Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection


  • Please log in to reply
15 replies to this topic

#1 jaysnzees

jaysnzees

  • Members
  • 310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:02:37 PM

Posted 08 August 2013 - 09:49 PM

I have noticed a few strange things with the computer.  When we click on links there always seems to be another tab that pops up with a advertiment of some kind or a suggestion for an upgrade on Flash player or something.
 
Also a pop up occurs when I click search on Google.  A rectangle asking for a user name and password and the statement "A username and password is being requested by hxxp://loadingresource.mat.xinstaller.com The sight says: Password Protected Area"  Looks like this is a common problem.
 
I have attempted system restore and it says its unable to.

Edited by Orange Blossom, 08 August 2013 - 11:07 PM.
Deactivated link. ~ OB

What is thy bidding? My Master?

BC AdBot (Login to Remove)

 


#2 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 09 August 2013 - 03:48 AM

:welcome:

 

   :step1: Run Rkill http://www.bleepingcomputer.com/forums/t/308364/rkill-what-it-does-and-what-it-doesnt-a-brief-introduction-to-the-program/

 

       Note: Sometimes AV's thinks Rkill is infected, this isn't true, it's just a false-positive. Just let it terminate the malware processes. Provide the Rkill log.

 

:step2:  Install and run MBAM

:step2:  Running TDSSKiller to obtain log

 

Note: Don't cure or delete a threat, but choose skip for all instead.

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • In the Additional options: Check Detect TDLFS file system
  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • Choose for all threats to Skip for all of them.
  • Click Continue
  • Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#3 jaysnzees

jaysnzees
  • Topic Starter

  • Members
  • 310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:02:37 PM

Posted 09 August 2013 - 09:24 PM

21:17:27.0953 3440  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:17:28.0531 3440  ============================================================
21:17:28.0531 3440  Current date / time: 2013/08/09 21:17:28.0531
21:17:28.0531 3440  SystemInfo:
21:17:28.0531 3440  
21:17:28.0531 3440  OS Version: 5.1.2600 ServicePack: 3.0
21:17:28.0531 3440  Product type: Workstation
21:17:28.0531 3440  ComputerName: DELL-GB54B81JG8
21:17:28.0531 3440  UserName: Family
21:17:28.0531 3440  Windows directory: C:\WINDOWS
21:17:28.0531 3440  System windows directory: C:\WINDOWS
21:17:28.0531 3440  Processor architecture: Intel x86
21:17:28.0531 3440  Number of processors: 2
21:17:28.0531 3440  Page size: 0x1000
21:17:28.0531 3440  Boot type: Normal boot
21:17:28.0531 3440  ============================================================
21:17:29.0531 3440  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
21:17:29.0531 3440  ============================================================
21:17:29.0531 3440  \Device\Harddisk0\DR0:
21:17:29.0531 3440  MBR partitions:
21:17:29.0531 3440  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
21:17:29.0531 3440  ============================================================
21:17:29.0546 3440  C: <-> \Device\Harddisk0\DR0\Partition1
21:17:29.0546 3440  ============================================================
21:17:29.0546 3440  Initialize success
21:17:29.0546 3440  ============================================================
21:18:48.0250 4048  ============================================================
21:18:48.0250 4048  Scan started
21:18:48.0250 4048  Mode: Manual; TDLFS;
21:18:48.0250 4048  ============================================================
21:18:48.0625 4048  ================ Scan system memory ========================
21:18:48.0640 4048  System memory - ok
21:18:48.0640 4048  ================ Scan services =============================
21:18:48.0718 4048  [ 9EBE730D4B5E3FF25EAAF5A59BA6CCFF ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:18:48.0718 4048  !SASCORE - ok
21:18:48.0796 4048  [ A15069EEC83EBC54150564B2585CFDBA ] 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
21:18:48.0812 4048  9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
21:18:48.0859 4048  Abiosdsk - ok
21:18:48.0875 4048  abp480n5 - ok
21:18:48.0906 4048  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:18:48.0906 4048  ACPI - ok
21:18:48.0937 4048  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
21:18:48.0937 4048  ACPIEC - ok
21:18:48.0984 4048  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:18:48.0984 4048  AdobeFlashPlayerUpdateSvc - ok
21:18:48.0984 4048  adpu160m - ok
21:18:49.0015 4048  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
21:18:49.0015 4048  aec - ok
21:18:49.0046 4048  [ 2C5C22990156A1063E19AD162191DC1D ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:18:49.0046 4048  AegisP - ok
21:18:49.0062 4048  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
21:18:49.0062 4048  AFD - ok
21:18:49.0078 4048  Aha154x - ok
21:18:49.0078 4048  aic78u2 - ok
21:18:49.0078 4048  aic78xx - ok
21:18:49.0109 4048  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
21:18:49.0109 4048  Alerter - ok
21:18:49.0125 4048  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
21:18:49.0125 4048  ALG - ok
21:18:49.0140 4048  AliIde - ok
21:18:49.0140 4048  amsint - ok
21:18:49.0203 4048  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:18:49.0203 4048  Apple Mobile Device - ok
21:18:49.0203 4048  AppMgmt - ok
21:18:49.0218 4048  AR5523 - ok
21:18:49.0218 4048  asc - ok
21:18:49.0218 4048  asc3350p - ok
21:18:49.0218 4048  asc3550 - ok
21:18:49.0296 4048  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:18:49.0328 4048  aspnet_state - ok
21:18:49.0359 4048  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:18:49.0359 4048  AsyncMac - ok
21:18:49.0359 4048  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
21:18:49.0359 4048  atapi - ok
21:18:49.0375 4048  Atdisk - ok
21:18:49.0390 4048  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:18:49.0390 4048  Atmarpc - ok
21:18:49.0437 4048  [ 4E8185A861A544800648AF182684A7BC ] ATT MAHostService C:\Program Files\ATT\8.3.1.7\ma\bin\MAHostService.exe
21:18:49.0437 4048  ATT MAHostService - ok
21:18:49.0484 4048  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
21:18:49.0484 4048  AudioSrv - ok
21:18:49.0500 4048  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
21:18:49.0500 4048  audstub - ok
21:18:49.0734 4048  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
21:18:49.0875 4048  AVGIDSAgent - ok
21:18:49.0906 4048  [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
21:18:49.0906 4048  AVGIDSDriver - ok
21:18:49.0921 4048  [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
21:18:49.0921 4048  AVGIDSHX - ok
21:18:49.0937 4048  [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
21:18:49.0937 4048  AVGIDSShim - ok
21:18:49.0953 4048  [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:18:49.0968 4048  Avgldx86 - ok
21:18:49.0968 4048  [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
21:18:49.0968 4048  Avglogx - ok
21:18:49.0984 4048  [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:18:49.0984 4048  Avgmfx86 - ok
21:18:49.0984 4048  [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:18:49.0984 4048  Avgrkx86 - ok
21:18:50.0000 4048  [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:18:50.0000 4048  Avgtdix - ok
21:18:50.0031 4048  [ 3001E24F340D400BFF85935E5777FC5B ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
21:18:50.0031 4048  avgtp - ok
21:18:50.0062 4048  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
21:18:50.0062 4048  avgwd - ok
21:18:50.0093 4048  [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
21:18:50.0093 4048  bcm4sbxp - ok
21:18:50.0125 4048  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
21:18:50.0125 4048  Beep - ok
21:18:50.0140 4048  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
21:18:50.0156 4048  BITS - ok
21:18:50.0171 4048  Bonjour Service - ok
21:18:50.0187 4048  [ F4BA084CBDE9B67C57BC7891C0225EA8 ] BOT4Service     C:\Program Files\Roxio\BackOnTrack\App\BService.exe
21:18:50.0187 4048  BOT4Service - ok
21:18:50.0203 4048  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
21:18:50.0218 4048  Browser - ok
21:18:50.0234 4048  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
21:18:50.0250 4048  cbidf2k - ok
21:18:50.0265 4048  [ ED5411A69C5BAC78D245C893AF64352A ] cbVSCService    C:\Program Files\Cobian Backup 10\cbVSCService.exe
21:18:50.0265 4048  cbVSCService - ok
21:18:50.0281 4048  cd20xrnt - ok
21:18:50.0296 4048  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
21:18:50.0296 4048  Cdaudio - ok
21:18:50.0312 4048  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
21:18:50.0312 4048  Cdfs - ok
21:18:50.0328 4048  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:18:50.0343 4048  Cdrom - ok
21:18:50.0343 4048  Changer - ok
21:18:50.0359 4048  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
21:18:50.0359 4048  CiSvc - ok
21:18:50.0390 4048  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
21:18:50.0390 4048  ClipSrv - ok
21:18:50.0437 4048  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:18:50.0437 4048  clr_optimization_v2.0.50727_32 - ok
21:18:50.0468 4048  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:18:50.0515 4048  clr_optimization_v4.0.30319_32 - ok
21:18:50.0515 4048  CmdIde - ok
21:18:50.0515 4048  COMSysApp - ok
21:18:50.0531 4048  Cpqarray - ok
21:18:50.0546 4048  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
21:18:50.0546 4048  CryptSvc - ok
21:18:50.0562 4048  dac2w2k - ok
21:18:50.0562 4048  dac960nt - ok
21:18:50.0593 4048  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
21:18:50.0609 4048  DcomLaunch - ok
21:18:50.0656 4048  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
21:18:50.0656 4048  Dhcp - ok
21:18:50.0671 4048  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
21:18:50.0671 4048  Disk - ok
21:18:50.0671 4048  dmadmin - ok
21:18:50.0718 4048  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
21:18:50.0750 4048  dmboot - ok
21:18:50.0781 4048  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
21:18:50.0781 4048  dmio - ok
21:18:50.0796 4048  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
21:18:50.0812 4048  dmload - ok
21:18:50.0812 4048  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
21:18:50.0812 4048  dmserver - ok
21:18:50.0828 4048  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
21:18:50.0843 4048  DMusic - ok
21:18:50.0859 4048  [ D2EE54CDBCED01D48F2B18642BE79A98 ] DNINDIS5        C:\WINDOWS\system32\DNINDIS5.SYS
21:18:50.0859 4048  DNINDIS5 - ok
21:18:50.0890 4048  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
21:18:50.0890 4048  Dnscache - ok
21:18:50.0921 4048  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
21:18:50.0921 4048  Dot3svc - ok
21:18:50.0921 4048  dpti2o - ok
21:18:50.0937 4048  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
21:18:50.0937 4048  drmkaud - ok
21:18:50.0968 4048  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
21:18:50.0968 4048  EapHost - ok
21:18:51.0000 4048  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
21:18:51.0000 4048  ERSvc - ok
21:18:51.0031 4048  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
21:18:51.0031 4048  Eventlog - ok
21:18:51.0062 4048  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
21:18:51.0062 4048  EventSystem - ok
21:18:51.0078 4048  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
21:18:51.0078 4048  Fastfat - ok
21:18:51.0109 4048  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:18:51.0109 4048  FastUserSwitchingCompatibility - ok
21:18:51.0125 4048  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
21:18:51.0125 4048  Fdc - ok
21:18:51.0140 4048  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
21:18:51.0140 4048  Fips - ok
21:18:51.0156 4048  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:18:51.0156 4048  Flpydisk - ok
21:18:51.0171 4048  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
21:18:51.0187 4048  FltMgr - ok
21:18:51.0250 4048  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:18:51.0250 4048  FontCache3.0.0.0 - ok
21:18:51.0265 4048  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:18:51.0265 4048  Fs_Rec - ok
21:18:51.0296 4048  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:18:51.0296 4048  Ftdisk - ok
21:18:51.0328 4048  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:18:51.0328 4048  GEARAspiWDM - ok
21:18:51.0343 4048  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:18:51.0343 4048  Gpc - ok
21:18:51.0359 4048  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:18:51.0359 4048  HDAudBus - ok
21:18:51.0390 4048  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:18:51.0390 4048  helpsvc - ok
21:18:51.0421 4048  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
21:18:51.0437 4048  HidServ - ok
21:18:51.0453 4048  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:18:51.0453 4048  hidusb - ok
21:18:51.0484 4048  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
21:18:51.0484 4048  hkmsvc - ok
21:18:51.0484 4048  hpn - ok
21:18:51.0531 4048  [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
21:18:51.0531 4048  HSFHWBS2 - ok
21:18:51.0593 4048  [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP          C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
21:18:51.0609 4048  HSF_DP - ok
21:18:51.0640 4048  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
21:18:51.0640 4048  HTTP - ok
21:18:51.0687 4048  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
21:18:51.0687 4048  HTTPFilter - ok
21:18:51.0703 4048  i2omgmt - ok
21:18:51.0703 4048  i2omp - ok
21:18:51.0734 4048  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
21:18:51.0734 4048  i8042prt - ok
21:18:51.0781 4048  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:18:51.0796 4048  IDriverT - ok
21:18:51.0875 4048  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:18:51.0906 4048  idsvc - ok
21:18:51.0921 4048  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
21:18:51.0921 4048  Imapi - ok
21:18:51.0937 4048  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
21:18:51.0937 4048  ImapiService - ok
21:18:51.0953 4048  ini910u - ok
21:18:51.0968 4048  IntelIde - ok
21:18:51.0984 4048  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
21:18:52.0000 4048  ip6fw - ok
21:18:52.0031 4048  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:18:52.0031 4048  IpFilterDriver - ok
21:18:52.0031 4048  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:18:52.0046 4048  IpInIp - ok
21:18:52.0062 4048  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:18:52.0062 4048  IpNat - ok
21:18:52.0109 4048  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:18:52.0109 4048  iPod Service - ok
21:18:52.0125 4048  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:18:52.0125 4048  IPSec - ok
21:18:52.0140 4048  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
21:18:52.0140 4048  IRENUM - ok
21:18:52.0156 4048  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:18:52.0156 4048  isapnp - ok
21:18:52.0234 4048  [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
21:18:52.0234 4048  JavaQuickStarterService - ok
21:18:52.0234 4048  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:18:52.0234 4048  Kbdclass - ok
21:18:52.0250 4048  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:18:52.0250 4048  kbdhid - ok
21:18:52.0265 4048  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
21:18:52.0281 4048  kmixer - ok
21:18:52.0296 4048  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
21:18:52.0296 4048  KSecDD - ok
21:18:52.0328 4048  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
21:18:52.0328 4048  lanmanserver - ok
21:18:52.0343 4048  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:18:52.0359 4048  lanmanworkstation - ok
21:18:52.0359 4048  lbrtfdc - ok
21:18:52.0375 4048  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
21:18:52.0375 4048  LmHosts - ok
21:18:52.0390 4048  McComponentHostService - ok
21:18:52.0406 4048  [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:18:52.0406 4048  mdmxsdk - ok
21:18:52.0421 4048  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
21:18:52.0421 4048  Messenger - ok
21:18:52.0468 4048  Microsoft SharePoint Workspace Audit Service - ok
21:18:52.0484 4048  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
21:18:52.0484 4048  mnmdd - ok
21:18:52.0515 4048  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
21:18:52.0515 4048  mnmsrvc - ok
21:18:52.0515 4048  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
21:18:52.0515 4048  Modem - ok
21:18:52.0531 4048  [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
21:18:52.0531 4048  MODEMCSA - ok
21:18:52.0546 4048  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:18:52.0546 4048  Mouclass - ok
21:18:52.0578 4048  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:18:52.0578 4048  mouhid - ok
21:18:52.0609 4048  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
21:18:52.0609 4048  MountMgr - ok
21:18:52.0609 4048  mraid35x - ok
21:18:52.0671 4048  [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:18:52.0671 4048  MREMP50 - ok
21:18:52.0687 4048  MREMPR5 - ok
21:18:52.0687 4048  MRENDIS5 - ok
21:18:52.0703 4048  [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:18:52.0703 4048  MRESP50 - ok
21:18:52.0734 4048  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:18:52.0734 4048  MRxDAV - ok
21:18:52.0765 4048  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:18:52.0796 4048  MRxSmb - ok
21:18:52.0843 4048  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
21:18:52.0843 4048  MSDTC - ok
21:18:52.0843 4048  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:18:52.0843 4048  Msfs - ok
21:18:52.0859 4048  MSIServer - ok
21:18:52.0875 4048  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:18:52.0875 4048  MSKSSRV - ok
21:18:52.0906 4048  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:18:52.0906 4048  MSPCLOCK - ok
21:18:52.0937 4048  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
21:18:52.0937 4048  MSPQM - ok
21:18:52.0953 4048  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:18:52.0968 4048  mssmbios - ok
21:18:52.0984 4048  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
21:18:52.0984 4048  Mup - ok
21:18:53.0031 4048  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
21:18:53.0062 4048  napagent - ok
21:18:53.0062 4048  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
21:18:53.0062 4048  NDIS - ok
21:18:53.0093 4048  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:18:53.0093 4048  NdisTapi - ok
21:18:53.0109 4048  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:18:53.0109 4048  Ndisuio - ok
21:18:53.0125 4048  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:18:53.0125 4048  NdisWan - ok
21:18:53.0140 4048  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
21:18:53.0140 4048  NDProxy - ok
21:18:53.0156 4048  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
21:18:53.0156 4048  NetBIOS - ok
21:18:53.0171 4048  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
21:18:53.0171 4048  NetBT - ok
21:18:53.0203 4048  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
21:18:53.0203 4048  NetDDE - ok
21:18:53.0203 4048  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
21:18:53.0203 4048  NetDDEdsdm - ok
21:18:53.0234 4048  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
21:18:53.0234 4048  Netlogon - ok
21:18:53.0265 4048  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
21:18:53.0265 4048  Netman - ok
21:18:53.0296 4048  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:18:53.0296 4048  NetTcpPortSharing - ok
21:18:53.0328 4048  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
21:18:53.0328 4048  Nla - ok
21:18:53.0328 4048  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:18:53.0328 4048  Npfs - ok
21:18:53.0359 4048  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:18:53.0359 4048  Ntfs - ok
21:18:53.0375 4048  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
21:18:53.0375 4048  NtLmSsp - ok
21:18:53.0406 4048  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
21:18:53.0421 4048  NtmsSvc - ok
21:18:53.0468 4048  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:18:53.0468 4048  Null - ok
21:18:53.0796 4048  [ 7C56F3FD65B2BDB315CA3605A5392D7B ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:18:53.0890 4048  nv - ok
21:18:53.0906 4048  [ 52DCE3B30C9D61C8E20FE3C6DA4BDFB7 ] nvgts           C:\WINDOWS\system32\DRIVERS\nvgts.sys
21:18:53.0906 4048  nvgts - ok
21:18:53.0937 4048  [ 8D64B827A6709C3D18F855619D7D89E9 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
21:18:53.0937 4048  NVSvc - ok
21:18:54.0015 4048  [ A9AFE5B0648C8D7A411A72D8222F7F6E ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:18:54.0078 4048  nvUpdatusService - ok
21:18:54.0093 4048  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:18:54.0093 4048  NwlnkFlt - ok
21:18:54.0109 4048  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:18:54.0109 4048  NwlnkFwd - ok
21:18:54.0140 4048  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:18:54.0140 4048  ose - ok
21:18:54.0296 4048  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:18:54.0406 4048  osppsvc - ok
21:18:54.0437 4048  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
21:18:54.0453 4048  Parport - ok
21:18:54.0453 4048  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
21:18:54.0453 4048  PartMgr - ok
21:18:54.0484 4048  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
21:18:54.0484 4048  ParVdm - ok
21:18:54.0515 4048  [ 671E4992795AEC98BE354CF730ADD449 ] pcCMService     C:\Program Files\Common Files\Motive\pcCMService.exe
21:18:54.0531 4048  pcCMService - ok
21:18:54.0546 4048  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
21:18:54.0546 4048  PCI - ok
21:18:54.0562 4048  PCIDump - ok
21:18:54.0578 4048  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
21:18:54.0593 4048  PCIIde - ok
21:18:54.0609 4048  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
21:18:54.0609 4048  Pcmcia - ok
21:18:54.0625 4048  PDCOMP - ok
21:18:54.0625 4048  PDFRAME - ok
21:18:54.0640 4048  PDRELI - ok
21:18:54.0640 4048  PDRFRAME - ok
21:18:54.0656 4048  perc2 - ok
21:18:54.0656 4048  perc2hib - ok
21:18:54.0703 4048  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
21:18:54.0703 4048  PlugPlay - ok
21:18:54.0718 4048  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
21:18:54.0718 4048  PolicyAgent - ok
21:18:54.0718 4048  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:18:54.0734 4048  PptpMiniport - ok
21:18:54.0734 4048  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
21:18:54.0750 4048  Processor - ok
21:18:54.0750 4048  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:18:54.0750 4048  ProtectedStorage - ok
21:18:54.0765 4048  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
21:18:54.0765 4048  PSched - ok
21:18:54.0781 4048  [ 68B57D7C11277EA89F78255480376B4D ] PSI             C:\WINDOWS\system32\DRIVERS\psi_mf_x86.sys
21:18:54.0781 4048  PSI - ok
21:18:54.0796 4048  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:18:54.0796 4048  Ptilink - ok
21:18:54.0812 4048  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:18:54.0812 4048  PxHelp20 - ok
21:18:54.0828 4048  ql1080 - ok
21:18:54.0828 4048  Ql10wnt - ok
21:18:54.0859 4048  ql12160 - ok
21:18:54.0875 4048  ql1240 - ok
21:18:54.0875 4048  ql1280 - ok
21:18:54.0890 4048  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:18:54.0890 4048  RasAcd - ok
21:18:54.0906 4048  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
21:18:54.0906 4048  RasAuto - ok
21:18:54.0906 4048  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:18:54.0921 4048  Rasl2tp - ok
21:18:54.0953 4048  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:18:54.0953 4048  RasMan - ok
21:18:54.0968 4048  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:18:54.0968 4048  RasPppoe - ok
21:18:54.0968 4048  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
21:18:54.0968 4048  Raspti - ok
21:18:55.0000 4048  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:18:55.0000 4048  Rdbss - ok
21:18:55.0000 4048  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:18:55.0000 4048  RDPCDD - ok
21:18:55.0046 4048  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
21:18:55.0046 4048  RDPWD - ok
21:18:55.0078 4048  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
21:18:55.0078 4048  RDSessMgr - ok
21:18:55.0093 4048  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
21:18:55.0093 4048  redbook - ok
21:18:55.0125 4048  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:18:55.0125 4048  RemoteAccess - ok
21:18:55.0218 4048  [ 053A0D66B1982D93A20062E4DA40B29B ] RoxMediaDB13    C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
21:18:55.0265 4048  RoxMediaDB13 - ok
21:18:55.0328 4048  [ 495C85B15470374A9499451893742EE6 ] RoxWatch12      C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
21:18:55.0343 4048  RoxWatch12 - ok
21:18:55.0359 4048  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
21:18:55.0359 4048  RpcLocator - ok
21:18:55.0390 4048  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
21:18:55.0390 4048  RpcSs - ok
21:18:55.0437 4048  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
21:18:55.0437 4048  RSVP - ok
21:18:55.0453 4048  [ 0B2D5D2341437D7D7E1A6C7BBCE3786A ] SahdIa32        C:\WINDOWS\system32\Drivers\SahdIa32.sys
21:18:55.0453 4048  SahdIa32 - ok
21:18:55.0484 4048  [ 7A5F65B16249AF2BC9D18D815F5D7172 ] SaibIa32        C:\WINDOWS\system32\Drivers\SaibIa32.sys
21:18:55.0484 4048  SaibIa32 - ok
21:18:55.0515 4048  [ E333C9515822DE586A3FF759A0C9B7BF ] SaibVd32        C:\WINDOWS\system32\Drivers\SaibVd32.sys
21:18:55.0515 4048  SaibVd32 - ok
21:18:55.0546 4048  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
21:18:55.0546 4048  SamSs - ok
21:18:55.0578 4048  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:18:55.0578 4048  SASDIFSV - ok
21:18:55.0578 4048  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:18:55.0593 4048  SASKUTIL - ok
21:18:55.0609 4048  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
21:18:55.0609 4048  SCardSvr - ok
21:18:55.0640 4048  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:18:55.0640 4048  Schedule - ok
21:18:55.0687 4048  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:18:55.0687 4048  Secdrv - ok
21:18:55.0703 4048  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
21:18:55.0703 4048  seclogon - ok
21:18:55.0765 4048  [ 05E383849FA1FBBBC160612B0080618C ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
21:18:55.0796 4048  Secunia PSI Agent - ok
21:18:55.0812 4048  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
21:18:55.0812 4048  SENS - ok
21:18:55.0875 4048  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
21:18:55.0875 4048  Serial - ok
21:18:55.0921 4048  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
21:18:55.0921 4048  Sfloppy - ok
21:18:55.0968 4048  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
21:18:55.0984 4048  SharedAccess - ok
21:18:56.0015 4048  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:18:56.0015 4048  ShellHWDetection - ok
21:18:56.0015 4048  Simbad - ok
21:18:56.0031 4048  Sparrow - ok
21:18:56.0062 4048  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
21:18:56.0062 4048  splitter - ok
21:18:56.0078 4048  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
21:18:56.0078 4048  Spooler - ok
21:18:56.0093 4048  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
21:18:56.0093 4048  sr - ok
21:18:56.0109 4048  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
21:18:56.0109 4048  srservice - ok
21:18:56.0140 4048  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
21:18:56.0140 4048  Srv - ok
21:18:56.0171 4048  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
21:18:56.0187 4048  SSDPSRV - ok
21:18:56.0234 4048  [ 8990440E4B2A7CA5A56A1833B03741FD ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
21:18:56.0234 4048  STHDA - ok
21:18:56.0265 4048  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
21:18:56.0281 4048  stisvc - ok
21:18:56.0296 4048  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
21:18:56.0296 4048  swenum - ok
21:18:56.0312 4048  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
21:18:56.0312 4048  swmidi - ok
21:18:56.0312 4048  SwPrv - ok
21:18:56.0328 4048  symc810 - ok
21:18:56.0328 4048  symc8xx - ok
21:18:56.0328 4048  sym_hi - ok
21:18:56.0343 4048  sym_u3 - ok
21:18:56.0359 4048  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
21:18:56.0359 4048  sysaudio - ok
21:18:56.0375 4048  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
21:18:56.0375 4048  SysmonLog - ok
21:18:56.0390 4048  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
21:18:56.0406 4048  TapiSrv - ok
21:18:56.0437 4048  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:18:56.0437 4048  Tcpip - ok
21:18:56.0453 4048  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
21:18:56.0453 4048  TDPIPE - ok
21:18:56.0484 4048  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
21:18:56.0484 4048  TDTCP - ok
21:18:56.0500 4048  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
21:18:56.0500 4048  TermDD - ok
21:18:56.0531 4048  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
21:18:56.0531 4048  TermService - ok
21:18:56.0531 4048  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
21:18:56.0546 4048  Themes - ok
21:18:56.0546 4048  TosIde - ok
21:18:56.0578 4048  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
21:18:56.0578 4048  TrkWks - ok
21:18:56.0625 4048  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
21:18:56.0640 4048  Udfs - ok
21:18:56.0640 4048  ultra - ok
21:18:56.0671 4048  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
21:18:56.0687 4048  Update - ok
21:18:56.0718 4048  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:18:56.0718 4048  upnphost - ok
21:18:56.0734 4048  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
21:18:56.0734 4048  UPS - ok
21:18:56.0781 4048  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
21:18:56.0781 4048  USBAAPL - ok
21:18:56.0812 4048  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:18:56.0812 4048  usbccgp - ok
21:18:56.0843 4048  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:18:56.0843 4048  usbehci - ok
21:18:56.0843 4048  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:18:56.0843 4048  usbhub - ok
21:18:56.0875 4048  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:18:56.0875 4048  usbohci - ok
21:18:56.0890 4048  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:18:56.0890 4048  usbprint - ok
21:18:56.0937 4048  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:18:56.0937 4048  usbscan - ok
21:18:56.0953 4048  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:18:56.0953 4048  USBSTOR - ok
21:18:56.0968 4048  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
21:18:56.0968 4048  VgaSave - ok
21:18:56.0968 4048  ViaIde - ok
21:18:56.0968 4048  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
21:18:56.0968 4048  VolSnap - ok
21:18:57.0015 4048  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
21:18:57.0031 4048  VSS - ok
21:18:57.0031 4048  vToolbarUpdater12.2.6 - ok
21:18:57.0046 4048  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
21:18:57.0062 4048  W32Time - ok
21:18:57.0078 4048  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:18:57.0078 4048  Wanarp - ok
21:18:57.0125 4048  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
21:18:57.0156 4048  Wdf01000 - ok
21:18:57.0156 4048  WDICA - ok
21:18:57.0171 4048  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
21:18:57.0171 4048  wdmaud - ok
21:18:57.0203 4048  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
21:18:57.0218 4048  WebClient - ok
21:18:57.0265 4048  [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:18:57.0281 4048  winachsf - ok
21:18:57.0343 4048  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
21:18:57.0359 4048  winmgmt - ok
21:18:57.0406 4048  [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB          C:\WINDOWS\system32\DRIVERS\WinUSB.sys
21:18:57.0406 4048  WinUSB - ok
21:18:57.0437 4048  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
21:18:57.0437 4048  WmdmPmSN - ok
21:18:57.0468 4048  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:18:57.0468 4048  WmiApSrv - ok
21:18:57.0484 4048  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:18:57.0484 4048  WpdUsb - ok
21:18:57.0640 4048  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:18:57.0671 4048  WPFFontCache_v0400 - ok
21:18:57.0703 4048  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:18:57.0703 4048  WS2IFSL - ok
21:18:57.0734 4048  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
21:18:57.0734 4048  wscsvc - ok
21:18:57.0765 4048  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
21:18:57.0765 4048  wuauserv - ok
21:18:57.0781 4048  [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:18:57.0781 4048  WudfPf - ok
21:18:57.0796 4048  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:18:57.0796 4048  WudfRd - ok
21:18:57.0812 4048  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
21:18:57.0812 4048  WudfSvc - ok
21:18:57.0859 4048  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
21:18:57.0875 4048  WZCSVC - ok
21:18:57.0906 4048  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
21:18:57.0906 4048  xmlprov - ok
21:18:57.0953 4048  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:18:57.0984 4048  YahooAUService - ok
21:18:57.0984 4048  zumbus - ok
21:18:58.0000 4048  ================ Scan global ===============================
21:18:58.0015 4048  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:18:58.0046 4048  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
21:18:58.0062 4048  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
21:18:58.0078 4048  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:18:58.0078 4048  [Global] - ok
21:18:58.0078 4048  ================ Scan MBR ==================================
21:18:58.0093 4048  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:18:58.0359 4048  \Device\Harddisk0\DR0 - ok
21:18:58.0375 4048  ================ Scan VBR ==================================
21:18:58.0375 4048  [ DE4C8E9BC844B66C6E9F9267F6A62739 ] \Device\Harddisk0\DR0\Partition1
21:18:58.0375 4048  \Device\Harddisk0\DR0\Partition1 - ok
21:18:58.0375 4048  ============================================================
21:18:58.0375 4048  Scan finished
21:18:58.0375 4048  ============================================================
21:18:58.0390 2964  Detected object count: 0
21:18:58.0390 2964  Actual detected object count: 0
21:19:15.0921 4052  Deinitialize success

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.09.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Family :: DELL-GB54B81JG8 [administrator]

8/9/2013 11:22:45 AM
mbam-log-2013-08-09 (11-22-45).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 446460
Time elapsed: 1 hour(s), 30 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Documents and Settings\Family\Local Settings\Temp\1FYIG2Va.exe.part (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\B3A0+D1v.exe.part (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Temp\nVC27etY.exe.part (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\My Documents\Downloads\setup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.

(end)

 

Rkill 2.5.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/09/2013 11:19:43 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

 * RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 08/09/2013 11:20:36 AM
Execution time: 0 hours(s), 0 minute(s), and 53 seconds(s)
 

 

 

 


What is thy bidding? My Master?

#4 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 10 August 2013 - 04:06 AM

Let's look very deep for something.. 

 

Download Malwarebytes Anti-Rootkit from HERE to your Desktop.

  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

Edited by GodfatherKing, 10 August 2013 - 04:06 AM.

If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#5 jaysnzees

jaysnzees
  • Topic Starter

  • Members
  • 310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:02:37 PM

Posted 10 August 2013 - 11:58 AM

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.10.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Family :: DELL-GB54B81JG8 [administrator]

8/10/2013 11:42:02 AM
mbar-log-2013-08-10 (11-42-02).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 350432
Time elapsed: 10 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.004000 GHz
Memory total: 3689328640, free: 2713772032

Downloaded database version: v2013.08.08.01
Downloaded database version: v2013.08.08.02
Downloaded database version: v2013.08.08.03
Downloaded database version: v2013.08.08.04
Downloaded database version: v2013.08.08.05
Downloaded database version: v2013.08.08.06
Downloaded database version: v2013.08.08.07
Downloaded database version: v2013.08.09.01
Downloaded database version: v2013.08.09.02
Downloaded database version: v2013.08.09.03
Downloaded database version: v2013.08.09.04
Downloaded database version: v2013.08.09.05
Downloaded database version: v2013.08.09.06
Downloaded database version: v2013.08.09.07
Downloaded database version: v2013.08.10.01
Downloaded database version: v2013.08.10.02
Initializing...
------------ Kernel report ------------
     08/10/2013 11:41:49
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ocugypfa.sys
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
nvgts.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
SaibIa32.sys
SahdIa32.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\SystemRoot\System32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\HSFHWBS2.sys
\SystemRoot\system32\DRIVERS\HSF_DP.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\System32\Drivers\SaibVd32.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvgts.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\WudfPf.sys
\SystemRoot\system32\DRIVERS\AegisP.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\psi_mf_x86.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8af22ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Scsi\nvgts1Port0Path0Target0Lun0\
Lower Device Object: 0xffffffff8af1a440
Lower Device Driver Name: \Driver\nvgts\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8af22ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ae8a810, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8af22ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8af22020, DeviceName: Unknown, DriverName: \Driver\SahdIa32\
DevicePointer: 0xffffffff8afc17f0, DeviceName: \Device\00000067\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8af1a440, DeviceName: \Device\Scsi\nvgts1Port0Path0Target0Lun0\, DriverName: \Driver\nvgts\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D262D262

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 488375937
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Read File:  File "c:\documents and settings\all users\application data\avg2013\chjw\ec43c01c43bea1b.dat:0c01ac11-83e8-4800-8bd7-333dd916d42b" is sparse (flags = 32768)
Scan finished
=======================================


Removal queue found; removal started
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
 

 


What is thy bidding? My Master?

#6 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 10 August 2013 - 12:16 PM

That's clean, still redericting issues? 

 

===

 

 

:step1: My advice is to keep your computer up to date with Windows Updates, Java and Adobe Reader and Flash Player.

 

:step2: Use WOT to inspect sites if they are safe or not :http://www.mywot.com/

 

:step3: A good working AntiVirus is also important. I personally advice Avast free or Avira. MSE it's detection is not so great.

 

:step4: Let's check how good your security is:

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


Edited by GodfatherKing, 10 August 2013 - 12:17 PM.

If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#7 jaysnzees

jaysnzees
  • Topic Starter

  • Members
  • 310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:02:37 PM

Posted 11 August 2013 - 01:19 PM

I use WOT already.  I still get redirects to update Flash Player or 7Zip or some work from home site.  I got at least three things telling me to install this and that while I was trying to install Security Check.

 

I have AVG as recommended by someone from BC, another told me that the only thing I need is Windows to keep virus free.  I thought that virus protection stunk. 

 

I read good things about Avast so me thinks I'm gonna try that.

 

 

 

Results of screen317's Security Check version 0.99.72  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 AVG 2013     
 ESET Online Scanner v3   
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware     
 Secunia PSI (3.0.0.7011)   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 JavaFX 2.1.1    
 Java 7 Update 25  
 Adobe Flash Player     11.8.800.94  
 Adobe Reader XI  
 Mozilla Firefox 22.0 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 33% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 


What is thy bidding? My Master?

#8 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 11 August 2013 - 01:29 PM

 Let's check or something shows up:

 

:step1: Download Emsisoft Emergency Kit

  • Open EmsisoftEmergencyKit by  double-click Start.exe.
  • A new window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Deep Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply

 

:step2: Download SUPERAntiSpyware Free (aka SAS)

  •  Double-click SAS -setup.exe and follow the prompts to install the program.
  • At the end, be sure to Check for Updates to be sure it is current
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log back here.
  • Be sure to reboot the computer after you post the log.

:step3: Update Firefox.

 

:step4: If your computer has a HDD, defragment it soon. (Do NOT defrag if SSD!)


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#9 jaysnzees

jaysnzees
  • Topic Starter

  • Members
  • 310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:02:37 PM

Posted 12 August 2013 - 08:42 PM

I have updated Firefox, I run an old Dell and use Windows xp so I hope it can handle it. 

 

I have defraged through an AVG program last night, but will run the defrag program on Windows also later.

 

 

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/12/2013 at 08:39 PM

Application Version : 5.6.1020

Core Rules Database Version : 10685
Trace Rules Database Version: 8497

Scan type       : Quick Scan
Total Scan Time : 00:03:23

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 596
Memory threats detected   : 0
Registry items scanned    : 38947
Registry threats detected : 0
File items scanned        : 6715
File threats detected     : 0

 

Emsisoft Emergency Kit - Version 4.0
Last update: 8/12/2013 7:12:02 PM
User account: DELL-GB54B81JG8\Family

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\

Detect Riskware: Off
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    8/12/2013 7:15:41 PM
C:\WINDOWS\system32\videocapx.ocx     detected: Trace.File.EasyFreeWebCam (A)
Key: HKEY_USERS\S-1-5-21-1177238915-651377827-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SMART FORTRESS 2012     detected: Trace.Registry.SmartFortress2012 (A)
C:\Program Files\LessTabs\IE32\LessTabsClientIE.dll     detected: Adware.Lesstabs.A (B)
C:\TDSSKiller_Quarantine\10.06.2012_02.57.34\tdlfs0000\tsk0004.dta     detected: Rootkit.Win32.TDSS (A)

Scanned    435341
Found    4

Scan end:    8/12/2013 8:27:09 PM
Scan time:    1:11:28

C:\TDSSKiller_Quarantine\10.06.2012_02.57.34\tdlfs0000\tsk0004.dta    Quarantined Rootkit.Win32.TDSS (A)
C:\Program Files\LessTabs\IE32\LessTabsClientIE.dll    Quarantined Adware.Lesstabs.A (B)
Key: HKEY_USERS\S-1-5-21-1177238915-651377827-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SMART FORTRESS 2012    Quarantined Trace.Registry.SmartFortress2012 (A)
C:\WINDOWS\system32\videocapx.ocx    Quarantined Trace.File.EasyFreeWebCam (A)

Quarantined    4
 

 

 


What is thy bidding? My Master?

#10 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 13 August 2013 - 02:19 AM

:step1: Use AdwCleaner 

 

       http://www.bleepingcomputer.com/download/adwcleaner/

       

    Note: Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable/DisableAskDetections before using AdwCleaner.

 

  • Using AdwCleaner is very simple. Simply download the program and run it.  You will then be presented with a screen that contains a Search and Delete button.  The Search button will cause AdwCleaner to search your computer for unwanted programs and then display a log showing the various files, folders, and registry entries used by these programs.
     
  • To delete these unwanted programs simply click on the Delete button, which will cause AdwCleaner to reboot your computer and remove the files and registry entries associated with the various adware that you are removing.  On reboot, AdwCleaner will display a log showing the files, folders, and registry entries that were removed.

Post the log.

 

==

 

Are you still experiencing issues with redirecting? 


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#11 jaysnzees

jaysnzees
  • Topic Starter

  • Members
  • 310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:02:37 PM

Posted 13 August 2013 - 11:52 AM

Well I'm snagged. Upgrading Firefix has rendered the PC useless. I had an older version of Firefox for this reason. I'm trying to install an older version if Firefox at the moment.
What is thy bidding? My Master?

#12 jaysnzees

jaysnzees
  • Topic Starter

  • Members
  • 310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:02:37 PM

Posted 13 August 2013 - 12:59 PM

# AdwCleaner v2.306 - Logfile created 08/13/2013 at 12:43:37
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Family - DELL-GB54B81JG8
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Family\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : CltMngSvc

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\37toj65q.default\searchplugins\Conduit.xml
File Deleted : C:\END
Folder Deleted : C:\Documents and Settings\Family\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Family\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Family\Local Settings\Application Data\internethelper3.1
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\internethelper3.1
Folder Deleted : C:\Program Files\SearchProtect

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\InternetHelper3.1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311321154}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311321154}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322322254}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033254.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033254.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033254.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033254.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355325554}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366326654}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344324454}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InternetHelper3.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C02A743-F164-47A0-8355-17178061ED13}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B205A97-85A1-4399-A4ED-BB97D1DBAF6A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311321154}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311321154}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper3.1 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\Software\SearchProtect
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource=61&CUI=UN41060787802941013&UM=2&UP=SP3AA2548E-5118-4E91-8DD7-CD756863C0C1&SSPV=TB_CS7 --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\37toj65q.default\prefs.js

Deleted : user_pref("CT3289663_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289663&octid=CT328966[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "InternetHelper3.1 Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289663");
Deleted : user_pref("browser.search.defaultenginename", "InternetHelper3.1 Customized Web Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "InternetHelper3.1 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&CUI[...]
Deleted : user_pref("browser.search.selectedEngine", "InternetHelper3.1 Customized Web Search");
Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]
Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]
Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]
Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]
Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.machineId", "+LREBHJDD0ZB0EMJ3PHW4S62JVP6HVQYKCRKV7XTXEHRR1UGRGALUQEWAEWJ1ZZCFVC[...]

File : C:\Documents and Settings\test\Application Data\Mozilla\Firefox\Profiles\hitjag7g.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Jayydennn'sss\Application Data\Mozilla\Firefox\Profiles\cmv1yy6b.default\prefs.js

Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]
Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]
Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]
Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]
Deleted : user_pref("extensions.a588a2804b11d4809963ba886d1e8684e416c890211404f759037bf86b99379dbcom33254.3325[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Jayydennn'sss\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9289 octets] - [13/08/2013 12:36:47]
AdwCleaner[R2].txt - [9924 octets] - [13/08/2013 12:42:52]
AdwCleaner[S1].txt - [1818 octets] - [18/10/2012 21:01:40]
AdwCleaner[S2].txt - [30673 octets] - [18/07/2013 08:26:31]
AdwCleaner[S3].txt - [9148 octets] - [13/08/2013 12:43:37]

########## EOF - C:\AdwCleaner[S3].txt - [9208 octets] ##########

 


What is thy bidding? My Master?

#13 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 17 August 2013 - 04:05 AM

Still issues? 


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#14 jaysnzees

jaysnzees
  • Topic Starter

  • Members
  • 310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:02:37 PM

Posted 19 August 2013 - 07:54 AM

Yes I'm still having the same issue. Currently my Internet is off. Scheduled to be re installed Wednesday. But nothing has changed.
What is thy bidding? My Master?

#15 jaysnzees

jaysnzees
  • Topic Starter

  • Members
  • 310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:02:37 PM

Posted 22 August 2013 - 09:41 PM

I have my internet working again.  I have opened a new profile or whatever you call it on MY pc.  Logged on as a different user and NONE of the issues are on this user's profile.   I'm not sure if that helps or not, but if its narrowed down to that one profile, what does that tell you?


What is thy bidding? My Master?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users