Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

aswMBR log result


  • This topic is locked This topic is locked
20 replies to this topic

#1 espoo_hopper

espoo_hopper

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 07 February 2013 - 05:36 PM

Hi All

 

I've just run aswMBR and the following came up. I have already been told (via an earlier query relating to a separate scan) that the Service sptd.... is alright and is associated with Daemon Tools Lite. The dds was, I'm fairly sure, unopened and has been deleted. I hope this solves that problem.

Driver\atapi.... is in yellow

ntkrnlpa-exe .... is in red

 

Can you tell me if these are a problem or false positives and what I need to do?. Please be kind enough to keep it simple, as I am not particularly computer literate.

 

Many thanks



BC AdBot (Login to Remove)

 


#2 espoo_hopper

espoo_hopper
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 07 February 2013 - 05:43 PM

Hi again

 

Just reviewed the post and the attachment was not there as I didn't click Attach This File.

 

Sorry.

Attached Files



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,781 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:57 PM

Posted 09 February 2013 - 05:04 PM

Greetings espoo_hopper and welcome.gif to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. thumbup2.gif

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. smile.png
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the StartNewTopic.gif button but use the button instead.[/*]
    [*]In the upper right hand corner of the topic you will see the button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.[/*]
    [*]If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.[/*]
    [*]When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.[/*]
    [*]I would like to remind you to make no further changes to your computer unless I direct you to do so.[/*]
    [*]Now let's get started thumbup2.gif[/*]
    [/list] ===================================================

    Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

    Thank you for your patience thus far. There is some work we need to do in light of some irregularities in the aswMBR report.

    Please do this for me.


    ===================================================


    Run TDSSKiller by Kaspersky

    --------------------

    • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
    • If you desire you may print out and follow the instructions for performing a scan.
    • Right-click on TDSSKiller.exe and select Run As Administrator.
    • When the program opens, click the Start Scan button.



    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
    • If an infected file is detected, the default action will be Cure...do not change it.




    • Click Continue > Reboot now to finish the cleaning process.<- Important!!



    • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
    • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
    • Copy and paste the contents of that file in your next reply.

    -- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".


    ===================================================


    DDS by sUBs

    --------------------

    [list][*]If you no longer have the program on your computer, please download DDS by sUBs from one of the following links. Save it to your desktop.

    * DDS.com
    * DDS.pif

    [*]Double click on the [img]http://i1118.photobucket.com/albums/k611/lhs22/DDS-1.jpg
  • icon
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Two Notepad documents will open - DDS.txt and Attach.txt. Please copy and paste the results in your reply
  • Close the program window, and delete the program from your desktop
  • Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    ===================================================


    AdwCleaner by Xplode - Search for Adware

    -------------------
    • Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe, select OK, then Run
    • Click on Search
    • A logfile will automatically open after the scan has finished
    • Copy and paste the contents in your reply
    • You can find the logfile at C:\AdwCleaner[R1].txt as well
    ===================================================


    Junkware Removal Tooll by thisisu

    -------------------
    • Please download Junkware Removal Tool and save it to your desktop.
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
    • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
    • Please allow the program time to run
    • Once completed a Notepad document will open on your desktop
    • Copy and paste the contents in your reply
    ===================================================


    Things I would like to see in your next reply. Please be sure to copy and paste
the information rather than send an attachment. icon_thumb.gif
  • TDSSKiller log
  • DDS log
  • AdwCleaner log
  • Junkware Removal Tool log

Edited by Oh My, 09 February 2013 - 05:06 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 espoo_hopper

espoo_hopper
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 09 February 2013 - 06:32 PM

Hi Gary


 

TDSSKiller


 

23:21:21.0906 3804  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:21:22.0375 3804  ============================================================
23:21:22.0375 3804  Current date / time: 2013/02/09 23:21:22.0375
23:21:22.0375 3804  SystemInfo:
23:21:22.0375 3804 
23:21:22.0375 3804  OS Version: 5.1.2600 ServicePack: 3.0
23:21:22.0375 3804  Product type: Workstation
23:21:22.0375 3804  ComputerName: USER-8DFA3AB479
23:21:22.0390 3804  UserName: USER
23:21:22.0390 3804  Windows directory: C:\WINDOWS
23:21:22.0390 3804  System windows directory: C:\WINDOWS
23:21:22.0390 3804  Processor architecture: Intel x86
23:21:22.0390 3804  Number of processors: 1
23:21:22.0390 3804  Page size: 0x1000
23:21:22.0390 3804  Boot type: Normal boot
23:21:22.0390 3804  ============================================================
23:21:26.0890 3804  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:21:26.0906 3804  Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:21:26.0906 3804  ============================================================
23:21:26.0906 3804  \Device\Harddisk0\DR0:
23:21:26.0906 3804  MBR partitions:
23:21:26.0906 3804  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
23:21:26.0906 3804  \Device\Harddisk1\DR1:
23:21:26.0906 3804  MBR partitions:
23:21:26.0906 3804  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
23:21:26.0906 3804  ============================================================
23:21:26.0953 3804  C: <-> \Device\Harddisk0\DR0\Partition1
23:21:27.0015 3804  E: <-> \Device\Harddisk1\DR1\Partition1
23:21:27.0031 3804  ============================================================
23:21:27.0031 3804  Initialize success
23:21:27.0031 3804  ============================================================
23:22:22.0062 1624  ============================================================
23:22:22.0062 1624  Scan started
23:22:22.0062 1624  Mode: Manual;
23:22:22.0062 1624  ============================================================
23:22:22.0406 1624  ================ Scan system memory ========================
23:22:22.0406 1624  System memory - ok
23:22:22.0406 1624  ================ Scan services =============================
23:22:22.0500 1624  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
23:22:22.0500 1624  !SASCORE - ok
23:22:22.0796 1624  Abiosdsk - ok
23:22:22.0796 1624  abp480n5 - ok
23:22:22.0921 1624  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:22:22.0921 1624  ACDaemon - ok
23:22:22.0968 1624  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:22:22.0968 1624  ACPI - ok
23:22:23.0015 1624  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
23:22:23.0015 1624  ACPIEC - ok
23:22:23.0078 1624  [ A7FB2EEBAB95D8078D0C9152BB8479F7 ] AcrSch2Svc      C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
23:22:23.0078 1624  AcrSch2Svc - ok
23:22:23.0171 1624  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:22:23.0187 1624  AdobeFlashPlayerUpdateSvc - ok
23:22:23.0187 1624  adpu160m - ok
23:22:23.0234 1624  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
23:22:23.0250 1624  aec - ok
23:22:23.0312 1624  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
23:22:23.0312 1624  AFD - ok
23:22:23.0359 1624  [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K           C:\WINDOWS\system32\drivers\AFS2K.sys
23:22:23.0359 1624  AFS2K - ok
23:22:23.0375 1624  Aha154x - ok
23:22:23.0390 1624  aic78u2 - ok
23:22:23.0390 1624  aic78xx - ok
23:22:23.0453 1624  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
23:22:23.0453 1624  Alerter - ok
23:22:23.0484 1624  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
23:22:23.0484 1624  ALG - ok
23:22:23.0500 1624  AliIde - ok
23:22:23.0500 1624  amsint - ok
23:22:23.0609 1624  [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:22:23.0609 1624  AntiVirSchedulerService - ok
23:22:23.0656 1624  [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:22:23.0656 1624  AntiVirService - ok
23:22:23.0703 1624  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
23:22:23.0718 1624  AppMgmt - ok
23:22:23.0718 1624  asc - ok
23:22:23.0734 1624  asc3350p - ok
23:22:23.0734 1624  asc3550 - ok
23:22:23.0890 1624  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:22:23.0890 1624  aspnet_state - ok
23:22:23.0953 1624  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:22:23.0953 1624  AsyncMac - ok
23:22:23.0968 1624  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
23:22:23.0968 1624  atapi - ok
23:22:23.0968 1624  Atdisk - ok
23:22:24.0031 1624  [ 2A27A3A8634FB9E29F539D6D3ED3646A ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
23:22:24.0046 1624  Ati HotKey Poller - ok
23:22:24.0109 1624  [ 72810C6A63076A480ABCE0E0BA0BC981 ] ATI Smart       C:\WINDOWS\system32\ati2sgag.exe
23:22:24.0140 1624  ATI Smart - ok
23:22:24.0265 1624  [ 8763EDE3E0CD40F5C3450571AC57F205 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:22:24.0312 1624  ati2mtag - ok
23:22:24.0343 1624  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:22:24.0343 1624  Atmarpc - ok
23:22:24.0390 1624  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
23:22:24.0390 1624  AudioSrv - ok
23:22:24.0437 1624  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
23:22:24.0437 1624  audstub - ok
23:22:24.0500 1624  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:22:24.0500 1624  avgntflt - ok
23:22:24.0515 1624  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:22:24.0531 1624  avipbb - ok
23:22:24.0546 1624  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
23:22:24.0562 1624  avkmgr - ok
23:22:24.0609 1624  [ 3A3A82FFD268BCFB7AE6A48CECF00AD9 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
23:22:24.0625 1624  b57w2k - ok
23:22:24.0656 1624  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
23:22:24.0656 1624  Beep - ok
23:22:24.0703 1624  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
23:22:24.0734 1624  BITS - ok
23:22:24.0796 1624  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
23:22:24.0796 1624  Browser - ok
23:22:24.0812 1624  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
23:22:24.0828 1624  cbidf2k - ok
23:22:24.0906 1624  [ 58BF7714A312698108A96D0DE2BB6825 ] cbVSCService11  C:\Program Files\Cobian Backup 11\cbVSCService11.exe
23:22:24.0906 1624  cbVSCService11 - ok
23:22:24.0921 1624  cd20xrnt - ok
23:22:24.0921 1624  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
23:22:24.0937 1624  Cdaudio - ok
23:22:24.0984 1624  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
23:22:24.0984 1624  Cdfs - ok
23:22:25.0031 1624  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:22:25.0031 1624  Cdrom - ok
23:22:25.0062 1624  [ 84853B3FD012251690570E9E7E43343F ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
23:22:25.0078 1624  cercsr6 - ok
23:22:25.0078 1624  Changer - ok
23:22:25.0109 1624  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
23:22:25.0125 1624  CiSvc - ok
23:22:25.0140 1624  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
23:22:25.0156 1624  ClipSrv - ok
23:22:25.0203 1624  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:22:25.0218 1624  clr_optimization_v2.0.50727_32 - ok
23:22:25.0265 1624  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:22:25.0281 1624  clr_optimization_v4.0.30319_32 - ok
23:22:25.0296 1624  CmdIde - ok
23:22:25.0296 1624  COMSysApp - ok
23:22:25.0312 1624  Cpqarray - ok
23:22:25.0328 1624  Crypkey License - ok
23:22:25.0343 1624  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
23:22:25.0359 1624  CryptSvc - ok
23:22:25.0359 1624  dac2w2k - ok
23:22:25.0375 1624  dac960nt - ok
23:22:25.0437 1624  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
23:22:25.0437 1624  DcomLaunch - ok
23:22:25.0484 1624  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
23:22:25.0500 1624  Dhcp - ok
23:22:25.0546 1624  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
23:22:25.0546 1624  Disk - ok
23:22:25.0562 1624  dmadmin - ok
23:22:25.0609 1624  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
23:22:25.0625 1624  dmboot - ok
23:22:25.0640 1624  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
23:22:25.0640 1624  dmio - ok
23:22:25.0656 1624  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
23:22:25.0656 1624  dmload - ok
23:22:25.0687 1624  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
23:22:25.0687 1624  dmserver - ok
23:22:25.0703 1624  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
23:22:25.0718 1624  DMusic - ok
23:22:25.0765 1624  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
23:22:25.0765 1624  Dnscache - ok
23:22:25.0796 1624  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
23:22:25.0812 1624  Dot3svc - ok
23:22:25.0812 1624  dpti2o - ok
23:22:25.0843 1624  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
23:22:25.0843 1624  drmkaud - ok
23:22:25.0890 1624  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
23:22:25.0906 1624  EapHost - ok
23:22:25.0953 1624  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
23:22:25.0968 1624  ERSvc - ok
23:22:26.0015 1624  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
23:22:26.0015 1624  Eventlog - ok
23:22:26.0078 1624  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
23:22:26.0078 1624  EventSystem - ok
23:22:26.0125 1624  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
23:22:26.0125 1624  Fastfat - ok
23:22:26.0187 1624  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:22:26.0187 1624  FastUserSwitchingCompatibility - ok
23:22:26.0203 1624  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
23:22:26.0218 1624  Fdc - ok
23:22:26.0265 1624  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
23:22:26.0265 1624  Fips - ok
23:22:26.0312 1624  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:22:26.0312 1624  Flpydisk - ok
23:22:26.0406 1624  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
23:22:26.0406 1624  FltMgr - ok
23:22:26.0500 1624  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:22:26.0515 1624  FontCache3.0.0.0 - ok
23:22:26.0531 1624  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:22:26.0531 1624  Fs_Rec - ok
23:22:26.0546 1624  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:22:26.0546 1624  Ftdisk - ok
23:22:26.0609 1624  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:22:26.0609 1624  Gpc - ok
23:22:26.0703 1624  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
23:22:26.0718 1624  gupdate - ok
23:22:26.0718 1624  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:22:26.0718 1624  gupdatem - ok
23:22:26.0859 1624  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:22:26.0859 1624  helpsvc - ok
23:22:26.0921 1624  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
23:22:26.0921 1624  HidServ - ok
23:22:26.0984 1624  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:22:26.0984 1624  hidusb - ok
23:22:27.0046 1624  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
23:22:27.0046 1624  hkmsvc - ok
23:22:27.0062 1624  hpn - ok
23:22:27.0125 1624  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
23:22:27.0125 1624  HTTP - ok
23:22:27.0156 1624  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
23:22:27.0171 1624  HTTPFilter - ok
23:22:27.0187 1624  i2omgmt - ok
23:22:27.0203 1624  i2omp - ok
23:22:27.0203 1624  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:22:27.0218 1624  i8042prt - ok
23:22:27.0265 1624  [ 0F0194C4B635C10C3F785E4FEE52D641 ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:22:27.0312 1624  ialm - ok
23:22:27.0390 1624  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:22:27.0437 1624  idsvc - ok
23:22:27.0468 1624  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
23:22:27.0484 1624  Imapi - ok
23:22:27.0531 1624  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
23:22:27.0531 1624  ImapiService - ok
23:22:27.0546 1624  ini910u - ok
23:22:27.0562 1624  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
23:22:27.0562 1624  IntelIde - ok
23:22:27.0609 1624  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:22:27.0609 1624  intelppm - ok
23:22:27.0640 1624  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
23:22:27.0656 1624  Ip6Fw - ok
23:22:27.0687 1624  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:22:27.0687 1624  IpFilterDriver - ok
23:22:27.0703 1624  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:22:27.0703 1624  IpInIp - ok
23:22:27.0750 1624  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:22:27.0750 1624  IpNat - ok
23:22:27.0765 1624  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:22:27.0765 1624  IPSec - ok
23:22:27.0796 1624  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
23:22:27.0812 1624  IRENUM - ok
23:22:27.0828 1624  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:22:27.0843 1624  isapnp - ok
23:22:27.0937 1624  [ 724A6A9AB5E1807665C5DB71C30BFC5F ] ISWKL           C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
23:22:27.0937 1624  ISWKL - ok
23:22:28.0000 1624  [ 57FE873B8246DEF1372503CBC57A7499 ] IswSvc          C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
23:22:28.0000 1624  IswSvc - ok
23:22:28.0046 1624  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:22:28.0062 1624  Kbdclass - ok
23:22:28.0109 1624  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:22:28.0109 1624  kbdhid - ok
23:22:28.0156 1624  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
23:22:28.0171 1624  kmixer - ok
23:22:28.0234 1624  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
23:22:28.0234 1624  KSecDD - ok
23:22:28.0281 1624  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
23:22:28.0296 1624  lanmanserver - ok
23:22:28.0343 1624  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:22:28.0343 1624  lanmanworkstation - ok
23:22:28.0359 1624  lbrtfdc - ok
23:22:28.0406 1624  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
23:22:28.0406 1624  LmHosts - ok
23:22:28.0421 1624  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
23:22:28.0437 1624  Messenger - ok
23:22:28.0546 1624  Microsoft SharePoint Workspace Audit Service - ok
23:22:28.0578 1624  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
23:22:28.0593 1624  mnmdd - ok
23:22:28.0640 1624  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
23:22:28.0640 1624  mnmsrvc - ok
23:22:28.0671 1624  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
23:22:28.0687 1624  Modem - ok
23:22:28.0703 1624  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:22:28.0718 1624  Mouclass - ok
23:22:28.0750 1624  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:22:28.0750 1624  mouhid - ok
23:22:28.0796 1624  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
23:22:28.0796 1624  MountMgr - ok
23:22:28.0796 1624  mraid35x - ok
23:22:28.0812 1624  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:22:28.0812 1624  MRxDAV - ok
23:22:28.0859 1624  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:22:28.0859 1624  MRxSmb - ok
23:22:28.0890 1624  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
23:22:28.0890 1624  MSDTC - ok
23:22:28.0937 1624  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
23:22:28.0937 1624  Msfs - ok
23:22:28.0953 1624  MSIServer - ok
23:22:28.0984 1624  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:22:28.0984 1624  MSKSSRV - ok
23:22:29.0000 1624  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:22:29.0000 1624  MSPCLOCK - ok
23:22:29.0015 1624  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
23:22:29.0031 1624  MSPQM - ok
23:22:29.0046 1624  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:22:29.0046 1624  mssmbios - ok
23:22:29.0078 1624  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
23:22:29.0078 1624  Mup - ok
23:22:29.0140 1624  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
23:22:29.0156 1624  napagent - ok
23:22:29.0203 1624  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
23:22:29.0203 1624  NDIS - ok
23:22:29.0250 1624  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:22:29.0250 1624  NdisTapi - ok
23:22:29.0265 1624  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:22:29.0265 1624  Ndisuio - ok
23:22:29.0281 1624  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:22:29.0296 1624  NdisWan - ok
23:22:29.0328 1624  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
23:22:29.0328 1624  NDProxy - ok
23:22:29.0359 1624  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
23:22:29.0359 1624  NetBIOS - ok
23:22:29.0375 1624  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
23:22:29.0390 1624  NetBT - ok
23:22:29.0437 1624  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
23:22:29.0453 1624  NetDDE - ok
23:22:29.0468 1624  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
23:22:29.0468 1624  NetDDEdsdm - ok
23:22:29.0500 1624  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
23:22:29.0500 1624  Netlogon - ok
23:22:29.0515 1624  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
23:22:29.0531 1624  Netman - ok
23:22:29.0578 1624  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:22:29.0593 1624  NetTcpPortSharing - ok
23:22:29.0656 1624  [ 3E3CA7EB1431370A752F09641E275E1B ] NetworkX        C:\WINDOWS\system32\ckldrv.sys
23:22:29.0656 1624  NetworkX - ok
23:22:29.0687 1624  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
23:22:29.0687 1624  Nla - ok
23:22:29.0765 1624  [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess       C:\Program Files\CDBurnerXP\NMSAccessU.exe
23:22:29.0765 1624  NMSAccess - ok
23:22:29.0781 1624  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
23:22:29.0781 1624  Npfs - ok
23:22:29.0843 1624  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
23:22:29.0859 1624  Ntfs - ok
23:22:29.0875 1624  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
23:22:29.0875 1624  NtLmSsp - ok
23:22:29.0937 1624  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
23:22:29.0953 1624  NtmsSvc - ok
23:22:30.0015 1624  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
23:22:30.0015 1624  Null - ok
23:22:30.0062 1624  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:22:30.0062 1624  NwlnkFlt - ok
23:22:30.0078 1624  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:22:30.0078 1624  NwlnkFwd - ok
23:22:30.0140 1624  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:22:30.0156 1624  ose - ok
23:22:30.0406 1624  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:22:30.0421 1624  osppsvc - ok
23:22:30.0468 1624  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
23:22:30.0484 1624  Parport - ok
23:22:30.0531 1624  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
23:22:30.0531 1624  PartMgr - ok
23:22:30.0578 1624  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
23:22:30.0578 1624  ParVdm - ok
23:22:30.0593 1624  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
23:22:30.0593 1624  PCI - ok
23:22:30.0609 1624  PCIDump - ok
23:22:30.0625 1624  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
23:22:30.0640 1624  PCIIde - ok
23:22:30.0656 1624  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
23:22:30.0656 1624  Pcmcia - ok
23:22:30.0671 1624  PDCOMP - ok
23:22:30.0687 1624  PDFRAME - ok
23:22:30.0687 1624  PDRELI - ok
23:22:30.0703 1624  PDRFRAME - ok
23:22:30.0703 1624  perc2 - ok
23:22:30.0718 1624  perc2hib - ok
23:22:30.0765 1624  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
23:22:30.0765 1624  PlugPlay - ok
23:22:30.0765 1624  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
23:22:30.0765 1624  PolicyAgent - ok
23:22:30.0796 1624  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:22:30.0812 1624  PptpMiniport - ok
23:22:30.0812 1624  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:22:30.0812 1624  ProtectedStorage - ok
23:22:30.0828 1624  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
23:22:30.0843 1624  PSched - ok
23:22:30.0890 1624  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\WINDOWS\system32\DRIVERS\psi_mf.sys
23:22:30.0890 1624  PSI - ok
23:22:30.0937 1624  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:22:30.0953 1624  Ptilink - ok
23:22:30.0953 1624  ql1080 - ok
23:22:30.0968 1624  Ql10wnt - ok
23:22:30.0984 1624  ql12160 - ok
23:22:30.0984 1624  ql1240 - ok
23:22:31.0000 1624  ql1280 - ok
23:22:31.0000 1624  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:22:31.0015 1624  RasAcd - ok
23:22:31.0046 1624  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
23:22:31.0046 1624  RasAuto - ok
23:22:31.0062 1624  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:22:31.0078 1624  Rasl2tp - ok
23:22:31.0140 1624  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
23:22:31.0140 1624  RasMan - ok
23:22:31.0156 1624  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:22:31.0171 1624  RasPppoe - ok
23:22:31.0171 1624  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
23:22:31.0187 1624  Raspti - ok
23:22:31.0218 1624  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:22:31.0218 1624  Rdbss - ok
23:22:31.0218 1624  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:22:31.0234 1624  RDPCDD - ok
23:22:31.0265 1624  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:22:31.0281 1624  rdpdr - ok
23:22:31.0343 1624  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
23:22:31.0343 1624  RDPWD - ok
23:22:31.0406 1624  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
23:22:31.0421 1624  RDSessMgr - ok
23:22:31.0453 1624  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
23:22:31.0453 1624  redbook - ok
23:22:31.0500 1624  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
23:22:31.0515 1624  RemoteAccess - ok
23:22:31.0546 1624  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
23:22:31.0562 1624  RemoteRegistry - ok
23:22:31.0578 1624  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
23:22:31.0593 1624  RpcLocator - ok
23:22:31.0625 1624  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
23:22:31.0625 1624  RpcSs - ok
23:22:31.0671 1624  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
23:22:31.0687 1624  RSVP - ok
23:22:31.0703 1624  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
23:22:31.0703 1624  SamSs - ok
23:22:31.0718 1624  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:22:31.0734 1624  SASDIFSV - ok
23:22:31.0765 1624  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:22:31.0781 1624  SASKUTIL - ok
23:22:31.0812 1624  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
23:22:31.0812 1624  SCardSvr - ok
23:22:31.0843 1624  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
23:22:31.0875 1624  Schedule - ok
23:22:31.0906 1624  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:22:31.0906 1624  Secdrv - ok
23:22:31.0937 1624  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
23:22:31.0953 1624  seclogon - ok
23:22:32.0031 1624  [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
23:22:32.0031 1624  Secunia PSI Agent - ok
23:22:32.0062 1624  [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
23:22:32.0062 1624  Secunia Update Agent - ok
23:22:32.0140 1624  [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt         C:\WINDOWS\system32\drivers\senfilt.sys
23:22:32.0156 1624  senfilt - ok
23:22:32.0218 1624  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
23:22:32.0218 1624  SENS - ok
23:22:32.0234 1624  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
23:22:32.0234 1624  serenum - ok
23:22:32.0250 1624  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
23:22:32.0265 1624  Serial - ok
23:22:32.0359 1624  [ 4C0D673281178CB496011A2E28571FC8 ] sfdrv01         C:\WINDOWS\system32\drivers\sfdrv01.sys
23:22:32.0359 1624  sfdrv01 - ok
23:22:32.0359 1624  [ 15BE2B5E4DC5B8623CF167720682ABC9 ] sfhlp02         C:\WINDOWS\system32\drivers\sfhlp02.sys
23:22:32.0359 1624  sfhlp02 - ok
23:22:32.0390 1624  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
23:22:32.0390 1624  Sfloppy - ok
23:22:32.0421 1624  [ EFEBBC1D13FDB77A6AF4EDDFC7232EDF ] sfsync02        C:\WINDOWS\system32\drivers\sfsync02.sys
23:22:32.0421 1624  sfsync02 - ok
23:22:32.0468 1624  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
23:22:32.0468 1624  SharedAccess - ok
23:22:32.0484 1624  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:22:32.0484 1624  ShellHWDetection - ok
23:22:32.0500 1624  Simbad - ok
23:22:32.0562 1624  [ 0066FF77AEB4AE70066F7E94D5A6D866 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
23:22:32.0578 1624  smwdm - ok
23:22:32.0593 1624  [ E78C98378A071CE4D48A7C514FA98FA1 ] snapman         C:\WINDOWS\system32\DRIVERS\snapman.sys
23:22:32.0609 1624  snapman - ok
23:22:32.0609 1624  Sparrow - ok
23:22:32.0640 1624  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
23:22:32.0640 1624  splitter - ok
23:22:32.0703 1624  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
23:22:32.0703 1624  Spooler - ok
23:22:32.0765 1624  [ 7F1B7C4D446CD3F926AF45B8C48BD593 ] sptd            C:\WINDOWS\system32\Drivers\sptd.sys
23:22:32.0765 1624  Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7F1B7C4D446CD3F926AF45B8C48BD593
23:22:32.0781 1624  sptd ( LockedFile.Multi.Generic ) - warning
23:22:32.0781 1624  sptd - detected LockedFile.Multi.Generic (1)
23:22:32.0781 1624  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
23:22:32.0781 1624  sr - ok
23:22:32.0843 1624  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
23:22:32.0859 1624  srservice - ok
23:22:32.0921 1624  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
23:22:32.0921 1624  Srv - ok
23:22:32.0937 1624  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
23:22:32.0953 1624  SSDPSRV - ok
23:22:33.0000 1624  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:22:33.0015 1624  ssmdrv - ok
23:22:33.0046 1624  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
23:22:33.0062 1624  stisvc - ok
23:22:33.0109 1624  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
23:22:33.0125 1624  swenum - ok
23:22:33.0140 1624  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
23:22:33.0140 1624  swmidi - ok
23:22:33.0156 1624  SwPrv - ok
23:22:33.0171 1624  symc810 - ok
23:22:33.0171 1624  symc8xx - ok
23:22:33.0187 1624  sym_hi - ok
23:22:33.0187 1624  sym_u3 - ok
23:22:33.0203 1624  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
23:22:33.0218 1624  sysaudio - ok
23:22:33.0250 1624  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
23:22:33.0250 1624  SysmonLog - ok
23:22:33.0312 1624  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
23:22:33.0328 1624  TapiSrv - ok
23:22:33.0390 1624  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:22:33.0390 1624  Tcpip - ok
23:22:33.0421 1624  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
23:22:33.0437 1624  TDPIPE - ok
23:22:33.0453 1624  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
23:22:33.0468 1624  TDTCP - ok
23:22:33.0484 1624  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
23:22:33.0484 1624  TermDD - ok
23:22:33.0515 1624  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
23:22:33.0546 1624  TermService - ok
23:22:33.0578 1624  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
23:22:33.0578 1624  Themes - ok
23:22:33.0625 1624  [ B84B82C0CBEB1B0D7EB7A946BADE5830 ] tifsfilter      C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
23:22:33.0640 1624  tifsfilter - ok
23:22:33.0640 1624  [ 74711884439BDF9CCF446C79CB05FAC0 ] timounter       C:\WINDOWS\system32\DRIVERS\timntr.sys
23:22:33.0656 1624  timounter - ok
23:22:33.0703 1624  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
23:22:33.0718 1624  TlntSvr - ok
23:22:33.0734 1624  TosIde - ok
23:22:33.0750 1624  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
23:22:33.0765 1624  TrkWks - ok
23:22:33.0828 1624  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
23:22:33.0828 1624  Udfs - ok
23:22:33.0843 1624  ultra - ok
23:22:33.0890 1624  [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
23:22:33.0890 1624  UMWdf - ok
23:22:33.0984 1624  [ 586DD78A81BA2DB209C94DA23F3B1691 ] Uniblue DiskRescue C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
23:22:33.0984 1624  Uniblue DiskRescue - ok
23:22:34.0046 1624  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
23:22:34.0062 1624  Update - ok
23:22:34.0109 1624  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
23:22:34.0125 1624  upnphost - ok
23:22:34.0156 1624  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
23:22:34.0156 1624  UPS - ok
23:22:34.0218 1624  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
23:22:34.0218 1624  usbaudio - ok
23:22:34.0234 1624  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:22:34.0250 1624  usbccgp - ok
23:22:34.0250 1624  USBDFU - ok
23:22:34.0296 1624  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:22:34.0312 1624  usbehci - ok
23:22:34.0359 1624  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:22:34.0375 1624  usbhub - ok
23:22:34.0421 1624  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:22:34.0421 1624  usbprint - ok
23:22:34.0453 1624  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:22:34.0453 1624  usbscan - ok
23:22:34.0515 1624  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:22:34.0515 1624  USBSTOR - ok
23:22:34.0546 1624  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:22:34.0546 1624  usbuhci - ok
23:22:34.0562 1624  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
23:22:34.0562 1624  VgaSave - ok
23:22:34.0578 1624  ViaIde - ok
23:22:34.0625 1624  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
23:22:34.0625 1624  VolSnap - ok
23:22:34.0671 1624  [ 5C826F02FF76F07B332C764BB9644F27 ] Vsdatant        C:\WINDOWS\system32\vsdatant.sys
23:22:34.0687 1624  Vsdatant - ok
23:22:34.0734 1624  vsmon - ok
23:22:34.0796 1624  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
23:22:34.0812 1624  VSS - ok
23:22:34.0828 1624  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
23:22:34.0843 1624  W32Time - ok
23:22:34.0906 1624  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:22:34.0906 1624  Wanarp - ok
23:22:34.0921 1624  WDICA - ok
23:22:34.0968 1624  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
23:22:34.0984 1624  wdmaud - ok
23:22:35.0031 1624  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
23:22:35.0031 1624  WebClient - ok
23:22:35.0140 1624  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
23:22:35.0156 1624  winmgmt - ok
23:22:35.0218 1624  [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
23:22:35.0218 1624  WmdmPmSN - ok
23:22:35.0296 1624  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
23:22:35.0296 1624  Wmi - ok
23:22:35.0343 1624  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:22:35.0359 1624  WmiApSrv - ok
23:22:35.0421 1624  [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
23:22:35.0421 1624  WpdUsb - ok
23:22:35.0515 1624  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:22:35.0546 1624  WPFFontCache_v0400 - ok
23:22:35.0593 1624  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:22:35.0609 1624  WS2IFSL - ok
23:22:35.0656 1624  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
23:22:35.0671 1624  wscsvc - ok
23:22:35.0687 1624  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
23:22:35.0687 1624  wuauserv - ok
23:22:35.0765 1624  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
23:22:35.0781 1624  WZCSVC - ok
23:22:35.0796 1624  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
23:22:35.0812 1624  xmlprov - ok
23:22:35.0828 1624  ================ Scan global ===============================
23:22:35.0843 1624  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
23:22:35.0906 1624  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:22:35.0921 1624  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
23:22:35.0953 1624  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
23:22:35.0968 1624  [Global] - ok
23:22:35.0968 1624  ================ Scan MBR ==================================
23:22:35.0984 1624  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
23:22:36.0140 1624  \Device\Harddisk0\DR0 - ok
23:22:36.0156 1624  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
23:22:36.0156 1624  \Device\Harddisk1\DR1 - ok
23:22:36.0156 1624  ================ Scan VBR ==================================
23:22:36.0171 1624  [ 2ED8B7A331C9945F55B7343BFB061119 ] \Device\Harddisk0\DR0\Partition1
23:22:36.0171 1624  \Device\Harddisk0\DR0\Partition1 - ok
23:22:36.0171 1624  [ F8709F8D065F0246EF1E1CCE7751FDFA ] \Device\Harddisk1\DR1\Partition1
23:22:36.0171 1624  \Device\Harddisk1\DR1\Partition1 - ok
23:22:36.0171 1624  ============================================================
23:22:36.0171 1624  Scan finished
23:22:36.0171 1624  ============================================================
23:22:36.0187 3696  Detected object count: 1
23:22:36.0187 3696  Actual detected object count: 1
23:22:44.0703 3696  sptd ( LockedFile.Multi.Generic ) - skipped by user
23:22:44.0703 3696  sptd ( LockedFile.Multi.Generic ) - User select action: Skip


 

AdwCleaner


 

# AdwCleaner v2.111 - Logfile created 02/09/2013 at 23:25:51
# Updated 05/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : USER - USER-8DFA3AB479
# Boot Mode : Normal
# Running from : C:\Documents and Settings\USER\My Documents\Dad's Stuff\Programs\Internet\Computer fixes\AdwCleaner\adwcleaner.exe
# Option [Search]


 


***** [Services] *****


 


***** [Files / Folders] *****


 

File Found : C:\DOCUME~1\USER\LOCALS~1\Temp\Uninstall.exe
File Found : C:\user.js
File Found : C:\WINDOWS\system32\conduitEngine.tmp
Folder Found : C:\Documents and Settings\USER\Local Settings\Application Data\Conduit
Folder Found : C:\Program Files\Conduit


 

***** [Registry] *****


 

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKU\S-1-5-21-823518204-839522115-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}


 

***** [Internet Browsers] *****


 

-\\ Internet Explorer v8.0.6001.18702


 

[OK] Registry is clean.


 

*************************


 

AdwCleaner[R1].txt - [3978 octets] - [09/02/2013 23:25:51]


 

########## EOF - C:\AdwCleaner[R1].txt - [4038 octets] ##########


 

I will send the other files separately.


 

David


 



#5 espoo_hopper

espoo_hopper
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 09 February 2013 - 07:18 PM

Hi Gary


 

Second batch. Apologies, but I didn't read carefully enough and didn't do the scans in exact order. Hope this is alright. Also apologies for the delay in this post. I will be logging off fairly soon as it is passed midnight here, but will log on and check for a reply in the morning.


 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by USER at 23:36:34 on 2013-02-09
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2515 [GMT 0:00]
.
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HostsMan\hm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://talktalk.co.uk/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - c:\program files\check point software technologies ltd\zonealarm\1.8.3.16\bh\zonealarm.dll
BHO: ZoneAlarm Do Not Track: {6E45F3E8-2683-4824-A6BE-08108022FB36} - c:\program files\donottrackplus\ie\DNTPAddon.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - c:\program files\check point software technologies ltd\zonealarm\1.8.3.16\zonealarmTlbr.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [HostsMan] "c:\program files\hostsman\hm.exe" -s
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ISW] <no file>
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1354911318018
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345054647781
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages =  msv1_0 relog_ap
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-8-24 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2013-1-2 528000]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-8-24 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-8-24 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-8-24 83392]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\cobian backup 11\cbVSCService11.exe [2012-11-10 67584]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497320]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R2 Uniblue DiskRescue;Uniblue DiskRescue;c:\program files\uniblue\diskrescue\UBDiskRescueSrv.exe [2008-9-10 229648]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 USBDFU;USBDFU;c:\windows\system32\drivers\usbdfu.sys --> c:\windows\system32\drivers\usbdfu.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-02-05 14:56:56 -------- d-----w- c:\documents and settings\user\Downloads
2013-02-04 22:11:16 -------- d-----w- c:\documents and settings\user\application data\DAEMON Tools Lite
2013-02-04 22:08:11 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
2013-02-03 20:24:50 -------- d-----w- c:\documents and settings\user\local settings\application data\DoNotTrackPlus
2013-02-03 20:19:34 -------- d-----w- c:\program files\DoNotTrackPlus
2013-02-03 17:52:07 -------- d-----w- c:\windows\system32\URTTEMP
2013-02-03 17:14:13 -------- d-----w- c:\documents and settings\user\local settings\application data\Secunia PSI
2013-02-03 17:13:57 -------- d-----w- c:\program files\Secunia
2013-02-03 14:48:59 -------- d-----w- C:\TDSSKiller_Quarantine
2013-02-01 19:58:18 -------- d-----w- c:\documents and settings\user\local settings\application data\Help
2013-02-01 19:48:30 -------- d-----w- C:\Sega
.
==================== Find3M  ====================
.
2013-02-09 19:12:55 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-09 19:12:55 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 16:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2004-10-01 14:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
============= FINISH: 23:37:12.07 ===============


 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Microsoft Windows XP x86
Ran by USER on 09/02/2013 at 23:39:48.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 

 


 


~~~ Services


 

 


 

~~~ Registry Values


 

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL


 

 


 

~~~ Registry Keys


 

Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2645238
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}


 

 


 

~~~ Files


 

Successfully deleted: [File] "C:\WINDOWS\system32\conduitengine.tmp"


 

 


 

~~~ Folders


 

Successfully deleted: [Folder] "C:\Documents and Settings\USER\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduit"


 

 


 

 


 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/02/2013 at 23:53:43.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 

David



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,781 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:57 PM

Posted 09 February 2013 - 07:30 PM

Hi David,

No problem. Let me have you to this before you sign off.

Please excuse any formatting errors. We are doing a system upgrade.


===================================================


AdwCleaner by Xplode - Delete Adware

-------------------
  • Close all open programs and internet browser
  • Double click on adwcleaner.exe
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
  • ===================================================


    Things I would like to see in your next reply. Please be sure to copy and paste
the information rather than send an attachment. icon_thumb.gif
  • AdwCleaner log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 espoo_hopper

espoo_hopper
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 10 February 2013 - 07:06 AM

Hi Gary

 

Sorry again for the delay, but I signed off straight away last night. Here is the log you requested.

 

# AdwCleaner v2.111 - Logfile created 02/10/2013 at 11:47:19
# Updated 05/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : USER - USER-8DFA3AB479
# Boot Mode : Normal
# Running from : C:\Documents and Settings\USER\My Documents\Dad's


 

Stuff\Programs\Internet\Computer fixes\AdwCleaner\adwcleaner.exe
# Option [Delete]


 


***** [Services] *****


 


***** [Files / Folders] *****


 

File Deleted : C:\DOCUME~1\USER\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\user.js


 

***** [Registry] *****


 

Key Deleted :


 

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A


 

4AA}
Key Deleted :


 

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA


 

}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App


 

Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine


 

***** [Internet Browsers] *****


 

-\\ Internet Explorer v8.0.6001.18702


 

[OK] Registry is clean.


 

*************************


 

AdwCleaner[R1].txt - [4107 octets] - [09/02/2013 23:25:51]
AdwCleaner[S1].txt - [3025 octets] - [10/02/2013 11:47:19]


 

########## EOF - C:\AdwCleaner[S1].txt - [3085 octets] ##########

 

David



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,781 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:57 PM

Posted 10 February 2013 - 03:18 PM

Hi David,

Please run this for me.

(Please forgive any scripting format irregularities you might find as we upgrade our system to better serve you.)


===================================================


ComboFix

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.

Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe
  • and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
  • Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue
If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
  • ===================================================


    Things I would like to see in your next reply. icon_thumb.gif
    • Combofix log
    • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 espoo_hopper

espoo_hopper
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 10 February 2013 - 04:37 PM

Hi Gary


 

Log as requested. In answer to your question the computer is running very well. All regular virus/malware reports were negative (Avira, MBAM, SUPERAntispyware), but decided to run aswMBR for the first time, which came up with the queries in my original post.


 

ComboFix 13-02-07.02 - USER 10/02/2013  21:13:09.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2531 [GMT 0:00]
Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-10 to 2013-02-10  )))))))))))))))))))))))))))))))
.
.
2013-02-09 23:39 . 2013-02-09 23:39 -------- d-----w- c:\windows\ERUNT
2013-02-09 23:39 . 2013-02-09 23:39 -------- d-----w- C:\JRT
2013-02-05 14:56 . 2013-02-05 14:56 -------- d-----w- c:\documents and settings\USER\Downloads
2013-02-04 22:11 . 2013-02-04 22:19 -------- d-----w- c:\documents and settings\USER\Application Data\DAEMON Tools Lite
2013-02-04 22:08 . 2013-02-04 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2013-02-03 20:24 . 2013-02-10 18:10 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\DoNotTrackPlus
2013-02-03 20:19 . 2013-02-03 20:19 -------- d-----w- c:\program files\DoNotTrackPlus
2013-02-03 17:14 . 2013-02-03 17:14 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\Secunia PSI
2013-02-03 17:13 . 2013-02-03 17:13 -------- d-----w- c:\program files\Secunia
2013-02-03 14:48 . 2013-02-03 22:45 -------- d-----w- C:\TDSSKiller_Quarantine
2013-02-01 19:58 . 2013-02-01 19:58 -------- d-----w- c:\documents and settings\USER\Local Settings\Application Data\Help
2013-02-01 19:48 . 2013-02-01 19:48 -------- d-----w- C:\Sega
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 20:36 . 2012-04-20 17:16 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-10 20:36 . 2011-10-06 19:38 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2004-08-04 10:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 16:49 . 2011-10-16 19:08 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25 . 2004-08-04 10:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2004-10-01 14:00 . 2010-05-08 20:32 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostsMan"="c:\program files\HostsMan\hm.exe" [2010-02-06 3043840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-02 73984]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-24 348664]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 738984]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-10-6 113664]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-03-02 12:03 149024 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-03-02 12:12 1945904 ----a-w- c:\program files\Acronis\TrueImage\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 18:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-23 19:17 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-23 19:17 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2012-01-20 20:03 719672 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 09:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 13:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-25 14:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-09 19:39 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-03-02 11:58 1165288 ----a-w- c:\program files\Acronis\TrueImage\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/11/2012 16:09 716272]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24/08/2012 17:21 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/07/2012 18:54 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24/08/2012 17:21 86224]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe [10/11/2012 23:15 67584]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [03/11/2011 14:44 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [03/11/2011 14:44 497320]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [14/10/2011 06:01 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [14/10/2011 06:01 399416]
R2 Uniblue DiskRescue;Uniblue DiskRescue;c:\program files\Uniblue\DiskRescue\UBDiskRescueSrv.exe [10/09/2008 15:22 229648]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 08:30 15544]
S3 USBDFU;USBDFU;c:\windows\system32\drivers\usbdfu.sys --> c:\windows\system32\drivers\usbdfu.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 20:36]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-23 20:21]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-23 20:21]
.
2011-10-06 c:\windows\Tasks\Uniblue DiskRescue 2009.job
- c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://talktalk.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
AddRemove-Sonic 3D - c:\sega\Sonic3D\directx\setup
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-10 21:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(848)
c:\windows\system32\relog_ap.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2013-02-10  21:23:33
ComboFix-quarantined-files.txt  2013-02-10 21:23
.
Pre-Run: 37,386,276,864 bytes free
Post-Run: 37,580,886,016 bytes free
.
- - End Of File - - 0DBE7CFA35B189B31FE37772CD094B08


 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,781 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:57 PM

Posted 10 February 2013 - 06:27 PM

Hi David,

Let's run a couple scans to look for any leftover entries which need to be deleted. I will also ask you to run a program to look for any needed updates.

Please do this.

===================================================

Rerun Malwarebytes (MBAM)

--------------------

Temporarily disable your antivirus program.
  • Please locate your Malwarebytes icon 1208__malwarebytes.png and launch the program
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

esetsmartinstaller_enu.png

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click screen317sSecurityCheck.jpg icon
  • Click OK
  • Select Run
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. icon_thumb.gif
  • Malwarebytes results
  • ESET results (no log if nothing found)
  • Security Check log
  • How is your computer running now?

Edited by Oh My, 10 February 2013 - 06:30 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 espoo_hopper

espoo_hopper
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 10 February 2013 - 06:58 PM

Hi Gary

 

I have completed the first log, but as it is approaching midnight I will complete ESET (as it will take so long) and Security Check first thing in the morning, if that is alright with you. Again, the computer is absolutely fine. I had no idea there was any problem until the aswMBR log alerted me to possible unwanted content.

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org


 

Database version: v2013.02.10.09


 

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
USER :: USER-8DFA3AB479 [administrator]


 

10/02/2013 23:41:10
mbam-log-2013-02-10 (23-41-10).txt


 

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203399
Time elapsed: 3 minute(s), 1 second(s)


 

Memory Processes Detected: 0
(No malicious items detected)


 

Memory Modules Detected: 0
(No malicious items detected)


 

Registry Keys Detected: 0
(No malicious items detected)


 

Registry Values Detected: 0
(No malicious items detected)


 

Registry Data Items Detected: 0
(No malicious items detected)


 

Folders Detected: 0
(No malicious items detected)


 

Files Detected: 0
(No malicious items detected)


 

(end)



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,781 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:57 PM

Posted 10 February 2013 - 07:06 PM

No problem. See you tomorrow.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 espoo_hopper

espoo_hopper
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 11 February 2013 - 11:10 AM

Hi Gary


 

Here are the two logs as promised.


 

When I switched on this morning the computer was running very slowly (as occassionally happens) and userinit.exe asked for permission to access internet. I pressed restart and everything started as normal (no repeat request). However, when I tried to print off your last instructions the printer no longer printed (print error), although it was fine yesterday and no cables have been touched. Could something have been removed by one of the programs that might have caused this? Other than this all is running well, as before.


 

C:\Documents and Settings\USER\My Documents\Dad's Stuff\Programs\cbsidlm-tr1_5-HostsMan-10409169.exe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\USER\My Documents\Dad's Stuff\Programs\Daemon Tools Lite\DTLite4461-0328.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\USER\My Documents\Dad's Stuff\Programs\Internet\Avira Antivirus\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\Documents and Settings\USER\My Documents\Dad's Stuff\Programs\System\AusLogicsDuplicateFileFinder\duplicate-file-finder-setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Documents and Settings\USER\My Documents\Dad's Stuff\Programs\System\SIW\siw-setup.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Program Files\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined
E:\My Documents recovered\Dads Stuff\Programs\Music\mp3doctor\mp3doctor.zip probably unknown NewHeur_PE virus deleted - quarantined
E:\My Documents recovered\Dads Stuff\Programs\System\qregdefrag_setup.exe a variant of Win32/Bundled.Toolbar.Ask.A application cleaned by deleting - quarantined
E:\My Documents recovered\Dads Stuff\Programs\System\Advanced SystemCare Free 3.7.2\asc-setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
E:\My Documents28.8.12\Dad's Stuff\Programs\Internet\Avira Antivirus\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
E:\My Documents28.8.12\Dad's Stuff\Programs\System\SIW\siw-setup.exe Win32/OpenCandy application cleaned by deleting - quarantined


 


 Results of screen317's Security Check version 0.99.57 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
A
v
i
r
a
ECHO is off.
D
e
s
k
t
o
p
ECHO is off.
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware    
 Secunia PSI (2.0.0.4003)  
 HostsMan 3.2.73   
 Malwarebytes Anti-Malware version 1.70.0.1100 
 CCleaner    
 Adobe Reader 10.1.5 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 CheckPoint ZoneAlarm vsmon.exe 
 CheckPoint ZoneAlarm zatray.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````


 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,781 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:57 PM

Posted 11 February 2013 - 11:27 AM

Greetings David,

Unless you get the userinit pop up again we won't worry about it. Sometimes there is an odd behavior after running ESET but it doesn't indicate an issue.

Regarding your printer, please do this.


===================================================


Stopping/Starting a Service Windows XP

--------------------

  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type services.msc and hit Enter.
  • Left click on Print Spooler
  • On the left hand side click Stop the service
  • Once the service has been stopped click Restart the service
  • Close the window
  • Reboot your computer and check the computer performance

 

===================================================


Things I would like to see in your next reply. icon_thumb.gif

  • Does your printer work properly?
  • Any other issues with your computer?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 espoo_hopper

espoo_hopper
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 11 February 2013 - 12:27 PM

Hi Gary

 

Tried your fix and rebooted, but still no luck with the printer. Stubbornly refuses to communicate with the computer.

 

However, everything else seems fine. Am I clear now?

 

Also can I check on the following with you please? -

 

Can the log files from the various programs be safely deleted?

Can the JRT folder in C:/ be deleted?

What is the Qoobox folder in C:/? Contains BackEnv and Quarantine folders. Does it need to stay?

 

Lastly, can you (in the simplest possible words for a computer illiterate) tell me what I had managed to get by way of infection?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users