Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i had some rootkits after removal my laptop is locking with 2% cpu usage


  • Please log in to reply
16 replies to this topic

#1 lukele

lukele

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 16 January 2013 - 12:04 PM

the title pretty much explains but im running a compaq laptop with windows xp

i had avg and it expired so i went and got avast it immediately found two rootkits from the scan it does in the installer now it was acting up before but it was

firefox and i guess its unrelated but it started locking up in weird places right after removal which i did about two weeks ago but like just now i opened a

folder and it just stopped for a second mouse and all like full on lock up and the performance log in task manager says it had not gone above 10% use

now i've done alot in the past 2 weeks super anti-spyware, avast, malware bytes all scanned in safe mode, i installed zone alarm, i cleaned up the registry, i did

disk cleanup, added 70gb to hard drive space, I've defraged twice once before making the extra hard drive space and again right after, did a check disk and i keep

ending up with two orphaned files every time i run it they are $I09 something ones a .exe but i've done all i know how to do so i'm turning to you guys am i

infected or is it something else

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:50 AM

Posted 17 January 2013 - 04:51 PM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
- Do NOT backup any unknown files ending in .exe, .com, .scr, .pif, and .bat since files of these types are more likely to be infected.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the boxes next to Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.


:step2:

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.


:step3:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.


:step4:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 lukele

lukele
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 21 January 2013 - 06:28 PM

17:14:25.0843 2980 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:14:26.0375 2980 ============================================================
17:14:26.0375 2980 Current date / time: 2013/01/21 17:14:26.0375
17:14:26.0375 2980 SystemInfo:
17:14:26.0375 2980
17:14:26.0375 2980 OS Version: 5.1.2600 ServicePack: 3.0
17:14:26.0375 2980 Product type: Workstation
17:14:26.0375 2980 ComputerName: LUKE-28A382C1F2
17:14:26.0375 2980 UserName: luke
17:14:26.0375 2980 Windows directory: C:\WINDOWS
17:14:26.0375 2980 System windows directory: C:\WINDOWS
17:14:26.0375 2980 Processor architecture: Intel x86
17:14:26.0375 2980 Number of processors: 1
17:14:26.0375 2980 Page size: 0x1000
17:14:26.0375 2980 Boot type: Normal boot
17:14:26.0375 2980 ============================================================
17:14:27.0437 2980 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:14:27.0437 2980 ============================================================
17:14:27.0437 2980 \Device\Harddisk0\DR0:
17:14:27.0437 2980 MBR partitions:
17:14:27.0437 2980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
17:14:27.0437 2980 ============================================================
17:14:27.0468 2980 C: <-> \Device\Harddisk0\DR0\Partition1
17:14:27.0468 2980 ============================================================
17:14:27.0468 2980 Initialize success
17:14:27.0468 2980 ============================================================
17:15:11.0406 3680 ============================================================
17:15:11.0406 3680 Scan started
17:15:11.0406 3680 Mode: Manual; SigCheck; TDLFS;
17:15:11.0406 3680 ============================================================
17:15:12.0421 3680 ================ Scan system memory ========================
17:15:12.0421 3680 System memory - ok
17:15:12.0421 3680 ================ Scan services =============================
17:15:12.0609 3680 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:15:12.0828 3680 !SASCORE - ok
17:15:13.0046 3680 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
17:15:13.0265 3680 Aavmker4 - ok
17:15:13.0281 3680 Abiosdsk - ok
17:15:13.0312 3680 abp480n5 - ok
17:15:13.0343 3680 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:15:13.0937 3680 ACPI - ok
17:15:14.0000 3680 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:15:14.0281 3680 ACPIEC - ok
17:15:14.0296 3680 adpu160m - ok
17:15:14.0328 3680 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:15:14.0593 3680 aec - ok
17:15:14.0656 3680 [ F6B7B1ECD7B41736BDB6FF4B092BCB79 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:15:14.0765 3680 AFD - ok
17:15:14.0765 3680 Aha154x - ok
17:15:14.0765 3680 aic78u2 - ok
17:15:14.0781 3680 aic78xx - ok
17:15:14.0812 3680 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:15:15.0000 3680 Alerter - ok
17:15:15.0015 3680 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:15:15.0156 3680 ALG - ok
17:15:15.0156 3680 AliIde - ok
17:15:15.0156 3680 amsint - ok
17:15:15.0203 3680 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:15:15.0343 3680 AppMgmt - ok
17:15:15.0343 3680 asc - ok
17:15:15.0343 3680 asc3350p - ok
17:15:15.0359 3680 asc3550 - ok
17:15:15.0421 3680 [ 5B01AF89D16D562825C4DB4530F20CBB ] ASPI32 C:\WINDOWS\system32\drivers\ASPI32.sys
17:15:15.0515 3680 ASPI32 ( UnsignedFile.Multi.Generic ) - warning
17:15:15.0515 3680 ASPI32 - detected UnsignedFile.Multi.Generic (1)
17:15:15.0640 3680 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:15:15.0718 3680 aspnet_state - ok
17:15:15.0765 3680 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:15:15.0781 3680 aswFsBlk - ok
17:15:15.0812 3680 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
17:15:15.0859 3680 aswMon2 - ok
17:15:15.0875 3680 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
17:15:15.0906 3680 AswRdr - ok
17:15:15.0937 3680 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
17:15:16.0093 3680 aswSnx - ok
17:15:16.0109 3680 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
17:15:16.0140 3680 aswSP - ok
17:15:16.0187 3680 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
17:15:16.0265 3680 aswTdi - ok
17:15:16.0296 3680 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:15:16.0468 3680 AsyncMac - ok
17:15:16.0515 3680 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
17:15:16.0734 3680 atapi - ok
17:15:16.0734 3680 Atdisk - ok
17:15:16.0765 3680 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:15:16.0921 3680 Atmarpc - ok
17:15:16.0953 3680 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:15:17.0109 3680 AudioSrv - ok
17:15:17.0171 3680 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:15:17.0328 3680 audstub - ok
17:15:17.0421 3680 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:15:17.0437 3680 avast! Antivirus - ok
17:15:17.0515 3680 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:15:17.0656 3680 Beep - ok
17:15:17.0734 3680 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:15:17.0921 3680 BITS - ok
17:15:17.0937 3680 [ F934D1B230F84E1D19DD00AC5A7A83ED ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
17:15:18.0015 3680 Bridge - ok
17:15:18.0015 3680 [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
17:15:18.0109 3680 BridgeMP - ok
17:15:18.0171 3680 [ FC6D1D80588D371F0321E15A75B2F8F2 ] Browser C:\WINDOWS\System32\browser.dll
17:15:18.0234 3680 Browser - ok
17:15:18.0265 3680 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:15:18.0453 3680 cbidf2k - ok
17:15:18.0453 3680 cd20xrnt - ok
17:15:18.0484 3680 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:15:18.0640 3680 Cdaudio - ok
17:15:18.0687 3680 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:15:18.0843 3680 Cdfs - ok
17:15:18.0859 3680 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:15:18.0875 3680 Cdrom - ok
17:15:18.0875 3680 Changer - ok
17:15:18.0953 3680 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:15:19.0109 3680 CiSvc - ok
17:15:19.0125 3680 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:15:19.0312 3680 ClipSrv - ok
17:15:19.0359 3680 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:15:19.0375 3680 clr_optimization_v2.0.50727_32 - ok
17:15:19.0421 3680 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:15:19.0515 3680 clr_optimization_v4.0.30319_32 - ok
17:15:19.0562 3680 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:15:19.0765 3680 CmBatt - ok
17:15:19.0765 3680 CmdIde - ok
17:15:19.0781 3680 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:15:19.0937 3680 Compbatt - ok
17:15:19.0953 3680 COMSysApp - ok
17:15:19.0953 3680 Cpqarray - ok
17:15:20.0015 3680 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:15:20.0187 3680 CryptSvc - ok
17:15:20.0187 3680 dac2w2k - ok
17:15:20.0187 3680 dac960nt - ok
17:15:20.0265 3680 [ 9222562D44021B988B9F9F62207FB6F2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:15:20.0328 3680 DcomLaunch - ok
17:15:20.0390 3680 [ C51DE19619D50CBD03708647ACA10E70 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:15:20.0531 3680 Dhcp - ok
17:15:20.0562 3680 [ 47B6AAEC570F2C11D8BAD80A064D8ED1 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:15:20.0656 3680 Disk - ok
17:15:20.0656 3680 dmadmin - ok
17:15:20.0703 3680 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:15:20.0890 3680 dmboot - ok
17:15:20.0906 3680 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:15:21.0203 3680 dmio - ok
17:15:21.0218 3680 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:15:21.0390 3680 dmload - ok
17:15:21.0406 3680 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:15:21.0562 3680 dmserver - ok
17:15:21.0609 3680 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:15:21.0796 3680 DMusic - ok
17:15:21.0828 3680 [ D977659AE4D8ECE5286D99D1ED34614D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:15:21.0859 3680 Dnscache - ok
17:15:21.0890 3680 [ B4109C8C3D54C83246997A777724F318 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:15:21.0984 3680 Dot3svc - ok
17:15:22.0000 3680 dpti2o - ok
17:15:22.0046 3680 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:15:22.0203 3680 drmkaud - ok
17:15:22.0296 3680 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
17:15:22.0328 3680 dtsoftbus01 - ok
17:15:22.0375 3680 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:15:22.0656 3680 EapHost - ok
17:15:22.0671 3680 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:15:22.0828 3680 ERSvc - ok
17:15:22.0875 3680 [ C519E15665CD89A91AD383FCE3CB556A ] Eventlog C:\WINDOWS\system32\services.exe
17:15:23.0000 3680 Eventlog - ok
17:15:23.0015 3680 [ F17F6226BDC0CD5F0BEF0DAF84D29BEC ] EventSystem C:\WINDOWS\system32\es.dll
17:15:23.0093 3680 EventSystem - ok
17:15:23.0156 3680 [ 4D893323DAE445E34A4C9038B0551BC9 ] exFat C:\WINDOWS\system32\drivers\exFat.sys
17:15:23.0187 3680 exFat - ok
17:15:23.0250 3680 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:15:23.0406 3680 Fastfat - ok
17:15:23.0484 3680 [ 888CD7B39C37E13A2419BECFAAF0A28C ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:15:23.0515 3680 FastUserSwitchingCompatibility - ok
17:15:23.0531 3680 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
17:15:23.0734 3680 Fdc - ok
17:15:23.0750 3680 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:15:23.0937 3680 Fips - ok
17:15:23.0937 3680 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:15:24.0046 3680 Flpydisk - ok
17:15:24.0109 3680 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:15:24.0265 3680 FltMgr - ok
17:15:24.0328 3680 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:15:24.0343 3680 FontCache3.0.0.0 - ok
17:15:24.0359 3680 [ 30D42943A54704EF13E2562911DBFCEA ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:15:24.0437 3680 Fs_Rec - ok
17:15:24.0453 3680 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:15:24.0609 3680 Ftdisk - ok
17:15:24.0671 3680 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:15:24.0687 3680 GEARAspiWDM - ok
17:15:24.0750 3680 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:15:24.0875 3680 Gpc - ok
17:15:24.0968 3680 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:15:25.0125 3680 HDAudBus - ok
17:15:25.0265 3680 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:15:25.0484 3680 helpsvc - ok
17:15:25.0484 3680 HidServ - ok
17:15:25.0515 3680 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:15:25.0671 3680 hidusb - ok
17:15:25.0718 3680 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:15:25.0984 3680 hkmsvc - ok
17:15:25.0984 3680 hpn - ok
17:15:26.0062 3680 [ 937031C085718C1C04A9C0864625EC6B ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:15:26.0156 3680 HTTP - ok
17:15:26.0218 3680 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:15:26.0375 3680 HTTPFilter - ok
17:15:26.0390 3680 i2omgmt - ok
17:15:26.0390 3680 i2omp - ok
17:15:26.0437 3680 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:15:26.0609 3680 i8042prt - ok
17:15:26.0703 3680 [ 46F152F801A5FFD275441371014AE094 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:15:26.0906 3680 ialm - ok
17:15:26.0968 3680 [ DB81F413FA4E3F328CAD7B5D59EF3F21 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
17:15:27.0000 3680 iaStor - ok
17:15:27.0046 3680 [ DB81F413FA4E3F328CAD7B5D59EF3F21 ] iastor9 C:\WINDOWS\system32\drivers\iastor9.sys
17:15:27.0125 3680 iastor9 - ok
17:15:27.0265 3680 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:15:27.0359 3680 idsvc - ok
17:15:27.0406 3680 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:15:27.0625 3680 Imapi - ok
17:15:27.0640 3680 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:15:27.0812 3680 ImapiService - ok
17:15:27.0812 3680 ini910u - ok
17:15:28.0031 3680 [ 42D6A38977AD69C9BB666B04504EFFD3 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:15:28.0359 3680 IntcAzAudAddService - ok
17:15:28.0406 3680 IntelIde - ok
17:15:28.0437 3680 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:15:28.0609 3680 intelppm - ok
17:15:28.0640 3680 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:15:28.0812 3680 Ip6Fw - ok
17:15:28.0859 3680 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:15:29.0031 3680 IpFilterDriver - ok
17:15:29.0062 3680 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:15:29.0218 3680 IpInIp - ok
17:15:29.0234 3680 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:15:29.0390 3680 IpNat - ok
17:15:29.0468 3680 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:15:29.0562 3680 iPod Service - ok
17:15:29.0578 3680 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:15:29.0734 3680 IPSec - ok
17:15:29.0765 3680 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:15:29.0890 3680 IRENUM - ok
17:15:29.0953 3680 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:15:30.0125 3680 isapnp - ok
17:15:30.0234 3680 [ 724A6A9AB5E1807665C5DB71C30BFC5F ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
17:15:30.0250 3680 ISWKL - ok
17:15:30.0265 3680 [ 57FE873B8246DEF1372503CBC57A7499 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
17:15:30.0312 3680 IswSvc - ok
17:15:30.0437 3680 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
17:15:30.0453 3680 JavaQuickStarterService - ok
17:15:30.0515 3680 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:15:30.0671 3680 Kbdclass - ok
17:15:30.0718 3680 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:15:30.0906 3680 kmixer - ok
17:15:30.0968 3680 [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:15:31.0093 3680 KSecDD - ok
17:15:31.0109 3680 [ 3695B8D03745B2F8022B161238347A9D ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
17:15:31.0140 3680 LanmanServer - ok
17:15:31.0156 3680 [ 3B9324D60DD321BAB7BF6F77931D3FD1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:15:31.0328 3680 lanmanworkstation - ok
17:15:31.0328 3680 lbrtfdc - ok
17:15:31.0359 3680 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:15:31.0625 3680 LmHosts - ok
17:15:31.0671 3680 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
17:15:31.0687 3680 MBAMProtector - ok
17:15:31.0781 3680 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:15:31.0859 3680 MBAMScheduler - ok
17:15:31.0921 3680 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:15:32.0031 3680 MBAMService - ok
17:15:32.0078 3680 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:15:32.0296 3680 Messenger - ok
17:15:32.0343 3680 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:15:32.0546 3680 mnmdd - ok
17:15:32.0593 3680 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:15:32.0796 3680 mnmsrvc - ok
17:15:32.0828 3680 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:15:33.0000 3680 Modem - ok
17:15:33.0015 3680 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:15:33.0203 3680 Mouclass - ok
17:15:33.0218 3680 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:15:33.0390 3680 mouhid - ok
17:15:33.0406 3680 [ 1A1FAA5102466F418494E94FF9B0B091 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:15:33.0421 3680 MountMgr - ok
17:15:33.0437 3680 mraid35x - ok
17:15:33.0468 3680 [ 4FEFD389D71126EE581B9F9CB2918BE4 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:15:33.0578 3680 MRxDAV - ok
17:15:33.0593 3680 [ FB2FCCC70F7174C7BF64F48E96D3ADF4 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:15:33.0640 3680 MRxSmb - ok
17:15:33.0687 3680 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:15:33.0875 3680 MSDTC - ok
17:15:33.0937 3680 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:15:34.0171 3680 Msfs - ok
17:15:34.0171 3680 MSIServer - ok
17:15:34.0218 3680 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:15:34.0375 3680 MSKSSRV - ok
17:15:34.0390 3680 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:15:34.0625 3680 MSPCLOCK - ok
17:15:34.0640 3680 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:15:34.0906 3680 MSPQM - ok
17:15:34.0953 3680 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:15:35.0125 3680 mssmbios - ok
17:15:35.0140 3680 [ F7B1AD991491F02AF6DA70B00B8BF114 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:15:35.0171 3680 Mup - ok
17:15:35.0187 3680 [ 75B85F6A5CDCCB602EC98E0D37CCC072 ] mv61xxmm C:\WINDOWS\system32\drivers\mv61xxmm.sys
17:15:35.0203 3680 mv61xxmm - ok
17:15:35.0203 3680 [ 6090786DAA545A3EC7D34A46A8CD1661 ] mv64xxmm C:\WINDOWS\system32\drivers\mv64xxmm.sys
17:15:35.0218 3680 mv64xxmm ( UnsignedFile.Multi.Generic ) - warning
17:15:35.0218 3680 mv64xxmm - detected UnsignedFile.Multi.Generic (1)
17:15:35.0265 3680 [ 45A7B1DC4C099AE8D424190A23AA8168 ] mvxxmm C:\WINDOWS\system32\drivers\mvxxmm.sys
17:15:35.0343 3680 mvxxmm - ok
17:15:35.0359 3680 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:15:35.0531 3680 napagent - ok
17:15:35.0531 3680 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:15:35.0718 3680 NDIS - ok
17:15:35.0750 3680 [ 091735A5F20ACB1DC147383A905AE002 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:15:35.0812 3680 NdisTapi - ok
17:15:35.0828 3680 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:15:35.0984 3680 Ndisuio - ok
17:15:36.0000 3680 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:15:36.0171 3680 NdisWan - ok
17:15:36.0203 3680 [ 816460BD4B4ACD27937D1D0813E2E9E9 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:15:36.0234 3680 NDProxy - ok
17:15:36.0296 3680 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:15:36.0390 3680 NetBIOS - ok
17:15:36.0437 3680 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:15:36.0593 3680 NetBT - ok
17:15:36.0656 3680 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:15:36.0859 3680 NetDDE - ok
17:15:36.0859 3680 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:15:37.0000 3680 NetDDEdsdm - ok
17:15:37.0015 3680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:15:37.0171 3680 Netlogon - ok
17:15:37.0218 3680 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:15:37.0343 3680 Netman - ok
17:15:37.0406 3680 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:15:37.0484 3680 NetTcpPortSharing - ok
17:15:37.0515 3680 [ FCEE5FCB99F7C724593365C706D28388 ] Nla C:\WINDOWS\System32\mswsock.dll
17:15:37.0593 3680 Nla - ok
17:15:37.0609 3680 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:15:37.0781 3680 Npfs - ok
17:15:37.0812 3680 [ 53F7546E8DAEFB3A0813F5E19C4613C9 ] NSNDIS5 C:\WINDOWS\system32\NSNDIS5.SYS
17:15:37.0843 3680 NSNDIS5 ( UnsignedFile.Multi.Generic ) - warning
17:15:37.0843 3680 NSNDIS5 - detected UnsignedFile.Multi.Generic (1)
17:15:37.0906 3680 [ 4C51D5275AE8A16999EDFE7E647D00DE ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:15:37.0953 3680 Ntfs - ok
17:15:37.0968 3680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:15:38.0109 3680 NtLmSsp - ok
17:15:38.0140 3680 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:15:38.0328 3680 NtmsSvc - ok
17:15:38.0375 3680 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:15:38.0515 3680 Null - ok
17:15:38.0578 3680 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:15:38.0750 3680 NwlnkFlt - ok
17:15:38.0781 3680 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:15:38.0921 3680 NwlnkFwd - ok
17:15:39.0062 3680 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:15:39.0093 3680 odserv - ok
17:15:39.0156 3680 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:15:39.0171 3680 ose - ok
17:15:39.0250 3680 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
17:15:39.0437 3680 Parport - ok
17:15:39.0468 3680 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:15:39.0609 3680 PartMgr - ok
17:15:39.0640 3680 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:15:39.0812 3680 ParVdm - ok
17:15:39.0843 3680 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:15:40.0015 3680 PCI - ok
17:15:40.0015 3680 PCIDump - ok
17:15:40.0031 3680 PCIIde - ok
17:15:40.0078 3680 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:15:40.0218 3680 Pcmcia - ok
17:15:40.0234 3680 PDCOMP - ok
17:15:40.0234 3680 PDFRAME - ok
17:15:40.0250 3680 PDRELI - ok
17:15:40.0250 3680 PDRFRAME - ok
17:15:40.0265 3680 perc2 - ok
17:15:40.0265 3680 perc2hib - ok
17:15:40.0343 3680 [ C519E15665CD89A91AD383FCE3CB556A ] PlugPlay C:\WINDOWS\system32\services.exe
17:15:40.0359 3680 PlugPlay - ok
17:15:40.0375 3680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:15:40.0515 3680 PolicyAgent - ok
17:15:40.0531 3680 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:15:40.0671 3680 PptpMiniport - ok
17:15:40.0687 3680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:15:40.0828 3680 ProtectedStorage - ok
17:15:40.0843 3680 [ D8E11D311785F89F1D70A28B0E879127 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:15:40.0875 3680 PSched - ok
17:15:40.0921 3680 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:15:41.0078 3680 Ptilink - ok
17:15:41.0093 3680 ql1080 - ok
17:15:41.0093 3680 Ql10wnt - ok
17:15:41.0093 3680 ql12160 - ok
17:15:41.0109 3680 ql1240 - ok
17:15:41.0125 3680 ql1280 - ok
17:15:41.0187 3680 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:15:41.0281 3680 RasAcd - ok
17:15:41.0312 3680 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:15:41.0437 3680 RasAuto - ok
17:15:41.0484 3680 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:15:41.0593 3680 Rasl2tp - ok
17:15:41.0609 3680 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:15:41.0812 3680 RasMan - ok
17:15:41.0828 3680 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:15:41.0984 3680 RasPppoe - ok
17:15:42.0031 3680 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:15:42.0187 3680 Raspti - ok
17:15:42.0265 3680 [ 77050C6615F6EB5402F832B27FD695E0 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:15:42.0296 3680 Rdbss - ok
17:15:42.0312 3680 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:15:42.0515 3680 RDPCDD - ok
17:15:42.0578 3680 [ 47EA20320E3D6FDC7B7BB22B2B881CA6 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:15:42.0671 3680 rdpdr - ok
17:15:42.0718 3680 [ C7D9BC54354B8C706ABF172D48313F1B ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:15:42.0765 3680 RDPWD - ok
17:15:42.0812 3680 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:15:42.0968 3680 RDSessMgr - ok
17:15:43.0031 3680 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:15:43.0187 3680 redbook - ok
17:15:43.0218 3680 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:15:43.0359 3680 RemoteAccess - ok
17:15:43.0421 3680 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:15:43.0687 3680 RemoteRegistry - ok
17:15:43.0718 3680 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:15:43.0859 3680 RpcLocator - ok
17:15:43.0906 3680 [ 9222562D44021B988B9F9F62207FB6F2 ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:15:43.0968 3680 RpcSs - ok
17:15:44.0062 3680 [ 743D7D59767073A617B1DCC6C546F234 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
17:15:44.0093 3680 rspndr - ok
17:15:44.0140 3680 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:15:44.0343 3680 RSVP - ok
17:15:44.0437 3680 [ 453438388210192132306AB93983553A ] RT80x86 C:\WINDOWS\system32\DRIVERS\RT2860.sys
17:15:44.0562 3680 RT80x86 - ok
17:15:44.0578 3680 [ 40607773FECD00708354809E233823F2 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:15:44.0593 3680 RTLE8023xp - ok
17:15:44.0609 3680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:15:44.0765 3680 SamSs - ok
17:15:44.0828 3680 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:15:44.0843 3680 SASDIFSV - ok
17:15:44.0843 3680 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:15:44.0859 3680 SASKUTIL - ok
17:15:44.0906 3680 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:15:45.0093 3680 SCardSvr - ok
17:15:45.0156 3680 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:15:45.0343 3680 Schedule - ok
17:15:45.0375 3680 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:15:45.0421 3680 Secdrv - ok
17:15:45.0468 3680 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:15:45.0640 3680 seclogon - ok
17:15:45.0656 3680 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:15:45.0828 3680 SENS - ok
17:15:45.0843 3680 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
17:15:45.0984 3680 Serial - ok
17:15:46.0015 3680 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:15:46.0187 3680 Sfloppy - ok
17:15:46.0250 3680 [ 4F10A2FA76B5BD54CD68AFA94E8ADB39 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:15:46.0375 3680 SharedAccess - ok
17:15:46.0390 3680 [ 888CD7B39C37E13A2419BECFAAF0A28C ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:15:46.0406 3680 ShellHWDetection - ok
17:15:46.0453 3680 Simbad - ok
17:15:46.0484 3680 Sparrow - ok
17:15:46.0531 3680 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:15:46.0687 3680 splitter - ok
17:15:46.0718 3680 [ 258DD5D4283FD9F9A7166BE9AE45CE73 ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:15:46.0828 3680 Spooler - ok
17:15:46.0890 3680 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:15:46.0937 3680 sr - ok
17:15:47.0000 3680 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:15:47.0062 3680 srservice - ok
17:15:47.0093 3680 [ 9B390283569EA58D43D2586032B892F5 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:15:47.0234 3680 Srv - ok
17:15:47.0265 3680 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:15:47.0359 3680 SSDPSRV - ok
17:15:47.0421 3680 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:15:47.0656 3680 stisvc - ok
17:15:47.0703 3680 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:15:47.0843 3680 swenum - ok
17:15:47.0906 3680 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:15:48.0062 3680 swmidi - ok
17:15:48.0078 3680 SwPrv - ok
17:15:48.0093 3680 symc810 - ok
17:15:48.0093 3680 symc8xx - ok
17:15:48.0093 3680 sym_hi - ok
17:15:48.0109 3680 sym_u3 - ok
17:15:48.0171 3680 [ B6F84F36E3FA4D52E2293BBF6E38FC04 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:15:48.0328 3680 SynTP - ok
17:15:48.0343 3680 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:15:48.0593 3680 sysaudio - ok
17:15:48.0625 3680 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:15:48.0796 3680 SysmonLog - ok
17:15:48.0859 3680 [ E2B32B10ACC5D97623275AAFB67E5F03 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:15:48.0937 3680 TapiSrv - ok
17:15:48.0968 3680 [ 51E41F16ACD80B8B39C0AE703A213F09 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:15:49.0015 3680 Tcpip - ok
17:15:49.0062 3680 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:15:49.0250 3680 TDPIPE - ok
17:15:49.0281 3680 [ C0578456F29E5F26285F81B7B71FE57D ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:15:49.0328 3680 TDTCP - ok
17:15:49.0343 3680 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:15:49.0500 3680 TermDD - ok
17:15:49.0531 3680 [ 5128852A18AE46C387F87BF27DA4C9DD ] TermService C:\WINDOWS\System32\termsrv.dll
17:15:49.0625 3680 TermService - ok
17:15:49.0656 3680 [ 888CD7B39C37E13A2419BECFAAF0A28C ] Themes C:\WINDOWS\System32\shsvcs.dll
17:15:49.0671 3680 Themes - ok
17:15:49.0718 3680 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:15:49.0796 3680 TlntSvr - ok
17:15:49.0796 3680 TosIde - ok
17:15:49.0875 3680 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:15:50.0000 3680 TrkWks - ok
17:15:50.0062 3680 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:15:50.0296 3680 Udfs - ok
17:15:50.0296 3680 ultra - ok
17:15:50.0343 3680 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
17:15:50.0343 3680 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
17:15:50.0343 3680 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
17:15:50.0421 3680 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:15:50.0578 3680 Update - ok
17:15:50.0625 3680 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:15:50.0750 3680 upnphost - ok
17:15:50.0765 3680 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:15:51.0031 3680 UPS - ok
17:15:51.0031 3680 USBAAPL - ok
17:15:51.0093 3680 [ 52674B5DBEE499342A599C7771ABECAA ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:15:51.0109 3680 usbehci - ok
17:15:51.0140 3680 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:15:51.0437 3680 usbhub - ok
17:15:51.0484 3680 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:15:51.0640 3680 USBSTOR - ok
17:15:51.0687 3680 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:15:51.0859 3680 usbuhci - ok
17:15:51.0906 3680 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:15:52.0125 3680 VgaSave - ok
17:15:52.0125 3680 ViaIde - ok
17:15:52.0156 3680 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:15:52.0343 3680 VolSnap - ok
17:15:52.0406 3680 [ 5C826F02FF76F07B332C764BB9644F27 ] Vsdatant C:\WINDOWS\system32\vsdatant.sys
17:15:52.0515 3680 Vsdatant - ok
17:15:52.0578 3680 vsmon - ok
17:15:52.0625 3680 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:15:52.0750 3680 VSS - ok
17:15:52.0812 3680 [ 9F8A0D0CBB2FA265A754516128C00E22 ] W32Time C:\WINDOWS\system32\w32time.dll
17:15:52.0859 3680 W32Time - ok
17:15:52.0890 3680 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:15:53.0031 3680 Wanarp - ok
17:15:53.0093 3680 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
17:15:53.0171 3680 Wdf01000 - ok
17:15:53.0171 3680 WDICA - ok
17:15:53.0234 3680 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:15:53.0406 3680 wdmaud - ok
17:15:53.0437 3680 [ 703591CD1403BC19E7198CA7B314E132 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:15:53.0562 3680 WebClient - ok
17:15:53.0687 3680 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:15:53.0906 3680 winmgmt - ok
17:15:53.0953 3680 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:15:54.0000 3680 WmdmPmSN - ok
17:15:54.0093 3680 [ C8A6C82F90B055149925DC7526B2D78C ] Wmi C:\WINDOWS\System32\advapi32.dll
17:15:54.0171 3680 Wmi - ok
17:15:54.0187 3680 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:15:54.0328 3680 WmiAcpi - ok
17:15:54.0375 3680 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:15:54.0515 3680 WmiApSrv - ok
17:15:54.0593 3680 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:15:54.0703 3680 WPFFontCache_v0400 - ok
17:15:54.0765 3680 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:15:54.0984 3680 wscsvc - ok
17:15:54.0984 3680 [ FC1E3B06AE8D160B686C5D04B5E85371 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:15:55.0015 3680 wuauserv - ok
17:15:55.0046 3680 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:15:55.0093 3680 WudfPf - ok
17:15:55.0125 3680 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:15:55.0171 3680 WudfRd - ok
17:15:55.0187 3680 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:15:55.0218 3680 WudfSvc - ok
17:15:55.0281 3680 [ 349B8D2BB755E8C3B0E3E82A87663E55 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:15:55.0390 3680 WZCSVC - ok
17:15:55.0390 3680 X4HSEx_Pr143 - ok
17:15:55.0421 3680 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:15:55.0640 3680 xmlprov - ok
17:15:55.0671 3680 [ 09E5340BD9B2CB730BF4DC6BE7721291 ] xusb21 C:\WINDOWS\system32\DRIVERS\xusb21.sys
17:15:55.0718 3680 xusb21 - ok
17:15:55.0812 3680 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:15:55.0906 3680 YahooAUService - ok
17:15:55.0906 3680 ================ Scan global ===============================
17:15:55.0953 3680 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:15:56.0031 3680 [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll
17:15:56.0078 3680 [ B23423313519C522E0E73BA170D3CE71 ] C:\WINDOWS\system32\winsrv.dll
17:15:56.0093 3680 [ C519E15665CD89A91AD383FCE3CB556A ] C:\WINDOWS\system32\services.exe
17:15:56.0125 3680 [Global] - ok
17:15:56.0125 3680 ================ Scan MBR ==================================
17:15:56.0171 3680 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:15:56.0687 3680 \Device\Harddisk0\DR0 - ok
17:15:56.0687 3680 ================ Scan VBR ==================================
17:15:56.0703 3680 [ C11D5A77793CAA42BAF15BC2E6D288A9 ] \Device\Harddisk0\DR0\Partition1
17:15:56.0703 3680 \Device\Harddisk0\DR0\Partition1 - ok
17:15:56.0703 3680 ============================================================
17:15:56.0703 3680 Scan finished
17:15:56.0703 3680 ============================================================
17:15:56.0828 3836 Detected object count: 4
17:15:56.0828 3836 Actual detected object count: 4
17:16:30.0750 3836 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user
17:16:30.0750 3836 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:16:30.0750 3836 mv64xxmm ( UnsignedFile.Multi.Generic ) - skipped by user
17:16:30.0750 3836 mv64xxmm ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:16:30.0750 3836 NSNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
17:16:30.0750 3836 NSNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:16:30.0750 3836 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
17:16:30.0750 3836 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:18:03.0203 3412 Deinitialize success

#4 lukele

lukele
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 21 January 2013 - 06:29 PM

# AdwCleaner v2.107 - Logfile created 01/21/2013 at 17:20:39
# Updated 21/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : luke - LUKE-28A382C1F2
# Boot Mode : Normal
# Running from : C:\Documents and Settings\luke\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\7vgx9emi.default\searchplugins\Askcom.xml
File Found : C:\Documents and Settings\mom\Application Data\Mozilla\Firefox\Profiles\ogoigtma.default\searchplugins\web-search.xml
File Found : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Found : C:\Documents and Settings\All Users\Application Data\APN
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\dad\Application Data\Babylon
Folder Found : C:\Documents and Settings\dad\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\7vgx9emi.default\extensions\toolbar@ask.com
Folder Found : C:\Documents and Settings\luke\Local Settings\Application Data\APN
Folder Found : C:\Documents and Settings\luke\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\mom\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\mom\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\nick\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\nick\Local Settings\Application Data\AskToolbar
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\OApps
Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Crossrider
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKU\S-1-5-21-1214440339-1897051121-1177238915-1005\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\7vgx9emi.default\prefs.js

Found : user_pref("extensions.asktb.ff-original-keyword-url", "");

File : C:\Documents and Settings\dad\Application Data\Mozilla\Firefox\Profiles\4mi4bq7e.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "Ask.com");
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxps://isearch.avg.com/search?cid={41FABA81-[...]

File : C:\Documents and Settings\mom\Application Data\Mozilla\Firefox\Profiles\ogoigtma.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "Ask.com");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://websearch.shopathome.com?user_id={dfa0[...]
Found : user_pref("extensions.sahtb.searchEngineNameSAH", "Web Search");
Found : user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\" ?><MerchantSettings><v n=\"3[...]
Found : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n <XMLVersion Number=\"{bdd09e8b-8dee[...]
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]

File : C:\Documents and Settings\nick\Application Data\Mozilla\Firefox\Profiles\34ysr4i3.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "Ask.com");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxps://isearch.avg.com/search?cid={41FABA81-[...]
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]

File : C:\Documents and Settings\everyone else\Application Data\Mozilla\Firefox\Profiles\dv6t2h3m.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Documents and Settings\luke\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12732 octets] - [21/01/2013 17:20:39]

########## EOF - C:\AdwCleaner[R1].txt - [12793 octets] ##########

#5 lukele

lukele
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 21 January 2013 - 06:31 PM

Farbar Service Scanner Version: 16-01-2013
Ran by luke (administrator) on 21-01-2013 at 17:23:27
Running from "C:\Documents and Settings\luke\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2011-09-14 06:15] - [2011-09-14 06:15] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2011-09-14 06:17] - [2011-09-14 06:17] - 0361600 ____A (Microsoft Corporation) 51E41F16ACD80B8B39C0AE703A213F09

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll
[2011-09-14 06:16] - [2011-09-14 06:16] - 0330752 ____A (Microsoft Corporation) 4F10A2FA76B5BD54CD68AFA94E8ADB39

C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2012-08-15 12:41] - [2011-09-14 06:17] - 0022520 ____A (Microsoft Corporation) FC1E3B06AE8D160B686C5D04B5E85371

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll
[2011-09-14 06:15] - [2011-09-14 06:15] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2011-09-14 06:17] - [2011-09-14 06:17] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINDOWS\system32\services.exe
[2011-09-14 06:17] - [2011-09-14 06:17] - 0110592 ____A (Microsoft Corporation) C519E15665CD89A91AD383FCE3CB556A


Extra List:
=======
aswTdi(12) Bridge(11) BridgeMP(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0C000000040000000100000002000000030000000C000000090000000A000000050000000600000007000000080000000B000000
IpSec Tag value is correct.

**** End of log ****

#6 lukele

lukele
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 21 January 2013 - 06:35 PM

MiniToolBox by Farbar Version:10-01-2013
Ran by luke (administrator) on 21-01-2013 at 17:25:04
Running from "C:\Documents and Settings\luke\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Ralink RT5390 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=192.168.2.1 mask=255.255.255.0
set dns name="Local Area Connection" source=static addr=none register=PRIMARY
set wins name="Local Area Connection" source=static addr=none

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=static addr=192.168.1.5 mask=255.255.255.0
set address name="Wireless Network Connection" gateway=192.168.1.1 gwmetric=0
set dns name="Wireless Network Connection" source=static addr=192.168.1.1 register=PRIMARY
set wins name="Wireless Network Connection" source=static addr=none


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : luke-28a382c1f2

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek PCIe FE Family Controller

Physical Address. . . . . . . . . : 98-4B-E1-C9-5C-BB



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Ralink RT5390 802.11b/g/n WiFi Adapter

Physical Address. . . . . . . . . : 88-9F-FA-A8-CE-F2

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.131, 74.125.225.132, 74.125.225.133, 74.125.225.134
74.125.225.135, 74.125.225.136, 74.125.225.137, 74.125.225.142, 74.125.225.128
74.125.225.129, 74.125.225.130



Pinging google.com [74.125.225.65] with 32 bytes of data:



Reply from 74.125.225.65: bytes=32 time=17ms TTL=54

Reply from 74.125.225.65: bytes=32 time=16ms TTL=54



Ping statistics for 74.125.225.65:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 16ms, Maximum = 17ms, Average = 16ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 206.190.36.45, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=102ms TTL=50

Reply from 206.190.36.45: bytes=32 time=92ms TTL=50



Ping statistics for 206.190.36.45:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 92ms, Maximum = 102ms, Average = 97ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...98 4b e1 c9 5c bb ...... Realtek PCIe FE Family Controller - Packet Scheduler Miniport
0x3 ...88 9f fa a8 ce f2 ...... Ralink RT5390 802.11b/g/n WiFi Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.5 192.168.1.5 20
192.168.1.5 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.5 192.168.1.5 20
224.0.0.0 240.0.0.0 192.168.1.5 192.168.1.5 20
255.255.255.255 255.255.255.255 192.168.1.5 192.168.1.5 1
255.255.255.255 255.255.255.255 192.168.1.5 2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/18/2013 03:20:38 AM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 18.0.0.4752, faulting module mozalloc.dll, version 18.0.0.4752, fault address 0x00001987.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (01/17/2013 10:57:28 PM) (Source: Application Error) (User: )
Description: Faulting application mbamgui.exe, version 1.70.0.0, faulting module mbamgui.exe, version 1.70.0.0, fault address 0x00038b55.
Processing media-specific event for [mbamgui.exe!ws!]

Error: (01/17/2013 04:57:07 PM) (Source: MsiInstaller) (User: LUKE-28A382C1F2)
Description: Product: Skype™ 6.1 -- Error 1925. You do not have sufficient privileges to complete this installation for all users of the machine. Log on as administrator and then retry this installation.

Error: (01/09/2013 06:38:05 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/08/2013 09:07:46 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot access the registry policy file, C:\WINDOWS\System32\GroupPolicy\Machine\registry.pol. (The process cannot access the file because it is being used by another process. ).

Error: (01/08/2013 09:07:46 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot access the registry information at C:\WINDOWS\System32\GroupPolicy\Machine\registry.pol. (The process cannot access the file because it is being used by another process. ).

Error: (01/07/2013 00:19:27 PM) (Source: MsiInstaller) (User: LUKE-28A382C1F2)
Description: Product: Driver Detective -- Error 1925.You do not have sufficient privileges to complete this installation for all users of the machine. Log on as an administrator and then retry this installation.

Error: (01/06/2013 04:51:10 AM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.70.0.9, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/03/2013 09:20:49 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 15.0.0.4619, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/30/2012 02:05:12 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 17.0.1.4715, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (01/21/2013 00:56:52 PM) (Source: Service Control Manager) (User: )
Description: The X4HSEx_Pr143 service failed to start due to the following error:
%%3

Error: (01/21/2013 00:27:18 AM) (Source: Service Control Manager) (User: )
Description: The X4HSEx_Pr143 service failed to start due to the following error:
%%3

Error: (01/20/2013 11:43:09 PM) (Source: Service Control Manager) (User: )
Description: The X4HSEx_Pr143 service failed to start due to the following error:
%%3

Error: (01/20/2013 08:30:36 AM) (Source: Service Control Manager) (User: )
Description: The X4HSEx_Pr143 service failed to start due to the following error:
%%3

Error: (01/20/2013 02:29:38 AM) (Source: Service Control Manager) (User: )
Description: The X4HSEx_Pr143 service failed to start due to the following error:
%%3

Error: (01/19/2013 00:57:04 PM) (Source: Service Control Manager) (User: )
Description: The X4HSEx_Pr143 service failed to start due to the following error:
%%3

Error: (01/18/2013 11:35:35 PM) (Source: Service Control Manager) (User: )
Description: The X4HSEx_Pr143 service failed to start due to the following error:
%%3

Error: (01/18/2013 08:48:59 AM) (Source: Service Control Manager) (User: )
Description: The X4HSEx_Pr143 service failed to start due to the following error:
%%3

Error: (01/18/2013 02:33:56 AM) (Source: Service Control Manager) (User: )
Description: The X4HSEx_Pr143 service failed to start due to the following error:
%%3

Error: (01/17/2013 10:57:16 PM) (Source: Service Control Manager) (User: )
Description: The X4HSEx_Pr143 service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

µTorrent (Version: 3.2.0)
7-Zip 9.20
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Alchemy 1.2
Ask Toolbar (Version: 1.15.14.0)
Ask Toolbar Updater (Version: 1.2.3.29495)
avast! Free Antivirus (Version: 7.0.1474.0)
Bof4
D-i-v-X AVI Codec Pack Pro 2.4.0
Google Chrome (Version: 24.0.1312.52)
hkSFV (remove only) (Version: 1.0)
ImgBurn (Version: 2.5.7.0)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.5189)
Java 7 Update 11 (Version: 7.0.110)
Java Auto Updater (Version: 2.1.9.0)
K-Lite Mega Codec Pack 9.3.0 (Version: 9.3.0)
Majesty - Gold Edition
Majesty 2: The Fantasy Kingdom Sim (Version: 1.0.0.0)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Mozilla Firefox 18.0.1 (x86 en-US) (Version: 18.0.1)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
Pando Media Booster (Version: 2.6.0.8)
Ralink RT2860 Wireless LAN Card (Version: 3.1.13.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.29.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.6122)
Star Wars® Knights of the Old Republic® II: The Sith Lords™ (Version: 1.00.0000)
Star Wars®: Knights of the Old Republic ™
SUPERAntiSpyware (Version: 5.6.1014)
Synaptics TouchPad
Unlocker 1.9.1 (Version: 1.9.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Media Format 11 runtime
WinUtilities 10.53 Free Edition
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yahoo! Software Update
ZoneAlarm Do Not Track Add-on 2.2.5.1213 (Version: 2.2.5.1213)
ZoneAlarm Firewall (Version: 11.0.000.038)
ZoneAlarm Free Firewall (Version: 11.0.000.038)
ZoneAlarm LTD Toolbar
ZoneAlarm Security (Version: 11.0.000.038)
ZoneAlarm Security Toolbar
ZSoft Uninstaller 2.5 (Version: 2.5)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 1978.85 MB
Available physical RAM: 1354.66 MB
Total Pagefile: 3867.04 MB
Available Pagefile: 3022.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.19 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:300.12 GB) NTFS
3 Drive e: (BoF4) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\LUKE-28A382C1F2

Administrator ASPNET dad
everyone else Guest HelpAssistant
luke mom nick
SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

23-10-2012 16:40:27 Installed Star Wars® Knights of the Old Republic® II: The Si
25-10-2012 20:14:37 System Checkpoint
29-10-2012 21:54:48 System Checkpoint
04-11-2012 03:55:35 System Checkpoint
05-11-2012 12:10:32 System Checkpoint
06-11-2012 12:58:59 System Checkpoint
11-11-2012 23:40:40 System Checkpoint
13-11-2012 00:15:00 System Checkpoint
14-11-2012 00:35:47 System Checkpoint
15-11-2012 01:04:45 System Checkpoint
16-11-2012 01:35:05 System Checkpoint
17-11-2012 02:01:54 System Checkpoint
18-11-2012 09:00:24 Software Distribution Service 3.0
20-11-2012 07:23:20 System Checkpoint
22-11-2012 07:02:22 System Checkpoint
24-11-2012 00:23:54 Removed Java 7 Update 7
24-11-2012 00:24:32 Installed Java 7 Update 9
25-11-2012 00:28:20 System Checkpoint
26-11-2012 01:39:09 System Checkpoint
27-11-2012 12:42:27 System Checkpoint
01-12-2012 03:50:05 System Checkpoint
02-12-2012 08:12:09 System Checkpoint
03-12-2012 14:52:16 System Checkpoint
04-12-2012 15:40:09 System Checkpoint
06-12-2012 09:19:54 System Checkpoint
08-12-2012 06:17:14 System Checkpoint
09-12-2012 15:58:02 System Checkpoint
10-12-2012 16:33:30 System Checkpoint
11-12-2012 19:35:34 System Checkpoint
12-12-2012 01:33:46 Software Distribution Service 3.0
12-12-2012 09:00:46 Software Distribution Service 3.0
13-12-2012 20:12:59 System Checkpoint
16-12-2012 02:40:41 System Checkpoint
18-12-2012 00:21:22 System Checkpoint
20-12-2012 04:57:15 System Checkpoint
21-12-2012 00:09:53 Software Distribution Service 3.0
21-12-2012 05:22:03 Removed AVG 2013
21-12-2012 05:24:16 Removed AVG 2013
21-12-2012 05:26:35 Software Distribution Service 3.0
22-12-2012 21:01:37 Software Distribution Service 3.0
23-12-2012 21:42:07 System Checkpoint
24-12-2012 11:52:12 Software Distribution Service 3.0
25-12-2012 15:00:57 Software Distribution Service 3.0
26-12-2012 21:49:57 Software Distribution Service 3.0
27-12-2012 22:00:29 System Checkpoint
28-12-2012 01:10:43 Software Distribution Service 3.0
29-12-2012 13:43:13 Software Distribution Service 3.0
30-12-2012 20:03:23 Software Distribution Service 3.0
31-12-2012 21:39:52 Software Distribution Service 3.0
01-01-2013 23:32:49 Software Distribution Service 3.0
03-01-2013 06:42:46 System Checkpoint
03-01-2013 12:20:55 Software Distribution Service 3.0
04-01-2013 09:00:19 Software Distribution Service 3.0
04-01-2013 18:59:22 Software Distribution Service 3.0
05-01-2013 19:56:58 Software Distribution Service 3.0
06-01-2013 10:41:20 Removed Java 7 Update 9
06-01-2013 10:42:02 Removed JavaFX 2.1.1
06-01-2013 10:42:27 Removed Skype™ 5.10
07-01-2013 14:28:54 Software Distribution Service 3.0
07-01-2013 18:19:30 Installed Driver Detective.
08-01-2013 15:37:24 avast! Free Antivirus Setup
08-01-2013 15:43:36 Software Distribution Service 3.0
09-01-2013 16:33:18 System Checkpoint
09-01-2013 17:32:01 Software Distribution Service 3.0
10-01-2013 18:53:36 System Checkpoint
11-01-2013 09:37:13 Removed ASPCA Reminder by We-Care.com v4.1.21.1
11-01-2013 10:38:46 Removed RealUpgrade 1.1
11-01-2013 10:40:28 Removed RealDownloader
13-01-2013 07:31:09 System Checkpoint
15-01-2013 03:57:55 System Checkpoint
15-01-2013 21:12:21 Software Distribution Service 3.0
16-01-2013 16:04:24 before registry edit
16-01-2013 16:09:32 Removed iTunes
16-01-2013 16:10:41 Removed Bonjour
16-01-2013 16:11:00 Removed Apple Mobile Device Support
16-01-2013 16:11:41 Removed Apple Application Support
16-01-2013 16:13:02 Removed Apple Software Update
18-01-2013 05:22:39 System Checkpoint
18-01-2013 19:28:07 Installed Java 7 Update 11
20-01-2013 19:41:23 System Checkpoint

**** End of log ****

#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:50 AM

Posted 22 January 2013 - 07:04 PM

Please do the following next:

:step1:

Going over your logs I noticed that you have µTorrent installed.
  • Avoid peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • P2p programs share a directory or set of directories on your computer to the world. Anyone can type in a search, and potentially download something from your computer. This makes the machine an open web server -- massively increasing the attack surface of the machine.
  • To reduce the risk of infection avoid using any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you.

If you choose to remove these programs, you can do so via:

  • Click the Posted Image button.
  • Click Control Panel then Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


:step2:

Run Windows / Microsoft Update to check for updates

  • Click the Start button, click All Programs, and then click Windows Update under "See Also".
  • Click the Express button.
  • If there are any Important / High priority to install, please install them.
  • Do not install any of the Optional updates.
  • Restart your computer


:step3:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


:step4:

Please rerun Farbar Service Scanner (FSS) on the computer with the issue.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


:step5:

How is the computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#8 lukele

lukele
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 23 January 2013 - 12:17 AM

# AdwCleaner v2.107 - Logfile created 01/22/2013 at 23:08:15
# Updated 21/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : luke - LUKE-28A382C1F2
# Boot Mode : Normal
# Running from : C:\Documents and Settings\luke\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\7vgx9emi.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\mom\Application Data\Mozilla\Firefox\Profiles\ogoigtma.default\searchplugins\web-search.xml
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\dad\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\dad\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\7vgx9emi.default\extensions\toolbar@ask.com
Folder Deleted : C:\Documents and Settings\luke\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\luke\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\mom\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\mom\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\nick\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\nick\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Documents and Settings\luke\Application Data\Mozilla\Firefox\Profiles\7vgx9emi.default\prefs.js

Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

File : C:\Documents and Settings\dad\Application Data\Mozilla\Firefox\Profiles\4mi4bq7e.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxps://isearch.avg.com/search?cid={41FABA81-[...]
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]

File : C:\Documents and Settings\mom\Application Data\Mozilla\Firefox\Profiles\ogoigtma.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://websearch.shopathome.com?user_id={dfa0[...]
Deleted : user_pref("extensions.sahtb.searchEngineNameSAH", "Web Search");
Deleted : user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\" ?><MerchantSettings><v n=\"3[...]
Deleted : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n <XMLVersion Number=\"{bdd09e8b-8dee[...]
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]

File : C:\Documents and Settings\everyone else\Application Data\Mozilla\Firefox\Profiles\dv6t2h3m.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Documents and Settings\luke\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [12271 octets] - [21/01/2013 23:43:53]
AdwCleaner[S1].txt - [12879 octets] - [22/01/2013 23:08:15]

########## EOF - C:\AdwCleaner[S1].txt - [12940 octets] ##########

Edited by lukele, 23 January 2013 - 12:19 AM.


#9 lukele

lukele
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 23 January 2013 - 12:19 AM

Farbar Service Scanner Version: 16-01-2013
Ran by luke (administrator) on 22-01-2013 at 23:14:59
Running from "C:\Documents and Settings\luke\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2011-09-14 06:15] - [2011-09-14 06:15] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2011-09-14 06:17] - [2011-09-14 06:17] - 0361600 ____A (Microsoft Corporation) 51E41F16ACD80B8B39C0AE703A213F09

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll
[2011-09-14 06:16] - [2011-09-14 06:16] - 0330752 ____A (Microsoft Corporation) 4F10A2FA76B5BD54CD68AFA94E8ADB39

C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2012-08-15 12:41] - [2011-09-14 06:17] - 0022520 ____A (Microsoft Corporation) FC1E3B06AE8D160B686C5D04B5E85371

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll
[2011-09-14 06:15] - [2011-09-14 06:15] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2011-09-14 06:17] - [2011-09-14 06:17] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINDOWS\system32\services.exe
[2011-09-14 06:17] - [2011-09-14 06:17] - 0110592 ____A (Microsoft Corporation) C519E15665CD89A91AD383FCE3CB556A


Extra List:
=======
aswTdi(12) Bridge(11) BridgeMP(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0C000000040000000100000002000000030000000C000000090000000A000000050000000600000007000000080000000B000000
IpSec Tag value is correct.

**** End of log ****

#10 lukele

lukele
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 23 January 2013 - 12:27 AM

i went ahead and uninstalled utorrent i knew it had risks but I've obviously failed in preventing them

no high-priority windows updates

and i see marked improvement in boot time
application load time
and i guess memory because the videos on youtube no longer lock til they finish loading

#11 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:50 AM

Posted 23 January 2013 - 05:09 PM

Hi

Please do the following next:

:step1:

  • Launch Malwarebytes' Anti-Malware (MBAM)
  • Click on the tab update, then click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Then on the Scanner tab select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

Note: Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt


:step2:

I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


:step3:

How is the computer running now?

Edited by dev00790, 23 January 2013 - 05:10 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#12 lukele

lukele
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 23 January 2013 - 08:34 PM

mbam-log-2013-01-23 (16-45-52).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 413627
Time elapsed: 2 hour(s), 47 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 lukele

lukele
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 23 January 2013 - 10:55 PM

C:\Documents and Settings\luke\Desktop\ESRPatcher Pro Release\DLPatcher.exe probably a variant of Win32/Agent.FDSUVWE trojan cleaned by deleting - quarantined
C:\Documents and Settings\luke\Desktop\fromthe patriot drive\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Documents and Settings\luke\Desktop\DTLite4453-0297.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\luke\Desktop\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Documents and Settings\luke\Local Settings\Temp\APNStub.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Documents and Settings\luke\My Documents\Downloads\avi.codec.pack.pro.v2.4.0.setup.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Documents and Settings\luke\My Documents\Downloads\DTLite4454-0315.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\luke\My Documents\Downloads\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Documents and Settings\luke\My Documents\Downloads\Unlocker1.9.1.exe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\mom\My Documents\Downloads\freeopener_715.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Documents and Settings\nick\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\40\6279baa8-3fe62e08 Java/Exploit.CVE-2012-1723.CF trojan deleted - quarantined

#14 lukele

lukele
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 23 January 2013 - 11:01 PM

i feel that eset got several false positives but i'm not the expert

the computer countinues to improve even the firefox flash issue seems to have improved

#15 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:50 AM

Posted 24 January 2013 - 03:59 PM

Hi

IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.

Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes.
They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms.
This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker.
Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities.
You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed.
In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them.
Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say:

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

Help: I Got Hacked. Now What Do I Do?.

We will do our best to clean the computer of any infections seen on the log. However, because of the nature of this Trojan, I cannot offer a total
guarantee that there are no remnants left in the system, or that the computer will be trustworthy.

Many security experts believe that once infected with this type of Trojan, the best course of action is to reformat and reinstall the Operating System.
Making this decision is based on what the computer is used for, and what information can be accessed from it.

Knowing the above, do you wish to proceed with cleaning the malware from the computer?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users