Jump to content

Recommended Posts

  • Replies 60
  • Created
  • Last Reply

Top Posters In This Topic

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2

Run by Kym at 17:21:09 on 2013-08-01

Microsoft Windows XP Professional  5.1.2600.3.1252.61.1033.18.3069.1761 [GMT 10:00]

.

AV: F-PROT Antivirus for Windows *Enabled/Updated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

.

============== Running Processes ================

.

C:\windows\system32\Ati2evxx.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\WINDOWS\ATKKBService.exe

C:\windows\system32\cisvc.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\windows\System32\alg.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\system32\Ati2evxx.exe

C:\windows\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Plantronics\PlantronicsURE\PlantronicsURE.exe

C:\Program Files\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe

C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\windows\system32\ctfmon.exe

C:\Temp\JobMonitor\JobMonitor.exe

C:\Documents and Settings\Kym.WISE\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\windows\system32\cidaemon.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k rpcss

C:\windows\System32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.



uInternet Connection Wizard,ShellNext = iexplore




BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [EFI Job Monitor] c:\windows\system32\rundll32.exe  c:\windows\system32\spool\drivers\w32x86\3\EFJM.dll,run

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\kym.wise\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [TrafficTravisv4] c:\documents and settings\kym.wise\application data\traffic travis v4\TrafficTravisV4.exe

uRun: [News.net] c:\program files\news.net\breakingnews\DesktopContainer.exe

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe"  /autorun

mRun: [PlantronicsURE.exe] c:\program files\plantronics\plantronicsure\PlantronicsURE.exe

mRun: [PlantronicsBatteryStatus.exe] c:\program files\plantronics\plantronicsure\PlantronicsBatteryStatus.exe

mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"

mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\kym~1.wis\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\kym.wise\application data\dropbox\bin\Dropbox.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe



TCP: NameServer = 10.1.1.1

TCP: Interfaces\{DE5BEB9B-12B5-4021-8E3F-3463C2082C03} : DHCPNameServer = 10.1.1.1

TCP: Interfaces\{FB0E3BB5-8B50-4036-8B7F-2CFFF878DD92} : NameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\kym.wise\application data\mozilla\firefox\profiles\2oki8s4w.default\

FF - plugin: c:\documents and settings\kym.wise\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\kym.wise\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\kym.wise\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: c:\program files\abr\plug-in\bin\npAUSkeyPlugin.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\news.net\npapi.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R0 FileLock;FileLock;c:\windows\system32\drivers\FileLock.sys [2011-4-29 35456]

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2012-8-7 704800]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-18 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-30 116608]

R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [2011-10-6 84136]

R2 hl_mull;hl_mull;c:\windows\system32\drivers\hl_mull.sys [2012-8-18 199168]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2013-4-21 12808]

R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\Marxdev1.sys [2009-4-6 11296]

R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\Marxdev2.sys [2009-4-6 11296]

R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\Marxdev3.sys [2009-4-6 11296]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-11 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-10-22 701512]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users.windows\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-11-22 3290304]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2013-1-3 44296]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2013-1-3 12808]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-10-22 22856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]

S3 accessio;Access memory;c:\windows\system32\drivers\accessio.sys [2009-5-29 2905]

S3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2008-12-24 80256]

S3 UFBFilte;UFBFilte;c:\windows\system32\drivers\UFBFilte.sys [2010-9-30 4818]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]

.

=============== Created Last 30 ================

.

2013-07-31 23:17:06 -------- d-----w- c:\documents and settings\kym.wise\application data\MetaCrawler

2013-07-31 23:16:56 -------- d-----w- c:\program files\metaCrawler

2013-07-31 07:56:45 144896 ----a-w- c:\windows\system32\javacpl.cpl

2013-07-31 07:56:38 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-07-31 06:33:28 -------- d-----w- c:\program files\ABR

2013-07-31 05:35:02 -------- d-----w- c:\documents and settings\kym.wise\application data\AUSkey

2013-07-25 17:00:57 -------- d-----w- c:\windows\system32\MRT

2013-07-10 03:20:20 -------- d-----w- C:\ISIS

2013-07-10 03:20:14 246272 ----a-w- c:\windows\UNINST16.EXE

.

==================== Find3M  ====================

.

2013-07-31 07:56:21 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-07-31 07:56:21 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-07-31 05:14:57 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll

2013-06-07 21:56:06 43520 ------w- c:\windows\system32\licmgr10.dll

2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-06-07 13:55:44 385024 ------w- c:\windows\system32\html.iec

2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll

2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys

2013-05-08 14:28:02 1543680 ------w- c:\windows\system32\wmvdecod.dll

2008-05-02 00:42:02 6104632 -c--a-w- c:\program files\picasaweb-current-setup.exe

.

============= FINISH: 17:22:20.79 ===============

 

 

 

Link to post
Share on other sites

RogueKiller V8.6.4 [Jul 29 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Kym [Admin rights]

Mode : Scan -- Date : 08/01/2013 17:47:15

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] JobMonitor.exe -- C:\TEMP\JobMonitor\JobMonitor.exe [-] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 5 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : TrafficTravisv4 (C:\Documents and Settings\Kym.WISE\Application Data\Traffic Travis v4\TrafficTravisV4.exe [-]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-299502267-261903793-725345543-1004\[...]\Run : TrafficTravisv4 (C:\Documents and Settings\Kym.WISE\Application Data\Traffic Travis v4\TrafficTravisV4.exe [-]) -> FOUND

[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 1 ¤¤¤

[V1][sUSP PATH] At1.job : C:\DOCUME~1\KYM~1.WIS\APPLIC~1\METACR~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

[inline] SSDT[41] : NtCreateKey @ 0x804D70CC -> HOOKED (C:\WINDOWS\system32\drivers\aksfridge.sys @ 0xA6924FA7)

[inline] SSDT[119] : NtOpenKey @ 0x804D70D1 -> HOOKED (C:\WINDOWS\system32\drivers\aksfridge.sys @ 0xA691CAB9)

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD2500YS-01SHB0 +++++

--- User ---

[MBR] b3ddf40ca83cc7d5bc10ba2f252316a1

[bSP] 11671baed52b22dade44b64b8630b526 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 156280320 | Size: 163058 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_08012013_174715.txt >>

RKreport[0]_S_07312013_180020.txt

 

 

Link to post
Share on other sites

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites

I may have jumped ahead.

There was nothing that I wanted.

I deleted.

Conduit hijack in IE still continues

Log after delete below

 

# AdwCleaner v2.306 - Logfile created 08/02/2013 at 08:53:12

# Updated 19/07/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Kym - WISE

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Kym.WISE\My Documents\Downloads\adwcleaner (1).exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Deleted : C:\END

Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess

Folder Deleted : C:\Program Files\SearchProtect

Folder Deleted : C:\Program Files\Smartdl

Folder Deleted : C:\Program Files\SweetIM

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Headlight

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\PriceGong

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1

Key Deleted : HKLM\Software\InstallCore

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 


 

-\\ Mozilla Firefox v22.0 (en-US)

 

-\\ Google Chrome v28.0.1500.95

Link to post
Share on other sites

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
MrC
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.2.9 (07.30.2013:1)

OS: Microsoft Windows XP x86

Ran by Kym on Fri 02/08/2013 at  9:50:47.15

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINDOWS\application data\pcfixspeed"

Successfully deleted: [Folder] "C:\Documents and Settings\Kym.WISE\Application Data\24x7 help"

Successfully deleted: [Folder] "C:\Documents and Settings\Kym.WISE\Application Data\pcfixspeed"

Successfully deleted: [Folder] "C:\Documents and Settings\Kym.WISE\Application Data\pricegong"

Successfully deleted: [Folder] "C:\Documents and Settings\Kym.WISE\Application Data\searchprotect"

Successfully deleted: [Folder] "C:\Program Files\24x7help"

Successfully deleted: [Folder] "C:\Program Files\pcfixspeed"

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 02/08/2013 at  9:58:20.06

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to a folder. (32bit version)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-08-2013 01

Ran by Kym (administrator) on 02-08-2013 11:45:52

Running from C:\Documents and Settings\Kym.WISE\My Documents\Downloads

Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

 

==================== Processes (Whitelisted) ===================

 

(ATI Technologies Inc.) C:\windows\system32\Ati2evxx.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

(ASUSTeK COMPUTER INC.) C:\WINDOWS\ATKKBService.exe

(Microsoft Corporation) C:\windows\system32\cisvc.exe

(FRISK Software International) C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

(Skype Technologies S.A.) C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(ATI Technologies Inc.) C:\windows\system32\Ati2evxx.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

(Plantronics, Inc.) C:\Program Files\Plantronics\PlantronicsURE\PlantronicsURE.exe

(Plantronics, Inc.) C:\Program Files\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe

(Adobe Systems Inc.) C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe

(FRISK Software International) C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

(Dropbox, Inc.) C:\Documents and Settings\Kym.WISE\Application Data\Dropbox\bin\Dropbox.exe

() C:\Temp\JobMonitor\JobMonitor.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

(Mirage Audio Visual Media  www.mirage-avm.com) C:\Program Files\CLOX\clox.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\windows\system32\cidaemon.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [ATICCC] - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [45056 2006-01-02] (ATI Technologies Inc.)

HKLM\...\Run: [Google Quick Search Box] - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [68592 2009-06-16] (Google Inc.)

HKLM\...\Run: [PlantronicsURE.exe] - C:\Program Files\Plantronics\PlantronicsURE\PlantronicsURE.exe [625040 2013-02-28] (Plantronics, Inc.)

HKLM\...\Run: [PlantronicsBatteryStatus.exe] - C:\Program Files\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe [356752 2013-02-28] (Plantronics, Inc.)

HKLM\...\Run: [Acrobat Assistant 7.0] - C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)

HKLM\...\Run: [] -  [x]

HKLM\...\Run: [F-PROT Antivirus Tray application] - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe [1674016 2010-11-03] (FRISK Software International)

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2238704 2013-02-21] (Logitech, Inc.)

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]

HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4760816 2013-05-16] (SUPERAntiSpyware.com)

HKCU\...\Run: [EFI Job Monitor] - C:\windows\system32\rundll32.exe [33280 2008-04-14] (Microsoft Corporation)

HKCU\...\Run: [Google Update] - C:\Documents and Settings\Kym.WISE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-03-24] (Google Inc.)

HKCU\...\Run: [TrafficTravisv4] - C:\Documents and Settings\Kym.WISE\Application Data\Traffic Travis v4\TrafficTravisV4.exe [18195968 2013-07-10] ()

HKCU\...\Run: [News.net] - C:\Program Files\News.net\BreakingNews\DesktopContainer.exe [x]

HKU\Guest\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [ 2008-09-06] (Apple Inc.)

HKU\LocalService\...\Run: [hutapomago] - Rundll32.exe "C:\WINDOWS\system32\manososa.dll",s [x]

HKU\NetworkService\...\Run: [hutapomago] - Rundll32.exe "C:\WINDOWS\system32\manososa.dll",s [x]

Startup: C:\Documents and Settings\Kym.WISE\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Kym.WISE\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8


SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab

Handler: ipp - No CLSID Value - 

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

Handler: msdaipp - No CLSID Value - 

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-04] (SuperAdBlocker.com)

Tcpip\Parameters: [DhcpNameServer] 10.1.1.1

Tcpip\..\Interfaces\{FB0E3BB5-8B50-4036-8B7F-2CFFF878DD92}: [NameServer]192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Kym.WISE\Application Data\Mozilla\Firefox\Profiles\2oki8s4w.default

FF Plugin: @abr.gov.au/KeyMgmtPlugin - C:\Program Files\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Kym.WISE\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Documents and Settings\Kym.WISE\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Kym.WISE\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Kym.WISE\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.png

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.src

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.png

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.src

FF Extension: Mozilla Firefox distributed by RealNetworks - C:\Program Files\Mozilla Firefox\extensions\realplayer@partners.mozilla.com

FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM\...\Firefox\Extensions: [{0107F529-99EB-44FA-9D0E-15E0B8DEDD8A}] C:\Documents and Settings\Kym.WISE\Local Settings\Application Data\{0107F529-99EB-44FA-9D0E-15E0B8DEDD8A}

FF Extension: XULRunner - C:\Documents and Settings\Kym.WISE\Local Settings\Application Data\{0107F529-99EB-44FA-9D0E-15E0B8DEDD8A}

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

========================== Services (Whitelisted) =================

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-08] (SUPERAntiSpyware.com)

R2 ATKKeyboardService; C:\WINDOWS\ATKKBService.exe [241664 2006-04-10] (ASUSTeK COMPUTER INC.)

R2 FPAVServer; C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [84136 2011-10-06] (FRISK Software International)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()

R2 Skype C2C Service; C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3290304 2012-11-22] (Skype Technologies S.A.)

R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [x]

 

==================== Drivers (Whitelisted) ====================

 

S3 accessio; C:\WINDOWS\system32\drivers\accessio.sys [2905 2002-01-15] ()

R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21035 2011-11-09] (Meetinghouse Data Communications)

R2 aksfridge; C:\windows\system32\drivers\aksfridge.sys [350720 2008-03-27] (Aladdin Knowledge Systems Ltd.)

S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [327808 2005-07-20] (Aladdin Knowledge Systems Ltd.)

S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [100096 2005-07-20] (Aladdin Knowledge Systems Ltd.)

R1 asuskbnt; C:\Windows\System32\drivers\atkkbnt.sys [11008 2005-10-18] (ASUSTeK COMPUTER INC.)

R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1580544 2006-06-07] (ATI Technologies Inc.)

R2 CBN; C:\WINDOWS\System32\Drivers\CBN.SYS [15360 2009-04-06] (MARX Software Security )

S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)

R2 EIO; C:\WINDOWS\system32\drivers\EIO.sys [12288 2006-06-14] (ASUSTeK Computer Inc.)

R0 FileLock; C:\Windows\System32\DRIVERS\FileLock.sys [35456 2011-04-29] (Gili Soft Inc.)

R0 FPAV_RTP; C:\Windows\System32\DRIVERS\FStopW.sys [704800 2011-11-11] (FRISK Software International)

S3 GT680x; C:\Windows\System32\DRIVERS\GT680x.SYS [17524 2000-08-18] (   )

R2 Hardlock; C:\windows\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.)

R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2009-04-06] (Aladdin Knowledge Systems)

R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)

R2 hl_mull; C:\Windows\System32\drivers\hl_mull.SYS [199168 2008-03-15] ()

S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49664 2005-10-28] (HP)

S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-10-28] (HP)

S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2005-10-28] (HP)

R2 LBeepKE; C:\Windows\System32\Drivers\LBeepKE.sys [12808 2013-01-03] (Logitech, Inc.)

R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [44296 2013-01-03] (Logitech, Inc.)

R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12808 2013-01-03] (Logitech, Inc.)

R3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [40200 2013-01-03] (Logitech, Inc.)

R2 MarxDev1; C:\Windows\System32\Drivers\MarxDev1.sys [11296 1999-08-12] ()

R2 MarxDev2; C:\Windows\System32\Drivers\MarxDev2.sys [11296 1999-08-12] ()

R2 MarxDev3; C:\Windows\System32\Drivers\MarxDev3.sys [11296 1999-08-12] ()

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15781 2004-10-04] (Meetinghouse Data Communications)

S3 mf; C:\Windows\System32\DRIVERS\mf.sys [63744 2008-04-14] (Microsoft Corporation)

S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)

S3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [80256 2008-12-24] (Windows ® 2000 DDK provider)

R2 PAR1284; C:\Windows\System32\Drivers\par1284.sys [49540 2002-05-01] (Warp Nine Engineering)

S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [16292 2004-10-04] (Printing Communications Assoc., Inc. (PCAUSA))

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-08-04] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 sfng32; C:\Windows\System32\drivers\sfng32.sys [41728 2005-09-27] (Sonic Focus, Inc)

S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)

R2 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2012-06-03] ()

S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)

S3 UFBFilte; C:\Windows\System32\drivers\UFBFilte.sys [4818 2007-08-18] (www.winchiphead.com)

S3 wg111nd5; C:\Windows\System32\DRIVERS\wg111nd5.sys [379488 2004-10-04] (NETGEAR, Inc.)

S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)

S3 catchme; \??\C:\Temp\catchme.sys [x]

S4 IntelIde; No ImagePath

S3 SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys [x]

S3 STHDA; system32\drivers\sthda.sys [x]

S2 VirtualFD; \??\D:\Downloads\emulate floppy\vfd.sys [x]

U1 WS2IFSL; 

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-08-02 11:45 - 2013-08-02 11:45 - 00000000 ____D C:\FRST

2013-08-02 09:58 - 2013-08-02 09:58 - 00002353 _____ C:\Documents and Settings\Kym.WISE\Desktop\JRT.txt

2013-08-02 09:50 - 2013-08-02 09:50 - 00000000 ____D C:\windows\ERUNT

2013-08-02 08:53 - 2013-08-02 08:54 - 00003350 _____ C:\AdwCleaner[s1].txt

2013-08-02 08:43 - 2013-08-02 08:43 - 00003197 _____ C:\AdwCleaner[R2].txt

2013-08-01 17:47 - 2013-08-01 17:47 - 00002342 _____ C:\Documents and Settings\Kym.WISE\Desktop\RKreport[0]_S_08012013_174715.txt

2013-08-01 17:22 - 2013-08-01 17:27 - 00013214 _____ C:\Documents and Settings\Kym.WISE\Desktop\dds.txt

2013-08-01 17:22 - 2013-08-01 17:22 - 00019418 _____ C:\Documents and Settings\Kym.WISE\Desktop\attach.txt

2013-08-01 09:22 - 2013-08-01 09:22 - 00000769 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk

2013-08-01 09:22 - 2013-08-01 09:22 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-08-01 09:22 - 2013-08-01 09:22 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla

2013-08-01 09:17 - 2013-08-02 09:18 - 00000422 _____ C:\windows\Tasks\At1.job

2013-08-01 09:17 - 2013-08-01 09:17 - 00000000 ____D C:\Documents and Settings\Kym.WISE\Application Data\MetaCrawler

2013-08-01 09:16 - 2013-08-01 09:17 - 00000000 ____D C:\Program Files\metaCrawler

2013-07-31 18:01 - 2013-07-31 18:02 - 00002934 _____ C:\AdwCleaner[R1].txt

2013-07-31 18:00 - 2013-07-31 18:00 - 00002273 _____ C:\Documents and Settings\Kym.WISE\Desktop\RKreport[0]_S_07312013_180020.txt

2013-07-31 17:57 - 2013-07-31 18:00 - 00000000 ____D C:\Documents and Settings\Kym.WISE\Desktop\RK_Quarantine

2013-07-31 17:56 - 2013-07-31 17:56 - 00263592 _____ (Oracle Corporation) C:\windows\system32\javaws.exe

2013-07-31 17:56 - 2013-07-31 17:56 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe

2013-07-31 17:56 - 2013-07-31 17:56 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe

2013-07-31 17:56 - 2013-07-31 17:56 - 00144896 _____ (Oracle Corporation) C:\windows\system32\javacpl.cpl

2013-07-31 17:56 - 2013-07-31 17:56 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll

2013-07-31 17:43 - 2013-08-02 10:39 - 00000697 _____ C:\Documents and Settings\Kym.WISE\Start Menu\Programs\CLOX 2000.LNK

2013-07-31 16:33 - 2013-07-31 16:33 - 00000000 ____D C:\Program Files\ABR

2013-07-31 15:35 - 2013-08-01 10:30 - 00000000 ____D C:\Documents and Settings\Kym.WISE\Application Data\AUSkey

2013-07-31 15:33 - 2013-08-01 10:29 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AUSkey

2013-07-26 03:00 - 2013-07-26 03:13 - 00000000 ____D C:\windows\system32\MRT

2013-07-20 15:27 - 2006-02-23 18:08 - 02572800 _____ C:\Documents and Settings\Kym.WISE\Desktop\clox2007.exe

2013-07-11 06:24 - 2013-07-11 06:25 - 00012547 _____ C:\windows\KB2834904.log

2013-07-11 06:24 - 2013-07-11 06:24 - 00000000 __HDC C:\windows\$NtUninstallKB2834904_WM11$

2013-07-11 05:42 - 2013-07-11 05:42 - 00000000 __HDC C:\windows\$NtUninstallKB2834886$

2013-07-11 05:41 - 2013-07-11 05:43 - 00011109 _____ C:\windows\KB2834886.log

2013-07-11 05:40 - 2013-07-11 05:40 - 00000000 __HDC C:\windows\$NtUninstallKB2850851$

2013-07-11 05:37 - 2013-07-11 05:37 - 00000000 __HDC C:\windows\$NtUninstallKB2845187$

2013-07-11 03:54 - 2013-08-01 17:07 - 00017301 _____ C:\windows\KB2846071-IE8.log

2013-07-10 20:37 - 2013-07-11 05:41 - 00018357 _____ C:\windows\KB2850851.log

2013-07-10 20:37 - 2013-07-11 05:38 - 00017078 _____ C:\windows\KB2845187.log

2013-07-10 14:44 - 2013-07-10 14:44 - 00000764 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk

2013-07-10 13:20 - 2024-03-21 13:44 - 00246272 _____ (Stirling Technologies, Inc.) C:\windows\UNINST16.EXE

2013-07-10 13:20 - 2013-07-10 13:20 - 00046020 _____ C:\windows\system32\FORDLINE.TTF

2013-07-10 13:20 - 2013-07-10 13:20 - 00000000 ____D C:\ISIS

 

==================== One Month Modified Files and Folders =======

 

2013-08-02 11:45 - 2013-08-02 11:45 - 00000000 ____D C:\FRST

2013-08-02 11:24 - 2012-04-28 19:49 - 00000980 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261903793-725345543-1004UA.job

2013-08-02 11:10 - 2010-02-03 07:32 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-02 10:47 - 2011-02-27 15:39 - 00000000 ___RD C:\Documents and Settings\Kym.WISE\My Documents\Dropbox

2013-08-02 10:47 - 2011-02-27 15:35 - 00000000 ____D C:\Documents and Settings\Kym.WISE\Application Data\Dropbox

2013-08-02 10:45 - 2012-04-26 10:29 - 00001612 _____ C:\Documents and Settings\Kym.WISE\Desktop\Job Monitor.lnk

2013-08-02 10:43 - 2010-02-03 07:32 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-02 10:43 - 2009-04-14 08:26 - 00000236 _____ C:\windows\Tasks\OGALogon.job

2013-08-02 10:42 - 2009-04-05 10:14 - 01330222 _____ C:\windows\WindowsUpdate.log

2013-08-02 10:41 - 2012-08-18 17:21 - 08405015 _____ C:\windows\TempFile

2013-08-02 10:41 - 2009-04-05 20:03 - 00000159 _____ C:\windows\wiadebug.log

2013-08-02 10:41 - 2009-04-05 20:03 - 00000049 _____ C:\windows\wiaservc.log

2013-08-02 10:41 - 2009-04-05 10:20 - 00000006 ____H C:\windows\Tasks\SA.DAT

2013-08-02 10:40 - 2009-04-05 11:40 - 00524288 _____ C:\windows\system32\config\ACEEvent.evt

2013-08-02 10:40 - 2009-04-05 10:20 - 00032476 _____ C:\windows\SchedLgU.Txt

2013-08-02 10:39 - 2013-07-31 17:43 - 00000697 _____ C:\Documents and Settings\Kym.WISE\Start Menu\Programs\CLOX 2000.LNK

2013-08-02 10:39 - 2009-11-13 03:22 - 00922997 _____ C:\windows\setupapi.log

2013-08-02 10:39 - 2009-04-06 09:38 - 00000278 ___SH C:\Documents and Settings\Kym.WISE\ntuser.ini

2013-08-02 10:39 - 2005-07-13 12:28 - 00000000 ____D C:\Program Files\CLOX

2013-08-02 09:58 - 2013-08-02 09:58 - 00002353 _____ C:\Documents and Settings\Kym.WISE\Desktop\JRT.txt

2013-08-02 09:50 - 2013-08-02 09:50 - 00000000 ____D C:\windows\ERUNT

2013-08-02 09:18 - 2013-08-01 09:17 - 00000422 _____ C:\windows\Tasks\At1.job

2013-08-02 08:54 - 2013-08-02 08:53 - 00003350 _____ C:\AdwCleaner[s1].txt

2013-08-02 08:43 - 2013-08-02 08:43 - 00003197 _____ C:\AdwCleaner[R2].txt

2013-08-02 07:24 - 2012-04-28 19:49 - 00000928 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261903793-725345543-1004Core.job

2013-08-02 02:10 - 2011-08-17 08:24 - 00000506 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9ba906ac-9fde-4b27-a962-baaaeca93708.job

2013-08-01 17:47 - 2013-08-01 17:47 - 00002342 _____ C:\Documents and Settings\Kym.WISE\Desktop\RKreport[0]_S_08012013_174715.txt

2013-08-01 17:27 - 2013-08-01 17:22 - 00013214 _____ C:\Documents and Settings\Kym.WISE\Desktop\dds.txt

2013-08-01 17:22 - 2013-08-01 17:22 - 00019418 _____ C:\Documents and Settings\Kym.WISE\Desktop\attach.txt

2013-08-01 17:07 - 2013-07-11 03:54 - 00017301 _____ C:\windows\KB2846071-IE8.log

2013-08-01 17:00 - 2013-03-10 10:24 - 00000000 ____D C:\Documents and Settings\Kym.WISE\greg

2013-08-01 16:16 - 2009-04-06 09:40 - 00246088 _____ C:\Documents and Settings\Kym.WISE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2013-08-01 15:58 - 2012-04-04 20:22 - 00000178 ___SH C:\Documents and Settings\punce\ntuser.ini

2013-08-01 15:26 - 2013-03-10 11:11 - 00000178 ___SH C:\Documents and Settings\fark\ntuser.ini

2013-08-01 14:47 - 2009-04-05 19:57 - 01014896 _____ C:\windows\system32\FNTCACHE.DAT

2013-08-01 14:47 - 2005-07-08 13:00 - 00000000 ____D C:\windows\Registration

2013-08-01 14:33 - 2011-07-15 23:26 - 00000000 ____D C:\aa justboards new web site

2013-08-01 13:31 - 2006-06-10 10:26 - 00000000 ____D C:\Program Files\eMedia

2013-08-01 13:25 - 2013-06-28 06:47 - 00001717 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\eMedia Card Designer.lnk

2013-08-01 10:40 - 2010-09-13 13:44 - 00065536 _____ C:\asusdisp.log

2013-08-01 10:30 - 2013-07-31 15:35 - 00000000 ____D C:\Documents and Settings\Kym.WISE\Application Data\AUSkey

2013-08-01 10:29 - 2013-07-31 15:33 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AUSkey

2013-08-01 10:13 - 2013-05-13 10:16 - 00000000 ____D C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Adobe

2013-08-01 09:59 - 2011-07-14 16:19 - 00001916 _____ C:\windows\qpv20.ini

2013-08-01 09:58 - 2009-04-05 16:25 - 00000055 _____ C:\windows\Reports.ini

2013-08-01 09:57 - 2004-08-04 22:00 - 00001338 _____ C:\windows\win.ini

2013-08-01 09:32 - 2010-09-15 12:40 - 00000000 ____D C:\Documents and Settings\Kym.WISE\Application Data\Mozilla

2013-08-01 09:22 - 2013-08-01 09:22 - 00000769 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk

2013-08-01 09:22 - 2013-08-01 09:22 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-08-01 09:22 - 2013-08-01 09:22 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla

2013-08-01 09:22 - 2006-09-29 13:23 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-08-01 09:17 - 2013-08-01 09:17 - 00000000 ____D C:\Documents and Settings\Kym.WISE\Application Data\MetaCrawler

2013-08-01 09:17 - 2013-08-01 09:16 - 00000000 ____D C:\Program Files\metaCrawler

2013-08-01 08:08 - 2006-06-11 09:08 - 00000000 ____D C:\a

2013-07-31 18:02 - 2013-07-31 18:01 - 00002934 _____ C:\AdwCleaner[R1].txt

2013-07-31 18:00 - 2013-07-31 18:00 - 00002273 _____ C:\Documents and Settings\Kym.WISE\Desktop\RKreport[0]_S_07312013_180020.txt

2013-07-31 18:00 - 2013-07-31 17:57 - 00000000 ____D C:\Documents and Settings\Kym.WISE\Desktop\RK_Quarantine

2013-07-31 17:56 - 2013-07-31 17:56 - 00263592 _____ (Oracle Corporation) C:\windows\system32\javaws.exe

2013-07-31 17:56 - 2013-07-31 17:56 - 00175016 _____ (Oracle Corporation) C:\windows\system32\javaw.exe

2013-07-31 17:56 - 2013-07-31 17:56 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe

2013-07-31 17:56 - 2013-07-31 17:56 - 00144896 _____ (Oracle Corporation) C:\windows\system32\javacpl.cpl

2013-07-31 17:56 - 2013-07-31 17:56 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll

2013-07-31 17:56 - 2012-12-03 20:29 - 00867240 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll

2013-07-31 17:56 - 2012-12-03 20:29 - 00789416 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll

2013-07-31 17:56 - 2005-10-29 16:28 - 00000000 ____D C:\Program Files\Java

2013-07-31 17:37 - 2009-04-05 19:58 - 02213120 _____ C:\windows\FaxSetup.log

2013-07-31 17:37 - 2009-04-05 19:58 - 01130957 _____ C:\windows\ocgen.log

2013-07-31 17:37 - 2009-04-05 19:58 - 01038460 _____ C:\windows\tsoc.log

2013-07-31 17:37 - 2009-04-05 19:58 - 00723833 _____ C:\windows\comsetup.log

2013-07-31 17:37 - 2009-04-05 19:58 - 00707122 _____ C:\windows\msmqinst.log

2013-07-31 17:37 - 2009-04-05 19:58 - 00574383 _____ C:\windows\iis6.log

2013-07-31 17:37 - 2009-04-05 19:58 - 00446196 _____ C:\windows\ntdtcsetup.log

2013-07-31 17:37 - 2009-04-05 19:58 - 00391101 _____ C:\windows\netfxocm.log

2013-07-31 17:37 - 2009-04-05 19:58 - 00157084 _____ C:\windows\MedCtrOC.log

2013-07-31 17:37 - 2009-04-05 19:58 - 00121066 _____ C:\windows\ocmsn.log

2013-07-31 17:37 - 2009-04-05 19:58 - 00113115 _____ C:\windows\msgsocm.log

2013-07-31 17:37 - 2009-04-05 19:58 - 00111078 _____ C:\windows\tabletoc.log

2013-07-31 17:37 - 2009-04-05 19:58 - 00001917 _____ C:\windows\imsins.log

2013-07-31 17:07 - 2005-07-16 09:53 - 00000000 ____D C:\Program Files\Fiery

2013-07-31 17:07 - 2005-07-08 14:00 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

2013-07-31 17:06 - 2011-09-08 11:42 - 00001327 _____ C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log

2013-07-31 17:05 - 2005-07-08 22:42 - 00000000 ____D C:\windows\twain_32

2013-07-31 17:04 - 2012-10-25 12:05 - 00000000 ____D C:\Program Files\Citrix

2013-07-31 16:33 - 2013-07-31 16:33 - 00000000 ____D C:\Program Files\ABR

2013-07-31 15:22 - 2004-08-04 22:00 - 00013646 _____ C:\windows\system32\wpa.dbl

2013-07-31 15:15 - 2013-04-21 19:34 - 00002023 _____ C:\windows\LkmdfCoInst.log

2013-07-31 15:15 - 2009-04-05 19:57 - 00187197 _____ C:\windows\setupact.log

2013-07-31 15:14 - 2013-04-21 19:35 - 00016400 _____ (Logitech, Inc.) C:\windows\system32\Drivers\LNonPnP.sys

2013-07-31 14:30 - 2009-04-06 09:24 - 00001728 _____ C:\windows\qpv17.ini

2013-07-31 14:22 - 2011-07-14 15:44 - 00001273 _____ C:\windows\qpv19.ini

2013-07-31 14:22 - 2009-04-05 16:30 - 00000424 _____ C:\windows\QPMail.INI

2013-07-31 09:56 - 2009-04-06 15:51 - 00002481 _____ C:\Documents and Settings\Kym.WISE\Desktop\Microsoft Excel.lnk

2013-07-30 13:50 - 2005-07-08 22:42 - 00000000 ____D C:\windows\Help

2013-07-26 03:13 - 2013-07-26 03:00 - 00000000 ____D C:\windows\system32\MRT

2013-07-25 19:24 - 2012-12-28 08:23 - 00000000 ____D C:\Documents and Settings\Kym.WISE\Application Data\vlc

2013-07-24 16:10 - 2009-04-06 09:39 - 00000000 ____D C:\Documents and Settings\Kym.WISE\Local Settings\Application Data\Google

2013-07-20 15:07 - 2009-04-05 17:58 - 00009772 _____ C:\windows\lmpp.ini

2013-07-19 11:14 - 2009-04-05 17:57 - 00000000 ____D C:\Program Files\LABEL MATRIX PowerPro

2013-07-19 07:29 - 2009-05-26 10:46 - 00000173 _____ C:\windows\R_INB.INI

2013-07-12 02:31 - 2013-06-10 18:26 - 00000000 ____D C:\Documents and Settings\Kym.WISE\Application Data\Traffic Travis v4

2013-07-11 11:34 - 2012-07-13 09:21 - 00000110 _____ C:\windows\FLEXE.INI

2013-07-11 11:30 - 2009-07-03 09:20 - 00002296 _____ C:\windows\qpv18.ini

2013-07-11 07:45 - 2013-06-10 18:27 - 00001106 _____ C:\Documents and Settings\Kym.WISE\Desktop\Traffic Travis v4.lnk

2013-07-11 07:38 - 2006-07-16 19:42 - 00000000 ____D C:\windows\Microsoft.NET

2013-07-11 07:07 - 2009-04-05 19:58 - 00713406 ____C C:\windows\system32\PerfStringBackup.INI

2013-07-11 06:25 - 2013-07-11 06:24 - 00012547 _____ C:\windows\KB2834904.log

2013-07-11 06:25 - 2009-04-05 19:58 - 00001374 _____ C:\windows\imsins.BAK

2013-07-11 06:24 - 2013-07-11 06:24 - 00000000 __HDC C:\windows\$NtUninstallKB2834904_WM11$

2013-07-11 05:43 - 2013-07-11 05:41 - 00011109 _____ C:\windows\KB2834886.log

2013-07-11 05:42 - 2013-07-11 05:42 - 00000000 __HDC C:\windows\$NtUninstallKB2834886$

2013-07-11 05:41 - 2013-07-10 20:37 - 00018357 _____ C:\windows\KB2850851.log

2013-07-11 05:40 - 2013-07-11 05:40 - 00000000 __HDC C:\windows\$NtUninstallKB2850851$

2013-07-11 05:38 - 2013-07-10 20:37 - 00017078 _____ C:\windows\KB2845187.log

2013-07-11 05:37 - 2013-07-11 05:37 - 00000000 __HDC C:\windows\$NtUninstallKB2845187$

2013-07-11 03:57 - 2009-07-09 10:43 - 00000000 ____D C:\windows\ie8updates

2013-07-11 03:57 - 2009-04-05 18:04 - 00469637 _____ C:\windows\updspapi.log

2013-07-11 03:02 - 2011-05-07 19:30 - 00000000 ____D C:\windows\system32\XPSViewer

2013-07-10 14:44 - 2013-07-10 14:44 - 00000764 _____ C:\Documents and Settings\All Users.WINDOWS\Desktop\VLC media player.lnk

2013-07-10 13:20 - 2013-07-10 13:20 - 00046020 _____ C:\windows\system32\FORDLINE.TTF

2013-07-10 13:20 - 2013-07-10 13:20 - 00000000 ____D C:\ISIS

 

Files to move or delete:

====================

C:\Windows\Tasks\At1.job

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-08-2013 01

Ran by Kym at 2013-08-02 11:47:00

Running from C:\Documents and Settings\Kym.WISE\My Documents\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Installed Programs =======================

 

Adobe Acrobat 7.0 Professional (Version: 7.1.0)

Adobe Bridge 1.0 (Version: 001.000.000)

Adobe Common File Installer (Version: 1.00.0000)

Adobe Creative Suite 2

Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)

Adobe GoLive CS2 (Version: 8.0)

Adobe Help Center 1.0 (Version: 001.000.000)

Adobe Illustrator CS2 (Version: 12.000.000)

Adobe InDesign CS2 (Version: 004.000.000)

Adobe Photoshop CS2 (Version: 9.0)

Adobe Stock Photos 1.0 (Version: 001.000.000)

Adobe SVG Viewer 3.0 (Version:  3.0)

Aladdin DiagnostiX 1.10

ASUS ATI Driver (Version: 2.1)

ASUS Enhanced Display Driver (Version: 6.14.10.0135)

ATI - Software Uninstall Utility (Version: 6.14.10.1015)

ATI Catalyst Control Center (Version: 1.2.2349.28584)

ATI Display Driver (Version: 8.263-060607a-033872C-Asus)

ATI Parental Control & Encoder (Version: 3.0)

AUSkey software 1.4.4 (Version: 1.4.4)

Australia On Disc 2009 (Version: 12.0.0000)

Calisto DFU Driver (x86) (Version: 2.4.49092.0)

CDBurnerXP (Version: 4.4.1.3341)

CLOX 2000

CLOX 2000 (C:\Program Files\CLOX\)

CLOX 2000 (C:\Program Files\CLOX\) #3

ColorWise Pro Tools 3.1.15

Command WorkStation 4 .0.20

Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)

Core FTP LE

DBPro

Dropbox (HKCU Version: 2.0.22)

eMedia Card Designer (Version: 6.50.694)

eReg (Version: 1.20.138.34)

Evolis Dualys2 version 10.0.10.2 (Version: 10.0.10.2)

Fiery Email Port Monitor 1.0.012b

Fiery Remote Scan 5.1.2.6

FieryPrinterDeleteUtility 1.1.8

File Rescue Plus (Version: 3.0.0)

F-PROT Antivirus for Windows (Version: 6.0.9.6)

Google Chrome (Version: 28.0.1500.95)

Google Earth Plug-in (Version: 7.1.1.1888)

Google Quick Search Box (Version: 1.2.1151.245)

Google Talk Plugin (Version: 2.8.7.6830)

Google Toolbar for Internet Explorer (Version: 1.0.0)

Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)

Google Update Helper (Version: 1.3.21.153)

HijackThis 1.99.1 (Version: 1.99.1)

IEEE 1284 Parallel Port Driver (v.3.07.0)

Intel® Network Connections 13.5.32.0 (Version: 13.5.32.0)

Java 7 Update 25 (Version: 7.0.250)

Java Auto Updater (Version: 2.1.9.5)

Konica Minolta TWAIN Driver

Kyocera Product Library (Version: 2.0.0713)

LABEL MATRIX 7 PowerPro

Logitech SetPoint 6.52 (Version: 6.52.74)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

metaCrawler

Microsoft .NET Framework 1.1 (Version: 1.1.4322)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2833941)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual J# 2.0 Redistributable Package

Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)

Microsoft Works 6-9 Converter (Version: 9.7.0621)

Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)

Mozilla Maintenance Service (Version: 22.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)

National Online (Version: C:\Program Files\)

NETGEAR WG111 Software

NoDongle solution (remove only)

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)

OKSoft Graphic Converter 1.08

Payroll Premier

PC Inspector smart recovery (Version: 4.50)

PDFcamp Pro v2.1

Plantronics Spokes Software (Version: 2.8.24304.0)

QFolder (Version: 1.00.0000)

QuickBooks Pro

Registry Cleaner 1.0 (Version: 1.00)

Skype Click to Call (Version: 6.4.11328)

Skype™ 6.0 (Version: 6.0.126)

Suite Specific (Version: 2.0.0)

SUPERAntiSpyware (Version: 4.45.1000)

Traffic Travis 4.1.0

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Windows Internet Explorer 7 (KB976749) (Version: 1)

Update for Windows Internet Explorer 7 (KB980182) (Version: 1)

Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)

Update for Windows XP (KB2141007) (Version: 1)

Update for Windows XP (KB2345886) (Version: 1)

Update for Windows XP (KB2467659) (Version: 1)

Update for Windows XP (KB2541763) (Version: 1)

Update for Windows XP (KB2607712) (Version: 1)

Update for Windows XP (KB2616676) (Version: 1)

Update for Windows XP (KB2641690) (Version: 1)

Update for Windows XP (KB2661254-v2) (Version: 2)

Update for Windows XP (KB2718704) (Version: 1)

Update for Windows XP (KB2736233) (Version: 1)

Update for Windows XP (KB2749655) (Version: 1)

Update for Windows XP (KB971029) (Version: 1)

VLC media player 2.0.7 (Version: 2.0.7)

WebFldrs XP (Version: 9.50.7523)

Windows Driver Package - Plantronics, Inc. (usbser.nt) Ports  (04/21/2009 5.1) (Version: 04/21/2009 5.1)

Windows Internet Explorer 8 (Version: 20090308.140743)

Windows Media Format 11 runtime

Windows Media Player 11

WinRAR archiver

WinZip (Version:  9.0 SR-1 (6224))

 

 

==================== Restore Points  =========================

 

02-08-2013 01:38:43 Software Distribution Service 3.0

 

==================== Hosts content: ==========================

 

2004-08-04 22:00 - 2011-07-13 08:00 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: C:\windows\Tasks\At1.job => ?

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261903793-725345543-1004Core.job => C:\Documents and Settings\Kym.WISE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261903793-725345543-1004UA.job => C:\Documents and Settings\Kym.WISE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\OGALogon.job => C:\WINDOWS\system32\OGAEXEC.exe

Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9ba906ac-9fde-4b27-a962-baaaeca93708.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

==================== Faulty Device Manager Devices =============

 

Name: Audio Device on High Definition Audio Bus

Description: Audio Device on High Definition Audio Bus

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/02/2013 07:24:20 AM) (Source: MsiInstaller) (User: WISE)

Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

 

Error: (08/02/2013 02:24:38 AM) (Source: MsiInstaller) (User: WISE)

Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

 

Error: (08/01/2013 09:24:13 PM) (Source: MsiInstaller) (User: WISE)

Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

 

Error: (08/01/2013 04:24:11 PM) (Source: MsiInstaller) (User: WISE)

Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

 

Error: (08/01/2013 00:40:32 PM) (Source: Application Error) (User: )

Description: Faulting application mbam.exe, version 1.75.0.1, faulting module version.dll, version 5.1.2600.5512, fault address 0x00001d22.

Processing media-specific event for [mbam.exe!ws!]

 

Error: (08/01/2013 11:28:49 AM) (Source: MsiInstaller) (User: WISE)

Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

 

Error: (07/31/2013 03:25:55 PM) (Source: MsiInstaller) (User: WISE)

Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

 

Error: (07/31/2013 05:31:23 AM) (Source: MsiInstaller) (User: WISE)

Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

 

Error: (07/30/2013 02:37:03 PM) (Source: MsiInstaller) (User: WISE)

Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

 

Error: (07/27/2013 06:31:27 AM) (Source: MsiInstaller) (User: WISE)

Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.

 

 

System errors:

=============

Error: (08/02/2013 11:38:35 AM) (Source: 0) (User: )

Description: 0xC0000034~efe2.tmpHarddiskVolume1

 

Error: (08/02/2013 10:41:29 AM) (Source: Service Control Manager) (User: )

Description: The VirtualFD service failed to start due to the following error: 

%%2

 

Error: (08/02/2013 08:57:44 AM) (Source: Service Control Manager) (User: )

Description: The VirtualFD service failed to start due to the following error: 

%%2

 

Error: (08/01/2013 05:09:43 PM) (Source: Service Control Manager) (User: )

Description: The VirtualFD service failed to start due to the following error: 

%%2

 

Error: (08/01/2013 04:04:30 PM) (Source: Service Control Manager) (User: )

Description: The VirtualFD service failed to start due to the following error: 

%%2

 

Error: (08/01/2013 03:58:35 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error: (08/01/2013 03:36:29 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error: (08/01/2013 03:36:13 PM) (Source: Service Control Manager) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

AFD

asuskbnt

Fips

intelppm

IPSec

MRxSmb

NetBIOS

NetBT

RasAcd

Rdbss

SASDIFSV

SASKUTIL

Tcpip

 

Error: (08/01/2013 03:36:13 PM) (Source: Service Control Manager) (User: )

Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: 

%%31

 

Error: (08/01/2013 03:36:13 PM) (Source: Service Control Manager) (User: )

Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: 

%%31

 

 

Microsoft Office Sessions:

=========================

Error: (08/02/2013 07:24:20 AM) (Source: MsiInstaller)(User: WISE)

Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)

 

Error: (08/02/2013 02:24:38 AM) (Source: MsiInstaller)(User: WISE)

Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)

 

Error: (08/01/2013 09:24:13 PM) (Source: MsiInstaller)(User: WISE)

Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)

 

Error: (08/01/2013 04:24:11 PM) (Source: MsiInstaller)(User: WISE)

Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)

 

Error: (08/01/2013 00:40:32 PM) (Source: Application Error)(User: )

Description: mbam.exe1.75.0.1version.dll5.1.2600.551200001d22

 

Error: (08/01/2013 11:28:49 AM) (Source: MsiInstaller)(User: WISE)

Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)

 

Error: (07/31/2013 03:25:55 PM) (Source: MsiInstaller)(User: WISE)

Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)

 

Error: (07/31/2013 05:31:23 AM) (Source: MsiInstaller)(User: WISE)

Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)

 

Error: (07/30/2013 02:37:03 PM) (Source: MsiInstaller)(User: WISE)

Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)

 

Error: (07/27/2013 06:31:27 AM) (Source: MsiInstaller)(User: WISE)

Description: Product: Google Talk Plugin -- Error 1714. The older version of Google Talk Plugin cannot be removed.  Contact your technical support group.  System Error 1612.(NULL)(NULL)(NULL)(NULL)

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 42%

Total physical RAM: 3069.36 MB

Available physical RAM: 1749.76 MB

Total Pagefile: 6988.48 MB

Available Pagefile: 5484.57 MB

Total Virtual: 2047.88 MB

Available Virtual: 1946.77 MB

 

==================== Drives ================================

 

Drive c: (wise_C) (Fixed) (Total:74.52 GB) (Free:31.42 GB) NTFS

Drive d: (wise_D) (Fixed) (Total:159.24 GB) (Free:122.39 GB) NTFS

Drive e: (ISEN0401) (CDROM) (Total:0.84 GB) (Free:0 GB) CDFS

Drive j: (Basalt_D) (Network) (Total:74.52 GB) (Free:56.88 GB) NTFS

Drive k: (Basalt_D) (Network) (Total:74.52 GB) (Free:56.88 GB) NTFS

Drive l: (Basalt_D) (Network) (Total:74.52 GB) (Free:56.88 GB) NTFS

Drive x: (greg_C) (Network) (Total:232.88 GB) (Free:186.41 GB) NTFS

Drive z: (greg_C) (Network) (Total:232.88 GB) (Free:186.41 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 234 GB) (Disk ID: 6731C4B7)

Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=159 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

-------------------------------

See how it is.

If no improvement........reset IE:

http://support.microsoft.com/kb/923737

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-08-2013 01

Ran by Kym at 2013-08-02 23:07:23 Run:1

Running from C:\Documents and Settings\Kym.WISE\My Documents\Downloads

Boot Mode: Normal

 

==============================================

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.

HKU\LocalService\Software\Microsoft\Windows\CurrentVersion\Run\\hutapomago => Value deleted successfully.

HKU\NetworkService\Software\Microsoft\Windows\CurrentVersion\Run\\hutapomago => Value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKCR\PROTOCOLS\Handler\ipp => Key deleted successfully.

HKCR\PROTOCOLS\Handler\msdaipp => Key deleted successfully.

C:\Windows\Tasks\At1.job => Moved successfully.

"C:\WINDOWS\system32\manososa.dll" => File/Directory not found.

 

==== End of Fixlog ====

Restarted IE

Comduit/com still homepage

 

reset IE

 


Restarted IE

Comduit/com still homepage

 

BTW at some stage I will attach photo of my new dog

 

Link to post
Share on other sites

Delete your copies of AdwCleaner and Junkware Removal Tool.

Run them as before, delete everything

Then....

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

I was confused by the instruction:
Delete your copies of AdwCleaner and Junkware Removal Tool.
Run them as before, delete everything
I deleted previously downloaded ADW & JRT
did a fresh download , ran both & deleted where indicated.
I lost log from ADW but the JRT log is below
Malabyes did not detect anything
BUT IE STILL HAS HOME PAGE REVERTING to conduit.com
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.0 (08.02.2013:1)
OS: Microsoft Windows XP x86
Ran by Kym on Sat 03/08/2013 at  0:14:18.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.02.05
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kym :: WISE [administrator]
 
Protection: Enabled
 
3/08/2013 12:30:35 AM
mbam-log-2013-08-03 (00-30-35).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 375605
Time elapsed: 11 minute(s), 54 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/08/2013 at  0:22:05.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
IE STILL HAS HOME PAGE REVERTING to conduit.com
Link to post
Share on other sites

Sorry, I left out "download fresh copies"....but you did it right.

Download and run Avast Browser Cleanup, see if it detects any bad items. If so have the program delete them.

---------------------------------------

Run this scan:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Advanced settings and select the following:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
Click Start

Wait for the scan to finish

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

MrC

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=8

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=1516ad129db43f45b3e313f47fcd4bdf

# engine=14626

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-08-02 11:25:10

# local_time=2013-08-03 09:25:10 (+1000, E. Australia Standard Time)

# country="Australia"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# scanned=239845

# found=12

# cleaned=12

# scan_time=27299

sh=92B6676FA038B6CF5275C3C9B21B01E8E3615824 ft=1 fh=bb131850c1897c80 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\a\kimcrap\My Documents\Downloads\Setup.exe"

sh=DDB5F7EAB46F7CD2F089BD6CDB241365ECB0E4BE ft=1 fh=2ed6d776c8245590 vn="Win32/InstallCore.BL application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Kym.WISE\My Documents\Downloads\Firefox_Setup (1).exe"

sh=10F12000F3B69ECC02E30B39A8AAE693EBE2A30F ft=0 fh=0000000000000000 vn="Win32/VB.NEI worm (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\FSI\desktop.ini"

sh=10F12000F3B69ECC02E30B39A8AAE693EBE2A30F ft=0 fh=0000000000000000 vn="Win32/VB.NEI worm (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\FSI\F-Prot\desktop.ini"

sh=10F12000F3B69ECC02E30B39A8AAE693EBE2A30F ft=0 fh=0000000000000000 vn="Win32/VB.NEI worm (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\FSI\F-Prot\FP-Updater\desktop.ini"

sh=722C43CC5D2DC2F852819B6A03FF8F9B2DA29C41 ft=1 fh=c9848552c8245590 vn="Win32/InstallCore.BL application (cleaned by deleting - quarantined)" ac=C fn="C:\TEMP\ICReinstall_Firefox_Setup.exe"

sh=10F12000F3B69ECC02E30B39A8AAE693EBE2A30F ft=0 fh=0000000000000000 vn="Win32/VB.NEI worm (cleaned by deleting - quarantined)" ac=C fn="D:\Downloads\spystuff\fprot\desktop.ini"

sh=4057EF482B3608564B6016BF46F8DDEF21F9EE70 ft=1 fh=b46ab2a44b1af49f vn="a variant of Win32/ExFriendAlert.B application (cleaned by deleting - quarantined)" ac=C fn="D:\Downloads\spystuff\hijackthis\backups\backup-20130307-094000-638.dll"

sh=AEA202E75EB4A7B17250E6DCA3B2470D83247036 ft=1 fh=67bcb2b84dcf5931 vn="a variant of Win32/SweetIM.B application (cleaned by deleting - quarantined)" ac=C fn="D:\Downloads\wrapper\SweetImSetup.exe"

sh=FC12DB6C04E89C12A644A400D63BC1F31D6A8F86 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR application (deleted - quarantined)" ac=C fn="D:\zzzcomputergreg drive c\a\aaa real old stuff\Downloads\adobe indesign\adobeindesignerv2.0keygenblacksquadron.zip"

sh=10F12000F3B69ECC02E30B39A8AAE693EBE2A30F ft=0 fh=0000000000000000 vn="Win32/VB.NEI worm (cleaned by deleting - quarantined)" ac=C fn="D:\zzzcomputergreg drive c\downloads\spystuff\fprot\desktop.ini"

sh=10F12000F3B69ECC02E30B39A8AAE693EBE2A30F ft=0 fh=0000000000000000 vn="Win32/VB.NEI worm (cleaned by deleting - quarantined)" ac=C fn="D:\zzzcomputergreg drive c\downloads\spystuff\fprot\defs\desktop.ini"

 

 

IE still has conduit,com as homepage

Link to post
Share on other sites

Try resetting IE again..like this: (manually)

http://www.howtogeek.com/howto/16365/reset-all-internet-explorer-8-settings-to-fix-stability-problems/

 

-------------------------------

If still the same.........

Download zoek.exe

http://www.hijackthis.nl/smeenk/

Run it and click on Options and then IE Defaults then Run Script

Post the log it creates and let me know....MrC

Link to post
Share on other sites

 

Zoek.exe Version 4.0.0.4 Updated 31-07-2013

Tool run by Kym on Sat 03/08/2013 at 11:19:41.90.

Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Documents and Settings\Kym.WISE\My Documents\Downloads\zoek.exe  [Checkboxes used]

 

==== System Restore Info ======================

 

3/08/2013 11:21:03 AM Zoek.exe System Restore Point Created Succesfully.

 

==== Suspicious Entries Found ======================

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"

"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"

"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"

"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"

"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"

"3389:TCP"="3389:TCP:*:Disabled:@xpsp2res.dll,-22009"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"

"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"

"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"

"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"

"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"

"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"

"3389:TCP"="3389:TCP:*:Disabled:@xpsp2res.dll,-22009"

"1947:TCP"="1947:TCP:*:Enabled:HASP SRM "

"1947:UDP"="1947:UDP:*:Enabled:HASP SRM "

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="http://www.google.com/ie"

"Default_Search_URL"="http://www.google.com/ie"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="http://www.google.com/ie"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]



[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]


"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

 

==== EOF on Sat 03/08/2013 at 11:22:40.67 ======================
Link to post
Share on other sites

I don't understand, It was conduit and then it was restored to microsoft, so when does it change back to conduit....after you reboot??
 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.condui...5D-D31729A68A44"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"SearchMigratedDefaultURL"="http://go.microsoft....k/?LinkId=54896"
"Start Page"="http://go.microsoft....k/?LinkId=69157"

 




Please do this:

Download HiJackThis to a folder:

http://www.trendmicro.com/ftp/products/hijackthis/HijackThis.exe

Run HJT.exe
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Save the log to a convenient location.
Copy and paste it into your post.

MrC

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:22:59 AM, on 4/08/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\Ati2evxx.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\WINDOWS\ATKKBService.exe

C:\windows\system32\cisvc.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\windows\system32\svchost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\system32\Ati2evxx.exe

C:\windows\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Plantronics\PlantronicsURE\PlantronicsURE.exe

C:\windows\System32\svchost.exe

C:\Program Files\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe

C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\windows\system32\ctfmon.exe

C:\Temp\JobMonitor\JobMonitor.exe

C:\Documents and Settings\Kym.WISE\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\windows\system32\cidaemon.exe

C:\Program Files\CLOX\clox.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\windows\system32\wuauclt.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Kym.WISE\My Documents\Downloads\HijackThis.exe

 


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun

O4 - HKLM\..\Run: [PlantronicsURE.exe] C:\Program Files\Plantronics\PlantronicsURE\PlantronicsURE.exe

O4 - HKLM\..\Run: [PlantronicsBatteryStatus.exe] C:\Program Files\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe

O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [EFI Job Monitor] C:\windows\system32\rundll32.exe  C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EFJM.dll,run

O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kym.WISE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [TrafficTravisv4] C:\Documents and Settings\Kym.WISE\Application Data\Traffic Travis v4\TrafficTravisV4.exe

O4 - HKCU\..\Run: [News.net] C:\Program Files\News.net\BreakingNews\DesktopContainer.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe -update activex

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Kym.WISE\Application Data\Dropbox\bin\Dropbox.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FB0E3BB5-8B50-4036-8B7F-2CFFF878DD92}: NameServer = 192.168.1.1

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software International - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

 

--

End of file - 8770 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.