Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected to fwdservice.com site when click mail folders


  • Please log in to reply
29 replies to this topic

#1 Stolen

Stolen

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:00 AM

Posted 13 July 2013 - 10:58 AM

I am being redirected to a site called fwdservice.com from my yahoo mail folders or when I click on anything in my mail folders. 

 

I screwed up when trying to download and reinstall gimp on this laptop.

 

Here is what happened:

I did not ensure I was actually on gimp site.

 

Clicked a download link from the following site and installed some crap from here:

 

http:/ /www. Mydownload manager. com/lp/dm1/?cid=3683

 

And also from here:

http:/ /gimp.soft32. com/ free-download/?lp=adwords&gclid=CLnNh864l7gCFWlo7AodVTwAlg

 

I then realized and tried to stop things and I uninstalled what I could, but it was too late. 

 

I did a system restore, but did not fix the problem.

 

I did get Gimp successfully installed…LOL *this is not relevant I know -

 

The problem only seems to be in my yahoo mail account, when I click a folder (sent or drafts), and it takes me to this weird site called fwdservice.com and this is major sucking.

 

Here is an image when I click on the Sent folder or an email in Sent items and what happens...note at the bottom it shows the yahoo folder destination: 

 

http://img51.imageshack.us/img51/9942/shr4.jpg

 

I have also run Spybot, did not fix. I have downloaded ComboFix today from your site but not run it yet cuz will have to close everything.

 

This is a work laptop, I have Administrator rights on the laptop.  The laptop has a new HD and Windows XP Pro recently reinstalled, so it has very few bugs, (before the user went and did this…that would be me). 

 

Nothing else seems to be having issues. 

 

My Outlook and gmail accounts and all other programs are running smoothly.  

 

I am being redirected only while in my yahoo mail account.  My yahoo works on the iphone and personal laptop, and the problem started on the day I conducted the activities listed above, back on July 4 (I was possibly under the influence LOL)

 

Does anyone have information on what is going on, is this malware, and how do I fix. Any help or suggestions much appreciated.

 

Thank you. 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:00 AM

Posted 13 July 2013 - 06:52 PM

Hello stloen, ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer.
Lets do these first.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Stolen

Stolen
  • Topic Starter

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:00 AM

Posted 13 July 2013 - 07:05 PM

TYSM. going to try all this right now, i'll let you know.  Really appreciate all your help.  Really. :)

 

my IT techs are not going to be hugely thrilled if they have to reformat for me after just replacing the HD, you know how it goes....sigh

 

fingers crossed 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:00 AM

Posted 13 July 2013 - 07:34 PM

I gabeesh :) and will look back.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Stolen

Stolen
  • Topic Starter

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:00 AM

Posted 13 July 2013 - 08:54 PM

Hi. I am done with the above 4 steps.  Here are the reports/results: 

 

1)

MiniToolBox by Farbar  Version: 13-07-2013

Ran by K35496 (administrator) on 13-07-2013 at 19:18:02
Running from "C:\Documents and Settings\k35496\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Cisco AnyConnect VPN Virtual Miniport Adapter for Windows = Cisco AnyConnect VPN Client Connection (Disconnected)
DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Intel® 82577LM Gigabit Network Connection = Local Area Connection (Media disconnected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
# Interface IP Configuration for "Wireless Network Connection"
 
set address name="Wireless Network Connection" source=dhcp 
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : USL2LX2RM1
 
        Primary Dns Suffix  . . . . . . . : kci.com
 
        Node Type . . . . . . . . . . . . : Hybrid
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
        DNS Suffix Search List. . . . . . : kci.com
 
                                            gateway.2wire.net
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Media State . . . . . . . . . . . : Media disconnected
 
        Description . . . . . . . . . . . : Intel® 82577LM Gigabit Network Connection
 
        Physical Address. . . . . . . . . : 00-26-B9-E7-05-DD
 
 
 
Ethernet adapter Wireless Network Connection:
 
 
 
        Connection-specific DNS Suffix  . : gateway.2wire.net
 
        Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
 
        Physical Address. . . . . . . . . : 70-F1-A1-8A-10-4D
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.1.69
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.1.254
 
        DHCP Server . . . . . . . . . . . : 192.168.1.254
 
        DNS Servers . . . . . . . . . . . : 192.168.1.254
 
        Lease Obtained. . . . . . . . . . : Saturday, July 13, 2013 9:26:15 AM
 
        Lease Expires . . . . . . . . . . : Sunday, July 14, 2013 9:26:15 AM
 
Server:  homeportal
Address:  192.168.1.254
 
Name:    google.com.kci.com
Address:  208.91.197.27
 
 
 
Pinging google.com [74.125.227.6] with 32 bytes of data:
 
 
 
Reply from 74.125.227.6: bytes=32 time=33ms TTL=52
 
Reply from 74.125.227.6: bytes=32 time=32ms TTL=52
 
 
 
Ping statistics for 74.125.227.6:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 32ms, Maximum = 33ms, Average = 32ms
 
Server:  homeportal
Address:  192.168.1.254
 
Name:    yahoo.com.kci.com
Address:  208.91.197.27
 
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
 
 
 
Reply from 206.190.36.45: bytes=32 time=117ms TTL=45
 
Reply from 206.190.36.45: bytes=32 time=107ms TTL=45
 
 
 
Ping statistics for 206.190.36.45:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 107ms, Maximum = 117ms, Average = 112ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...00 26 b9 e7 05 dd ...... Intel® 82577LM Gigabit Network Connection - Packet Scheduler Miniport
0x30002 ...70 f1 a1 8a 10 4d ...... DW1501 Wireless-N WLAN Half-Mini Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.69  25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      192.168.1.0    255.255.255.0     192.168.1.69    192.168.1.69  25
     192.168.1.69  255.255.255.255        127.0.0.1       127.0.0.1  25
    192.168.1.255  255.255.255.255     192.168.1.69    192.168.1.69  25
        224.0.0.0        240.0.0.0     192.168.1.69    192.168.1.69  25
  255.255.255.255  255.255.255.255     192.168.1.69    192.168.1.69  1
  255.255.255.255  255.255.255.255     192.168.1.69               3  1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Catalog9 02 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Catalog9 03 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Catalog9 04 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Catalog9 05 bmnet.dll [File not found] (Bytemobile, Inc.)
Catalog9 06 bmnet.dll [File not found] (Bytemobile, Inc.)
Catalog9 07 bmnet.dll [File not found] (Bytemobile, Inc.)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 13 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/13/2013 05:26:05 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.
 
Error: (07/13/2013 09:26:10 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.
 
Error: (07/12/2013 06:37:43 PM) (Source: Microsoft Office 12) (User: )
Description: Faulting application outlook.exe, version 12.0.6423.1000, stamp 49b08185, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0xa6e95d00.
 
Error: (07/12/2013 06:10:43 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.
 
Error: (07/12/2013 06:38:47 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.
 
Error: (07/12/2013 06:38:44 AM) (Source: Sophos Message Router) (User: NT AUTHORITY)
Description: DNS lookup failure trying to resolve the following addresses: amwpsoph01,amwpsoph01.kci.com.%%3
 
Error: (07/11/2013 07:42:43 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 
Error: (07/11/2013 07:42:43 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established
 
Error: (07/11/2013 07:42:39 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.
 
Error: (07/11/2013 07:41:01 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.
 
 
System errors:
=============
Error: (07/13/2013 05:11:23 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 479 minutes.
NtpClient has no source of accurate time.
 
Error: (07/13/2013 03:34:47 PM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain KCI due to the following: 
%%1311.
 
Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.
 
Error: (07/13/2013 01:11:23 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 239 minutes.
NtpClient has no source of accurate time.
 
Error: (07/13/2013 11:11:23 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 119 minutes.
NtpClient has no source of accurate time.
 
Error: (07/13/2013 10:11:23 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.
 
Error: (07/13/2013 09:41:23 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.
 
Error: (07/13/2013 09:26:18 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
 
Error: (07/13/2013 09:26:16 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.
 
Error: (07/13/2013 09:26:13 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain KCI due to the following: 
%%1311.
 
Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.
 
Error: (07/12/2013 09:55:53 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 239 minutes.
NtpClient has no source of accurate time.
 
 
Microsoft Office Sessions:
=========================
Error: (07/12/2013 06:37:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 640951 seconds with 44580 seconds of active time.  This session ended with a crash.
 
Error: (06/24/2013 10:28:38 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 523592 seconds with 17100 seconds of active time.  This session ended with a crash.
 
 
=========================== Installed Programs ============================
 
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe Acrobat  9 Standard - English, Français, Deutsch (Version: 9.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
AT&T Communication Manager (Version: 7.01.0030.0)
BioAPI Framework (Version: 1.0.1)
BizFlow Workitem Handler (Version: 10.1.6.12)
CCleaner (Version: 4.03)
Check Point Endpoint Security - Full Disk Encryption (Version: 7.4.5.1667)
Cisco AnyConnect VPN Client (Version: 2.4.1012)
Claim Form Fax (Version: 4.1.20.2)
Claim Form Fax (Version: 4.37.01)
Configuration Manager Client (Version: 4.00.6487.2000)
Dell 968 AIO Printer
Dell ControlPoint System Manager (Version: 1.4.00000)
Dell ControlVault Host Components Installer (Version: 1.7.450.290)
Dell Security Device Driver Pack (Version: 1.4.050)
Dell Touchpad (Version: 7.1208.101.125)
Dell V715w
FileNet IDM Viewer 4.0
Ghostscript Install (Version: 1.10.0001)
GIMP 2.8.6 (Version: 2.8.6)
Google Chrome (Version: 28.0.1500.72)
Google Update Helper (Version: 1.3.21.153)
HERO (Version: 5.14.0.0)
HP Color LaserJet 2600 series
Intel® Network Connections 14.8.43.0 (Version: 14.8.43.0)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
IT Helpdesk Tools (Version: 1.00.0000)
J2SE Runtime Environment 5.0 Update 11 (Version: 1.5.0.110)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
KCI Field PB9 (Version: 6.04.01)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6425.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0)
NVIDIA Display Control Panel (Version: 6.14.12.6883)
Oracle 10g InstantClient (Version: 10.1.0.4.3)
Oracle JInitiator 1.3.1.29
PowerDVD DX (Version: 8.3.6029)
RDC
Reader 2.0 (Version: 2.0.1.1038)
RealPlayer
Realtek High Definition Audio Driver (Version: 5.10.0.6201)
RemotelyAnywhere (Version: 8.0.747)
RightFax Product Suite (Version: 9.00.0000)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE 10.3 (Version: 10.3)
Roxio Creator DE 10.3 (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio Update Manager (Version: 6.0.0)
Skype™ 3.8 (Version: 3.8.144)
Sophos Anti-Virus (Version: 10.0.10)
Sophos AutoUpdate (Version: 2.7.4.317)
Sophos Remote Management System (Version: 3.4.1)
Spybot - Search & Destroy (Version: 1.6.2)
Symantec Enterprise Vault Outlook Add-In (Version: 8.0.5656)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951618-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0)
User Profile Hive Cleanup Service (Version: 1.6.36)
WebFldrs XP (Version: 9.50.7523)
WIDCOMM Bluetooth Software (Version: 5.6.0.3101)
WIMGAPI (Version: 1.0.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.95)
Windows Rights Management Client with Service Pack 2 (Version: 5.2.95)
Windows Search 4.0 (Version: 04.00.6001.503)
XML Paper Specification Shared Components Pack 1.0
 
========================= Memory info: ===================================
 
Percentage of memory in use: 54%
Total physical RAM: 3317.78 MB
Available physical RAM: 1518.02 MB
Total Pagefile: 5200.82 MB
Available Pagefile: 3151.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.23 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OSDisk) (Fixed) (Total:232.88 GB) (Free:165.32 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\USL2LX2RM1
 
ASPNET                   Guest                    HelpAssistant            
kci_admin                SophosSAUUSL2LX2RM10     SUPPORT_388945a0         
 
 
**** End of log ****
 

 

2)

19:23:37.0921 9476  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
19:23:38.0750 9476  ============================================================
19:23:38.0750 9476  Current date / time: 2013/07/13 19:23:38.0750
19:23:38.0750 9476  SystemInfo:
19:23:38.0750 9476  
19:23:38.0750 9476  OS Version: 5.1.2600 ServicePack: 3.0
19:23:38.0750 9476  Product type: Workstation
19:23:38.0750 9476  ComputerName: USL2LX2RM1
19:23:38.0750 9476  UserName: K35496
19:23:38.0750 9476  Windows directory: C:\WINDOWS
19:23:38.0750 9476  System windows directory: C:\WINDOWS
19:23:38.0750 9476  Processor architecture: Intel x86
19:23:38.0750 9476  Number of processors: 4
19:23:38.0750 9476  Page size: 0x1000
19:23:38.0750 9476  Boot type: Normal boot
19:23:38.0750 9476  ============================================================
19:23:40.0250 9476  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:23:40.0250 9476  ============================================================
19:23:40.0250 9476  \Device\Harddisk0\DR0:
19:23:40.0250 9476  MBR partitions:
19:23:40.0250 9476  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3EC1, BlocksNum 0x1D1C06C0
19:23:40.0250 9476  ============================================================
19:23:40.0265 9476  Initialize success
19:23:40.0265 9476  ============================================================
19:24:21.0718 3824  ============================================================
19:24:21.0718 3824  Scan started
19:24:21.0718 3824  Mode: Manual; TDLFS; 
19:24:21.0718 3824  ============================================================
19:24:21.0718 3824  ================ Scan system memory ========================
19:24:21.0843 3824  System memory - ok
19:24:21.0843 3824  ================ Scan services =============================
19:24:21.0859 3824  Abiosdsk - ok
19:24:21.0859 3824  abp480n5 - ok
19:24:21.0875 3824  Acceler - ok
19:24:21.0875 3824  ACPI - ok
19:24:21.0875 3824  ACPIEC - ok
19:24:21.0890 3824  adpu160m - ok
19:24:21.0890 3824  aec - ok
19:24:21.0906 3824  AESTAud - ok
19:24:21.0906 3824  AFD - ok
19:24:21.0921 3824  agp440 - ok
19:24:21.0921 3824  agpCPQ - ok
19:24:21.0921 3824  Aha154x - ok
19:24:21.0937 3824  aic78u2 - ok
19:24:21.0937 3824  aic78xx - ok
19:24:21.0953 3824  Alerter - ok
19:24:21.0953 3824  ALG - ok
19:24:21.0968 3824  AliIde - ok
19:24:21.0968 3824  alim1541 - ok
19:24:21.0968 3824  Ambfilt - ok
19:24:21.0984 3824  amdagp - ok
19:24:21.0984 3824  amsint - ok
19:24:22.0000 3824  ApfiltrService - ok
19:24:22.0000 3824  AppMgmt - ok
19:24:22.0000 3824  Arp1394 - ok
19:24:22.0015 3824  asc - ok
19:24:22.0015 3824  asc3350p - ok
19:24:22.0031 3824  asc3550 - ok
19:24:22.0031 3824  aspnet_state - ok
19:24:22.0046 3824  AsyncMac - ok
19:24:22.0046 3824  atapi - ok
19:24:22.0046 3824  Atdisk - ok
19:24:22.0046 3824  Atmarpc - ok
19:24:22.0046 3824  ATTRcAppSvc - ok
19:24:22.0046 3824  AudioSrv - ok
19:24:22.0046 3824  audstub - ok
19:24:22.0062 3824  b57w2k - ok
19:24:22.0062 3824  BCM43XX - ok
19:24:22.0062 3824  Beep - ok
19:24:22.0062 3824  BITS - ok
19:24:22.0062 3824  Browser - ok
19:24:22.0078 3824  BTKRNL - ok
19:24:22.0078 3824  btwdins - ok
19:24:22.0078 3824  BTWUSB - ok
19:24:22.0078 3824  buttonsvc32 - ok
19:24:22.0078 3824  cbidf - ok
19:24:22.0078 3824  cbidf2k - ok
19:24:22.0078 3824  CCDECODE - ok
19:24:22.0093 3824  CcmExec - ok
19:24:22.0093 3824  cd20xrnt - ok
19:24:22.0093 3824  Cdaudio - ok
19:24:22.0093 3824  Cdfs - ok
19:24:22.0093 3824  Cdrom - ok
19:24:22.0093 3824  Changer - ok
19:24:22.0109 3824  CiSvc - ok
19:24:22.0109 3824  ClipSrv - ok
19:24:22.0109 3824  clr_optimization_v2.0.50727_32 - ok
19:24:22.0109 3824  clr_optimization_v4.0.30319_32 - ok
19:24:22.0109 3824  CmBatt - ok
19:24:22.0109 3824  CmdIde - ok
19:24:22.0109 3824  Compbatt - ok
19:24:22.0109 3824  COMSysApp - ok
19:24:22.0125 3824  Cpqarray - ok
19:24:22.0125 3824  Credential Vault Host Control Service - ok
19:24:22.0125 3824  Credential Vault Host Storage - ok
19:24:22.0125 3824  CryptSvc - ok
19:24:22.0125 3824  cvusbdrv - ok
19:24:22.0125 3824  dac2w2k - ok
19:24:22.0140 3824  dac960nt - ok
19:24:22.0140 3824  DcomLaunch - ok
19:24:22.0140 3824  dcpsysmgrsvc - ok
19:24:22.0140 3824  Dhcp - ok
19:24:22.0140 3824  Disk - ok
19:24:22.0140 3824  dldoCATSCustConnectService - ok
19:24:22.0140 3824  dldo_device - ok
19:24:22.0171 3824  dleeCATSCustConnectService - ok
19:24:22.0171 3824  dlee_device - ok
19:24:22.0171 3824  dmadmin - ok
19:24:22.0171 3824  dmboot - ok
19:24:22.0171 3824  dmio - ok
19:24:22.0171 3824  dmload - ok
19:24:22.0171 3824  dmserver - ok
19:24:22.0187 3824  DMusic - ok
19:24:22.0187 3824  Dnscache - ok
19:24:22.0187 3824  Dot3svc - ok
19:24:22.0187 3824  dpti2o - ok
19:24:22.0187 3824  drmkaud - ok
19:24:22.0187 3824  DVMIO - ok
19:24:22.0187 3824  DvmMDES - ok
19:24:22.0203 3824  e1cexpress - ok
19:24:22.0203 3824  e1kexpress - ok
19:24:22.0203 3824  EapHost - ok
19:24:22.0203 3824  ERSvc - ok
19:24:22.0203 3824  Eventlog - ok
19:24:22.0203 3824  EventSystem - ok
19:24:22.0203 3824  Fastfat - ok
19:24:22.0218 3824  FastUserSwitchingCompatibility - ok
19:24:22.0218 3824  Fdc - ok
19:24:22.0218 3824  Fips - ok
19:24:22.0218 3824  FLEXnet Licensing Service - ok
19:24:22.0218 3824  Flpydisk - ok
19:24:22.0218 3824  FltMgr - ok
19:24:22.0218 3824  FontCache3.0.0.0 - ok
19:24:22.0234 3824  Fs_Rec - ok
19:24:22.0234 3824  Ftdisk - ok
19:24:22.0234 3824  Gpc - ok
19:24:22.0234 3824  gupdate - ok
19:24:22.0234 3824  gupdatem - ok
19:24:22.0234 3824  HDAudBus - ok
19:24:22.0234 3824  helpsvc - ok
19:24:22.0250 3824  HidServ - ok
19:24:22.0250 3824  hidusb - ok
19:24:22.0250 3824  hkmsvc - ok
19:24:22.0250 3824  hpn - ok
19:24:22.0250 3824  HTTP - ok
19:24:22.0250 3824  HTTPFilter - ok
19:24:22.0250 3824  i2omgmt - ok
19:24:22.0250 3824  i2omp - ok
19:24:22.0265 3824  i8042prt - ok
19:24:22.0281 3824  ialm - ok
19:24:22.0281 3824  iaStor - ok
19:24:22.0296 3824  IAStorDataMgrSvc - ok
19:24:22.0296 3824  IDriverT - ok
19:24:22.0296 3824  idsvc - ok
19:24:22.0296 3824  Imapi - ok
19:24:22.0296 3824  ImapiService - ok
19:24:22.0296 3824  Impcd - ok
19:24:22.0312 3824  ini910u - ok
19:24:22.0312 3824  IntcAzAudAddService - ok
19:24:22.0312 3824  IntelIde - ok
19:24:22.0312 3824  intelppm - ok
19:24:22.0312 3824  Ip6Fw - ok
19:24:22.0312 3824  IpFilterDriver - ok
19:24:22.0328 3824  IpInIp - ok
19:24:22.0328 3824  IpNat - ok
19:24:22.0328 3824  IPSec - ok
19:24:22.0328 3824  IRENUM - ok
19:24:22.0328 3824  isapnp - ok
19:24:22.0328 3824  JavaQuickStarterService - ok
19:24:22.0343 3824  Kbdclass - ok
19:24:22.0343 3824  kbdhid - ok
19:24:22.0343 3824  kmixer - ok
19:24:22.0343 3824  KSecDD - ok
19:24:22.0343 3824  LanmanServer - ok
19:24:22.0343 3824  lanmanworkstation - ok
19:24:22.0343 3824  lbrtfdc - ok
19:24:22.0359 3824  LmHosts - ok
19:24:22.0359 3824  MDM - ok
19:24:22.0359 3824  MEI - ok
19:24:22.0359 3824  Messenger - ok
19:24:22.0359 3824  mnmdd - ok
19:24:22.0359 3824  mnmsrvc - ok
19:24:22.0359 3824  Modem - ok
19:24:22.0375 3824  Monfilt - ok
19:24:22.0375 3824  Mouclass - ok
19:24:22.0375 3824  mouhid - ok
19:24:22.0375 3824  MountMgr - ok
19:24:22.0375 3824  mraid35x - ok
19:24:22.0375 3824  MRxDAV - ok
19:24:22.0375 3824  MRxSmb - ok
19:24:22.0390 3824  MSDTC - ok
19:24:22.0390 3824  Msfs - ok
19:24:22.0390 3824  MSIServer - ok
19:24:22.0390 3824  MSKSSRV - ok
19:24:22.0390 3824  MSPCLOCK - ok
19:24:22.0390 3824  MSPQM - ok
19:24:22.0406 3824  mssmbios - ok
19:24:22.0406 3824  MSTEE - ok
19:24:22.0406 3824  Mup - ok
19:24:22.0406 3824  NABTSFEC - ok
19:24:22.0406 3824  NAL - ok
19:24:22.0406 3824  napagent - ok
19:24:22.0406 3824  NDIS - ok
19:24:22.0421 3824  NdisIP - ok
19:24:22.0421 3824  NdisTapi - ok
19:24:22.0421 3824  Ndisuio - ok
19:24:22.0421 3824  NdisWan - ok
19:24:22.0421 3824  NDProxy - ok
19:24:22.0421 3824  NetBIOS - ok
19:24:22.0421 3824  NetBT - ok
19:24:22.0437 3824  NetDDE - ok
19:24:22.0437 3824  NetDDEdsdm - ok
19:24:22.0453 3824  Netlogon - ok
19:24:22.0453 3824  Netman - ok
19:24:22.0453 3824  NetTcpPortSharing - ok
19:24:22.0453 3824  NETwNx32 - ok
19:24:22.0453 3824  NIC1394 - ok
19:24:22.0453 3824  Nla - ok
19:24:22.0453 3824  Npfs - ok
19:24:22.0468 3824  Ntfs - ok
19:24:22.0468 3824  NtLmSsp - ok
19:24:22.0468 3824  NtmsSvc - ok
19:24:22.0468 3824  Null - ok
19:24:22.0468 3824  nv - ok
19:24:22.0468 3824  NVHDA - ok
19:24:22.0484 3824  nvsvc - ok
19:24:22.0484 3824  NwlnkFlt - ok
19:24:22.0484 3824  NwlnkFwd - ok
19:24:22.0484 3824  O2FLASH - ok
19:24:22.0484 3824  O2MDFRDR - ok
19:24:22.0484 3824  O2SDJRDR - ok
19:24:22.0484 3824  odserv - ok
19:24:22.0484 3824  ohci1394 - ok
19:24:22.0500 3824  ose - ok
19:24:22.0500 3824  Parport - ok
19:24:22.0500 3824  PartMgr - ok
19:24:22.0500 3824  ParVdm - ok
19:24:22.0500 3824  PCI - ok
19:24:22.0500 3824  PCIDump - ok
19:24:22.0515 3824  PCIIde - ok
19:24:22.0515 3824  Pcmcia - ok
19:24:22.0515 3824  PCTINDIS5 - ok
19:24:22.0515 3824  PDCOMP - ok
19:24:22.0515 3824  PDFRAME - ok
19:24:22.0515 3824  PDRELI - ok
19:24:22.0515 3824  PDRFRAME - ok
19:24:22.0531 3824  perc2 - ok
19:24:22.0531 3824  perc2hib - ok
19:24:22.0531 3824  PlugPlay - ok
19:24:22.0531 3824  Pointsec - ok
19:24:22.0531 3824  Pointsec_start - ok
19:24:22.0531 3824  PolicyAgent - ok
19:24:22.0546 3824  PptpMiniport - ok
19:24:22.0546 3824  prepdrvr - ok
19:24:22.0546 3824  ProtectedStorage - ok
19:24:22.0546 3824  prot_2k - ok
19:24:22.0546 3824  PSched - ok
19:24:22.0546 3824  Ptilink - ok
19:24:22.0562 3824  PxHelp20 - ok
19:24:22.0562 3824  ql1080 - ok
19:24:22.0562 3824  Ql10wnt - ok
19:24:22.0562 3824  ql12160 - ok
19:24:22.0562 3824  ql1240 - ok
19:24:22.0562 3824  ql1280 - ok
19:24:22.0578 3824  RAInfo - ok
19:24:22.0578 3824  RAMaint - ok
19:24:22.0578 3824  ramirr - ok
19:24:22.0578 3824  RARfsClientNP - ok
19:24:22.0578 3824  RARfsDriver - ok
19:24:22.0578 3824  RasAcd - ok
19:24:22.0578 3824  RasAuto - ok
19:24:22.0578 3824  Rasl2tp - ok
19:24:22.0593 3824  RasMan - ok
19:24:22.0593 3824  RasPppoe - ok
19:24:22.0593 3824  Raspti - ok
19:24:22.0593 3824  Rdbss - ok
19:24:22.0593 3824  RDPCDD - ok
19:24:22.0593 3824  rdpdr - ok
19:24:22.0609 3824  RDPWD - ok
19:24:22.0609 3824  RDSessMgr - ok
19:24:22.0609 3824  redbook - ok
19:24:22.0609 3824  RemoteAccess - ok
19:24:22.0609 3824  RemotelyAnywhere - ok
19:24:22.0609 3824  RemoteRegistry - ok
19:24:22.0609 3824  RimVSerPort - ok
19:24:22.0625 3824  risdpcie - ok
19:24:22.0625 3824  ROOTMODEM - ok
19:24:22.0625 3824  RpcLocator - ok
19:24:22.0625 3824  RpcSs - ok
19:24:22.0625 3824  RSPCIESTOR - ok
19:24:22.0625 3824  RSVP - ok
19:24:22.0625 3824  SamSs - ok
19:24:22.0640 3824  SAVAdminService - ok
19:24:22.0640 3824  SAVOnAccessControl - ok
19:24:22.0640 3824  SAVOnAccessFilter - ok
19:24:22.0640 3824  SAVService - ok
19:24:22.0640 3824  SCardSvr - ok
19:24:22.0640 3824  Schedule - ok
19:24:22.0640 3824  sdbus - ok
19:24:22.0656 3824  sdcfilter - ok
19:24:22.0656 3824  Secdrv - ok
19:24:22.0656 3824  seclogon - ok
19:24:22.0656 3824  SENS - ok
19:24:22.0656 3824  Serenum - ok
19:24:22.0656 3824  Serial - ok
19:24:22.0687 3824  Sfloppy - ok
19:24:22.0687 3824  SharedAccess - ok
19:24:22.0687 3824  ShellHWDetection - ok
19:24:22.0687 3824  Simbad - ok
19:24:22.0687 3824  sisagp - ok
19:24:22.0703 3824  SKMScan - ok
19:24:22.0703 3824  SLIP - ok
19:24:22.0703 3824  smsmdd - ok
19:24:22.0703 3824  smstsmgr - ok
19:24:22.0703 3824  Sophos Agent - ok
19:24:22.0703 3824  Sophos AutoUpdate Service - ok
19:24:22.0718 3824  Sophos Message Router - ok
19:24:22.0718 3824  Sophos Web Control Service - ok
19:24:22.0718 3824  SophosBootDriver - ok
19:24:22.0718 3824  Sparrow - ok
19:24:22.0718 3824  splitter - ok
19:24:22.0718 3824  Spooler - ok
19:24:22.0718 3824  sr - ok
19:24:22.0734 3824  srservice - ok
19:24:22.0734 3824  Srv - ok
19:24:22.0734 3824  SSDPSRV - ok
19:24:22.0734 3824  STacSV - ok
19:24:22.0734 3824  stdcfltn - ok
19:24:22.0734 3824  STHDA - ok
19:24:22.0734 3824  stisvc - ok
19:24:22.0750 3824  stllssvr - ok
19:24:22.0750 3824  streamip - ok
19:24:22.0750 3824  swenum - ok
19:24:22.0750 3824  swi_service - ok
19:24:22.0750 3824  swi_update - ok
19:24:22.0750 3824  swmidi - ok
19:24:22.0765 3824  swmsflt - ok
19:24:22.0765 3824  SWNC8UA3 - ok
19:24:22.0765 3824  SwPrv - ok
19:24:22.0781 3824  SWUMXA3 - ok
19:24:22.0781 3824  symc810 - ok
19:24:22.0781 3824  symc8xx - ok
19:24:22.0781 3824  sym_hi - ok
19:24:22.0781 3824  sym_u3 - ok
19:24:22.0796 3824  sysaudio - ok
19:24:22.0796 3824  SysmonLog - ok
19:24:22.0796 3824  TapiSrv - ok
19:24:22.0796 3824  Tcpip - ok
19:24:22.0796 3824  tcpipBM - ok
19:24:22.0796 3824  TDPIPE - ok
19:24:22.0812 3824  TDTCP - ok
19:24:22.0812 3824  TermDD - ok
19:24:22.0812 3824  TermService - ok
19:24:22.0812 3824  Themes - ok
19:24:22.0812 3824  TlntSvr - ok
19:24:22.0812 3824  TosIde - ok
19:24:22.0812 3824  TrkWks - ok
19:24:22.0828 3824  Udfs - ok
19:24:22.0828 3824  ultra - ok
19:24:22.0828 3824  Update - ok
19:24:22.0828 3824  UPHClean - ok
19:24:22.0828 3824  upnphost - ok
19:24:22.0843 3824  UPS - ok
19:24:22.0843 3824  usbccgp - ok
19:24:22.0843 3824  USBCCID - ok
19:24:22.0843 3824  usbehci - ok
19:24:22.0843 3824  usbhub - ok
19:24:22.0843 3824  usbprint - ok
19:24:22.0843 3824  usbscan - ok
19:24:22.0859 3824  USBSTOR - ok
19:24:22.0859 3824  usbuhci - ok
19:24:22.0859 3824  usbvideo - ok
19:24:22.0859 3824  VgaSave - ok
19:24:22.0859 3824  viaagp - ok
19:24:22.0859 3824  ViaIde - ok
19:24:22.0859 3824  VolSnap - ok
19:24:22.0875 3824  vpnagent - ok
19:24:22.0875 3824  vpnva - ok
19:24:22.0875 3824  VSS - ok
19:24:22.0875 3824  w32time - ok
19:24:22.0875 3824  Wanarp - ok
19:24:22.0875 3824  Wdf01000 - ok
19:24:22.0890 3824  WDICA - ok
19:24:22.0890 3824  wdmaud - ok
19:24:22.0890 3824  WebClient - ok
19:24:22.0890 3824  winmgmt - ok
19:24:22.0890 3824  WinRM - ok
19:24:22.0906 3824  WmdmPmSN - ok
19:24:22.0906 3824  Wmi - ok
19:24:22.0906 3824  WmiAcpi - ok
19:24:22.0906 3824  WmiApSrv - ok
19:24:22.0906 3824  WMPNetworkSvc - ok
19:24:22.0906 3824  WPFFontCache_v0400 - ok
19:24:22.0921 3824  WS2IFSL - ok
19:24:22.0921 3824  wscsvc - ok
19:24:22.0921 3824  WSearch - ok
19:24:22.0921 3824  WSTCODEC - ok
19:24:22.0921 3824  wuauserv - ok
19:24:22.0921 3824  WudfPf - ok
19:24:22.0937 3824  WudfRd - ok
19:24:22.0937 3824  WudfSvc - ok
19:24:22.0937 3824  WZCSVC - ok
19:24:22.0937 3824  xmlprov - ok
19:24:22.0953 3824  ================ Scan global ===============================
19:24:22.0953 3824  [Global] - ok
19:24:22.0953 3824  ================ Scan MBR ==================================
19:24:22.0968 3824  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:24:24.0578 3824  \Device\Harddisk0\DR0 - ok
19:24:24.0578 3824  ================ Scan VBR ==================================
19:24:24.0609 3824  [ 6DECA22FC95D170295E9C43E5D7E46AA ] \Device\Harddisk0\DR0\Partition1
19:24:24.0609 3824  \Device\Harddisk0\DR0\Partition1 - ok
19:24:24.0609 3824  ============================================================
19:24:24.0609 3824  Scan finished
19:24:24.0609 3824  ============================================================
19:24:24.0609 4544  Detected object count: 0
19:24:24.0609 4544  Actual detected object count: 0
 

3)

# AdwCleaner v2.305 - Logfile created 07/13/2013 at 19:43:23
# Updated 11/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : K35496 - USL2LX2RM1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\k35496\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\SearchProtect
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v7.0.6000.17109
 
[OK] Registry is clean.
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [381 octets] - [13/07/2013 19:41:24]
AdwCleaner[S2].txt - [1512 octets] - [13/07/2013 19:43:23]
 
########## EOF - C:\AdwCleaner[S2].txt - [1572 octets] ##########
 

4)

C:\Documents and Settings\k35496\My Documents\Downloads\DownloadManagerSetup.exe a variant of Win32/InstallBrain.AI application cleaned by deleting - quarantined
C:\Documents and Settings\k35496\My Documents\Downloads\gimp setup (1).exe a variant of Win32/Soft32Downloader.D application cleaned by deleting - quarantined
C:\Documents and Settings\k35496\My Documents\Downloads\gimp setup.exe a variant of Win32/Soft32Downloader.D application cleaned by deleting - quarantined
 
 
ok, so i don't like the look or sound of the Win32/InstallBrain and Soft32 stuff that ESET found...j/s LOL


#6 Stolen

Stolen
  • Topic Starter

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:00 AM

Posted 28 July 2013 - 12:42 PM

ok, this worked (above). Everything was awesome.  

 

Until i did bad stuff again today :((( i am going to go through all your steps above.  Again.  

 

I can't even tell you how many awful things I just got on my laptop today after I simply attempted to get a nice unbuggy program that will let me add cover art to an MP4 file.  will i never learn??

 

Note to self:  I should NEVER download ANYTHING if it is not recommended in this forum by like Global Mods.  

 

like never.  ever.  



#7 Stolen

Stolen
  • Topic Starter

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:00 AM

Posted 28 July 2013 - 12:43 PM

*cries* my poor laptop just keeps showing me the hour glass that Spybot keeps opening saying things are screwed.  and CC cleaner won't remove the program.  And Add/Remove programs won't remove it either.  sighhhhhhh



#8 Stolen

Stolen
  • Topic Starter

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:00 AM

Posted 28 July 2013 - 12:49 PM

Here is the MiniToolbox result I just ran: 

 

NOTE: 
Program below DivX Setup (Version: 2.6.1.8) is a PROBLEM
 
 
MiniToolBox by Farbar  Version: 13-07-2013
Ran by K35496 (administrator) on 28-07-2013 at 12:46:00
Running from "C:\Documents and Settings\k35496\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
 
WARNING: Could not obtain host information from machine: [USL2LX2RM1]. Some commands may not be available.
The executable program that this service is configured to run in does not implement the service.
 
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Wireless Network Connection"
 
set address name="Wireless Network Connection" source=dhcp 
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : USL2LX2RM1
 
        Primary Dns Suffix  . . . . . . . : kci.com
 
        Node Type . . . . . . . . . . . . : Hybrid
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
        DNS Suffix Search List. . . . . . : kci.com
 
                                            gateway.2wire.net
 
 
 
Ethernet adapter Wireless Network Connection:
 
 
 
        Connection-specific DNS Suffix  . : gateway.2wire.net
 
        Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
 
        Physical Address. . . . . . . . . : 70-F1-A1-8A-10-4D
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.1.69
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.1.254
 
        DHCP Server . . . . . . . . . . . : 192.168.1.254
 
        DNS Servers . . . . . . . . . . . : 192.168.1.254
 
        Lease Obtained. . . . . . . . . . : Sunday, July 28, 2013 12:18:56 PM
 
        Lease Expires . . . . . . . . . . : Monday, July 29, 2013 12:18:56 PM
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Media State . . . . . . . . . . . : Media disconnected
 
        Description . . . . . . . . . . . : Intel® 82577LM Gigabit Network Connection
 
        Physical Address. . . . . . . . . : 00-26-B9-E7-05-DD
 
Server:  homeportal
Address:  192.168.1.254
 
Name:    google.com.kci.com
Address:  208.91.197.27
 
 
 
Pinging google.com [74.125.225.230] with 32 bytes of data:
 
 
 
Reply from 74.125.225.230: bytes=32 time=30ms TTL=52
 
Reply from 74.125.225.230: bytes=32 time=31ms TTL=52
 
 
 
Ping statistics for 74.125.225.230:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 30ms, Maximum = 31ms, Average = 30ms
 
Server:  homeportal
Address:  192.168.1.254
 
Name:    yahoo.com.kci.com
Address:  208.91.197.27
 
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
 
 
 
Reply from 206.190.36.45: bytes=32 time=123ms TTL=45
 
Reply from 206.190.36.45: bytes=32 time=120ms TTL=45
 
 
 
Ping statistics for 206.190.36.45:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 120ms, Maximum = 123ms, Average = 121ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...70 f1 a1 8a 10 4d ...... DW1501 Wireless-N WLAN Half-Mini Card - Packet Scheduler Miniport
0x3 ...00 26 b9 e7 05 dd ...... Intel® 82577LM Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.69  25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      169.254.0.0      255.255.0.0     192.168.1.69    192.168.1.69  20
      192.168.1.0    255.255.255.0     192.168.1.69    192.168.1.69  25
     192.168.1.69  255.255.255.255        127.0.0.1       127.0.0.1  25
    192.168.1.255  255.255.255.255     192.168.1.69    192.168.1.69  25
        224.0.0.0        240.0.0.0     192.168.1.69    192.168.1.69  25
  255.255.255.255  255.255.255.255     192.168.1.69    192.168.1.69  1
  255.255.255.255  255.255.255.255     192.168.1.69               3  1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Catalog9 02 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Catalog9 03 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Catalog9 04 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Catalog9 05 bmnet.dll [File not found] (Bytemobile, Inc.)
Catalog9 06 bmnet.dll [File not found] (Bytemobile, Inc.)
Catalog9 07 bmnet.dll [File not found] (Bytemobile, Inc.)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 13 C:\Documents and Settings\All Users\Application Data\Sophos\Web Intelligence\swi_ifslsp.dll [87616] (Sophos Limited)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/28/2013 00:39:30 PM) (Source: Application Error) (User: )
Description: Faulting application browserdefender.exe, version 2.6.1339.144, faulting module browserdefender.exe, version 2.6.1339.144, fault address 0x000f26f3.
Processing media-specific event for [browserdefender.exe!ws!]
 
Error: (07/28/2013 00:31:05 PM) (Source: UserInit) (User: )
Description: Could not execute the following script \\AMWPDC02.kci.com\SysVol\kci.com\scripts\US\Logon.vbs. The network path was not found.
.
 
Error: (07/28/2013 00:29:00 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
 
Error: (07/28/2013 00:19:10 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.
 
Error: (07/28/2013 00:19:10 PM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
 
Error: (07/28/2013 00:12:43 PM) (Source: Application Error) (User: )
Description: Fault bucket -676255714.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
Error: (07/28/2013 00:12:41 PM) (Source: Application Error) (User: )
Description: Faulting application browserdefender.exe, version 2.6.1339.144, faulting module browserdefender.exe, version 2.6.1339.144, fault address 0x000f26f3.
Processing media-specific event for [browserdefender.exe!ws!]
 
Error: (07/28/2013 00:10:24 PM) (Source: Application Error) (User: )
Description: Faulting application browserdefender.exe, version 2.6.1339.144, faulting module browserdefender.exe, version 2.6.1339.144, fault address 0x000f26f3.
Processing media-specific event for [browserdefender.exe!ws!]
 
Error: (07/28/2013 00:09:38 PM) (Source: Application Error) (User: )
Description: Faulting application browserdefender.exe, version 2.6.1339.144, faulting module browserdefender.exe, version 2.6.1339.144, fault address 0x000f26f3.
Processing media-specific event for [browserdefender.exe!ws!]
 
Error: (07/28/2013 00:07:36 PM) (Source: Application Error) (User: )
Description: Faulting application browserdefender.exe, version 2.6.1339.144, faulting module browserdefender.exe, version 2.6.1339.144, fault address 0x000f26f3.
Processing media-specific event for [browserdefender.exe!ws!]
 
 
System errors:
=============
Error: (07/28/2013 00:46:04 PM) (Source: DCOM) (User: KCI)
Description: DCOM got error "%%1083" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (07/28/2013 00:46:03 PM) (Source: DCOM) (User: KCI)
Description: DCOM got error "%%1083" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (07/28/2013 00:39:43 PM) (Source: DCOM) (User: KCI)
Description: DCOM got error "%%1083" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (07/28/2013 00:36:31 PM) (Source: DCOM) (User: KCI)
Description: DCOM got error "%%1083" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (07/28/2013 00:34:27 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.
 
Error: (07/28/2013 00:33:17 PM) (Source: DCOM) (User: KCI)
Description: DCOM got error "%%1083" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (07/28/2013 00:33:17 PM) (Source: DCOM) (User: KCI)
Description: DCOM got error "%%1083" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (07/28/2013 00:33:17 PM) (Source: DCOM) (User: KCI)
Description: DCOM got error "%%1083" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (07/28/2013 00:33:17 PM) (Source: DCOM) (User: KCI)
Description: DCOM got error "%%1083" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (07/28/2013 00:33:17 PM) (Source: DCOM) (User: KCI)
Description: DCOM got error "%%1083" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
 
Microsoft Office Sessions:
=========================
Error: (07/12/2013 06:37:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 640951 seconds with 44580 seconds of active time.  This session ended with a crash.
 
Error: (06/24/2013 10:28:38 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 523592 seconds with 17100 seconds of active time.  This session ended with a crash.
 
 
=========================== Installed Programs ============================
 
2007 Microsoft Office Suite Service Pack 2 (SP2)
Adobe Acrobat  9 Standard - English, Français, Deutsch (Version: 9.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Any Video Converter 5.0.7
AT&T Communication Manager (Version: 7.01.0030.0)
BioAPI Framework (Version: 1.0.1)
BizFlow Workitem Handler (Version: 10.1.6.12)
Bonjour (Version: 2.0.2.0)
BrowserDefender
CCleaner (Version: 4.03)
Check Point Endpoint Security - Full Disk Encryption (Version: 7.4.5.1667)
Cisco AnyConnect VPN Client (Version: 2.4.1012)
Claim Form Fax (Version: 4.1.20.2)
Claim Form Fax (Version: 4.37.01)
Configuration Manager Client (Version: 4.00.6487.2000)
DC-Bass Source 1.3.0
DefaultTab (Version: 2.2.8.0)
Dell 968 AIO Printer
Dell ControlPoint System Manager (Version: 1.4.00000)
Dell ControlVault Host Components Installer (Version: 1.7.450.290)
Dell Security Device Driver Pack (Version: 1.4.050)
Dell Touchpad (Version: 7.1208.101.125)
Dell V715w
DivX Setup (Version: 2.6.1.8)
Dropbox (Version: 2.0.26)
DYMO Label v.8 (Version: 8.5.0.1751)
DYMO LabelWriter Drivers (Version: 8.3.0.443)
ESET Online Scanner v3
ffdshow v1.1.4399 [2012-03-22] (Version: 1.1.4399.0)
FileNet IDM Viewer 4.0
Ghostscript Install (Version: 1.10.0001)
GIMP 2.8.6 (Version: 2.8.6)
Google Chrome (Version: 28.0.1500.72)
Google Update Helper (Version: 1.3.21.153)
Haali Media Splitter
HERO (Version: 5.14.0.0)
HP Color LaserJet 2600 series
Intel® Network Connections 14.8.43.0 (Version: 14.8.43.0)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
IT Helpdesk Tools (Version: 1.00.0000)
J2SE Runtime Environment 5.0 Update 11 (Version: 1.5.0.110)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
KCI Field PB9 (Version: 6.04.01)
Lagarith Lossless Codec (1.3.27)
LAME v3.99.3 (for Windows)
LyricXeeker
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6425.1000)
Microsoft Office Project MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Project Standard 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Visio Standard 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6425.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0)
NVIDIA Display Control Panel (Version: 6.14.12.6883)
OpenSource Flash Video Splitter 1.0.0.5 (Version: 1.0.0.5)
Oracle 10g InstantClient (Version: 10.1.0.4.3)
Oracle JInitiator 1.3.1.29
PowerDVD DX (Version: 8.3.6029)
RDC
Reader 2.0 (Version: 2.0.1.1038)
RealPlayer
Realtek High Definition Audio Driver (Version: 5.10.0.6201)
RemotelyAnywhere (Version: 8.0.747)
RightFax Product Suite (Version: 9.00.0000)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE 10.3 (Version: 10.3)
Roxio Creator DE 10.3 (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio Update Manager (Version: 6.0.0)
Safe Saver (Version: 1.27.153.8)
Skype™ 3.8 (Version: 3.8.144)
Sophos Anti-Virus (Version: 10.0.10)
Sophos AutoUpdate (Version: 2.7.4.317)
Sophos Remote Management System (Version: 3.4.1)
Spybot - Search & Destroy (Version: 1.6.2)
Symantec Enterprise Vault Outlook Add-In (Version: 8.0.5656)
Ultimate Codec Packages
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951618-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0)
User Profile Hive Cleanup Service (Version: 1.6.36)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
WebFldrs XP (Version: 9.50.7523)
WIDCOMM Bluetooth Software (Version: 5.6.0.3101)
WIMGAPI (Version: 1.0.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.95)
Windows Rights Management Client with Service Pack 2 (Version: 5.2.95)
Windows Search 4.0 (Version: 04.00.6001.503)
XML Paper Specification Shared Components Pack 1.0
 
========================= Memory info: ===================================
 
Percentage of memory in use: 41%
Total physical RAM: 3317.78 MB
Available physical RAM: 1941.84 MB
Total Pagefile: 5200.81 MB
Available Pagefile: 3741.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1981.46 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OSDisk) (Fixed) (Total:232.88 GB) (Free:157.62 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\USL2LX2RM1
 
ASPNET                   Guest                    HelpAssistant            
kci_admin                SophosSAUUSL2LX2RM10     SUPPORT_388945a0         
 
 
**** End of log ****


#9 Stolen

Stolen
  • Topic Starter

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:00 AM

Posted 28 July 2013 - 12:52 PM

Here is Log file for TDS Scan: 

 

12:49:56.0375 9124  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
12:49:56.0921 9124  ============================================================
12:49:56.0921 9124  Current date / time: 2013/07/28 12:49:56.0921
12:49:56.0921 9124  SystemInfo:
12:49:56.0921 9124  
12:49:56.0921 9124  OS Version: 5.1.2600 ServicePack: 3.0
12:49:56.0921 9124  Product type: Workstation
12:49:56.0921 9124  ComputerName: USL2LX2RM1
12:49:56.0921 9124  UserName: K35496
12:49:56.0921 9124  Windows directory: C:\WINDOWS
12:49:56.0921 9124  System windows directory: C:\WINDOWS
12:49:56.0921 9124  Processor architecture: Intel x86
12:49:56.0921 9124  Number of processors: 4
12:49:56.0921 9124  Page size: 0x1000
12:49:56.0921 9124  Boot type: Normal boot
12:49:56.0921 9124  ============================================================
12:49:58.0343 9124  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:49:58.0343 9124  ============================================================
12:49:58.0343 9124  \Device\Harddisk0\DR0:
12:49:58.0343 9124  MBR partitions:
12:49:58.0343 9124  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3EC1, BlocksNum 0x1D1C06C0
12:49:58.0343 9124  ============================================================
12:49:58.0359 9124  Initialize success
12:49:58.0359 9124  ============================================================
12:50:25.0437 11520  ============================================================
12:50:25.0437 11520  Scan started
12:50:25.0437 11520  Mode: Manual; TDLFS; 
12:50:25.0437 11520  ============================================================
12:50:25.0468 11520  ================ Scan system memory ========================
12:50:25.0843 11520  System memory - ok
12:50:25.0843 11520  ================ Scan services =============================
12:50:25.0875 11520  Abiosdsk - ok
12:50:25.0875 11520  abp480n5 - ok
12:50:25.0875 11520  Acceler - ok
12:50:25.0890 11520  ACPI - ok
12:50:25.0890 11520  ACPIEC - ok
12:50:25.0906 11520  adpu160m - ok
12:50:25.0906 11520  aec - ok
12:50:25.0906 11520  AESTAud - ok
12:50:25.0921 11520  AFD - ok
12:50:25.0921 11520  agp440 - ok
12:50:25.0937 11520  agpCPQ - ok
12:50:25.0937 11520  Aha154x - ok
12:50:25.0953 11520  aic78u2 - ok
12:50:25.0953 11520  aic78xx - ok
12:50:25.0953 11520  Alerter - ok
12:50:25.0968 11520  ALG - ok
12:50:25.0968 11520  AliIde - ok
12:50:25.0984 11520  alim1541 - ok
12:50:25.0984 11520  Ambfilt - ok
12:50:25.0984 11520  amdagp - ok
12:50:26.0000 11520  amsint - ok
12:50:26.0000 11520  ApfiltrService - ok
12:50:26.0015 11520  AppMgmt - ok
12:50:26.0015 11520  Arp1394 - ok
12:50:26.0015 11520  asc - ok
12:50:26.0031 11520  asc3350p - ok
12:50:26.0031 11520  asc3550 - ok
12:50:26.0031 11520  aspnet_state - ok
12:50:26.0031 11520  AsyncMac - ok
12:50:26.0046 11520  atapi - ok
12:50:26.0046 11520  Atdisk - ok
12:50:26.0046 11520  Atmarpc - ok
12:50:26.0046 11520  ATTRcAppSvc - ok
12:50:26.0062 11520  AudioSrv - ok
12:50:26.0062 11520  audstub - ok
12:50:26.0062 11520  b57w2k - ok
12:50:26.0078 11520  BCM43XX - ok
12:50:26.0078 11520  Beep - ok
12:50:26.0078 11520  BITS - ok
12:50:26.0078 11520  Bonjour Service - ok
12:50:26.0093 11520  Browser - ok
12:50:26.0093 11520  BrowserDefendert - ok
12:50:26.0093 11520  BTKRNL - ok
12:50:26.0093 11520  btwdins - ok
12:50:26.0093 11520  BTWUSB - ok
12:50:26.0093 11520  buttonsvc32 - ok
12:50:26.0109 11520  cbidf - ok
12:50:26.0125 11520  cbidf2k - ok
12:50:26.0125 11520  CCDECODE - ok
12:50:26.0125 11520  CcmExec - ok
12:50:26.0140 11520  cd20xrnt - ok
12:50:26.0140 11520  Cdaudio - ok
12:50:26.0156 11520  Cdfs - ok
12:50:26.0156 11520  Cdrom - ok
12:50:26.0156 11520  Changer - ok
12:50:26.0156 11520  CiSvc - ok
12:50:26.0156 11520  ClipSrv - ok
12:50:26.0156 11520  clr_optimization_v2.0.50727_32 - ok
12:50:26.0171 11520  clr_optimization_v4.0.30319_32 - ok
12:50:26.0171 11520  CmBatt - ok
12:50:26.0171 11520  CmdIde - ok
12:50:26.0171 11520  Compbatt - ok
12:50:26.0171 11520  COMSysApp - ok
12:50:26.0171 11520  Cpqarray - ok
12:50:26.0187 11520  Credential Vault Host Control Service - ok
12:50:26.0203 11520  Credential Vault Host Storage - ok
12:50:26.0203 11520  CryptSvc - ok
12:50:26.0203 11520  cvusbdrv - ok
12:50:26.0203 11520  dac2w2k - ok
12:50:26.0203 11520  dac960nt - ok
12:50:26.0203 11520  DcomLaunch - ok
12:50:26.0218 11520  dcpsysmgrsvc - ok
12:50:26.0218 11520  DefaultTabSearch - ok
12:50:26.0218 11520  Dhcp - ok
12:50:26.0218 11520  Disk - ok
12:50:26.0218 11520  dldoCATSCustConnectService - ok
12:50:26.0218 11520  dldo_device - ok
12:50:26.0234 11520  dleeCATSCustConnectService - ok
12:50:26.0234 11520  dlee_device - ok
12:50:26.0234 11520  dmadmin - ok
12:50:26.0234 11520  dmboot - ok
12:50:26.0234 11520  dmio - ok
12:50:26.0234 11520  dmload - ok
12:50:26.0234 11520  dmserver - ok
12:50:26.0250 11520  DMusic - ok
12:50:26.0250 11520  Dnscache - ok
12:50:26.0250 11520  Dot3svc - ok
12:50:26.0250 11520  dpti2o - ok
12:50:26.0250 11520  drmkaud - ok
12:50:26.0250 11520  DVMIO - ok
12:50:26.0250 11520  DymoPnpService - ok
12:50:26.0265 11520  e1cexpress - ok
12:50:26.0265 11520  e1kexpress - ok
12:50:26.0265 11520  EapHost - ok
12:50:26.0265 11520  ERSvc - ok
12:50:26.0265 11520  Eventlog - ok
12:50:26.0281 11520  EventSystem - ok
12:50:26.0281 11520  Fastfat - ok
12:50:26.0281 11520  FastUserSwitchingCompatibility - ok
12:50:26.0296 11520  Fdc - ok
12:50:26.0296 11520  Fips - ok
12:50:26.0296 11520  FLEXnet Licensing Service - ok
12:50:26.0296 11520  Flpydisk - ok
12:50:26.0296 11520  FltMgr - ok
12:50:26.0296 11520  FontCache3.0.0.0 - ok
12:50:26.0296 11520  Fs_Rec - ok
12:50:26.0296 11520  Ftdisk - ok
12:50:26.0312 11520  Gpc - ok
12:50:26.0312 11520  gupdate - ok
12:50:26.0312 11520  gupdatem - ok
12:50:26.0312 11520  HDAudBus - ok
12:50:26.0312 11520  helpsvc - ok
12:50:26.0312 11520  HidServ - ok
12:50:26.0312 11520  hidusb - ok
12:50:26.0312 11520  hkmsvc - ok
12:50:26.0328 11520  hpn - ok
12:50:26.0328 11520  HTTP - ok
12:50:26.0328 11520  HTTPFilter - ok
12:50:26.0328 11520  i2omgmt - ok
12:50:26.0328 11520  i2omp - ok
12:50:26.0328 11520  i8042prt - ok
12:50:26.0328 11520  ialm - ok
12:50:26.0328 11520  iaStor - ok
12:50:26.0343 11520  IAStorDataMgrSvc - ok
12:50:26.0343 11520  IDriverT - ok
12:50:26.0343 11520  idsvc - ok
12:50:26.0343 11520  Imapi - ok
12:50:26.0343 11520  ImapiService - ok
12:50:26.0343 11520  Impcd - ok
12:50:26.0343 11520  ini910u - ok
12:50:26.0359 11520  IntcAzAudAddService - ok
12:50:26.0359 11520  IntelIde - ok
12:50:26.0359 11520  intelppm - ok
12:50:26.0359 11520  Ip6Fw - ok
12:50:26.0359 11520  IpFilterDriver - ok
12:50:26.0359 11520  IpInIp - ok
12:50:26.0359 11520  IpNat - ok
12:50:26.0359 11520  IPSec - ok
12:50:26.0375 11520  IRENUM - ok
12:50:26.0375 11520  isapnp - ok
12:50:26.0375 11520  JavaQuickStarterService - ok
12:50:26.0375 11520  Kbdclass - ok
12:50:26.0375 11520  kbdhid - ok
12:50:26.0375 11520  kmixer - ok
12:50:26.0375 11520  KSecDD - ok
12:50:26.0390 11520  LanmanServer - ok
12:50:26.0390 11520  lanmanworkstation - ok
12:50:26.0390 11520  lbrtfdc - ok
12:50:26.0390 11520  LmHosts - ok
12:50:26.0390 11520  MDM - ok
12:50:26.0390 11520  MEI - ok
12:50:26.0406 11520  Messenger - ok
12:50:26.0406 11520  mnmdd - ok
12:50:26.0406 11520  mnmsrvc - ok
12:50:26.0406 11520  Modem - ok
12:50:26.0406 11520  Monfilt - ok
12:50:26.0406 11520  Mouclass - ok
12:50:26.0406 11520  mouhid - ok
12:50:26.0406 11520  MountMgr - ok
12:50:26.0421 11520  mraid35x - ok
12:50:26.0421 11520  MRxDAV - ok
12:50:26.0421 11520  MRxSmb - ok
12:50:26.0421 11520  MSDTC - ok
12:50:26.0421 11520  Msfs - ok
12:50:26.0421 11520  MSIServer - ok
12:50:26.0421 11520  MSKSSRV - ok
12:50:26.0437 11520  MSPCLOCK - ok
12:50:26.0437 11520  MSPQM - ok
12:50:26.0437 11520  mssmbios - ok
12:50:26.0437 11520  MSTEE - ok
12:50:26.0437 11520  Mup - ok
12:50:26.0437 11520  NABTSFEC - ok
12:50:26.0437 11520  NAL - ok
12:50:26.0453 11520  napagent - ok
12:50:26.0453 11520  NDIS - ok
12:50:26.0453 11520  NdisIP - ok
12:50:26.0453 11520  NdisTapi - ok
12:50:26.0453 11520  Ndisuio - ok
12:50:26.0453 11520  NdisWan - ok
12:50:26.0453 11520  NDProxy - ok
12:50:26.0468 11520  NetBIOS - ok
12:50:26.0468 11520  NetBT - ok
12:50:26.0468 11520  NetDDE - ok
12:50:26.0468 11520  NetDDEdsdm - ok
12:50:26.0468 11520  Netlogon - ok
12:50:26.0468 11520  Netman - ok
12:50:26.0468 11520  NetTcpPortSharing - ok
12:50:26.0484 11520  NETwNx32 - ok
12:50:26.0484 11520  NIC1394 - ok
12:50:26.0484 11520  Nla - ok
12:50:26.0484 11520  Npfs - ok
12:50:26.0484 11520  Ntfs - ok
12:50:26.0484 11520  NtLmSsp - ok
12:50:26.0484 11520  NtmsSvc - ok
12:50:26.0500 11520  Null - ok
12:50:26.0500 11520  nv - ok
12:50:26.0500 11520  NVHDA - ok
12:50:26.0500 11520  nvsvc - ok
12:50:26.0500 11520  NwlnkFlt - ok
12:50:26.0500 11520  NwlnkFwd - ok
12:50:26.0500 11520  O2FLASH - ok
12:50:26.0515 11520  O2MDFRDR - ok
12:50:26.0515 11520  O2SDJRDR - ok
12:50:26.0515 11520  odserv - ok
12:50:26.0515 11520  ohci1394 - ok
12:50:26.0515 11520  ose - ok
12:50:26.0515 11520  Parport - ok
12:50:26.0515 11520  PartMgr - ok
12:50:26.0531 11520  ParVdm - ok
12:50:26.0531 11520  PCI - ok
12:50:26.0531 11520  PCIDump - ok
12:50:26.0531 11520  PCIIde - ok
12:50:26.0531 11520  Pcmcia - ok
12:50:26.0531 11520  PCTINDIS5 - ok
12:50:26.0531 11520  PDCOMP - ok
12:50:26.0531 11520  PDFRAME - ok
12:50:26.0546 11520  PDRELI - ok
12:50:26.0546 11520  PDRFRAME - ok
12:50:26.0546 11520  perc2 - ok
12:50:26.0546 11520  perc2hib - ok
12:50:26.0546 11520  PlugPlay - ok
12:50:26.0562 11520  Pointsec - ok
12:50:26.0562 11520  Pointsec_start - ok
12:50:26.0562 11520  PolicyAgent - ok
12:50:26.0562 11520  PptpMiniport - ok
12:50:26.0562 11520  prepdrvr - ok
12:50:26.0562 11520  ProtectedStorage - ok
12:50:26.0562 11520  prot_2k - ok
12:50:26.0562 11520  PSched - ok
12:50:26.0578 11520  Ptilink - ok
12:50:26.0578 11520  PxHelp20 - ok
12:50:26.0578 11520  ql1080 - ok
12:50:26.0578 11520  Ql10wnt - ok
12:50:26.0578 11520  ql12160 - ok
12:50:26.0578 11520  ql1240 - ok
12:50:26.0578 11520  ql1280 - ok
12:50:26.0593 11520  RAInfo - ok
12:50:26.0593 11520  RAMaint - ok
12:50:26.0593 11520  ramirr - ok
12:50:26.0593 11520  RARfsClientNP - ok
12:50:26.0593 11520  RARfsDriver - ok
12:50:26.0593 11520  RasAcd - ok
12:50:26.0593 11520  RasAuto - ok
12:50:26.0593 11520  Rasl2tp - ok
12:50:26.0609 11520  RasMan - ok
12:50:26.0609 11520  RasPppoe - ok
12:50:26.0609 11520  Raspti - ok
12:50:26.0609 11520  Rdbss - ok
12:50:26.0609 11520  RDPCDD - ok
12:50:26.0609 11520  rdpdr - ok
12:50:26.0625 11520  RDPWD - ok
12:50:26.0625 11520  RDSessMgr - ok
12:50:26.0625 11520  redbook - ok
12:50:26.0625 11520  RemoteAccess - ok
12:50:26.0625 11520  RemotelyAnywhere - ok
12:50:26.0625 11520  RemoteRegistry - ok
12:50:26.0625 11520  RimVSerPort - ok
12:50:26.0640 11520  risdpcie - ok
12:50:26.0640 11520  ROOTMODEM - ok
12:50:26.0640 11520  RpcLocator - ok
12:50:26.0640 11520  RpcSs - ok
12:50:26.0640 11520  RSPCIESTOR - ok
12:50:26.0640 11520  RSVP - ok
12:50:26.0640 11520  SamSs - ok
12:50:26.0640 11520  SAVAdminService - ok
12:50:26.0656 11520  SAVOnAccessControl - ok
12:50:26.0656 11520  SAVOnAccessFilter - ok
12:50:26.0656 11520  SAVService - ok
12:50:26.0656 11520  SCardSvr - ok
12:50:26.0656 11520  Schedule - ok
12:50:26.0656 11520  sdbus - ok
12:50:26.0656 11520  sdcfilter - ok
12:50:26.0656 11520  Secdrv - ok
12:50:26.0671 11520  seclogon - ok
12:50:26.0671 11520  SENS - ok
12:50:26.0671 11520  Serenum - ok
12:50:26.0671 11520  Serial - ok
12:50:26.0687 11520  Sfloppy - ok
12:50:26.0687 11520  SharedAccess - ok
12:50:26.0687 11520  ShellHWDetection - ok
12:50:26.0687 11520  Simbad - ok
12:50:26.0687 11520  sisagp - ok
12:50:26.0687 11520  SKMScan - ok
12:50:26.0687 11520  SLIP - ok
12:50:26.0687 11520  smsmdd - ok
12:50:26.0703 11520  smstsmgr - ok
12:50:26.0703 11520  Sophos Agent - ok
12:50:26.0703 11520  Sophos AutoUpdate Service - ok
12:50:26.0703 11520  Sophos Message Router - ok
12:50:26.0703 11520  Sophos Web Control Service - ok
12:50:26.0703 11520  SophosBootDriver - ok
12:50:26.0718 11520  Sparrow - ok
12:50:26.0718 11520  splitter - ok
12:50:26.0718 11520  Spooler - ok
12:50:26.0718 11520  sr - ok
12:50:26.0718 11520  srservice - ok
12:50:26.0718 11520  Srv - ok
12:50:26.0718 11520  SSDPSRV - ok
12:50:26.0718 11520  STacSV - ok
12:50:26.0734 11520  stdcfltn - ok
12:50:26.0734 11520  STHDA - ok
12:50:26.0734 11520  stisvc - ok
12:50:26.0734 11520  stllssvr - ok
12:50:26.0734 11520  streamip - ok
12:50:26.0734 11520  swenum - ok
12:50:26.0734 11520  swi_service - ok
12:50:26.0750 11520  swi_update - ok
12:50:26.0750 11520  swmidi - ok
12:50:26.0750 11520  swmsflt - ok
12:50:26.0750 11520  SWNC8UA3 - ok
12:50:26.0750 11520  SwPrv - ok
12:50:26.0765 11520  SWUMXA3 - ok
12:50:26.0765 11520  symc810 - ok
12:50:26.0765 11520  symc8xx - ok
12:50:26.0765 11520  sym_hi - ok
12:50:26.0781 11520  sym_u3 - ok
12:50:26.0781 11520  sysaudio - ok
12:50:26.0781 11520  SysmonLog - ok
12:50:26.0781 11520  TapiSrv - ok
12:50:26.0781 11520  Tcpip - ok
12:50:26.0781 11520  tcpipBM - ok
12:50:26.0781 11520  TDPIPE - ok
12:50:26.0796 11520  TDTCP - ok
12:50:26.0796 11520  TermDD - ok
12:50:26.0796 11520  TermService - ok
12:50:26.0796 11520  Themes - ok
12:50:26.0796 11520  TlntSvr - ok
12:50:26.0796 11520  TosIde - ok
12:50:26.0796 11520  TrkWks - ok
12:50:26.0812 11520  Udfs - ok
12:50:26.0812 11520  ultra - ok
12:50:26.0812 11520  Update - ok
12:50:26.0812 11520  UPHClean - ok
12:50:26.0812 11520  upnphost - ok
12:50:26.0812 11520  UPS - ok
12:50:26.0828 11520  usbccgp - ok
12:50:26.0828 11520  USBCCID - ok
12:50:26.0828 11520  usbehci - ok
12:50:26.0828 11520  usbhub - ok
12:50:26.0828 11520  usbprint - ok
12:50:26.0828 11520  usbscan - ok
12:50:26.0828 11520  USBSTOR - ok
12:50:26.0843 11520  usbuhci - ok
12:50:26.0843 11520  usbvideo - ok
12:50:26.0843 11520  VgaSave - ok
12:50:26.0843 11520  viaagp - ok
12:50:26.0843 11520  ViaIde - ok
12:50:26.0843 11520  VolSnap - ok
12:50:26.0859 11520  vpnagent - ok
12:50:26.0859 11520  vpnva - ok
12:50:26.0859 11520  VSS - ok
12:50:26.0859 11520  w32time - ok
12:50:26.0859 11520  Wanarp - ok
12:50:26.0859 11520  Wdf01000 - ok
12:50:26.0859 11520  WDICA - ok
12:50:26.0875 11520  wdmaud - ok
12:50:26.0875 11520  WebClient - ok
12:50:26.0875 11520  winmgmt - ok
12:50:26.0875 11520  WinRM - ok
12:50:26.0875 11520  WmdmPmSN - ok
12:50:26.0890 11520  Wmi - ok
12:50:26.0890 11520  WmiAcpi - ok
12:50:26.0890 11520  WmiApSrv - ok
12:50:26.0890 11520  WMPNetworkSvc - ok
12:50:26.0890 11520  WPFFontCache_v0400 - ok
12:50:26.0890 11520  WS2IFSL - ok
12:50:26.0890 11520  wscsvc - ok
12:50:26.0906 11520  WSearch - ok
12:50:26.0906 11520  WSTCODEC - ok
12:50:26.0906 11520  wuauserv - ok
12:50:26.0906 11520  WudfPf - ok
12:50:26.0906 11520  WudfRd - ok
12:50:26.0906 11520  WudfSvc - ok
12:50:26.0906 11520  WZCSVC - ok
12:50:26.0921 11520  xmlprov - ok
12:50:26.0921 11520  ================ Scan global ===============================
12:50:26.0921 11520  [Global] - ok
12:50:26.0921 11520  ================ Scan MBR ==================================
12:50:26.0953 11520  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:50:28.0484 11520  \Device\Harddisk0\DR0 - ok
12:50:28.0484 11520  ================ Scan VBR ==================================
12:50:28.0500 11520  [ 6DECA22FC95D170295E9C43E5D7E46AA ] \Device\Harddisk0\DR0\Partition1
12:50:28.0500 11520  \Device\Harddisk0\DR0\Partition1 - ok
12:50:28.0500 11520  ============================================================
12:50:28.0500 11520  Scan finished
12:50:28.0500 11520  ============================================================
12:50:28.0515 12176  Detected object count: 0
12:50:28.0515 12176  Actual detected object count: 0


#10 Stolen

Stolen
  • Topic Starter

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:00 AM

Posted 28 July 2013 - 12:58 PM

Adware cleaner results after restart:

 

# AdwCleaner v2.306 - Logfile created 07/28/2013 at 12:58:43
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : K35496 - USL2LX2RM1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\k35496\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : BrowserDefendert
Stopped & Deleted : DefaultTabSearch
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Deleted on reboot : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
File Deleted : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\WINDOWS\Tasks\BrowserDefendert.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BrowserDefender
Folder Deleted : C:\Documents and Settings\k35496\Application Data\BabSolution
Folder Deleted : C:\Documents and Settings\k35496\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\k35496\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\k35496\Application Data\delta
Folder Deleted : C:\Documents and Settings\k35496\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\delta
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\a57dedee26ee542
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\a57dedee26ee542
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311321154}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322322254}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033254.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033254.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033254.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033254.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355325554}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366326654}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344324454}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311321154}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v7.0.6000.17109
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=AA070026B9E705DD&affID=119351&tsp=4957 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=AA070026B9E705DD&affID=119351&tsp=4957 --> hxxp://www.google.com
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Documents and Settings\k35496\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.38] : keyword = "babylon.com",
Deleted [l.42] : search_url = "hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=AA070026B9E70[...]
 
*************************
 
AdwCleaner[R1].txt - [8933 octets] - [28/07/2013 12:56:12]
AdwCleaner[S1].txt - [381 octets] - [13/07/2013 19:41:24]
AdwCleaner[S2].txt - [1641 octets] - [13/07/2013 19:43:23]
AdwCleaner[S3].txt - [8824 octets] - [28/07/2013 12:58:43]
 
########## EOF - C:\AdwCleaner[S3].txt - [8884 octets] ##########

Edited by stolen, 28 July 2013 - 01:19 PM.


#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:00 AM

Posted 28 July 2013 - 01:54 PM

Those were some good removals.... Lets see how it's running after ESET.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Stolen

Stolen
  • Topic Starter

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:00 AM

Posted 28 July 2013 - 02:05 PM

TY.  ESET has found 4 infected files so far and is at 69% right now. 

 

Confession: I have borrowed and voiced "To Insanity and Beyond" a few times this week at work. No further comment needed, i know ;)



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:00 AM

Posted 28 July 2013 - 02:17 PM

LOL,you have entered my realm !!

When we are done you can get Gimp here, safely.
http://www.bleepingcomputer.com/forums/t/366982/freeware-replacements-for-common-commercial-apps/

Look under Graphics Design & Editing


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Stolen

Stolen
  • Topic Starter

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:00 AM

Posted 28 July 2013 - 02:23 PM

hehe. NICE. 

 

ok TY on my gimp link :)  and i have been posting in the GD&E topics too :) 



#15 Stolen

Stolen
  • Topic Starter

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:00 AM

Posted 28 July 2013 - 02:39 PM

ESET Threats found: 

 

C:\Documents and Settings\k35496\Application Data\Ultimate Codec Packages\uninstaller.exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined
 
C:\Documents and Settings\k35496\My Documents\Downloads\avc-free.exe Win32/OpenCandy application cleaned by deleting - quarantined
 
C:\Documents and Settings\k35496\My Documents\Downloads\setup.exe Win32/InstallCore.BG application cleaned by deleting - quarantined
 
C:\Documents and Settings\k35496\My Documents\Downloads\UltimateCodec.exe Win32/InstallCore.BN application cleaned by deleting - quarantined
 
C:\Program Files\Safe Saver\utils.exe a variant of Win32/Packed.VMDetector.A application cleaned by deleting - quarantined





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users