087.5048)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
HP OrderReminder (Version: 2.1)
HTML Reference Library 4.0
Hugin 2011.4.0 (Version: 2011.4.0 hg_cf9be9344356)
ICONICS GENESIS32 (Version: 9.22.202.11)
ICONICS Software Licensing (Version: 9.22.202.12)
ImgBurn (Version: 2.5.0.0)
iTunes (Version: 8.2.0.23)
Jasc Paint Shop Pro 8 (Version: 8.10.0000)
Java™ 6 Update 15 (Version: 6.0.150)
Kernel for ost Evaluation ver 7.05.01
KhalSetup (Version: 1.00.0000)
LAME v3.98.2 for Audacity
LaserJet 1018
LG ODD Auto Firmware Update (Version: 6.01.0723.01)
LiveReg (Symantec Corporation) (Version: 2.1.5.1502)
LiveUpdate 1.80 (Symantec Corporation) (Version: 1.80.19.0)
Logitech SetPoint (Version: 2.60)
MailWasher Free 6.5.4
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office FrontPage 2003 (Version: 11.0.8173.0)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Single Image 2010 (Version: 14.0.4763.1000)
Microsoft Office Visio Professional 2003 (Version: 11.0.3216.5614)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.4763.1000)
Microsoft SQL Server 2005 Backward compatibility (Version: 8.05.1054)
Microsoft Sync Framework Runtime v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Web Publishing Wizard 1.52
MiniMinder 8.3 (Version: 8.3)
MSVC80_x86 (Version: 1.0.1.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MYOB Accounting
Nero 8 Essentials (Version: 8.3.525)
neroxml (Version: 1.0.0)
Nokia Connectivity Cable Driver (Version: 7.1.17.0)
Nokia PC Suite (Version: 7.0.8.2)
Nokia Software Updater (Version: 01.08.010.40008)
Norton Ghost (Version: 76.00.789)
NoteTab Light 5 (Remove only) (Version: 5.61)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.78.0)
NVIDIA nView 135.85 (Version: 135.85)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
Object Fix Zip (Version: 1.7)
Paint Shop Pro 5.0 Evaluation
Paint.NET v3.5.5 (Version: 3.55.0)
PaperPort Image Printer (Version: 1.00.0000)
PC Connectivity Solution (Version: 8.22.4.0)
pdfforge Toolbar v1.1.1 (Version: 1.1.1)
PDFill PDF Editor with FREE Writer and FREE Tools (Version: 9.0)
Photo Magician 1.8.0.0
PhotoStitch (Version: 3.1.8)
Picture Control Utility (Version: 1.3.0)
PolyView 3.861
PowerDVD (Version: 7.0.3409.a)
PowerProducer
Prism Video Converter
QuickTime (Version: 7.69.80.9)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.19.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5672)
Recovery for Exchange OST
Recovery Toolbox for Address Book 1.0
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.30.0)
RSIGuard Stretch Edition (Version: 4.0.35h)
S4U Connector for SAP OLE DB Provider (Version: 3.0.0010)
Samsung New PC Studio (Version: 1.00.0000)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0)
ScanSoft PaperPort 11 (Version: 11.1.0000)
SeaTools for Windows (Version: 1.1.1.0)
Skype web features (Version: 1.0.3971)
Skype 4.1 (Version: 4.1.179)
SPS Operational Interface Components 2.1 (Version: 2.1.0)
Spybot - Search & Destroy (Version: 1.6.0)
Stoner Pipeline Simulator 9.9 (Version: 9.9.0)
Stoner Pipeline Simulator Core 9.9 (Version: 9.9.0)
Striata Reader (Version: 2.9-1)
SyncToy 2.0 (x86) (Version: 2.0.100.0)
Total Commander (Remove or Repair) (Version: 7.56a)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB972636) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB982664) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Visual Basic for Applications ® Core - English (Version: 6.5.10.32)
Visual Basic for Applications ® Core (Version: 6.5.10.53)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Vodafone Mobile Connect Lite (Version: 9.3.0.8940)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Nokia Modem (05/22/2008 3.8) (Version: 05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1) (Version: 05/22/2008 7.00.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 MUI pack (Version: 2)
Windows Search 4.0 (Version: 04.00.6001.503)
WinHTTrack Website Copier 3.43-7 (Version: 3.43.7)
WinZip (Version: 8.1 (4331))
XY Chart Labeler 7.1
YouTube Downloader 2.7.4
ZyXEL G-202 Wireless Adapter Utility (Version: 1.00.0000)

========================= Devices: ================================

Name: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTLE8023xp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter #2
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Nokia E51
Description: Nokia Windows Portable Device Driver
Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: C1-01
Description: C1-01
Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 3070.42 MB
Available physical RAM: 2010.96 MB
Total Pagefile: 4955.73 MB
Available Pagefile: 4078.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.62 MB

========================= Partitions: =====================================

1 Drive c: (Local Disk) (Fixed) (Total:465.76 GB) (Free:156.23 GB) NTFS
2 Drive d: (Local Disk) (Fixed) (Total:465.76 GB) (Free:256.83 GB) NTFS
3 Drive e: (Local Disk) (Fixed) (Total:465.76 GB) (Free:73.01 GB) NTFS
8 Drive v: (zFreeAgent GoFlex Drive) (Fixed) (Total:698.64 GB) (Free:483.92 GB) NTFS

========================= Users: ========================================

User accounts for \\PC-WSS-1000GB

Administrator ASPNET Guest
HelpAssistant ICONICS_USER Jonat
SUPPORT_388945a0 UpdatusUser


**** End of log ****

-------------------------------------------------------



Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.21.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jonat :: PC-WSS-1000GB [administrator]

21/12/2012 09:59:46
mbam-log-2012-12-21 (09-59-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 276251
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{014DA6C1-189F-421A-88CD-07CFE51CFF10} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C1-189F-421A-88CD-07CFE51CFF10} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{014DA6C9-189F-421A-88CD-07CFE51CFF10} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-4FCB-11CF-AAX5-25GX1C642122} (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-4FCB-11CF-AAX5-25GX1C642122} (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{014DA6CB-189F-421a-88CD-07CFE51CFF10} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.

(end)

-------------------------------------------------------



3м|PP|PW˽8n| uIt8,t<tNFs*F~ t ~ tuҀFFV
!s뼁>}Ut ~tȠ멋W˿Vr#$?ފCцֱB9V
w#r9Fs|NVsQOtN2VV`UAr6Uu0t+a`jjv
vjh|jjBaasOt 2VaInvalid partition tableError loading operating systemMissing operating system,Dcl)?L8:U
-------------------------------------------------------

#4 Jonat

Jonat
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 21 December 2012 - 04:27 AM

Just noticed that the file aswMBR.txt was also created. See below :

---------------------------------------
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-21 10:21:54
-----------------------------
10:21:54.359 OS Version: Windows 5.1.2600 Service Pack 3
10:21:54.359 Number of processors: 4 586 0x1A04
10:21:54.359 ComputerName: PC-WSS-1000GB UserName: Jonat
10:21:55.531 Initialize success
10:21:55.593 AVAST engine defs: 12122001
10:22:21.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
10:22:21.609 Disk 0 Vendor: ST3500418AS CC34 Size: 476938MB BusType: 3
10:22:21.609 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
10:22:21.609 Disk 1 Vendor: ST3500418AS CC34 Size: 476938MB BusType: 3
10:22:21.609 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-24
10:22:21.609 Disk 2 Vendor: ST3500418AS CC34 Size: 476938MB BusType: 3
10:22:21.625 Disk 0 MBR read successfully
10:22:21.625 Disk 0 MBR scan
10:22:21.625 Disk 0 Windows XP default MBR code
10:22:21.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
10:22:21.625 Disk 0 scanning sectors +976768065
10:22:21.703 Disk 0 scanning C:\WINDOWS\system32\drivers
10:22:26.812 Service scanning
10:22:34.828 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
10:22:37.156 Modules scanning
10:22:43.250 Disk 0 trace - called modules:
10:22:43.265 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spji.sys >>UNKNOWN [0x8b035938]<<
10:22:43.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af5aab8]
10:22:43.265 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000086[0x8af6f9e8]
10:22:43.265 5 ACPI.sys[b7e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8af70940]
10:22:44.265 AVAST engine scan C:\WINDOWS
10:22:49.656 AVAST engine scan C:\WINDOWS\system32
10:25:08.531 AVAST engine scan C:\WINDOWS\system32\drivers
10:25:21.562 AVAST engine scan C:\Documents and Settings\Jonat
10:28:07.734 AVAST engine scan C:\Documents and Settings\All Users
10:30:11.531 Scan finished successfully
10:30:38.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jonat\Desktop\MBR.dat"
10:30:38.281 The log file has been saved successfully to "C:\Documents and Settings\Jonat\Desktop\aswMBR.txt"

-----------------------------------------------

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:22 PM

Posted 21 December 2012 - 10:53 AM

You have some AVG leftovers.
Run AVG Remover to get rid of them: http://www.avg.com/us-en/utilities

Next...

Download Malwarebytes Anti-Rootkit from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 Jonat

Jonat
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 21 December 2012 - 04:19 PM

Thanks again. See attached logs below :

-------------------------------------
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v0000.00.00.00

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jonat :: PC-WSS-1000GB [administrator]

21/12/2012 23:16:01
mbar-log-2012-12-21 (23-16-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 20640
Time elapsed: 1 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



------------------------------------
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_15

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, V:\ DRIVE_FIXED
CPU speed: 2.664000 GHz
Memory total: 3219566592, free: 2018111488

------------ Kernel report ------------
12/21/2012 23:14:04
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
spji.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SCSIPORT.SYS
ACPI.sys
pci.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
jraid.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
Lbd.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\InCDPass.sys
\SystemRoot\system32\drivers\InCDRm.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\amfmtagr.SYS
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\lmimirr.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\InCDRec.sys
\SystemRoot\system32\drivers\InCDFs.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\ckldrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\system32\DRIVERS\rt2870.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\BrScnUsb.sys
\SystemRoot\system32\DRIVERS\aksusb.sys
\SystemRoot\system32\DRIVERS\AKSCLASS.SYS
\SystemRoot\system32\DRIVERS\akshasp.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\??\C:\WINDOWS\system32\ZDCndis5.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\system32\DRIVERS\mrxdav.sys
\??\C:\WINDOWS\system32\drivers\Haspnt.sys
\SystemRoot\system32\DRIVERS\aksfridge.sys
\SystemRoot\System32\Drivers\Aspi32.SYS
\??\C:\WINDOWS\system32\drivers\hardlock.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\gdrv.sys
\??\C:\WINDOWS\system32\FsUsbExDisk.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\DOCUME~1\Jonat\LOCALS~1\Temp\aswMBR.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
\Program Files\DAEMON Tools Lite\Engine.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR10
Upper Device Object: 0xffffffff87333128
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000b7\
Lower Device Object: 0xffffffff89375ce0
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR6
Upper Device Object: 0xffffffff8a931ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000096\
Lower Device Object: 0xffffffff8a6a8938
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff8af64ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T1L0-24\
Lower Device Object: 0xffffffff8af6bd98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8af58ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-c\
Lower Device Object: 0xffffffff8af6cb00
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8af5aab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-4\
Lower Device Object: 0xffffffff8af70940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8af5aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8afb0b68, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8af5aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8af6f9e8, DeviceName: \Device\00000086\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8af70940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe38b7148, 0xffffffff8af5aab8, 0xffffffff862b0928
Lower DeviceData: 0xffffffffeedd0350, 0xffffffff8af70940, 0xffffffff894c8cc0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
File user open failed: C:\WINDOWS\system32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D529B16C

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 976768002
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500106780160 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976751055-976771055)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8af58ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8af72980, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8af58ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8af6d9e8, DeviceName: \Device\00000087\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8af6cb00, DeviceName: \Device\Ide\IdeDeviceP0T1L0-c\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe43f74b0, 0xffffffff8af58ab8, 0xffffffff86e9dab8
Lower DeviceData: 0xffffffffed89e350, 0xffffffff8af6cb00, 0xffffffff87ab7cb8
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D529B16D

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976768002

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500106780160 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff8af64ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8af6ce08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8af64ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b0538a8, DeviceName: \Device\00000089\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8af6bd98, DeviceName: \Device\Ide\IdeDeviceP1T1L0-24\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe1275808, 0xffffffff8af64ab8, 0xffffffff8644b040
Lower DeviceData: 0xffffffffe3806ed0, 0xffffffff8af6bd98, 0xffffffff8795f3b0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AEE6AEE6

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 976768002
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500106780160 bytes
Sector size: 512 bytes

Physical Sector Size: 512
Drive: 3, DevicePointer: 0xffffffff8a931ab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a695960, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a931ab8, DeviceName: \Device\Harddisk3\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a6a8938, DeviceName: \Device\00000096\, DriverName: \Driver\usbstor\
------------ End ----------
Upper DeviceData: 0xffffffffe43b5858, 0xffffffff8a931ab8, 0xffffffff8689b088
Lower DeviceData: 0xffffffffe4a83ef8, 0xffffffff8a6a8938, 0xffffffff8944a040
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A4B57300

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 1465144001

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156373504 bytes
Sector size: 512 bytes

Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff87333128, DeviceName: \Device\Harddisk4\DR10\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86f14e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff87333128, DeviceName: \Device\Harddisk4\DR10\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89375ce0, DeviceName: \Device\000000b7\, DriverName: \Driver\usbstor\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:22 PM

Posted 21 December 2012 - 04:52 PM

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 Jonat

Jonat
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 22 December 2012 - 02:24 PM

1. Did the TFC cleaner operation. Computer requested reboot at the end which I agreed, but computer went into a hang mode with a dark screen after the logging off screen.
Retried this with the same result. Both times had to switch with the power button on the PC, and then do a hard restart.

2. ADW cleaner operation went ok. See output below.

3. ESET scanner operation went ok. It was very slow (4 hard drives). No threats found so no log file.


Interestingly, Spybot S&D still finds the Widgi Tools item, and still can't remove it.


--------------------------------
# AdwCleaner v2.101 - Logfile created 12/22/2012 at 15:00:58
# Updated 16/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jonat - PC-WSS-1000GB
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jonat\desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\FreeRIP
Folder Deleted : C:\Documents and Settings\ICONICS_USER\Application Data\pdfforge
Folder Deleted : C:\Documents and Settings\ICONICS_USER\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Jonat\Application Data\pdfforge
Folder Deleted : C:\Documents and Settings\Jonat\Application Data\Search Settings
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\FreeRIP3

***** [Registry] *****

Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\a6eb8fe4c9986914497e92c7f5a702e3
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\a6eb8fe4c9986914497e92c7f5a702e3
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Key Deleted : HKLM\Software\pdfforge
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKU\S-1-5-21-1482476501-838170752-1801674531-1007\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [3838 octets] - [22/12/2012 15:00:58]

########## EOF - C:\AdwCleaner[S1].txt - [3898 octets] ##########

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:22 PM

Posted 22 December 2012 - 02:57 PM

How is computer doing?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 Jonat

Jonat
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 23 December 2012 - 09:02 AM

Broni, thanks very much for your help.

Computer seems to be better in that there is less traffic on my internet connection when I'm not specifically asking for something.

Having followed your guidance, I'm interested to understand what process you followed and what issues you found from the various feedback files I sent.

Also, is that Widgi Tool thingi real, if so is it potentially dangerous, and should I still try to do anything about it.

Regards, Jonat

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:22 PM

Posted 23 December 2012 - 02:35 PM

Is Widgi Toolbarstill present anywhere?
Any other issues?

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 Jonat

Jonat
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 24 December 2012 - 06:41 AM

Widgi Tools is still detected by Spybot S&D, and Spybot still can't remove it.
Is it potentially dangerous, and should I still try to do anything about it.

I did the other Adobe Reader and Java updates you recommended.

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:22 PM

Posted 24 December 2012 - 11:26 AM

Can you provide some kind of log from Spybot?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 Jonat

Jonat
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 25 December 2012 - 06:03 AM

Did a final Spybot check. Must confess that the last one I did was two of your posts back where I'd found
it still there. Its now gone.

So thanks for all your help.

Still interested, if you have the time, to understand what various issues and problems you did notice on my
computer.

Regards,
Jonat

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:22 PM

Posted 25 December 2012 - 11:20 AM

I didn't see anything major.
It looks like AdwCleaner took care of your issue.

Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users