Jump to content


Photo

Confirm if Mystart.Incredibar is removed


  • This topic is locked This topic is locked
20 replies to this topic

#1 enoz

enoz

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 25 June 2012 - 07:11 AM

A week ago, I started being re-directed to mystart.incredibar.com whenever using Firefox.

I followed instructions from http://www.mmo-champ...ypes-of-viruses and now get an AdAware page popping up when I search in the address bar on Firefox, saying 'page not found'. This doesn't happen when I search in my Google search bar for the same thing.

I don't use Internet Explorer since having problems with pages not loading a few months ago.

My computer seems to be running overall slower than usual, especially at startup and in Firefox.

I have run the scans suggested on mmo-champion and have the following logs (I also have the Attach.txt file if needed):

From Malwarebytes:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.24.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Eryl :: ERYL-PC [administrator]

Protection: Enabled

24/06/2012 19:14:29
mbam-log-2012-06-24 (19-14-29).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 345465
Time elapsed: 2 hour(s), 24 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: ;áÃzÊ;XA³0öm»Áµ -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

From DDX.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Eryl at 23:25:17 on 2012-06-24
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3069.1282 [GMT 1:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = about:blank
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=2080124
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [EKAIO2StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe
mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [bdinstaller] "c:\program files\common files\bitdefender\setupinformation\downloader\setuplauncher.exe" /run:"c:\program files\common files\bitdefender\setupinformation\downloader\setupdownloader.exe" /args:"/after_restart"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launcher.lnk - c:\program files\orangemobilebroadband\OrangeMobileBroadband_Launcher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{4D6430AB-4661-4BB7-8CF7-06050A9E58AD} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\eryl\appdata\roaming\mozilla\firefox\profiles\j8nhnjbp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\eryl\appdata\roaming\mozilla\firefox\profiles\j8nhnjbp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyEEs39y6&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 0a53d8e7000000000000001cbf908507
FF - user.js: extensions.incredibar_i.instlDay - 15502
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1420:04:08
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyEEs39y6
FF - user.js: extensions.incredibar_i.upn2n - 92261568522662926
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10604
FF - user.js: extensions.incredibar_i.ppd -
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]
R1 MpKslbd4e906f;MpKslbd4e906f;c:\programdata\microsoft\microsoft antimalware\definition updates\{e0343566-3456-4044-9d46-818a52c3c3aa}\MpKslbd4e906f.sys [2012-6-24 29904]
R1 MpKsle98e0635;MpKsle98e0635;c:\programdata\microsoft\microsoft antimalware\definition updates\{e0343566-3456-4044-9d46-818a52c3c3aa}\MpKsle98e0635.sys [2012-6-24 29904]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-6-18 223864]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-5-3 1226096]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-5-21 21504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-24 654408]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928]
R2 OrangeMobileBroadband_Service;OrangeMobileBroadband_Service;c:\program files\orangemobilebroadband\OrangeMobileBroadband_Service.exe [2011-11-2 333264]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-11-29 77816]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2011-4-25 14976]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-6-18 1153368]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-6-11 185856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-24 22344]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-8-28 3664384]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-6-18 94584]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-6-18 93816]
R3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-7 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-7 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011-11-2 103040]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 113120]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-6-18 94584]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2010-5-21 16896]
.
=============== Created Last 30 ================
.
2012-06-24 22:12:22 -------- d-----w- c:\users\eryl\appdata\roaming\QuickScan
2012-06-24 18:12:24 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e0343566-3456-4044-9d46-818a52c3c3aa}\MpKsle98e0635.sys
2012-06-24 16:50:25 -------- d-----w- c:\users\eryl\appdata\roaming\Malwarebytes
2012-06-24 16:41:13 -------- d-----w- c:\programdata\Malwarebytes
2012-06-24 16:41:11 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 16:41:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-24 11:27:19 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e0343566-3456-4044-9d46-818a52c3c3aa}\offreg.dll
2012-06-24 11:27:19 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e0343566-3456-4044-9d46-818a52c3c3aa}\MpKslbd4e906f.sys
2012-06-24 11:22:49 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e0343566-3456-4044-9d46-818a52c3c3aa}\mpengine.dll
2012-06-24 11:16:41 -------- d-----w- c:\users\eryl\appdata\local\Macromedia
2012-06-23 20:58:58 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-22 13:15:54 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 13:15:03 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 13:14:57 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 13:14:57 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-18 18:08:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-18 18:08:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-18 13:38:57 -------- d-----w- c:\users\eryl\appdata\local\adaware
2012-06-18 13:38:56 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-06-18 13:38:08 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-06-18 13:37:32 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-06-18 13:37:32 223864 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-06-18 13:37:27 -------- d-----w- c:\windows\system32\drivers\VDD
2012-06-18 13:37:25 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-06-18 13:32:20 -------- d-----w- c:\users\eryl\appdata\roaming\Ad-Aware Antivirus
2012-06-14 07:21:11 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 07:21:11 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 07:21:11 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 07:20:55 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 07:20:55 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 16:33:53 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3c78c146-51dd-426b-b4f3-184cbc0b725a}\gapaengine.dll
2012-06-11 19:14:16 719872 ----a-w- c:\windows\system32\devil.dll
2012-06-11 19:14:16 369152 ----a-w- c:\windows\system32\avisynth.dll
2012-06-11 19:14:15 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2012-06-11 19:14:15 70656 ----a-w- c:\windows\system32\i420vfw.dll
2012-06-11 19:14:15 32256 ----a-w- c:\windows\system32\AVSredirect.dll
2012-06-11 19:14:03 -------- d-----w- c:\program files\AviSynth 2.5
2012-06-11 19:04:52 327749 ----a-w- c:\windows\system32\drvc.dll
2012-06-11 19:04:35 17280 ----a-w- c:\windows\system32\roboot.exe
2012-06-11 19:04:27 -------- d-----w- c:\users\eryl\appdata\roaming\systweak
2012-06-11 19:03:57 -------- d-----w- c:\program files\Web Assistant
2012-06-11 19:03:13 -------- d-----w- c:\program files\eRightSoft
2012-06-11 18:47:25 -------- d-----w- c:\program files\NCH Software
2012-06-11 18:47:23 -------- d-----w- c:\users\eryl\appdata\roaming\NCH Software
2012-06-02 09:54:25 -------- d-----w- c:\program files\common files\xing shared
.
==================== Find3M ====================
.
2012-06-23 23:39:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 23:39:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 09:53:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-02 09:53:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-03-29 13:18:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 23:27:05.85 ===============


From checkup.txt:

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Lavasoft Ad-Aware
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
MVPS Hosts File
Spybot - Search & Destroy
CCleaner
Java™ 6 Update 31
Java™ SE Runtime Environment 6
Java version out of Date!
Adobe Flash Player 11.3.300.262
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````


From Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:32:20, on 25/06/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Eryl\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.g...smb&ibd=2080124
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [EKAIO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [bdinstaller] "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe" /args:"/after_restart"
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Launcher.lnk = C:\Program Files\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OrangeMobileBroadband_Service - Unknown owner - C:\Program Files\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10256 bytes



Would appreciate your help, thank you.

EDIT: The guide you used is not a very good one... Ad-Aware and Spybot are not very effective... CCleaner, if not used carefully, can cripple your system... Please wait for a helper to take you further...

Edited by Budfred, 25 June 2012 - 07:29 AM.


#2 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,021 posts

Posted 25 June 2012 - 07:50 PM

Hello enoz. Welcome to SWI.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your Desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here or here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt, and the TDSS log in your next reply for further review.
How is the computer performing now?


Rocket Grannie

a45.gif
 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.


#3 enoz

enoz

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 29 June 2012 - 07:59 AM

Hi, thank you for your reply and help. Here are both log reports below. When I ran combofix the first time I realised I had not followed the instructions to save it on my desktop first - so I stopped it almost immediately and moved it to my desktop. I then started it again and left it running when it reached the Stages, but when I returned I didn't see the log file as expected - my computer was instead starting up again, as if it had been rebooted (it's plugged in by mains and with battery). I therefore had to run it again, so the log file below is from that (3rd) attempt, where it did finish as expected, with no reboot.

My computer's still a bit sluggish but the redirection process in my browser has stopped when I type to search in my address bar - so looking good. Thanks again.

13:30:08.0802 5672 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
13:30:08.0946 5672 ============================================================
13:30:08.0946 5672 Current date / time: 2012/06/26 13:30:08.0946
13:30:08.0947 5672 SystemInfo:
13:30:08.0947 5672
13:30:08.0947 5672 OS Version: 6.0.6002 ServicePack: 2.0
13:30:08.0947 5672 Product type: Workstation
13:30:08.0947 5672 ComputerName: ERYL-PC
13:30:08.0948 5672 UserName: Eryl
13:30:08.0948 5672 Windows directory: C:\Windows
13:30:08.0948 5672 System windows directory: C:\Windows
13:30:08.0948 5672 Processor architecture: Intel x86
13:30:08.0948 5672 Number of processors: 2
13:30:08.0948 5672 Page size: 0x1000
13:30:08.0948 5672 Boot type: Normal boot
13:30:08.0948 5672 ============================================================
13:30:10.0218 5672 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:30:10.0225 5672 Drive \Device\Harddisk1\DR1 - Size: 0x76E480000 (29.72 Gb), SectorSize: 0x200, Cylinders: 0xF28, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:30:10.0227 5672 ============================================================
13:30:10.0227 5672 \Device\Harddisk0\DR0:
13:30:10.0227 5672 MBR partitions:
13:30:10.0227 5672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3B000, BlocksNum 0x1400000
13:30:10.0227 5672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x143B000, BlocksNum 0x110DE000
13:30:10.0248 5672 \Device\Harddisk1\DR1:
13:30:10.0249 5672 MBR partitions:
13:30:10.0249 5672 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x3B70400
13:30:10.0249 5672 ============================================================
13:30:10.0295 5672 C: <-> \Device\Harddisk0\DR0\Partition1
13:30:10.0327 5672 D: <-> \Device\Harddisk0\DR0\Partition0
13:30:10.0327 5672 ============================================================
13:30:10.0327 5672 Initialize success
13:30:10.0328 5672 ============================================================
13:30:13.0388 5984 ============================================================
13:30:13.0388 5984 Scan started
13:30:13.0388 5984 Mode: Manual;
13:30:13.0388 5984 ============================================================
13:30:14.0170 5984 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:30:14.0179 5984 ACPI - ok
13:30:14.0361 5984 Ad-Aware Service (09e61047b0cef21559cfcedf4f14d216) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
13:30:14.0383 5984 Ad-Aware Service - ok
13:30:14.0473 5984 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:30:14.0479 5984 AdobeARMservice - ok
13:30:14.0693 5984 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:30:14.0724 5984 AdobeFlashPlayerUpdateSvc - ok
13:30:14.0832 5984 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:30:14.0872 5984 adp94xx - ok
13:30:14.0922 5984 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:30:14.0932 5984 adpahci - ok
13:30:14.0980 5984 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:30:15.0001 5984 adpu160m - ok
13:30:15.0056 5984 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:30:15.0064 5984 adpu320 - ok
13:30:15.0123 5984 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:30:15.0130 5984 AeLookupSvc - ok
13:30:15.0210 5984 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:30:15.0244 5984 AFD - ok
13:30:15.0290 5984 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
13:30:15.0321 5984 agp440 - ok
13:30:15.0357 5984 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:30:15.0366 5984 aic78xx - ok
13:30:15.0400 5984 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:30:15.0406 5984 ALG - ok
13:30:15.0439 5984 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
13:30:15.0471 5984 aliide - ok
13:30:15.0514 5984 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
13:30:15.0545 5984 amdagp - ok
13:30:15.0562 5984 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
13:30:15.0592 5984 amdide - ok
13:30:15.0624 5984 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:30:15.0631 5984 AmdK7 - ok
13:30:15.0656 5984 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
13:30:15.0663 5984 AmdK8 - ok
13:30:15.0703 5984 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys
13:30:15.0710 5984 androidusb - ok
13:30:15.0760 5984 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:30:15.0769 5984 Appinfo - ok
13:30:15.0894 5984 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:30:15.0909 5984 Apple Mobile Device - ok
13:30:15.0995 5984 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
13:30:16.0002 5984 AppMgmt - ok
13:30:16.0039 5984 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:30:16.0044 5984 arc - ok
13:30:16.0064 5984 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:30:16.0068 5984 arcsas - ok
13:30:16.0108 5984 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:30:16.0111 5984 AsyncMac - ok
13:30:16.0133 5984 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:30:16.0136 5984 atapi - ok
13:30:16.0190 5984 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:30:16.0200 5984 AudioEndpointBuilder - ok
13:30:16.0211 5984 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:30:16.0219 5984 Audiosrv - ok
13:30:16.0288 5984 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
13:30:16.0295 5984 bcm4sbxp - ok
13:30:16.0345 5984 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:30:16.0352 5984 Beep - ok
13:30:16.0426 5984 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
13:30:16.0462 5984 BFE - ok
13:30:16.0562 5984 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
13:30:16.0587 5984 BITS - ok
13:30:16.0597 5984 blbdrive - ok
13:30:16.0731 5984 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:30:16.0746 5984 Bonjour Service - ok
13:30:16.0784 5984 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:30:16.0791 5984 bowser - ok
13:30:16.0834 5984 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:30:16.0840 5984 BrFiltLo - ok
13:30:16.0856 5984 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:30:16.0862 5984 BrFiltUp - ok
13:30:16.0898 5984 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:30:16.0905 5984 Browser - ok
13:30:16.0944 5984 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:30:16.0951 5984 Brserid - ok
13:30:16.0968 5984 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:30:16.0975 5984 BrSerWdm - ok
13:30:17.0007 5984 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:30:17.0012 5984 BrUsbMdm - ok
13:30:17.0022 5984 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:30:17.0028 5984 BrUsbSer - ok
13:30:17.0045 5984 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:30:17.0052 5984 BTHMODEM - ok
13:30:17.0093 5984 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
13:30:17.0100 5984 BthServ - ok
13:30:17.0148 5984 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
13:30:17.0392 5984 BVRPMPR5 - ok
13:30:17.0457 5984 bvzneffn - ok
13:30:17.0496 5984 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:30:17.0505 5984 cdfs - ok
13:30:17.0551 5984 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:30:17.0559 5984 cdrom - ok
13:30:17.0619 5984 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:30:17.0626 5984 CertPropSvc - ok
13:30:17.0652 5984 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:30:17.0659 5984 circlass - ok
13:30:17.0719 5984 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:30:17.0729 5984 CLFS - ok
13:30:17.0804 5984 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:30:17.0810 5984 clr_optimization_v2.0.50727_32 - ok
13:30:17.0882 5984 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:30:17.0934 5984 clr_optimization_v4.0.30319_32 - ok
13:30:17.0970 5984 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:30:17.0976 5984 CmBatt - ok
13:30:18.0010 5984 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
13:30:18.0040 5984 cmdide - ok
13:30:18.0083 5984 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:30:18.0089 5984 Compbatt - ok
13:30:18.0098 5984 COMSysApp - ok
13:30:18.0121 5984 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:30:18.0128 5984 crcdisk - ok
13:30:18.0148 5984 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:30:18.0155 5984 Crusoe - ok
13:30:18.0202 5984 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
13:30:18.0210 5984 CryptSvc - ok
13:30:18.0285 5984 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
13:30:18.0318 5984 CSC - ok
13:30:18.0391 5984 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
13:30:18.0417 5984 CscService - ok
13:30:18.0504 5984 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:30:18.0519 5984 DcomLaunch - ok
13:30:18.0588 5984 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:30:18.0597 5984 DfsC - ok
13:30:18.0672 5984 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:30:18.0678 5984 Dhcp - ok
13:30:18.0707 5984 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:30:18.0714 5984 disk - ok
13:30:18.0748 5984 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:30:18.0756 5984 Dnscache - ok
13:30:18.0843 5984 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:30:18.0859 5984 dot3svc - ok
13:30:18.0904 5984 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:30:18.0913 5984 DPS - ok
13:30:18.0945 5984 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:30:18.0950 5984 drmkaud - ok
13:30:19.0037 5984 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:30:19.0053 5984 DXGKrnl - ok
13:30:19.0105 5984 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
13:30:19.0120 5984 e1express - ok
13:30:19.0153 5984 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:30:19.0160 5984 E1G60 - ok
13:30:19.0206 5984 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:30:19.0209 5984 EapHost - ok
13:30:19.0252 5984 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:30:19.0261 5984 Ecache - ok
13:30:19.0318 5984 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:30:19.0352 5984 elxstor - ok
13:30:19.0447 5984 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:30:19.0463 5984 EMDMgmt - ok
13:30:19.0539 5984 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:30:19.0550 5984 EventSystem - ok
13:30:19.0704 5984 EvtEng (ba6063e3375f9bc11a9c8450a7f61e70) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:30:19.0723 5984 EvtEng - ok
13:30:19.0817 5984 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:30:19.0836 5984 exfat - ok
13:30:19.0869 5984 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:30:19.0887 5984 fastfat - ok
13:30:19.0917 5984 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
13:30:19.0923 5984 fdc - ok
13:30:19.0951 5984 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:30:19.0958 5984 fdPHost - ok
13:30:19.0998 5984 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:30:20.0005 5984 FDResPub - ok
13:30:20.0034 5984 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:30:20.0041 5984 FileInfo - ok
13:30:20.0075 5984 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:30:20.0081 5984 Filetrace - ok
13:30:20.0113 5984 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
13:30:20.0120 5984 flpydisk - ok
13:30:20.0151 5984 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:30:20.0163 5984 FltMgr - ok
13:30:20.0282 5984 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
13:30:20.0303 5984 FontCache - ok
13:30:20.0386 5984 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:30:20.0394 5984 FontCache3.0.0.0 - ok
13:30:20.0424 5984 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
13:30:20.0430 5984 Fs_Rec - ok
13:30:20.0463 5984 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:30:20.0469 5984 gagp30kx - ok
13:30:20.0521 5984 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:30:20.0528 5984 GEARAspiWDM - ok
13:30:20.0617 5984 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:30:20.0634 5984 gpsvc - ok
13:30:20.0745 5984 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:30:20.0754 5984 gupdate - ok
13:30:20.0771 5984 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:30:20.0775 5984 gupdatem - ok
13:30:20.0827 5984 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:30:20.0835 5984 gusvc - ok
13:30:20.0906 5984 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:30:20.0921 5984 HDAudBus - ok
13:30:20.0959 5984 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:30:20.0965 5984 HidBth - ok
13:30:20.0987 5984 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:30:20.0993 5984 HidIr - ok
13:30:21.0034 5984 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
13:30:21.0041 5984 hidserv - ok
13:30:21.0083 5984 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:30:21.0089 5984 HidUsb - ok
13:30:21.0137 5984 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:30:21.0149 5984 hkmsvc - ok
13:30:21.0205 5984 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:30:21.0224 5984 HpCISSs - ok
13:30:21.0356 5984 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:30:21.0399 5984 HSF_DPV - ok
13:30:21.0434 5984 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:30:21.0439 5984 HSXHWAZL - ok
13:30:21.0489 5984 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:30:21.0496 5984 HTTP - ok
13:30:21.0552 5984 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys
13:30:21.0564 5984 hwdatacard - ok
13:30:21.0629 5984 hwusbfake (1d4d6d24256f61e6b08a3cf8184a78b8) C:\Windows\system32\DRIVERS\ewusbfake.sys
13:30:21.0632 5984 hwusbfake - ok
13:30:21.0663 5984 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:30:21.0669 5984 i2omp - ok
13:30:21.0721 5984 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:30:21.0729 5984 i8042prt - ok
13:30:21.0776 5984 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
13:30:21.0782 5984 iaStor - ok
13:30:21.0838 5984 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:30:21.0854 5984 iaStorV - ok
13:30:21.0984 5984 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:30:21.0991 5984 IDriverT - ok
13:30:22.0115 5984 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:30:22.0160 5984 idsvc - ok
13:30:22.0296 5984 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:30:22.0304 5984 iirsp - ok
13:30:22.0370 5984 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:30:22.0384 5984 IKEEXT - ok
13:30:22.0438 5984 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
13:30:22.0468 5984 intelide - ok
13:30:22.0503 5984 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:30:22.0509 5984 intelppm - ok
13:30:22.0553 5984 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:30:22.0563 5984 IPBusEnum - ok
13:30:22.0610 5984 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:30:22.0612 5984 IpFilterDriver - ok
13:30:22.0651 5984 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
13:30:22.0656 5984 iphlpsvc - ok
13:30:22.0660 5984 IpInIp - ok
13:30:22.0696 5984 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:30:22.0704 5984 IPMIDRV - ok
13:30:22.0743 5984 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:30:22.0750 5984 IPNAT - ok
13:30:22.0866 5984 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
13:30:22.0885 5984 iPod Service - ok
13:30:22.0916 5984 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:30:22.0921 5984 IRENUM - ok
13:30:22.0954 5984 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
13:30:22.0984 5984 isapnp - ok
13:30:23.0038 5984 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:30:23.0046 5984 iScsiPrt - ok
13:30:23.0076 5984 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:30:23.0084 5984 iteatapi - ok
13:30:23.0100 5984 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:30:23.0107 5984 iteraid - ok
13:30:23.0146 5984 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:30:23.0153 5984 kbdclass - ok
13:30:23.0173 5984 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys
13:30:23.0178 5984 kbdhid - ok
13:30:23.0214 5984 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:30:23.0225 5984 KeyIso - ok
13:30:23.0392 5984 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
13:30:23.0435 5984 Kodak AiO Network Discovery Service - ok
13:30:23.0515 5984 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
13:30:23.0543 5984 KSecDD - ok
13:30:23.0626 5984 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:30:23.0640 5984 KtmRm - ok
13:30:23.0674 5984 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
13:30:23.0686 5984 LanmanServer - ok
13:30:23.0726 5984 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:30:23.0740 5984 LanmanWorkstation - ok
13:30:23.0786 5984 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:30:23.0792 5984 lltdio - ok
13:30:23.0837 5984 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:30:23.0854 5984 lltdsvc - ok
13:30:23.0890 5984 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:30:23.0898 5984 lmhosts - ok
13:30:23.0931 5984 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:30:23.0939 5984 LSI_FC - ok
13:30:23.0956 5984 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:30:23.0964 5984 LSI_SAS - ok
13:30:24.0007 5984 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:30:24.0018 5984 LSI_SCSI - ok
13:30:24.0054 5984 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:30:24.0065 5984 luafv - ok
13:30:24.0097 5984 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
13:30:24.0103 5984 MBAMProtector - ok
13:30:24.0191 5984 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:30:24.0208 5984 MBAMService - ok
13:30:24.0242 5984 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:30:24.0248 5984 mdmxsdk - ok
13:30:24.0302 5984 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:30:24.0305 5984 megasas - ok
13:30:24.0363 5984 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:30:24.0370 5984 Microsoft Office Groove Audit Service - ok
13:30:24.0410 5984 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:30:24.0419 5984 MMCSS - ok
13:30:24.0459 5984 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:30:24.0465 5984 Modem - ok
13:30:24.0503 5984 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:30:24.0509 5984 monitor - ok
13:30:24.0529 5984 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:30:24.0536 5984 mouclass - ok
13:30:24.0577 5984 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:30:24.0583 5984 mouhid - ok
13:30:24.0621 5984 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:30:24.0628 5984 MountMgr - ok
13:30:24.0704 5984 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:30:24.0711 5984 MozillaMaintenance - ok
13:30:24.0756 5984 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
13:30:24.0764 5984 MpFilter - ok
13:30:24.0826 5984 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:30:24.0834 5984 mpio - ok
13:30:24.0969 5984 MpKsl5973fd37 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BCF65028-06D0-4C31-B04E-21989633D2C5}\MpKsl5973fd37.sys
13:30:24.0994 5984 MpKsl5973fd37 - ok
13:30:25.0037 5984 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:30:25.0049 5984 mpsdrv - ok
13:30:25.0116 5984 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
13:30:25.0131 5984 MpsSvc - ok
13:30:25.0186 5984 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:30:25.0194 5984 Mraid35x - ok
13:30:25.0234 5984 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:30:25.0244 5984 MRxDAV - ok
13:30:25.0280 5984 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:30:25.0287 5984 mrxsmb - ok
13:30:25.0347 5984 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:30:25.0362 5984 mrxsmb10 - ok
13:30:25.0398 5984 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:30:25.0405 5984 mrxsmb20 - ok
13:30:25.0428 5984 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
13:30:25.0461 5984 msahci - ok
13:30:25.0499 5984 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:30:25.0507 5984 msdsm - ok
13:30:25.0553 5984 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:30:25.0564 5984 MSDTC - ok
13:30:25.0608 5984 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:30:25.0614 5984 Msfs - ok
13:30:25.0650 5984 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:30:25.0657 5984 msisadrv - ok
13:30:25.0698 5984 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:30:25.0719 5984 MSiSCSI - ok
13:30:25.0728 5984 msiserver - ok
13:30:25.0765 5984 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:30:25.0771 5984 MSKSSRV - ok
13:30:25.0855 5984 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:30:25.0861 5984 MsMpSvc - ok
13:30:25.0899 5984 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:30:25.0905 5984 MSPCLOCK - ok
13:30:25.0916 5984 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:30:25.0923 5984 MSPQM - ok
13:30:25.0970 5984 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:30:25.0987 5984 MsRPC - ok
13:30:26.0023 5984 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:30:26.0029 5984 mssmbios - ok
13:30:26.0040 5984 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:30:26.0046 5984 MSTEE - ok
13:30:26.0071 5984 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:30:26.0074 5984 Mup - ok
13:30:26.0122 5984 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:30:26.0127 5984 napagent - ok
13:30:26.0171 5984 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:30:26.0179 5984 NativeWifiP - ok
13:30:26.0266 5984 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:30:26.0281 5984 NDIS - ok
13:30:26.0319 5984 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:30:26.0325 5984 NdisTapi - ok
13:30:26.0359 5984 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:30:26.0365 5984 Ndisuio - ok
13:30:26.0407 5984 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:30:26.0428 5984 NdisWan - ok
13:30:26.0453 5984 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:30:26.0460 5984 NDProxy - ok
13:30:26.0530 5984 Net Driver HPZ12 (80b7a96f908da13617e7e6832c5c6a64) C:\Windows\system32\HPZinw12.dll
13:30:26.0538 5984 Net Driver HPZ12 - ok
13:30:26.0574 5984 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:30:26.0580 5984 NetBIOS - ok
13:30:26.0618 5984 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:30:26.0638 5984 netbt - ok
13:30:26.0667 5984 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:30:26.0672 5984 Netlogon - ok
13:30:26.0736 5984 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:30:26.0750 5984 Netman - ok
13:30:26.0843 5984 NetMsmqActivator (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:30:26.0851 5984 NetMsmqActivator - ok
13:30:26.0862 5984 NetPipeActivator (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:30:26.0867 5984 NetPipeActivator - ok
13:30:26.0915 5984 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:30:26.0928 5984 netprofm - ok
13:30:26.0946 5984 NetTcpActivator (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:30:26.0951 5984 NetTcpActivator - ok
13:30:26.0960 5984 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:30:26.0964 5984 NetTcpPortSharing - ok
13:30:27.0180 5984 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
13:30:27.0224 5984 NETw4v32 - ok
13:30:27.0723 5984 NETw5v32 (ba420e8ebfcad35581fe8e4c64f71469) C:\Windows\system32\DRIVERS\NETw5v32.sys
13:30:27.0791 5984 NETw5v32 - ok
13:30:27.0917 5984 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:30:27.0925 5984 nfrd960 - ok
13:30:27.0956 5984 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:30:27.0966 5984 NisDrv - ok
13:30:28.0042 5984 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
13:30:28.0061 5984 NisSrv - ok
13:30:28.0118 5984 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:30:28.0129 5984 NlaSvc - ok
13:30:28.0169 5984 nlsX86cc (23688f610a5a16dd8b4d93d2f7bd44f6) C:\Windows\system32\NLSSRV32.EXE
13:30:28.0179 5984 nlsX86cc - ok
13:30:28.0207 5984 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:30:28.0215 5984 Npfs - ok
13:30:28.0253 5984 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:30:28.0263 5984 nsi - ok
13:30:28.0298 5984 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:30:28.0304 5984 nsiproxy - ok
13:30:28.0430 5984 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:30:28.0485 5984 Ntfs - ok
13:30:28.0521 5984 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:30:28.0530 5984 ntrigdigi - ok
13:30:28.0584 5984 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:30:28.0594 5984 Null - ok
13:30:29.0338 5984 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:30:29.0407 5984 nvlddmkm - ok
13:30:29.0590 5984 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
13:30:29.0597 5984 nvraid - ok
13:30:29.0613 5984 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
13:30:29.0620 5984 nvstor - ok
13:30:29.0669 5984 nvsvc (ded8f2c0070478f13c37f7bd849b83fa) C:\Windows\system32\nvvsvc.exe
13:30:29.0700 5984 nvsvc - ok
13:30:29.0735 5984 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
13:30:29.0767 5984 nv_agp - ok
13:30:29.0777 5984 NwlnkFlt - ok
13:30:29.0792 5984 NwlnkFwd - ok
13:30:29.0958 5984 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:30:29.0984 5984 odserv - ok
13:30:30.0045 5984 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
13:30:30.0071 5984 OEM02Dev - ok
13:30:30.0094 5984 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
13:30:30.0100 5984 OEM02Vfx - ok
13:30:30.0149 5984 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:30:30.0155 5984 ohci1394 - ok
13:30:30.0249 5984 OrangeMobileBroadband_Service (6ad008e1dfb1b1e53b1420fc64055090) C:\Program Files\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe
13:30:30.0827 5984 OrangeMobileBroadband_Service - ok
13:30:30.0977 5984 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:30:30.0984 5984 ose - ok
13:30:31.0073 5984 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:30:31.0112 5984 p2pimsvc - ok
13:30:31.0130 5984 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:30:31.0145 5984 p2psvc - ok
13:30:31.0215 5984 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:30:31.0222 5984 Parport - ok
13:30:31.0261 5984 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
13:30:31.0269 5984 partmgr - ok
13:30:31.0309 5984 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:30:31.0315 5984 Parvdm - ok
13:30:31.0358 5984 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:30:31.0368 5984 PcaSvc - ok
13:30:31.0409 5984 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:30:31.0430 5984 pci - ok
13:30:31.0461 5984 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:30:31.0468 5984 pciide - ok
13:30:31.0501 5984 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:30:31.0519 5984 pcmcia - ok
13:30:31.0625 5984 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:30:31.0667 5984 PEAUTH - ok
13:30:31.0850 5984 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:30:31.0883 5984 pla - ok
13:30:32.0034 5984 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:30:32.0049 5984 PlugPlay - ok
13:30:32.0099 5984 Pml Driver HPZ12 (0c155c5d8942b3cbcf9506a9d376b9ad) C:\Windows\system32\HPZipm12.dll
13:30:32.0108 5984 Pml Driver HPZ12 - ok
13:30:32.0181 5984 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:30:32.0187 5984 PNRPAutoReg - ok
13:30:32.0195 5984 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:30:32.0201 5984 PNRPsvc - ok
13:30:32.0255 5984 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:30:32.0278 5984 PolicyAgent - ok
13:30:32.0370 5984 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:30:32.0378 5984 PptpMiniport - ok
13:30:32.0407 5984 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:30:32.0413 5984 Processor - ok
13:30:32.0442 5984 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:30:32.0454 5984 ProfSvc - ok
13:30:32.0485 5984 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:30:32.0491 5984 ProtectedStorage - ok
13:30:32.0531 5984 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:30:32.0537 5984 PSched - ok
13:30:32.0661 5984 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:30:32.0679 5984 ql2300 - ok
13:30:32.0708 5984 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:30:32.0728 5984 ql40xx - ok
13:30:32.0783 5984 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:30:32.0801 5984 QWAVE - ok
13:30:32.0830 5984 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:30:32.0833 5984 QWAVEdrv - ok
13:30:32.0988 5984 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
13:30:33.0082 5984 R300 - ok
13:30:33.0174 5984 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
13:30:33.0181 5984 RapiMgr - ok
13:30:33.0300 5984 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:30:33.0306 5984 RasAcd - ok
13:30:33.0347 5984 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:30:33.0358 5984 RasAuto - ok
13:30:33.0413 5984 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:30:33.0422 5984 Rasl2tp - ok
13:30:33.0477 5984 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:30:33.0491 5984 RasMan - ok
13:30:33.0521 5984 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:30:33.0527 5984 RasPppoe - ok
13:30:33.0557 5984 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:30:33.0566 5984 RasSstp - ok
13:30:33.0620 5984 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:30:33.0646 5984 rdbss - ok
13:30:33.0669 5984 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:30:33.0675 5984 RDPCDD - ok
13:30:33.0730 5984 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
13:30:33.0739 5984 rdpdr - ok
13:30:33.0756 5984 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:30:33.0762 5984 RDPENCDD - ok
13:30:33.0823 5984 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
13:30:33.0840 5984 RDPWD - ok
13:30:33.0986 5984 RegSrvc (7eeeec28a34516e66137f355dcc15bdb) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:30:33.0998 5984 RegSrvc - ok
13:30:34.0046 5984 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:30:34.0068 5984 RemoteAccess - ok
13:30:34.0109 5984 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:30:34.0120 5984 RemoteRegistry - ok
13:30:34.0147 5984 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
13:30:34.0154 5984 rimmptsk - ok
13:30:34.0193 5984 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
13:30:34.0200 5984 rimsptsk - ok
13:30:34.0219 5984 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
13:30:34.0226 5984 rismxdp - ok
13:30:34.0251 5984 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:30:34.0262 5984 RpcLocator - ok
13:30:34.0349 5984 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:30:34.0363 5984 RpcSs - ok
13:30:34.0398 5984 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:30:34.0405 5984 rspndr - ok
13:30:34.0429 5984 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:30:34.0434 5984 SamSs - ok
13:30:34.0827 5984 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
13:30:34.0890 5984 SBAMSvc - ok
13:30:35.0083 5984 sbapifs (3fff8cda4d2f29ca06f1557e85163c30) C:\Windows\system32\DRIVERS\sbapifs.sys
13:30:35.0229 5984 sbapifs - ok
13:30:35.0275 5984 SbFw (bcf3ba30c1cfa2942cf26c31384b37c7) C:\Windows\system32\drivers\SbFw.sys
13:30:35.0325 5984 SbFw - ok
13:30:35.0363 5984 SBFWIMCL (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\sbfwim.sys
13:30:35.0369 5984 SBFWIMCL - ok
13:30:35.0388 5984 SBFWIMCLMP (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\SBFWIM.sys
13:30:35.0392 5984 SBFWIMCLMP - ok
13:30:35.0440 5984 sbhips (1afd7178ab9c4fce2d332da7aa474fa6) C:\Windows\system32\drivers\sbhips.sys
13:30:35.0447 5984 sbhips - ok
13:30:35.0479 5984 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\Windows\system32\Drivers\SBKUPNT.SYS
13:30:35.0485 5984 SBKUPNT - ok
13:30:35.0523 5984 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:30:35.0529 5984 sbp2port - ok
13:30:35.0561 5984 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\Windows\system32\drivers\SBREdrv.sys
13:30:35.0910 5984 SBRE - ok
13:30:36.0151 5984 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
13:30:36.0176 5984 SBSDWSCService - ok
13:30:36.0366 5984 sbwtis (9bdf801a6c78e3f1e6fa1c5ca90baa8a) C:\Windows\system32\DRIVERS\sbwtis.sys
13:30:36.0374 5984 sbwtis - ok
13:30:36.0430 5984 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:30:36.0451 5984 SCardSvr - ok
13:30:36.0496 5984 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
13:30:36.0505 5984 SCDEmu - ok
13:30:36.0593 5984 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:30:36.0611 5984 Schedule - ok
13:30:36.0651 5984 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:30:36.0653 5984 SCPolicySvc - ok
13:30:36.0705 5984 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
13:30:36.0725 5984 sdbus - ok
13:30:36.0773 5984 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:30:36.0784 5984 SDRSVC - ok
13:30:36.0814 5984 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:30:36.0821 5984 secdrv - ok
13:30:36.0853 5984 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:30:36.0863 5984 seclogon - ok
13:30:36.0884 5984 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
13:30:36.0895 5984 SENS - ok
13:30:36.0913 5984 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:30:36.0920 5984 Serenum - ok
13:30:36.0941 5984 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:30:36.0952 5984 Serial - ok
13:30:36.0970 5984 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:30:36.0978 5984 sermouse - ok
13:30:37.0022 5984 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:30:37.0034 5984 SessionEnv - ok
13:30:37.0069 5984 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
13:30:37.0076 5984 sffdisk - ok
13:30:37.0104 5984 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
13:30:37.0109 5984 sffp_mmc - ok
13:30:37.0122 5984 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:30:37.0128 5984 sffp_sd - ok
13:30:37.0159 5984 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:30:37.0167 5984 sfloppy - ok
13:30:37.0212 5984 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:30:37.0224 5984 SharedAccess - ok
13:30:37.0278 5984 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
13:30:37.0292 5984 ShellHWDetection - ok
13:30:37.0326 5984 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
13:30:37.0357 5984 sisagp - ok
13:30:37.0395 5984 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:30:37.0403 5984 SiSRaid2 - ok
13:30:37.0428 5984 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:30:37.0437 5984 SiSRaid4 - ok
13:30:37.0773 5984 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:30:37.0834 5984 slsvc - ok
13:30:37.0958 5984 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
13:30:37.0964 5984 SLUINotify - ok
13:30:38.0024 5984 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:30:38.0033 5984 Smb - ok
13:30:38.0079 5984 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:30:38.0089 5984 SNMPTRAP - ok
13:30:38.0125 5984 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:30:38.0132 5984 spldr - ok
13:30:38.0187 5984 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:30:38.0199 5984 Spooler - ok
13:30:38.0255 5984 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:30:38.0266 5984 srv - ok
13:30:38.0313 5984 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:30:38.0331 5984 srv2 - ok
13:30:38.0352 5984 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:30:38.0364 5984 srvnet - ok
13:30:38.0412 5984 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
13:30:38.0432 5984 ssadbus - ok
13:30:38.0463 5984 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
13:30:38.0469 5984 ssadmdfl - ok
13:30:38.0513 5984 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
13:30:38.0520 5984 ssadmdm - ok
13:30:38.0567 5984 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\Windows\system32\DRIVERS\ssadserd.sys
13:30:38.0588 5984 ssadserd - ok
13:30:38.0643 5984 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:30:38.0655 5984 SSDPSRV - ok
13:30:38.0710 5984 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:30:38.0722 5984 SstpSvc - ok
13:30:38.0764 5984 STacSV (b218068eba6f46f102b4218bdb81be0b) C:\Windows\system32\STacSV.exe
13:30:38.0776 5984 STacSV - ok
13:30:38.0837 5984 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
13:30:38.0861 5984 STHDA - ok
13:30:38.0895 5984 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
13:30:38.0901 5984 StillCam - ok
13:30:38.0969 5984 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:30:38.0986 5984 stisvc - ok
13:30:39.0008 5984 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:30:39.0015 5984 swenum - ok
13:30:39.0079 5984 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:30:39.0094 5984 swprv - ok
13:30:39.0125 5984 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:30:39.0132 5984 Symc8xx - ok
13:30:39.0158 5984 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:30:39.0165 5984 Sym_hi - ok
13:30:39.0179 5984 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:30:39.0187 5984 Sym_u3 - ok
13:30:39.0249 5984 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
13:30:39.0267 5984 SynTP - ok
13:30:39.0352 5984 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:30:39.0371 5984 SysMain - ok
13:30:39.0400 5984 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:30:39.0414 5984 TabletInputService - ok
13:30:39.0471 5984 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:30:39.0484 5984 TapiSrv - ok
13:30:39.0522 5984 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:30:39.0533 5984 TBS - ok
13:30:39.0646 5984 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
13:30:39.0666 5984 Tcpip - ok
13:30:39.0694 5984 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
13:30:39.0709 5984 Tcpip6 - ok
13:30:39.0741 5984 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
13:30:39.0747 5984 tcpipreg - ok
13:30:39.0787 5984 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:30:39.0793 5984 TDPIPE - ok
13:30:39.0825 5984 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:30:39.0831 5984 TDTCP - ok
13:30:39.0877 5984 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:30:39.0886 5984 tdx - ok
13:30:39.0925 5984 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:30:39.0937 5984 TermDD - ok
13:30:40.0011 5984 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:30:40.0047 5984 TermService - ok
13:30:40.0111 5984 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
13:30:40.0121 5984 Themes - ok
13:30:40.0155 5984 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:30:40.0161 5984 THREADORDER - ok
13:30:40.0194 5984 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:30:40.0206 5984 TrkWks - ok
13:30:40.0267 5984 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
13:30:40.0273 5984 TrustedInstaller - ok
13:30:40.0337 5984 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:30:40.0342 5984 tssecsrv - ok
13:30:40.0376 5984 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:30:40.0381 5984 tunmp - ok
13:30:40.0406 5984 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:30:40.0413 5984 tunnel - ok
13:30:40.0451 5984 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:30:40.0459 5984 uagp35 - ok
13:30:40.0511 5984 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:30:40.0520 5984 udfs - ok
13:30:40.0561 5984 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:30:40.0573 5984 UI0Detect - ok
13:30:40.0615 5984 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
13:30:40.0647 5984 uliagpkx - ok
13:30:40.0692 5984 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:30:40.0718 5984 uliahci - ok
13:30:40.0746 5984 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:30:40.0753 5984 UlSata - ok
13:30:40.0770 5984 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:30:40.0785 5984 ulsata2 - ok
13:30:40.0814 5984 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:30:40.0821 5984 umbus - ok
13:30:40.0876 5984 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
13:30:40.0890 5984 UmRdpService - ok
13:30:40.0951 5984 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:30:40.0965 5984 upnphost - ok
13:30:41.0013 5984 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
13:30:41.0020 5984 USBAAPL - ok
13:30:41.0063 5984 usbccgp (

#4 enoz

enoz

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 29 June 2012 - 12:13 PM

Hi again,

I have just started to get the 'Mystart.Incredibar' problem again - I started up my firewalls/antivirus software after disabling them earlier to use Combofix, and though the internet seemed to be working smoothly for a few hours it has now gone back to redirecting to Mystart again (though only twice in the past few hours so far, so not too frequent yet). Ad-aware doesn't seem to be blocking it anymore either (not sure if I have restored the right settings in Adaware since turning it off?).

Would appreciate your help.

#5 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,021 posts

Posted 29 June 2012 - 07:14 PM

Hello enoz.

My computer's still a bit sluggish

This could be caused by too many security programs on the system.

You have two security programs on the machine. Ad Aware and Microsoft Security Essentials.
This is very dangerous, as multiple antivirus/anti-spyware programs can interfere with one another and actually allow more viruses to get through.
It is important that only one antivirus/anti-spyware program is running real time protection.
I strongly suggest you either (1) uninstall one of the programs through Control Panel->Programs and features.
OR (2) keep both programs, but leave one of them disabled most of the time.
You can still use it for scanning your computer.

You also have two firewalls active. Windows firewall and Ad Aware. Please turn one of these off.

Reboot the computer.

Now, please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop.
Do NOT run it yet.

Close/disable all antivirus and anti malware programs so they do not interfere with the running of ComboFix.

Open Notepad:- Click Start->All Programs->Accessories click Notepad
Do not use any other text editor than Notepad or the script will fail.
Copy/paste the text in the quote box below into Notepad:

KILLALL::

Firefox::
FF - ProfilePath - c:\users\Eryl\AppData\Roaming\Mozilla\Firefox\Profiles\j8nhnjbp.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyEEs39y6&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 0a53d8e7000000000000001cbf908507
FF - user.js: extensions.incredibar_i.instlDay - 15502
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1420:04
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyEEs39y6
FF - user.js: extensions.incredibar_i.upn2n - 92261568522662926
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10604
FF - user.js: extensions.incredibar_i.ppd -


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), it will produce a log for you. Post that log in your next reply please.

Please reboot the computer (if ComboFix did not ask for a reboot)

Clean your Cache and Cookies in Firefox:

Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Private Data).
Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

Please post:
ComboFix log.
Any problems remaining.



Rocket Grannie

a45.gif
 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.


#6 enoz

enoz

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 30 June 2012 - 01:10 PM

Thanks again for your time and help. I've now removed Ad Aware from my computer as suggested. I haven't seen the Mystart.Incredibar page so far.

The 'options' page in my firefox appears different to how you describe - I couldn't see any option under 'Privacy' for a list of History, Cookies and Private Data with 'clear' buttons, but I selected 'settings' and selected for it to clear all data and history upon exiting firefox. I then exited firefox so am guessing this is done now? I also clicked on 'Show Cookies' and selected 'Remove all' in there.

Computer is definitely performing quicker - e.g. MS Word opens immediately instead of taking a good 30 secs to respond.


Here is my log:

ComboFix 12-06-28.03 - Eryl 30/06/2012 18:11:16.3.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3069.2028 [GMT 1:00]
Running from: c:\users\Eryl\Desktop\ComboFix.exe
Command switches used :: c:\users\Eryl\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
.
.
2012-06-30 17:17 . 2012-06-30 17:21 -------- d-----w- c:\users\Eryl\AppData\Local\temp
2012-06-30 17:17 . 2012-06-30 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-30 15:38 . 2012-06-30 15:38 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4F40882-7D07-4F02-9E45-B3BC471ADBB8}\offreg.dll
2012-06-30 13:12 . 2012-06-30 13:12 -------- d-----w- c:\programdata\GFI Software
2012-06-29 19:17 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4F40882-7D07-4F02-9E45-B3BC471ADBB8}\mpengine.dll
2012-06-29 12:43 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-28 22:07 . 2012-06-28 22:07 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-06-24 22:12 . 2012-06-25 12:13 -------- d-----w- c:\users\Eryl\AppData\Roaming\QuickScan
2012-06-24 16:50 . 2012-06-24 16:50 -------- d-----w- c:\users\Eryl\AppData\Roaming\Malwarebytes
2012-06-24 16:41 . 2012-06-24 16:41 -------- d-----w- c:\programdata\Malwarebytes
2012-06-24 16:41 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 16:41 . 2012-06-24 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-24 11:16 . 2012-06-24 11:16 -------- d-----w- c:\users\Eryl\AppData\Local\Macromedia
2012-06-22 13:15 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 13:15 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 13:15 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 13:15 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 13:15 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 13:15 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 13:15 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 13:14 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 13:14 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 18:08 . 2012-06-24 14:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-18 18:08 . 2012-06-18 19:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-18 13:37 . 2012-06-30 13:13 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-06-14 07:21 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 07:21 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 07:21 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 07:20 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 07:20 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 16:33 . 2012-02-11 10:56 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C78C146-51DD-426B-B4F3-184CBC0B725A}\gapaengine.dll
2012-06-11 19:14 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2012-06-11 19:14 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll
2012-06-11 19:14 . 2005-07-14 11:31 32256 ----a-w- c:\windows\system32\AVSredirect.dll
2012-06-11 19:14 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2012-06-11 19:14 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2012-06-11 19:14 . 2012-06-11 19:14 -------- d-----w- c:\program files\AviSynth 2.5
2012-06-11 19:04 . 2004-07-02 00:00 327749 ----a-w- c:\windows\system32\drvc.dll
2012-06-11 19:04 . 2012-06-11 22:04 -------- d-----w- c:\users\Eryl\AppData\Roaming\systweak
2012-06-11 19:04 . 2012-06-11 19:04 447 ----a-w- C:\user.js
2012-06-11 19:03 . 2012-06-29 12:12 -------- d-----w- c:\program files\Web Assistant
2012-06-11 19:03 . 2012-06-11 22:08 -------- d-----w- c:\program files\eRightSoft
2012-06-11 18:47 . 2012-06-11 21:12 -------- d-----w- c:\programdata\NCH Software
2012-06-11 18:47 . 2012-06-11 22:08 -------- d-----w- c:\program files\NCH Software
2012-06-11 18:47 . 2012-06-11 21:12 -------- d-----w- c:\users\Eryl\AppData\Roaming\NCH Software
2012-06-02 09:54 . 2012-06-02 09:54 -------- d-----w- c:\program files\Common Files\xing shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 23:39 . 2012-04-04 15:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 23:39 . 2011-06-01 07:40 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 09:53 . 2008-01-24 11:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-02 09:53 . 2008-01-24 11:48 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-04-03 08:16 . 2012-05-11 16:35 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-11 16:35 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-24 18:24 . 2012-03-18 11:33 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-12-10 2756608]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-02 296056]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launcher.lnk - c:\program files\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe [2011-11-2 505296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
backup=c:\windows\pss\Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Eryl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Eryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 16:43 118784 ----a-w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
c:\program files\Dell Support Center\bin\sprtcmd.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 11:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-12-03 05:58 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
c:\program files\Dell\MediaDirect\PCMService.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3554377867-2285584361-969781108-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:39]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 17:14]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 17:14]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Eryl\AppData\Roaming\Mozilla\Firefox\Profiles\j8nhnjbp.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-30 18:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Kodak\AiO\Center\EKAiOHostService.exe
c:\windows\system32\NLSSRV32.EXE
c:\program files\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\STacSV.exe
c:\program files\Web Assistant\ExtensionUpdaterService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-06-30 18:25:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-30 17:25
ComboFix2.txt 2012-06-29 12:39
.
Pre-Run: 18,788,069,376 bytes free
Post-Run: 18,736,066,560 bytes free
.
- - End Of File - - F43B0D1ABA7B0A2232E051252A23E090

#7 enoz

enoz

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 30 June 2012 - 01:29 PM

Could I also ask whether the combination of protection software I have on my computer at the moment is recommended? As far as I know I have: Spybot Search+Destroy, Malwarebytes, Windows Firewall with advanced security, MS Security Essentials all switched on. For some reason I can never seem to turn on Windows Defender though - it always crashes.

#8 enoz

enoz

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 30 June 2012 - 01:45 PM

Sorry to post again - thought I should mention that Mystart.Incredibar has just popped up again!

#9 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,021 posts

Posted 30 June 2012 - 11:56 PM

Hello enoz.

Sorry to post again

That's great that you told me. I need to know what is happening with the machine.

Could I also ask whether the combination of protection software I have on my computer at the moment is recommended?

I'll give you some recommendations for this after your computer is clean.

thought I should mention that Mystart.Incredibar has just popped up again!

Pesky little devil isn't it?

It's possible you may have to uninstall/reinstall Firefox.

Let's see if ESET will find it. If it doesn't then we'll have to go look for it.
Please scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Rocket Grannie

a45.gif
 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.


#10 enoz

enoz

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 01 July 2012 - 05:41 PM

Hi, thanks again. Eset gave me the following note after running for a few hours:

C:\Qoobox\Quarantine\C\Windows\System32\.exe.vir Win32/Adware.RON.FSV application cleaned by deleting - quarantined
C:\Users\Eryl\Downloads\SUPERsetup.exe Win32/OpenCandy application cleaned by deleting - quarantined

#11 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,021 posts

Posted 01 July 2012 - 07:23 PM

Hello enoz.

The good news is your logs appear to be clean.

If you are still getting the Mystart.Incredibar popups, please do the following:

Note: This scan will take a long time to complete.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    
    :filefind
    incredibar
    mystart
    
    :folderfind
    *incredibar*
    *mystart*
    
    :regfind
    incredibar
    mystart
    
    
  • Click the Look button to start the scan.
  • When finished, a Notepad window will open with the results of the scan.
    Please post this log in your next reply.
Note: The log can also be found on your Desktop named SystemLook.txt


Rocket Grannie

a45.gif
 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.


#12 enoz

enoz

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 06 July 2012 - 07:12 AM

Hi Rocket Grannie,

I managed two days without seeing Mystart.Incredibar but it popped up again yesterday! My browser's now taking a while to load pages again...

Have run SystemLook, here are my results:

SystemLook 30.07.11 by jpshortstuff
Log created at 00:42 on 06/07/2012 by Eryl
Administrator - Elevation successful

========== filefind ==========

Searching for "incredibar"
No files found.

Searching for "mystart"
No files found.

========== folderfind ==========

Searching for "*incredibar*"
No folders found.

Searching for "*mystart*"
No folders found.

========== regfind ==========

Searching for "incredibar"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]
[HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]
[HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]

Searching for "mystart"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.c
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]
[HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"
[HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]
[HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]

-= EOF =-


Thanks for your help.

#13 enoz

enoz

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 06 July 2012 - 12:14 PM

Just to add that I seem to also have had a virus/link sent out to all my hotmail contacts today too - not sure of this is related but thought I should mention it. My browser is getting progressively slower as time goes on...

#14 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,021 posts

Posted 06 July 2012 - 08:06 PM

Hello enoz.

There's entries in the Registry. Hopefully, this should fix it.

Now, please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop.
Do NOT run it yet.

Close/disable all antivirus and anti malware programs so they do not interfere with the running of ComboFix.

Open Notepad:- Click Start->All Programs->Accessories click Notepad
Do not use any other text editor than Notepad or the script will fail.
Copy/paste the text in the quote box below into Notepad:

KILLALL::

ClearJavaCache::

Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]
[-HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]
[-HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.c
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]
[-HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Web Assistant\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"
[-HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]
[-HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), it will produce a log for you. Post that log in your next reply please.

Please reboot the computer (if ComboFix did not ask for a reboot)

To regain control of your Hotmail account go here

Let me know what problems remain.


Rocket Grannie

a45.gif
 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.


#15 enoz

enoz

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 08 July 2012 - 12:10 PM

Thanks Rocket Grannie. Here's my log:

ComboFix 12-07-08.01 - Eryl 08/07/2012 17:02:33.4.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3069.1843 [GMT 1:00]
Running from: c:\users\Eryl\Desktop\ComboFix.exe
Command switches used :: c:\users\Eryl\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))
.
.
2012-07-08 16:08 . 2012-07-08 17:04 -------- d-----w- c:\users\Eryl\AppData\Local\temp
2012-07-08 16:08 . 2012-07-08 16:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-07 21:18 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EFFB87D-3263-415F-A3DA-07FAE1DFA3D2}\mpengine.dll
2012-07-05 21:22 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-04 20:43 . 2012-02-11 10:56 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA5F2D54-CA95-4CFC-A0AE-7097AF65759C}\gapaengine.dll
2012-07-01 17:22 . 2012-07-01 17:22 -------- d-----w- c:\program files\ESET
2012-06-30 13:12 . 2012-06-30 13:12 -------- d-----w- c:\programdata\GFI Software
2012-06-28 22:07 . 2012-06-28 22:07 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-06-24 22:12 . 2012-06-25 12:13 -------- d-----w- c:\users\Eryl\AppData\Roaming\QuickScan
2012-06-24 16:50 . 2012-06-24 16:50 -------- d-----w- c:\users\Eryl\AppData\Roaming\Malwarebytes
2012-06-24 16:41 . 2012-06-24 16:41 -------- d-----w- c:\programdata\Malwarebytes
2012-06-24 16:41 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 16:41 . 2012-06-24 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-24 11:16 . 2012-06-24 11:16 -------- d-----w- c:\users\Eryl\AppData\Local\Macromedia
2012-06-22 13:15 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 13:15 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 13:15 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 13:15 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 13:15 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 13:15 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 13:15 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 13:14 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 13:14 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 18:08 . 2012-06-24 14:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-06-18 18:08 . 2012-06-18 19:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-18 13:37 . 2012-06-30 13:13 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-06-14 07:21 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 07:21 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 07:21 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 07:20 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 07:20 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-11 19:14 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2012-06-11 19:14 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll
2012-06-11 19:14 . 2005-07-14 11:31 32256 ----a-w- c:\windows\system32\AVSredirect.dll
2012-06-11 19:14 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2012-06-11 19:14 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2012-06-11 19:14 . 2012-06-11 19:14 -------- d-----w- c:\program files\AviSynth 2.5
2012-06-11 19:04 . 2004-07-02 00:00 327749 ----a-w- c:\windows\system32\drvc.dll
2012-06-11 19:04 . 2012-06-11 22:04 -------- d-----w- c:\users\Eryl\AppData\Roaming\systweak
2012-06-11 19:04 . 2012-06-11 19:04 447 ----a-w- C:\user.js
2012-06-11 19:03 . 2012-06-29 12:12 -------- d-----w- c:\program files\Web Assistant
2012-06-11 19:03 . 2012-06-11 22:08 -------- d-----w- c:\program files\eRightSoft
2012-06-11 18:47 . 2012-06-11 21:12 -------- d-----w- c:\programdata\NCH Software
2012-06-11 18:47 . 2012-06-11 22:08 -------- d-----w- c:\program files\NCH Software
2012-06-11 18:47 . 2012-06-11 21:12 -------- d-----w- c:\users\Eryl\AppData\Roaming\NCH Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 23:39 . 2012-04-04 15:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 23:39 . 2011-06-01 07:40 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 09:53 . 2008-01-24 11:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-02 09:53 . 2008-01-24 11:48 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-24 18:24 . 2012-03-18 11:33 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-12-10 2756608]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-02 296056]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launcher.lnk - c:\program files\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe [2011-11-2 505296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
backup=c:\windows\pss\Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Eryl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Eryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 16:43 118784 ----a-w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
c:\program files\Dell Support Center\bin\sprtcmd.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 11:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-12-03 05:58 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
c:\program files\Dell\MediaDirect\PCMService.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3554377867-2285584361-969781108-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000002
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:39]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 17:14]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 17:14]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Eryl\AppData\Roaming\Mozilla\Firefox\Profiles\j8nhnjbp.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-08 18:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Kodak\AiO\Center\EKAiOHostService.exe
c:\windows\system32\NLSSRV32.EXE
c:\program files\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\STacSV.exe
c:\program files\Web Assistant\ExtensionUpdaterService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2012-07-08 18:07:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-08 17:07
ComboFix2.txt 2012-06-30 17:25
ComboFix3.txt 2012-06-29 12:39
.
Pre-Run: 18,084,003,840 bytes free
Post-Run: 18,056,114,176 bytes free
.
- - End Of File - - CE993B9DEDF0DE7D0A96564BCAEB9449

#16 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,021 posts

Posted 11 July 2012 - 12:43 PM

Hello enoz.

Your Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Updating Java:
  • Go
    here
    and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: Posted Image
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.
Now, you need to uninstall ComboFix.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: The space between x and / is needed.

Please delete the Security Check folder on the Desktop.

Are there any further problems?


Rocket Grannie

a45.gif
 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.


#17 enoz

enoz

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 17 July 2012 - 04:57 PM

Hi,

Thank you - I have updated my Java as suggested. My internet seems to be responding much quicker lately. I did see the mystart.incredibar page pop up once on Friday - it was after searching for hotmail through the browser address bar in firefox, but I managed to close it straight away and since then it hasn't appeared at all - it's coming up to almost a whole week without trouble! :)

#18 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,021 posts

Posted 17 July 2012 - 05:11 PM

Hello enoz.

it's coming up to almost a whole week without trouble!

That's great!

As a precaution, I suggest you:
Clean your Cache and Cookies in Firefox:

Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Private Data).
Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections.
Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems.
As happy as we at SWI are to help you, for your sake we would rather not have repeat customers.

Note: All of the programs I am suggesting are either free or have free versions.

Please make sure to run your antivirus software regularly, and to keep it up-to-date. Most programs have an automatic update feature.

Keep MalwareBytes Anti-Malware updated and run it regularly.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware from being installed.
Please set your anti-virus and anti-spyware programs to check for updates automatically. If the programs are not able to update automatically, then I suggest you manually check for updates every few days.

Windows needs to be kept up-to-date.

Windows Updates are available from here

IMPORTANT: Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Chrome is another good option.

If you are interested, Firefox may be downloaded from here
Chrome is available here

PLEASE NOTE:

A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems!

Safe Surfing:

Rocket Grannie.

a45.gif
 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.


#19 enoz

enoz

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 23 July 2012 - 05:31 AM

Thank you Rocket Grannie, really appreciate all your help! I haven't had any problems since my last post and will make sure I follow your instructions for the future.

Thank you for all your time helping me :)

enoz

#20 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,021 posts

Posted 24 July 2012 - 02:16 AM

You are welcome. :wave:

a45.gif
 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.


#21 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Administrators
  • PipPipPipPipPip
  • 7,021 posts

Posted 29 July 2012 - 07:19 PM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

a45.gif
 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button