Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adserver infection and others?


  • This topic is locked This topic is locked
18 replies to this topic

#1 punkieys17

punkieys17

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 08 January 2013 - 07:19 AM

IBM T43 running XP.

Running Avast and AVG. Donloaded and run AdAware and SuperAntiSpyware following suspicions.

Malawarebytes downloaded and found nothing.

Eset did find soemthing and log is attached.

DDS log follows
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Julian at 10:41:05 on 2013-01-08
#Option MBR scan is disabled.
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.217 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled*
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\opt\MBCASE\pm\bin\mcp.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\GM SPO\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe
C:\Program Files\GM SPO\eSI\Transbase\tbmux32.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\GM SPO\eSI\Transbase\tbkern32.exe
C:\Program Files\GM SPO\eSI\Transbase\tbkern32.exe
C:\opt\MBCASE\pm\bin\cmserver.exe
C:\opt\MBCASE\pm\bin\lic_srv.exe
C:\WINDOWS\System32\alg.exe
\??\C:\PROGRA~1\AVG\AVG10\avgrsx.exe
\??\C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uURLSearchHooks: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll
BHO: WebCGMHlprObj Class: {56B38F40-4E70-11d4-A076-0080AD86BA2F} - c:\windows\system32\cgmopenbho.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Nuclear Games Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Nuclear Games Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Nuclear Games Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: MSN Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TP4EX] tp4ex.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users.windows\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://remote.merchantsecurities.com/XTSAC.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{2519F23C-3DEF-4E30-A3E1-0E7F3FEB9094} : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-8-4 24304]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-1-6 13560]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-20 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-20 361032]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 255968]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-8-4 13480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-20 21256]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-7 21104]
.
=============== Created Last 30 ================
.
2013-01-07 22:24:28 -------- d-----w- c:\program files\ESET
2013-01-07 21:03:37 -------- d-----w- c:\documents and settings\julian\application data\Malwarebytes
2013-01-07 21:03:00 -------- d-----w- c:\documents and settings\all users.windows\application data\Malwarebytes
2013-01-07 21:02:41 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-07 21:02:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-06 22:55:30 -------- d-----w- c:\documents and settings\julian\local settings\application data\adawarebp
2013-01-06 22:44:44 -------- d-----w- c:\documents and settings\all users.windows\application data\Ad-Aware Antivirus
2013-01-06 22:37:45 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-01-06 22:37:06 -------- d-----w- c:\documents and settings\julian\local settings\application data\Downloaded Installations
2013-01-06 22:36:53 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-01-06 22:36:52 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-01-06 22:36:13 -------- d-----w- c:\documents and settings\julian\application data\adawaretb
2013-01-06 22:36:09 -------- d-----w- c:\program files\adawaretb
2013-01-06 22:12:01 -------- d-----w- c:\documents and settings\julian\application data\LavasoftStatistics
2013-01-06 21:55:24 -------- d-----w- c:\documents and settings\all users.windows\application data\blekko toolbars
2013-01-06 21:55:19 -------- d-----w- c:\documents and settings\all users.windows\application data\Ad-Aware Browsing Protection
2013-01-06 21:54:57 -------- d-----w- c:\program files\Toolbar Cleaner
2013-01-06 21:53:12 -------- d-----w- c:\documents and settings\julian\application data\Ad-Aware Antivirus
2013-01-06 19:29:05 -------- d-----w- c:\documents and settings\julian\application data\SUPERAntiSpyware.com
2013-01-06 19:28:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-01-06 19:28:36 -------- d-----w- c:\documents and settings\all users.windows\application data\SUPERAntiSpyware.com
2012-12-13 22:15:48 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-11 20:44:08 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 20:44:07 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-12 04:47:48 255968 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 10:48:19.65 ===============
DDS Attach available

Eset log follows
-------------------
C:\Documents and Settings\Julian\Application Data\Sun\Java\Deployment\cache\6.0\2\33bb7082-7a132a72 multiple threats deleted - quarantined
C:\Documents and Settings\Julian\Application Data\Sun\Java\Deployment\cache\6.0\21\636bbf95-6e9254a2 Java/Agent.AD trojan deleted - quarantined
C:\Documents and Settings\Julian\Application Data\Sun\Java\Deployment\cache\6.0\31\82c00df-6be9dccb probably a variant of Java/Exploit.CVE-2012-1723.EB trojan deleted - quarantined
C:\Documents and Settings\Julian\Application Data\Sun\Java\Deployment\cache\6.0\43\206e3dab-79e65a9b multiple threats deleted - quarantined
C:\Documents and Settings\Julian\Application Data\Sun\Java\Deployment\cache\6.0\47\19f7e72f-65810fb7 a variant of Java/Exploit.CVE-2012-1723.EB trojan deleted - quarantined
C:\Documents and Settings\Julian\Local Settings\Temporary Internet Files\Content.IE5\F4329T40\Adaware_Installer[1].exe Win32/OpenCandy application deleted - quarantined
C:\Documents and Settings\Julian\Local Settings\Temporary Internet Files\Content.IE5\XBQMXBEK\Adaware_Installer[1].exe Win32/OpenCandy application deleted - quarantined
C:\WINDOWS\Temp\_avast_\unp24428512.tmp Win32/OpenCandy application deleted - quarantined
----

PC slowed and browing taking long time to open pages. Any help greatly appreciated

BC AdBot (Login to Remove)

 


m

#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 08 January 2013 - 07:34 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 punkieys17

punkieys17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 09 January 2013 - 05:20 AM

Hi, thanks for helping. I forgot to say that access to the internet via shortcuts has been made hard as they react as if you have right clicked on the icon.

ersion 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-09 10:15:54
-----------------------------
10:15:54.765 OS Version: Windows 5.1.2600 Service Pack 3
10:15:54.765 Number of processors: 1 586 0xD08
10:15:54.765 ComputerName: ADMIN UserName:
10:15:59.140 Initialize success
10:16:02.250 AVAST engine defs: 13010801
10:16:27.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:16:27.328 Disk 0 Vendor: HTS541060G9AT00 MB3IA5BJ Size: 57231MB BusType: 3
10:16:27.343 Disk 0 MBR read successfully
10:16:27.343 Disk 0 MBR scan
10:16:27.343 Disk 0 Windows XP default MBR code
10:16:27.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
10:16:27.359 Disk 0 scanning sectors +117210240
10:16:27.546 Disk 0 scanning C:\WINDOWS\system32\drivers
10:16:46.843 Service scanning
10:17:06.578 Modules scanning
10:17:16.109 Disk 0 trace - called modules:
10:17:16.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:17:16.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86505ab8]
10:17:16.468 3 CLASSPNP.SYS[f75fcfd7] -> nt!IofCallDriver -> \Device\0000008d[0x8650b9e8]
10:17:16.468 5 ACPI.sys[f7493620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8650cd98]
10:17:16.468 Scan finished successfully
10:17:42.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Julian\Desktop\MBR.dat"
10:17:42.218 The log file has been saved successfully to "C:\Documents and Settings\Julian\Desktop\aswMBR.txt"

Sorry and that safe mode crashes after seeing the program instructions scroll past.
J

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 09 January 2013 - 06:35 PM

Please do this next:

Posted Image Go to this page and download Malwarebytes Anti-Rootkit (MBAR)
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • MBAR will create logs that you will find in the same folder you found MBAR.exe. Please post those for me to review.
Posted Image Download ComboFix from the link below:
Link 1

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

  • Once the Microsoft Windows Recovery Console is installed click on Yes[/b], to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • MBAR log(s)
  • ComboFix log

Edited by RPMcMurphy, 09 January 2013 - 06:35 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 punkieys17

punkieys17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 10 January 2013 - 09:23 AM

Ran MBAR twice -reported finds on first pass, not on second, logs below. Problem with Combofix - see after MBAR logs
Malwareytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2013.01.10.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Julian :: ADMIN [administrator]

10/01/2013 10:08:35
mbar-log-2013-01-10 (10-08-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27464
Time elapsed: 1 hour(s), 1 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
c:\windows\$ntuninstallkb49853$\1623876770 (Backdoor.0Access) -> Delete on reboot.
c:\windows\$ntuninstallkb49853$\455137693 (Backdoor.0Access) -> Delete on reboot.
c:\windows\$ntuninstallkb49853$\455137693\l (Backdoor.0Access) -> Delete on reboot.
c:\windows\$ntuninstallkb49853$\455137693\u (Backdoor.0Access) -> Delete on reboot.

Files Detected: 13
c:\windows\$ntuninstallkb49853$\455137693\l\zhciplee (Backdoor.0Access) -> Delete on reboot.
c:\windows\$ntuninstallkb49853$\455137693\u\00000001.@ (Backdoor.0Access) -> Delete on reboot.
c:\windows\$ntuninstallkb49853$\455137693\u\00000002.@ (Backdoor.0Access) -> Delete on reboot.
c:\windows\$ntuninstallkb49853$\455137693\u\00000004.@ (Backdoor.0Access) -> Delete on reboot.
c:\windows\$ntuninstallkb49853$\455137693\u\80000000.@ (Backdoor.0Access) -> Delete on reboot.
c:\windows\$ntuninstallkb49853$\455137693\u\80000004.@ (Backdoor.0Access) -> Delete on reboot.
c:\windows\$ntuninstallkb49853$\455137693\u\80000032.@ (Backdoor.0Access) -> Delete on reboot.
c:\windows\$ntuninstallkb49853$\455137693\@ (Backdoor.0Access) -> Delete on reboot.
c:\windows\$ntuninstallkb49853$\455137693\bckfg.tmp (Backdoor.0Access) -> Delete on reboot.
c:\windows\$ntuninstallkb49853$\455137693\cfg.ini (Backdoor.0Access) -> Delete on reboot.
c:\windows\$ntuninstallkb49853$\455137693\desktop.ini (Backdoor.0Access) -> Delete on reboot.
c:\windows\$ntuninstallkb49853$\455137693\keywords (Backdoor.0Access) -> Delete on reboot.
c:\windows\$ntuninstallkb49853$\455137693\kwrd.dll (Backdoor.0Access) -> Delete on reboot.


(end)
-------------
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2013.01.10.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Julian :: ADMIN [administrator]

10/01/2013 11:22:33
mbar-log-2013-01-10 (11-22-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27347
Time elapsed: 54 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)----

(end)
---------------------------
I failed to suspend Super Antispyware free addition which may have contributed to the laptop freezing running Combofix.

Combofix started and identified the need for the Microsoft package. It then restarted scanning and reported in a pop-up it had found a Rootkit.

I waited 20 minutes after the laptop froze with no response to moving the mouse then tried CNTRL-ALT-DEL with no response. During the entire freeze I saw no flashes on the disc activity LED. After 20 minutes I executed a hard reset (pulled the power).

Julian

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 10 January 2013 - 06:41 PM

Please try running ComboFix again, but this time do so from the Safe Mode

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 punkieys17

punkieys17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 11 January 2013 - 04:55 AM

Unfortunately laptop still crashing as it tries to enter safe mode so unable to run Combofix in Safe. Gets BSOD with a stop message (lots of zeros 7b) and then reboots, J

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 11 January 2013 - 02:30 PM

Please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
  • TDSSKiller log[/b][/i]

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 punkieys17

punkieys17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 11 January 2013 - 03:34 PM

It found nothing,
log below
20:31:37.0507 3704 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:31:38.0194 3704 ============================================================
20:31:38.0194 3704 Current date / time: 2013/01/11 20:31:38.0194
20:31:38.0194 3704 SystemInfo:
20:31:38.0210 3704
20:31:38.0210 3704 OS Version: 5.1.2600 ServicePack: 3.0
20:31:38.0210 3704 Product type: Workstation
20:31:38.0210 3704 ComputerName: ADMIN
20:31:38.0210 3704 UserName: Julian
20:31:38.0210 3704 Windows directory: C:\WINDOWS
20:31:38.0210 3704 System windows directory: C:\WINDOWS
20:31:38.0210 3704 Processor architecture: Intel x86
20:31:38.0210 3704 Number of processors: 1
20:31:38.0210 3704 Page size: 0x1000
20:31:38.0210 3704 Boot type: Normal boot
20:31:38.0210 3704 ============================================================
20:31:41.0444 3704 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1E48, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
20:31:41.0507 3704 ============================================================
20:31:41.0507 3704 \Device\Harddisk0\DR0:
20:31:41.0507 3704 MBR partitions:
20:31:41.0507 3704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
20:31:41.0507 3704 ============================================================
20:31:41.0538 3704 C: <-> \Device\Harddisk0\DR0\Partition1
20:31:41.0538 3704 ============================================================
20:31:41.0538 3704 Initialize success
20:31:41.0538 3704 ============================================================
20:32:17.0616 4660 ============================================================
20:32:17.0616 4660 Scan started
20:32:17.0616 4660 Mode: Manual; TDLFS;
20:32:17.0616 4660 ============================================================
20:32:18.0741 4660 ================ Scan system memory ========================
20:32:18.0741 4660 System memory - ok
20:32:18.0757 4660 ================ Scan services =============================
20:32:18.0851 4660 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:32:18.0866 4660 !SASCORE - ok
20:32:18.0976 4660 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
20:32:18.0991 4660 Aavmker4 - ok
20:32:18.0991 4660 Abiosdsk - ok
20:32:19.0007 4660 abp480n5 - ok
20:32:19.0038 4660 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:32:19.0038 4660 ACPI - ok
20:32:19.0069 4660 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:32:19.0069 4660 ACPIEC - ok
20:32:19.0116 4660 [ 57E569B5123E984133769E287A25A819 ] acs C:\WINDOWS\system32\acs.exe
20:32:19.0288 4660 acs - ok
20:32:19.0398 4660 [ A09A61CFDE15E5A67701EA812CE3F43F ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
20:32:19.0429 4660 Ad-Aware Service - ok
20:32:19.0507 4660 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:32:19.0569 4660 AdobeFlashPlayerUpdateSvc - ok
20:32:19.0569 4660 adpu160m - ok
20:32:19.0616 4660 [ CDE1F62FE63631B932ACE2249FB11DA0 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
20:32:19.0648 4660 aeaudio - ok
20:32:19.0663 4660 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:32:19.0726 4660 aec - ok
20:32:19.0773 4660 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:32:19.0804 4660 AFD - ok
20:32:19.0819 4660 Aha154x - ok
20:32:19.0819 4660 aic78u2 - ok
20:32:19.0835 4660 aic78xx - ok
20:32:19.0898 4660 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:32:19.0913 4660 Alerter - ok
20:32:19.0929 4660 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:32:19.0960 4660 ALG - ok
20:32:19.0976 4660 AliIde - ok
20:32:19.0976 4660 amsint - ok
20:32:20.0069 4660 [ 1961CB10BB48EB4D97E37DB6373E9E63 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
20:32:20.0429 4660 Apple Mobile Device - ok
20:32:20.0491 4660 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:32:20.0507 4660 AppMgmt - ok
20:32:20.0523 4660 AR5211 - ok
20:32:20.0773 4660 [ E0BDECF0EABD175E43DF5691AD540AA1 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
20:32:20.0804 4660 AR5416 - ok
20:32:20.0819 4660 asc - ok
20:32:20.0819 4660 asc3350p - ok
20:32:20.0835 4660 asc3550 - ok
20:32:20.0913 4660 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:32:20.0991 4660 aspnet_state - ok
20:32:21.0038 4660 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:32:21.0038 4660 aswFsBlk - ok
20:32:21.0085 4660 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
20:32:21.0085 4660 aswMon2 - ok
20:32:21.0116 4660 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
20:32:21.0116 4660 AswRdr - ok
20:32:21.0148 4660 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
20:32:21.0179 4660 aswSnx - ok
20:32:21.0210 4660 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
20:32:21.0210 4660 aswSP - ok
20:32:21.0241 4660 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
20:32:21.0241 4660 aswTdi - ok
20:32:21.0288 4660 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:32:21.0288 4660 AsyncMac - ok
20:32:21.0335 4660 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:32:21.0335 4660 atapi - ok
20:32:21.0335 4660 Atdisk - ok
20:32:21.0366 4660 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:32:21.0366 4660 Atmarpc - ok
20:32:21.0398 4660 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:32:21.0413 4660 AudioSrv - ok
20:32:21.0444 4660 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:32:21.0444 4660 audstub - ok
20:32:21.0491 4660 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:32:21.0491 4660 avast! Antivirus - ok
20:32:21.0929 4660 [ 7A0F6A3E0E41425B9BA54616B482668A ] AVGIDSAgent C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
20:32:22.0226 4660 AVGIDSAgent - ok
20:32:22.0273 4660 [ 2D18221AAB3DB2D408D6C55C0F23090A ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
20:32:22.0273 4660 AVGIDSDriver - ok
20:32:22.0319 4660 [ 1AF676DB3F3D4CC709CFAB2571CF5FC3 ] AVGIDSEH C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
20:32:22.0319 4660 AVGIDSEH - ok
20:32:22.0351 4660 [ 4C51E233C87F9EC7598551DE554BC99D ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
20:32:22.0351 4660 AVGIDSFilter - ok
20:32:22.0366 4660 [ C3FC426E54F55C1CC3219E415B88E10C ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
20:32:22.0366 4660 AVGIDSShim - ok
20:32:22.0413 4660 [ 901EB73F900D8DD1E8862C40427B83AE ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:32:22.0429 4660 Avgldx86 - ok
20:32:22.0444 4660 [ 5639DE66B37D02BD22DF4CF3155FBA60 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:32:22.0444 4660 Avgmfx86 - ok
20:32:22.0476 4660 [ D1BAF652EDA0AE70896276A1FB32C2D4 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:32:22.0476 4660 Avgrkx86 - ok
20:32:22.0507 4660 [ AAF0EBCAD95F2164CFFB544E00392498 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:32:22.0523 4660 Avgtdix - ok
20:32:22.0569 4660 [ FC2BC51120A945F7C70376495E4E7737 ] avgwd C:\Program Files\AVG\AVG10\avgwdsvc.exe
20:32:22.0569 4660 avgwd - ok
20:32:22.0632 4660 [ 66DD574749C38153C6067EBBA929BEFC ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:32:22.0632 4660 b57w2k - ok
20:32:22.0694 4660 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:32:22.0710 4660 Beep - ok
20:32:22.0757 4660 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:32:22.0788 4660 BITS - ok
20:32:22.0835 4660 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:32:22.0866 4660 Bonjour Service - ok
20:32:22.0898 4660 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:32:23.0038 4660 Browser - ok
20:32:23.0069 4660 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:32:23.0069 4660 cbidf2k - ok
20:32:23.0069 4660 cd20xrnt - ok
20:32:23.0101 4660 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:32:23.0101 4660 Cdaudio - ok
20:32:23.0116 4660 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:32:23.0116 4660 Cdfs - ok
20:32:23.0132 4660 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:32:23.0132 4660 Cdrom - ok
20:32:23.0148 4660 Changer - ok
20:32:23.0179 4660 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:32:23.0194 4660 CiSvc - ok
20:32:23.0210 4660 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:32:23.0226 4660 ClipSrv - ok
20:32:23.0257 4660 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:32:23.0351 4660 clr_optimization_v2.0.50727_32 - ok
20:32:23.0382 4660 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:32:23.0398 4660 CmBatt - ok
20:32:23.0398 4660 CmdIde - ok
20:32:23.0413 4660 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:32:23.0413 4660 Compbatt - ok
20:32:23.0413 4660 COMSysApp - ok
20:32:23.0429 4660 Cpqarray - ok
20:32:23.0460 4660 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:32:23.0460 4660 CryptSvc - ok
20:32:23.0476 4660 dac2w2k - ok
20:32:23.0476 4660 dac960nt - ok
20:32:23.0538 4660 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:32:23.0554 4660 DcomLaunch - ok
20:32:23.0616 4660 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:32:23.0616 4660 Dhcp - ok
20:32:23.0632 4660 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:32:23.0632 4660 Disk - ok
20:32:23.0648 4660 dmadmin - ok
20:32:23.0679 4660 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:32:23.0710 4660 dmboot - ok
20:32:23.0726 4660 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:32:23.0741 4660 dmio - ok
20:32:23.0773 4660 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:32:23.0773 4660 dmload - ok
20:32:23.0819 4660 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:32:23.0819 4660 dmserver - ok
20:32:23.0866 4660 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:32:23.0866 4660 DMusic - ok
20:32:23.0913 4660 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:32:23.0913 4660 Dnscache - ok
20:32:23.0944 4660 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:32:23.0960 4660 Dot3svc - ok
20:32:23.0991 4660 [ E00B3CE273B17AEE1259C105DF5524CA ] DozeHDD C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
20:32:23.0991 4660 DozeHDD - ok
20:32:24.0054 4660 [ 003ACEE8650BFD49E4121289BBF59480 ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
20:32:24.0054 4660 DozeSvc - ok
20:32:24.0069 4660 dpti2o - ok
20:32:24.0085 4660 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:32:24.0085 4660 drmkaud - ok
20:32:24.0101 4660 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:32:24.0116 4660 EapHost - ok
20:32:24.0132 4660 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:32:24.0132 4660 ERSvc - ok
20:32:24.0179 4660 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:32:24.0194 4660 Eventlog - ok
20:32:24.0241 4660 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:32:24.0257 4660 EventSystem - ok
20:32:24.0304 4660 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:32:24.0304 4660 Fastfat - ok
20:32:24.0351 4660 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:32:24.0382 4660 FastUserSwitchingCompatibility - ok
20:32:24.0398 4660 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:32:24.0398 4660 Fdc - ok
20:32:24.0413 4660 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:32:24.0413 4660 Fips - ok
20:32:24.0476 4660 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:32:24.0491 4660 FLEXnet Licensing Service - ok
20:32:24.0507 4660 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:32:24.0507 4660 Flpydisk - ok
20:32:24.0554 4660 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:32:24.0554 4660 FltMgr - ok
20:32:24.0663 4660 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:32:24.0679 4660 FontCache3.0.0.0 - ok
20:32:24.0679 4660 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:32:24.0694 4660 Fs_Rec - ok
20:32:24.0710 4660 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:32:24.0726 4660 Ftdisk - ok
20:32:24.0757 4660 [ 483924F92E55A5F9423201EC635E2CED ] gfibto C:\WINDOWS\system32\drivers\gfibto.sys
20:32:24.0757 4660 gfibto - ok
20:32:24.0788 4660 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:32:24.0788 4660 Gpc - ok
20:32:24.0882 4660 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:32:24.0898 4660 gupdate - ok
20:32:24.0898 4660 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:32:24.0913 4660 gupdatem - ok
20:32:24.0960 4660 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:32:24.0976 4660 gusvc - ok
20:32:25.0007 4660 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:32:25.0085 4660 helpsvc - ok
20:32:25.0085 4660 HidServ - ok
20:32:25.0304 4660 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:32:25.0319 4660 HidUsb - ok
20:32:25.0351 4660 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:32:25.0351 4660 hkmsvc - ok
20:32:25.0366 4660 hpn - ok
20:32:25.0398 4660 [ 5BF94348801CDDF7B2F3855830F93569 ] HSFHWICH C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
20:32:25.0413 4660 HSFHWICH - ok
20:32:25.0460 4660 [ C9F4E7DA78A02623ABF78A4A34CE79B1 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:32:25.0491 4660 HSF_DPV - ok
20:32:25.0538 4660 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:32:25.0554 4660 HTTP - ok
20:32:25.0585 4660 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:32:25.0601 4660 HTTPFilter - ok
20:32:25.0601 4660 i2omgmt - ok
20:32:25.0616 4660 i2omp - ok
20:32:25.0694 4660 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:32:25.0694 4660 i8042prt - ok
20:32:25.0788 4660 [ 643162FBC619E35D3F1A90A095A5BB42 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:32:25.0819 4660 ialm - ok
20:32:25.0851 4660 [ 400D7095D5AE08970F839BCAC1843106 ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
20:32:25.0851 4660 IBMPMDRV - ok
20:32:25.0898 4660 [ 06AF18300C5B511A3D85C3E0B7909C10 ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
20:32:25.0898 4660 IBMPMSVC - ok
20:32:25.0991 4660 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:32:26.0023 4660 idsvc - ok
20:32:26.0069 4660 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:32:26.0069 4660 Imapi - ok
20:32:26.0116 4660 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:32:26.0132 4660 ImapiService - ok
20:32:26.0148 4660 ini910u - ok
20:32:26.0163 4660 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:32:26.0163 4660 IntelIde - ok
20:32:26.0194 4660 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:32:26.0194 4660 intelppm - ok
20:32:26.0210 4660 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:32:26.0210 4660 Ip6Fw - ok
20:32:26.0257 4660 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:32:26.0273 4660 IpFilterDriver - ok
20:32:26.0304 4660 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:32:26.0304 4660 IpInIp - ok
20:32:26.0335 4660 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:32:26.0335 4660 IpNat - ok
20:32:26.0351 4660 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:32:26.0366 4660 IPSec - ok
20:32:26.0382 4660 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
20:32:26.0382 4660 irda - ok
20:32:26.0413 4660 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:32:26.0413 4660 IRENUM - ok
20:32:26.0429 4660 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
20:32:26.0444 4660 Irmon - ok
20:32:26.0476 4660 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:32:26.0491 4660 isapnp - ok
20:32:26.0554 4660 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
20:32:26.0554 4660 IviRegMgr - ok
20:32:26.0710 4660 [ 91061352084424820AC6268808CB8EE3 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:32:26.0710 4660 JavaQuickStarterService - ok
20:32:26.0757 4660 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:32:26.0757 4660 Kbdclass - ok
20:32:26.0788 4660 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:32:26.0788 4660 kmixer - ok
20:32:26.0835 4660 konfig - ok
20:32:26.0866 4660 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:32:26.0882 4660 KSecDD - ok
20:32:26.0929 4660 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:32:26.0944 4660 lanmanserver - ok
20:32:26.0976 4660 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:32:26.0991 4660 lanmanworkstation - ok
20:32:27.0007 4660 lbrtfdc - ok
20:32:27.0085 4660 [ C88EB33793420A79F601FB5E33E2EDD9 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
20:32:27.0085 4660 LENOVO.MICMUTE - ok
20:32:27.0116 4660 [ 3C3F7F424E324C6971632C5DE5FF458F ] lenovo.smi C:\WINDOWS\system32\DRIVERS\smiif32.sys
20:32:27.0132 4660 lenovo.smi - ok
20:32:27.0132 4660 license - ok
20:32:27.0179 4660 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:32:27.0179 4660 LmHosts - ok
20:32:27.0210 4660 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
20:32:27.0226 4660 MBAMProtector - ok
20:32:27.0257 4660 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:32:27.0273 4660 MBAMScheduler - ok
20:32:27.0319 4660 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:32:27.0335 4660 MBAMService - ok
20:32:27.0351 4660 mcp - ok
20:32:27.0366 4660 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:32:27.0366 4660 mdmxsdk - ok
20:32:27.0398 4660 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:32:27.0413 4660 Messenger - ok
20:32:27.0444 4660 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:32:27.0444 4660 mnmdd - ok
20:32:27.0491 4660 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:32:27.0507 4660 mnmsrvc - ok
20:32:27.0523 4660 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:32:27.0538 4660 Modem - ok
20:32:27.0538 4660 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:32:27.0554 4660 Mouclass - ok
20:32:27.0569 4660 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:32:27.0569 4660 MountMgr - ok
20:32:27.0585 4660 mraid35x - ok
20:32:27.0601 4660 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:32:27.0601 4660 MRxDAV - ok
20:32:27.0710 4660 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:32:27.0726 4660 MRxSmb - ok
20:32:27.0757 4660 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:32:27.0773 4660 MSDTC - ok
20:32:27.0788 4660 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:32:27.0788 4660 Msfs - ok
20:32:27.0804 4660 MSIServer - ok
20:32:27.0819 4660 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:32:27.0835 4660 MSKSSRV - ok
20:32:27.0866 4660 [ 64E8B7C65EB4796939C0F64F8170821B ] msloop C:\WINDOWS\system32\DRIVERS\loop.sys
20:32:27.0882 4660 msloop - ok
20:32:27.0913 4660 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:32:27.0913 4660 MSPCLOCK - ok
20:32:27.0929 4660 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:32:27.0929 4660 MSPQM - ok
20:32:27.0944 4660 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:32:27.0960 4660 mssmbios - ok
20:32:27.0991 4660 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:32:27.0991 4660 Mup - ok
20:32:28.0054 4660 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:32:28.0069 4660 napagent - ok
20:32:28.0069 4660 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:32:28.0085 4660 NDIS - ok
20:32:28.0116 4660 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:32:28.0116 4660 NdisTapi - ok
20:32:28.0132 4660 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:32:28.0132 4660 Ndisuio - ok
20:32:28.0148 4660 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:32:28.0148 4660 NdisWan - ok
20:32:28.0194 4660 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:32:28.0194 4660 NDProxy - ok
20:32:28.0226 4660 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:32:28.0226 4660 NetBIOS - ok
20:32:28.0257 4660 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:32:28.0257 4660 NetBT - ok
20:32:28.0273 4660 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:32:28.0288 4660 NetDDE - ok
20:32:28.0304 4660 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:32:28.0304 4660 NetDDEdsdm - ok
20:32:28.0335 4660 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:32:28.0335 4660 Netlogon - ok
20:32:28.0366 4660 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:32:28.0366 4660 Netman - ok
20:32:28.0413 4660 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:32:28.0413 4660 NetTcpPortSharing - ok
20:32:28.0460 4660 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:32:28.0476 4660 Nla - ok
20:32:28.0491 4660 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:32:28.0507 4660 Npfs - ok
20:32:28.0507 4660 [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys
20:32:28.0523 4660 NSCIRDA - ok
20:32:28.0554 4660 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:32:28.0569 4660 Ntfs - ok
20:32:28.0569 4660 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:32:28.0585 4660 NtLmSsp - ok
20:32:28.0679 4660 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:32:28.0710 4660 NtmsSvc - ok
20:32:28.0757 4660 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:32:28.0788 4660 Null - ok
20:32:28.0819 4660 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:32:28.0835 4660 NwlnkFlt - ok
20:32:28.0866 4660 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:32:28.0898 4660 NwlnkFwd - ok
20:32:28.0960 4660 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:32:28.0960 4660 ose - ok
20:32:29.0085 4660 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:32:29.0085 4660 Parport - ok
20:32:29.0116 4660 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:32:29.0132 4660 PartMgr - ok
20:32:29.0179 4660 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:32:29.0179 4660 ParVdm - ok
20:32:29.0194 4660 PCD5SRVC{07D2499C-80E86AC3-05010004} - ok
20:32:29.0194 4660 PcdrNdisuio - ok
20:32:29.0210 4660 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:32:29.0226 4660 PCI - ok
20:32:29.0226 4660 PCIDump - ok
20:32:29.0241 4660 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:32:29.0241 4660 PCIIde - ok
20:32:29.0257 4660 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:32:29.0273 4660 Pcmcia - ok
20:32:29.0273 4660 PDCOMP - ok
20:32:29.0288 4660 PDFRAME - ok
20:32:29.0288 4660 PDRELI - ok
20:32:29.0304 4660 PDRFRAME - ok
20:32:29.0304 4660 perc2 - ok
20:32:29.0319 4660 perc2hib - ok
20:32:29.0444 4660 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\ComboFix\pev.3XE
20:32:29.0476 4660 PEVSystemStart - ok
20:32:29.0507 4660 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:32:29.0523 4660 PlugPlay - ok
20:32:29.0538 4660 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:32:29.0554 4660 PolicyAgent - ok
20:32:29.0585 4660 [ C84278859A8B991E4CC5AF29980008E1 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
20:32:29.0585 4660 Power Manager DBC Service - ok
20:32:29.0616 4660 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:32:29.0616 4660 PptpMiniport - ok
20:32:29.0632 4660 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:32:29.0632 4660 ProtectedStorage - ok
20:32:29.0663 4660 [ 651D3ABC1D82D61B6CFB40CB947B3DB3 ] psadd C:\WINDOWS\system32\DRIVERS\psadd.sys
20:32:29.0679 4660 psadd - ok
20:32:29.0679 4660 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:32:29.0694 4660 PSched - ok
20:32:29.0710 4660 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:32:29.0710 4660 Ptilink - ok
20:32:29.0726 4660 ql1080 - ok
20:32:29.0726 4660 Ql10wnt - ok
20:32:29.0741 4660 ql12160 - ok
20:32:29.0741 4660 ql1240 - ok
20:32:29.0757 4660 ql1280 - ok
20:32:29.0773 4660 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:32:29.0773 4660 RasAcd - ok
20:32:29.0804 4660 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:32:29.0819 4660 RasAuto - ok
20:32:29.0835 4660 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
20:32:29.0851 4660 Rasirda - ok
20:32:29.0851 4660 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:32:29.0866 4660 Rasl2tp - ok
20:32:29.0898 4660 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:32:29.0913 4660 RasMan - ok
20:32:29.0929 4660 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:32:29.0944 4660 RasPppoe - ok
20:32:29.0944 4660 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:32:29.0960 4660 Raspti - ok
20:32:29.0976 4660 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:32:29.0991 4660 Rdbss - ok
20:32:30.0007 4660 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:32:30.0023 4660 RDPCDD - ok
20:32:30.0054 4660 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:32:30.0069 4660 rdpdr - ok
20:32:30.0132 4660 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:32:30.0226 4660 RDPWD - ok
20:32:30.0257 4660 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:32:30.0257 4660 RDSessMgr - ok
20:32:30.0288 4660 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:32:30.0304 4660 redbook - ok
20:32:30.0335 4660 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:32:30.0351 4660 RemoteAccess - ok
20:32:30.0382 4660 [ 7553D60B85AC53BD4486C418A0FBFCDF ] RemoteControl-USBLAN C:\WINDOWS\system32\DRIVERS\rcblan.sys
20:32:30.0382 4660 RemoteControl-USBLAN - ok
20:32:30.0413 4660 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:32:30.0413 4660 RemoteRegistry - ok
20:32:30.0460 4660 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:32:30.0476 4660 RpcLocator - ok
20:32:30.0507 4660 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:32:30.0523 4660 RpcSs - ok
20:32:30.0569 4660 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:32:30.0585 4660 RSVP - ok
20:32:30.0601 4660 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:32:30.0601 4660 SamSs - ok
20:32:30.0648 4660 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:32:30.0773 4660 SASDIFSV - ok
20:32:30.0804 4660 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:32:30.0835 4660 SASKUTIL - ok
20:32:31.0023 4660 [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
20:32:31.0101 4660 SBAMSvc - ok
20:32:31.0148 4660 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:32:31.0163 4660 SCardSvr - ok
20:32:31.0210 4660 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:32:31.0226 4660 Schedule - ok
20:32:31.0241 4660 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:32:31.0257 4660 Secdrv - ok
20:32:31.0273 4660 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:32:31.0273 4660 seclogon - ok
20:32:31.0288 4660 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:32:31.0304 4660 SENS - ok
20:32:31.0319 4660 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:32:31.0335 4660 serenum - ok
20:32:31.0351 4660 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:32:31.0351 4660 Serial - ok
20:32:31.0382 4660 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:32:31.0382 4660 Sfloppy - ok
20:32:31.0444 4660 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:32:31.0444 4660 SharedAccess - ok
20:32:31.0476 4660 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:32:31.0491 4660 ShellHWDetection - ok
20:32:31.0523 4660 [ 486A1BD22DD66D0A8542EBB0CD792BDB ] Shockprf C:\WINDOWS\system32\DRIVERS\Apsx86.sys
20:32:31.0538 4660 Shockprf - ok
20:32:31.0538 4660 Simbad - ok
20:32:31.0616 4660 [ 4787EA164E01CAFBF5DA384B6EDC9FC5 ] SITomcat C:\Program Files\GM SPO\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe
20:32:31.0679 4660 SITomcat - ok
20:32:31.0726 4660 [ D5A310D8F315E96884EB06CB453B0A3C ] SITransbase C:\Program Files\GM SPO\eSI\Transbase\tbmux32.exe
20:32:31.0804 4660 SITransbase - ok
20:32:32.0116 4660 [ 183F04C6742902F33039913A96F5B574 ] Skype C2C Service C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:32:32.0179 4660 Skype C2C Service - ok
20:32:32.0257 4660 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:32:32.0257 4660 SkypeUpdate - ok
20:32:32.0304 4660 [ 26341D0DD225D19FD50E0EE3C3C77502 ] Smapint C:\WINDOWS\system32\drivers\Smapint.sys
20:32:32.0351 4660 Smapint - ok
20:32:32.0398 4660 [ B09F23BF6E451B7A492B4A3D5EACFB24 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
20:32:32.0413 4660 smwdm - ok
20:32:32.0429 4660 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
20:32:32.0429 4660 SoundMAX Agent Service (default) - ok
20:32:32.0444 4660 Sparrow - ok
20:32:32.0460 4660 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:32:32.0476 4660 splitter - ok
20:32:32.0507 4660 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:32:32.0523 4660 Spooler - ok
20:32:32.0569 4660 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:32:32.0569 4660 sr - ok
20:32:32.0601 4660 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:32:32.0616 4660 srservice - ok
20:32:32.0679 4660 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:32:32.0694 4660 Srv - ok
20:32:32.0741 4660 [ 92B69020FC480219683D429DCA068D71 ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
20:32:32.0741 4660 sscdbus - ok
20:32:32.0773 4660 [ 77A2869D40CC84AF711C321F9B0C7A78 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
20:32:32.0773 4660 sscdmdfl - ok
20:32:32.0804 4660 [ B4255635195A8413FCDE7AF5B7C4E382 ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
20:32:32.0819 4660 sscdmdm - ok
20:32:32.0835 4660 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:32:32.0851 4660 SSDPSRV - ok
20:32:32.0866 4660 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
20:32:32.0882 4660 StarOpen - ok
20:32:32.0929 4660 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:32:32.0944 4660 stisvc - ok
20:32:33.0038 4660 [ F1262146970C5B73159E3727ACDE8278 ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
20:32:33.0413 4660 SUService - ok
20:32:33.0444 4660 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:32:33.0444 4660 swenum - ok
20:32:33.0460 4660 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:32:33.0476 4660 swmidi - ok
20:32:33.0476 4660 SwPrv - ok
20:32:33.0491 4660 symc810 - ok
20:32:33.0507 4660 symc8xx - ok
20:32:33.0507 4660 sym_hi - ok
20:32:33.0523 4660 sym_u3 - ok
20:32:33.0585 4660 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:32:33.0616 4660 SynTP - ok
20:32:33.0632 4660 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:32:33.0632 4660 sysaudio - ok
20:32:33.0679 4660 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:32:33.0694 4660 SysmonLog - ok
20:32:33.0741 4660 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:32:33.0757 4660 TapiSrv - ok
20:32:34.0179 4660 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:32:34.0241 4660 Tcpip - ok
20:32:34.0288 4660 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:32:34.0288 4660 TDPIPE - ok
20:32:34.0319 4660 [ 564B337034271B7BDDCABFDDC91C6B7A ] TDSMAPI C:\WINDOWS\system32\drivers\TDSMAPI.SYS
20:32:34.0757 4660 TDSMAPI - ok
20:32:34.0788 4660 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:32:34.0788 4660 TDTCP - ok
20:32:34.0819 4660 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:32:34.0819 4660 TermDD - ok
20:32:34.0866 4660 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:32:34.0882 4660 TermService - ok
20:32:34.0929 4660 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:32:34.0929 4660 Themes - ok
20:32:35.0132 4660 [ 9626746A9B120D2ED537DD8D76278405 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
20:32:35.0148 4660 ThinkVantage Registry Monitor Service - ok
20:32:35.0179 4660 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:32:35.0194 4660 TlntSvr - ok
20:32:35.0210 4660 TosIde - ok
20:32:35.0241 4660 [ 20A439D6475D6FE1909159C0143D0466 ] TPDIGIMN C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
20:32:35.0241 4660 TPDIGIMN - ok
20:32:35.0273 4660 [ 4506CB9042C794D82B88D3685328E0E8 ] TPDiskPM C:\WINDOWS\system32\drivers\TPDiskPM.sys
20:32:35.0413 4660 TPDiskPM - ok
20:32:35.0444 4660 [ 3775E4AA5F72264DBAB7A578DD913ECF ] TPHDEXLGSVC C:\WINDOWS\system32\TPHDEXLG.exe
20:32:35.0460 4660 TPHDEXLGSVC - ok
20:32:35.0491 4660 [ 8AEF2188630F5ECD79AD9ABBA630630B ] TPHKDRV C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
20:32:35.0507 4660 TPHKDRV - ok
20:32:35.0523 4660 [ 2CF225E19490F499528B926263FE4554 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
20:32:35.0523 4660 TPHKSVC - ok
20:32:35.0538 4660 [ 77139B840F55BA6DB6BF14109E04968E ] TPInput C:\WINDOWS\system32\DRIVERS\TPInput.sys
20:32:35.0616 4660 TPInput - ok
20:32:35.0648 4660 [ DFB268FF0A6DCB9280015FF527F892FF ] TpKmpSVC C:\WINDOWS\system32\TpKmpSVC.exe
20:32:35.0710 4660 TpKmpSVC - ok
20:32:35.0757 4660 [ 317B746B6069A10D635FDBDF48723845 ] TPM C:\WINDOWS\system32\DRIVERS\tpm.sys
20:32:35.0757 4660 TPM - ok
20:32:35.0788 4660 [ 44672DE6CEA9569C21C4B7A8D2560750 ] TPPWRIF C:\WINDOWS\system32\drivers\Tppwrif.sys
20:32:35.0788 4660 TPPWRIF - ok
20:32:35.0819 4660 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:32:35.0835 4660 TrkWks - ok
20:32:35.0866 4660 [ F2ABA3066D7921D7FCDBD66DEA88BE11 ] TSMAPIP C:\WINDOWS\system32\drivers\TSMAPIP.SYS
20:32:35.0866 4660 TSMAPIP - ok
20:32:35.0960 4660 [ E9EA448F1174BE4052416B62263EA4EE ] TVT Scheduler C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
20:32:36.0023 4660 TVT Scheduler - ok
20:32:36.0054 4660 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:32:36.0069 4660 Udfs - ok
20:32:36.0069 4660 UIUSys - ok
20:32:36.0085 4660 ultra - ok
20:32:36.0132 4660 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:32:36.0148 4660 Update - ok
20:32:36.0163 4660 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:32:36.0179 4660 upnphost - ok
20:32:36.0210 4660 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:32:36.0210 4660 UPS - ok
20:32:36.0241 4660 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:32:36.0241 4660 usbehci - ok
20:32:36.0273 4660 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:32:36.0273 4660 usbhub - ok
20:32:36.0319 4660 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:32:36.0398 4660 usbscan - ok
20:32:36.0460 4660 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:32:36.0460 4660 USBSTOR - ok
20:32:36.0491 4660 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:32:36.0491 4660 usbuhci - ok
20:32:36.0523 4660 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:32:36.0523 4660 VgaSave - ok
20:32:36.0538 4660 ViaIde - ok
20:32:36.0554 4660 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:32:36.0554 4660 VolSnap - ok
20:32:36.0616 4660 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:32:36.0632 4660 VSS - ok
20:32:36.0663 4660 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:32:36.0679 4660 W32Time - ok
20:32:36.0710 4660 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:32:36.0710 4660 Wanarp - ok
20:32:36.0757 4660 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
20:32:36.0773 4660 Wdf01000 - ok
20:32:36.0788 4660 WDICA - ok
20:32:36.0804 4660 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:32:36.0819 4660 wdmaud - ok
20:32:36.0835 4660 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:32:36.0851 4660 WebClient - ok
20:32:36.0913 4660 [ C1D5CBD8AA0D674DA1BA1BB189696396 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:32:36.0929 4660 winachsf - ok
20:32:37.0007 4660 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:32:37.0023 4660 winmgmt - ok
20:32:37.0085 4660 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:32:37.0085 4660 WmdmPmSN - ok
20:32:37.0148 4660 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:32:37.0163 4660 Wmi - ok
20:32:37.0179 4660 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:32:37.0194 4660 WmiApSrv - ok
20:32:37.0288 4660 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:32:37.0304 4660 WMPNetworkSvc - ok
20:32:37.0351 4660 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:32:37.0351 4660 WpdUsb - ok
20:32:37.0398 4660 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:32:37.0398 4660 WS2IFSL - ok
20:32:37.0460 4660 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:32:37.0476 4660 wscsvc - ok
20:32:37.0523 4660 [ 21AC4F228F3D36876A42277C76A766C0 ] WSIMD C:\WINDOWS\system32\DRIVERS\wsimd.sys
20:32:37.0616 4660 WSIMD - ok
20:32:37.0648 4660 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:32:37.0663 4660 wuauserv - ok
20:32:37.0710 4660 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:32:37.0726 4660 WudfPf - ok
20:32:37.0741 4660 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:32:37.0757 4660 WudfRd - ok
20:32:37.0773 4660 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:32:37.0788 4660 WudfSvc - ok
20:32:37.0835 4660 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:32:37.0851 4660 WZCSVC - ok
20:32:37.0882 4660 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:32:37.0898 4660 xmlprov - ok
20:32:37.0913 4660 ================ Scan global ===============================
20:32:37.0960 4660 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:32:38.0038 4660 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:32:38.0085 4660 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:32:38.0116 4660 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:32:38.0132 4660 [Global] - ok
20:32:38.0132 4660 ================ Scan MBR ==================================
20:32:38.0148 4660 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:32:38.0398 4660 \Device\Harddisk0\DR0 - ok
20:32:38.0398 4660 ================ Scan VBR ==================================
20:32:38.0398 4660 [ C640E1391BEBD2270FD28A152E794BCB ] \Device\Harddisk0\DR0\Partition1
20:32:38.0398 4660 \Device\Harddisk0\DR0\Partition1 - ok
20:32:38.0398 4660 ============================================================
20:32:38.0398 4660 Scan finished
20:32:38.0398 4660 ============================================================
20:32:38.0413 5140 Detected object count: 0
20:32:38.0413 5140 Actual detected object count: 0
20:33:05.0585 6056 Deinitialize success

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 12 January 2013 - 08:02 PM

Please do this next, and let me know what, if any, issues you are still having with the computer:

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Posted Image Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
Posted Image Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please include the following in your next post:
  • JRT log
  • AdwCleaner log
  • Security Check log

Edited by RPMcMurphy, 12 January 2013 - 08:02 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 punkieys17

punkieys17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 13 January 2013 - 04:06 AM

JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Microsoft Windows XP x86
Ran by Julian on 13/01/2013 at 8:35:27.89
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\freeze.com
Successfully deleted: [Registry Key] hkey_local_machine\software\tarma installer
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\pstext.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\playsushi32.playsushi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\playsushi32.playsushi.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\pstext.iebutton
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\pstext.iebutton.1
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd"
Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd.1"
Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"



~~~ Files

Successfully deleted: [File] "C:\Documents and Settings\Julian\desktop\speedypc pro.lnk"
Successfully deleted: [File] "C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINDOWS\application data\blekko toolbars"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINDOWS\application data\speedypc software"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINDOWS\application data\tarma installer"
Successfully deleted: [Folder] "C:\Documents and Settings\Julian\Application Data\adawaretb"
Successfully deleted: [Folder] "C:\Documents and Settings\Julian\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\Julian\Application Data\speedypc software"
Successfully deleted: [Folder] "C:\Documents and Settings\Julian\Local Settings\Application Data\adawarebp"
Successfully deleted: [Folder] "C:\Program Files\adawaretb"
Successfully deleted: [Folder] "C:\Program Files\speedypc software"
Successfully deleted: [Folder] "C:\Program Files\Common Files\speedypc software"
Successfully deleted: [Folder] "C:\Documents and Settings\Julian\start menu\programs\speedypc software"
Successfully deleted: [Folder] "C:\Program Files\ask.com"
Successfully deleted: [Folder] "C:\Documents and Settings\Julian\local settings\application data\asktoolbar"
Successfully deleted: [Folder] "C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/01/2013 at 8:42:20.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Found 2 ADW logs - posted belw in time order

# AdwCleaner v2.105 - Logfile created 01/13/2013 at 08:45:00
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Julian - ADMIN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Julian\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\admin1\Local Settings\Application Data\AskToolbar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\PlaySushi
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2961 octets] - [13/01/2013 08:45:00]

########## EOF - C:\AdwCleaner[R1].txt - [3021 octets] ##########


2nd ADW

# AdwCleaner v2.105 - Logfile created 01/13/2013 at 08:45:34
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Julian - ADMIN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Julian\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\admin1\Local Settings\Application Data\AskToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\PlaySushi
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [3090 octets] - [13/01/2013 08:45:00]
AdwCleaner[S1].txt - [3073 octets] - [13/01/2013 08:45:34]

########## EOF - C:\AdwCleaner[S1].txt - [3133 octets] ##########

Finally checkup

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2011
avast! Antivirus
Lavasoft Ad-Aware
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.70.0.1100
AVG PC Tuneup 2011
Java™ 6 Update 27
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of Date!
Adobe Flash Player 9 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Should I check to see if laptop will do a safe start?
Would appreciate advice if laptop is clean which if the security services I should retain and which to delete.

#12 punkieys17

punkieys17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 13 January 2013 - 04:11 AM

JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Microsoft Windows XP x86
Ran by Julian on 13/01/2013 at 8:35:27.89
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\freeze.com
Successfully deleted: [Registry Key] hkey_local_machine\software\tarma installer
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\pstext.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\playsushi32.playsushi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\playsushi32.playsushi.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\pstext.iebutton
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\pstext.iebutton.1
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd"
Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd.1"
Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"



~~~ Files

Successfully deleted: [File] "C:\Documents and Settings\Julian\desktop\speedypc pro.lnk"
Successfully deleted: [File] "C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINDOWS\application data\blekko toolbars"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINDOWS\application data\speedypc software"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINDOWS\application data\tarma installer"
Successfully deleted: [Folder] "C:\Documents and Settings\Julian\Application Data\adawaretb"
Successfully deleted: [Folder] "C:\Documents and Settings\Julian\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\Julian\Application Data\speedypc software"
Successfully deleted: [Folder] "C:\Documents and Settings\Julian\Local Settings\Application Data\adawarebp"
Successfully deleted: [Folder] "C:\Program Files\adawaretb"
Successfully deleted: [Folder] "C:\Program Files\speedypc software"
Successfully deleted: [Folder] "C:\Program Files\Common Files\speedypc software"
Successfully deleted: [Folder] "C:\Documents and Settings\Julian\start menu\programs\speedypc software"
Successfully deleted: [Folder] "C:\Program Files\ask.com"
Successfully deleted: [Folder] "C:\Documents and Settings\Julian\local settings\application data\asktoolbar"
Successfully deleted: [Folder] "C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/01/2013 at 8:42:20.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Found 2 ADW logs - posted belw in time order

# AdwCleaner v2.105 - Logfile created 01/13/2013 at 08:45:00
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Julian - ADMIN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Julian\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\admin1\Local Settings\Application Data\AskToolbar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\PlaySushi
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2961 octets] - [13/01/2013 08:45:00]

########## EOF - C:\AdwCleaner[R1].txt - [3021 octets] ##########


2nd ADW

# AdwCleaner v2.105 - Logfile created 01/13/2013 at 08:45:34
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Julian - ADMIN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Julian\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\admin1\Local Settings\Application Data\AskToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\PlaySushi
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [3090 octets] - [13/01/2013 08:45:00]
AdwCleaner[S1].txt - [3073 octets] - [13/01/2013 08:45:34]

########## EOF - C:\AdwCleaner[S1].txt - [3133 octets] ##########

Finally checkup

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2011
avast! Antivirus
Lavasoft Ad-Aware
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.70.0.1100
AVG PC Tuneup 2011
Java™ 6 Update 27
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of Date!
Adobe Flash Player 9 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Should I check to see if laptop will do a safe start?
Would appreciate advice if laptop is clean which if the security services I should retain and which to delete.

Have noticed when I click on start menu the internet icon on the left side, above a light grey line, looks like a globe as opposed to internet explorer below the line in the list of recent applications which is the standard "e" logo. Clickiing on the globe brings up internet properties dialogue (with all the normal tabs). The same happens if I click the normal "e" logo on desktop. The only way I can open explorer is via the "e" on the recent applications on the leftside below the line.

#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 13 January 2013 - 10:55 PM

Other than that issue with your IE icons, how is the computer running now?

You have way too many security programs installed. It's fine to keep Malwarebytes and SuperAntiSpyware, but you have 3 anti-virus apps (AVG, avast! and Ad-Aware). You need to uninstall all but one of those. Running more than one AV program does not offer any more protection and often causes conflicts and slow downs with your computer.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Go to this page and press the Free Java Download button near the center of the page, then follow the prompts to install the latest version
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • How is the computer running now?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 punkieys17

punkieys17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 14 January 2013 - 05:19 AM

Eset found nothing - so no log
PC is running well - apart from the shortcuts for explorer.

#15 punkieys17

punkieys17
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 14 January 2013 - 05:52 PM

Forgot to ask about Microsoft Recovery Console that loads during boot up - do I still need it?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users