• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
enoz

Confirm if Mystart.Incredibar is removed

21 posts in this topic

A week ago, I started being re-directed to mystart.incredibar.com whenever using Firefox.

 

I followed instructions from http://www.mmo-champion.com/threads/646894-How-to-clean-your-system-from-keyloggers-and-other-types-of-viruses and now get an AdAware page popping up when I search in the address bar on Firefox, saying 'page not found'. This doesn't happen when I search in my Google search bar for the same thing.

 

I don't use Internet Explorer since having problems with pages not loading a few months ago.

 

My computer seems to be running overall slower than usual, especially at startup and in Firefox.

 

I have run the scans suggested on mmo-champion and have the following logs (I also have the Attach.txt file if needed):

 

From Malwarebytes:

 

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

 

Database version: v2012.06.24.04

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Eryl :: ERYL-PC [administrator]

 

Protection: Enabled

 

24/06/2012 19:14:29

mbam-log-2012-06-24 (19-14-29).txt

 

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 345465

Time elapsed: 2 hour(s), 24 minute(s), 43 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 7

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

 

Registry Values Detected: 2

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: ;áÃzÊ;XA³0öm»Áµ -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> Quarantined and deleted successfully.

 

Registry Data Items Detected: 1

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1) Good: (http://www.google.com) -> Quarantined and repaired successfully.

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

From DDX.txt:

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Eryl at 23:25:17 on 2012-06-24

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3069.1282 [GMT 1:00]

.

AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\NLSSRV32.EXE

C:\Program Files\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe

C:\Windows\WindowsMobile\wmdcBase.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe

C:\PROGRA~1\AD-AWA~1\AdAware.exe

C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page =

uStart Page = about:blank

uSearch Bar = Preserve

uWindow Title = Internet Explorer provided by Dell

mStart Page = hxxp://www.google.com

mDefault_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=2080124

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

mRun: [sigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Conime] %windir%\system32\conime.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [EKAIO2StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe

mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run

mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [bdinstaller] "c:\program files\common files\bitdefender\setupinformation\downloader\setuplauncher.exe" /run:"c:\program files\common files\bitdefender\setupinformation\downloader\setupdownloader.exe" /args:"/after_restart"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launcher.lnk - c:\program files\orangemobilebroadband\OrangeMobileBroadband_Launcher.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{4D6430AB-4661-4BB7-8CF7-06050A9E58AD} : DhcpNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\eryl\appdata\roaming\mozilla\firefox\profiles\j8nhnjbp.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\eryl\appdata\roaming\mozilla\firefox\profiles\j8nhnjbp.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyEEs39y6&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 0a53d8e7000000000000001cbf908507

FF - user.js: extensions.incredibar_i.instlDay - 15502

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1420:04:08

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6OyEEs39y6

FF - user.js: extensions.incredibar_i.upn2n - 92261568522662926

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10604

FF - user.js: extensions.incredibar_i.ppd -

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]

R1 MpKslbd4e906f;MpKslbd4e906f;c:\programdata\microsoft\microsoft antimalware\definition updates\{e0343566-3456-4044-9d46-818a52c3c3aa}\MpKslbd4e906f.sys [2012-6-24 29904]

R1 MpKsle98e0635;MpKsle98e0635;c:\programdata\microsoft\microsoft antimalware\definition updates\{e0343566-3456-4044-9d46-818a52c3c3aa}\MpKsle98e0635.sys [2012-6-24 29904]

R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-6-18 223864]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]

R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-5-3 1226096]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-5-21 21504]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-24 654408]

R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928]

R2 OrangeMobileBroadband_Service;OrangeMobileBroadband_Service;c:\program files\orangemobilebroadband\OrangeMobileBroadband_Service.exe [2011-11-2 333264]

R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]

R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-11-29 77816]

R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2011-4-25 14976]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-6-18 1153368]

R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-6-11 185856]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-24 22344]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-8-28 3664384]

R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-6-18 94584]

R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-6-18 93816]

R3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-7 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 250056]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-7 136176]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011-11-2 103040]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-8 113120]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]

S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-6-18 94584]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2010-5-21 16896]

.

=============== Created Last 30 ================

.

2012-06-24 22:12:22 -------- d-----w- c:\users\eryl\appdata\roaming\QuickScan

2012-06-24 18:12:24 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e0343566-3456-4044-9d46-818a52c3c3aa}\MpKsle98e0635.sys

2012-06-24 16:50:25 -------- d-----w- c:\users\eryl\appdata\roaming\Malwarebytes

2012-06-24 16:41:13 -------- d-----w- c:\programdata\Malwarebytes

2012-06-24 16:41:11 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-24 16:41:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-24 11:27:19 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e0343566-3456-4044-9d46-818a52c3c3aa}\offreg.dll

2012-06-24 11:27:19 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e0343566-3456-4044-9d46-818a52c3c3aa}\MpKslbd4e906f.sys

2012-06-24 11:22:49 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e0343566-3456-4044-9d46-818a52c3c3aa}\mpengine.dll

2012-06-24 11:16:41 -------- d-----w- c:\users\eryl\appdata\local\Macromedia

2012-06-23 20:58:58 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-06-22 13:15:54 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 13:15:03 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 13:14:57 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-22 13:14:57 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-18 18:08:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-06-18 18:08:03 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-06-18 13:38:57 -------- d-----w- c:\users\eryl\appdata\local\adaware

2012-06-18 13:38:56 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection

2012-06-18 13:38:08 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys

2012-06-18 13:37:32 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys

2012-06-18 13:37:32 223864 ----a-w- c:\windows\system32\drivers\SbFw.sys

2012-06-18 13:37:27 -------- d-----w- c:\windows\system32\drivers\VDD

2012-06-18 13:37:25 -------- d-----w- c:\program files\Ad-Aware Antivirus

2012-06-18 13:32:20 -------- d-----w- c:\users\eryl\appdata\roaming\Ad-Aware Antivirus

2012-06-14 07:21:11 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 07:21:11 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-14 07:21:11 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 07:20:55 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-06-14 07:20:55 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-12 16:33:53 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3c78c146-51dd-426b-b4f3-184cbc0b725a}\gapaengine.dll

2012-06-11 19:14:16 719872 ----a-w- c:\windows\system32\devil.dll

2012-06-11 19:14:16 369152 ----a-w- c:\windows\system32\avisynth.dll

2012-06-11 19:14:15 70656 ----a-w- c:\windows\system32\yv12vfw.dll

2012-06-11 19:14:15 70656 ----a-w- c:\windows\system32\i420vfw.dll

2012-06-11 19:14:15 32256 ----a-w- c:\windows\system32\AVSredirect.dll

2012-06-11 19:14:03 -------- d-----w- c:\program files\AviSynth 2.5

2012-06-11 19:04:52 327749 ----a-w- c:\windows\system32\drvc.dll

2012-06-11 19:04:35 17280 ----a-w- c:\windows\system32\roboot.exe

2012-06-11 19:04:27 -------- d-----w- c:\users\eryl\appdata\roaming\systweak

2012-06-11 19:03:57 -------- d-----w- c:\program files\Web Assistant

2012-06-11 19:03:13 -------- d-----w- c:\program files\eRightSoft

2012-06-11 18:47:25 -------- d-----w- c:\program files\NCH Software

2012-06-11 18:47:23 -------- d-----w- c:\users\eryl\appdata\roaming\NCH Software

2012-06-02 09:54:25 -------- d-----w- c:\program files\common files\xing shared

.

==================== Find3M ====================

.

2012-06-23 23:39:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-23 23:39:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 09:53:45 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-06-02 09:53:45 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 12:39:11 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-29 13:39:19 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-03-29 13:18:24 472808 ----a-w- c:\windows\system32\deployJava1.dll

.

============= FINISH: 23:27:05.85 ===============

 

 

From checkup.txt:

 

Results of screen317's Security Check version 0.99.42

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Lavasoft Ad-Aware

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Ad-Aware

MVPS Hosts File

Spybot - Search & Destroy

CCleaner

Java 6 Update 31

Java SE Runtime Environment 6

Java version out of Date!

Adobe Flash Player 11.3.300.262

Adobe Reader X (10.1.3)

Mozilla Firefox (13.0.1)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Ad-Aware AAWService.exe is disabled!

Ad-Aware AAWTray.exe is disabled!

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Spybot Teatimer.exe is disabled!

Ad-Aware Antivirus AdAwareService.exe

Ad-Aware Antivirus SBAMSvc.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2 % Defragment your hard drive soon!

````````````````````End of Log``````````````````````

 

 

From Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:32:20, on 25/06/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2MUI.exe

C:\Windows\WindowsMobile\wmdcBase.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe

C:\PROGRA~1\AD-AWA~1\AdAware.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\Eryl\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=2080124

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [EKAIO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe

O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [bdinstaller] "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe" /args:"/after_restart"

O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Launcher.lnk = C:\Program Files\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: OrangeMobileBroadband_Service - Unknown owner - C:\Program Files\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 10256 bytes

 

 

 

Would appreciate your help, thank you.

 

EDIT: The guide you used is not a very good one... Ad-Aware and Spybot are not very effective... CCleaner, if not used carefully, can cripple your system... Please wait for a helper to take you further...

Edited by Budfred

Share this post


Link to post
Share on other sites

Hello enoz. Welcome to SWI.

 

Please read carefully and follow these steps.

 

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your Desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
     
  • If an infected file is detected, the default action will be Cure, click on Continue.
     
    TDSSKillerMal-1.png
     
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
     
    TDSSKillerSuspicious-1.png
     
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
     
    TDSSKillerCompleted.png
     
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

Please go here or here to see a list of programs that should be disabled.

 

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

 

Please include the C:\ComboFix.txt, and the TDSS log in your next reply for further review.

How is the computer performing now?

 

 

Rocket Grannie

Share this post


Link to post
Share on other sites

Hi, thank you for your reply and help. Here are both log reports below. When I ran combofix the first time I realised I had not followed the instructions to save it on my desktop first - so I stopped it almost immediately and moved it to my desktop. I then started it again and left it running when it reached the Stages, but when I returned I didn't see the log file as expected - my computer was instead starting up again, as if it had been rebooted (it's plugged in by mains and with battery). I therefore had to run it again, so the log file below is from that (3rd) attempt, where it did finish as expected, with no reboot.

 

My computer's still a bit sluggish but the redirection process in my browser has stopped when I type to search in my address bar - so looking good. Thanks again.

 

13:30:08.0802 5672 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44

13:30:08.0946 5672 ============================================================

13:30:08.0946 5672 Current date / time: 2012/06/26 13:30:08.0946

13:30:08.0947 5672 SystemInfo:

13:30:08.0947 5672

13:30:08.0947 5672 OS Version: 6.0.6002 ServicePack: 2.0

13:30:08.0947 5672 Product type: Workstation

13:30:08.0947 5672 ComputerName: ERYL-PC

13:30:08.0948 5672 UserName: Eryl

13:30:08.0948 5672 Windows directory: C:\Windows

13:30:08.0948 5672 System windows directory: C:\Windows

13:30:08.0948 5672 Processor architecture: Intel x86

13:30:08.0948 5672 Number of processors: 2

13:30:08.0948 5672 Page size: 0x1000

13:30:08.0948 5672 Boot type: Normal boot

13:30:08.0948 5672 ============================================================

13:30:10.0218 5672 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:30:10.0225 5672 Drive \Device\Harddisk1\DR1 - Size: 0x76E480000 (29.72 Gb), SectorSize: 0x200, Cylinders: 0xF28, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

13:30:10.0227 5672 ============================================================

13:30:10.0227 5672 \Device\Harddisk0\DR0:

13:30:10.0227 5672 MBR partitions:

13:30:10.0227 5672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3B000, BlocksNum 0x1400000

13:30:10.0227 5672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x143B000, BlocksNum 0x110DE000

13:30:10.0248 5672 \Device\Harddisk1\DR1:

13:30:10.0249 5672 MBR partitions:

13:30:10.0249 5672 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x3B70400

13:30:10.0249 5672 ============================================================

13:30:10.0295 5672 C: <-> \Device\Harddisk0\DR0\Partition1

13:30:10.0327 5672 D: <-> \Device\Harddisk0\DR0\Partition0

13:30:10.0327 5672 ============================================================

13:30:10.0327 5672 Initialize success

13:30:10.0328 5672 ============================================================

13:30:13.0388 5984 ============================================================

13:30:13.0388 5984 Scan started

13:30:13.0388 5984 Mode: Manual;

13:30:13.0388 5984 ============================================================

13:30:14.0170 5984 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

13:30:14.0179 5984 ACPI - ok

13:30:14.0361 5984 Ad-Aware Service (09e61047b0cef21559cfcedf4f14d216) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe

13:30:14.0383 5984 Ad-Aware Service - ok

13:30:14.0473 5984 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

13:30:14.0479 5984 AdobeARMservice - ok

13:30:14.0693 5984 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

13:30:14.0724 5984 AdobeFlashPlayerUpdateSvc - ok

13:30:14.0832 5984 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

13:30:14.0872 5984 adp94xx - ok

13:30:14.0922 5984 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

13:30:14.0932 5984 adpahci - ok

13:30:14.0980 5984 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

13:30:15.0001 5984 adpu160m - ok

13:30:15.0056 5984 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

13:30:15.0064 5984 adpu320 - ok

13:30:15.0123 5984 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

13:30:15.0130 5984 AeLookupSvc - ok

13:30:15.0210 5984 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

13:30:15.0244 5984 AFD - ok

13:30:15.0290 5984 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys

13:30:15.0321 5984 agp440 - ok

13:30:15.0357 5984 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

13:30:15.0366 5984 aic78xx - ok

13:30:15.0400 5984 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

13:30:15.0406 5984 ALG - ok

13:30:15.0439 5984 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys

13:30:15.0471 5984 aliide - ok

13:30:15.0514 5984 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys

13:30:15.0545 5984 amdagp - ok

13:30:15.0562 5984 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys

13:30:15.0592 5984 amdide - ok

13:30:15.0624 5984 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

13:30:15.0631 5984 AmdK7 - ok

13:30:15.0656 5984 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

13:30:15.0663 5984 AmdK8 - ok

13:30:15.0703 5984 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys

13:30:15.0710 5984 androidusb - ok

13:30:15.0760 5984 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

13:30:15.0769 5984 Appinfo - ok

13:30:15.0894 5984 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

13:30:15.0909 5984 Apple Mobile Device - ok

13:30:15.0995 5984 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll

13:30:16.0002 5984 AppMgmt - ok

13:30:16.0039 5984 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

13:30:16.0044 5984 arc - ok

13:30:16.0064 5984 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

13:30:16.0068 5984 arcsas - ok

13:30:16.0108 5984 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

13:30:16.0111 5984 AsyncMac - ok

13:30:16.0133 5984 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

13:30:16.0136 5984 atapi - ok

13:30:16.0190 5984 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

13:30:16.0200 5984 AudioEndpointBuilder - ok

13:30:16.0211 5984 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

13:30:16.0219 5984 Audiosrv - ok

13:30:16.0288 5984 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys

13:30:16.0295 5984 bcm4sbxp - ok

13:30:16.0345 5984 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

13:30:16.0352 5984 Beep - ok

13:30:16.0426 5984 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

13:30:16.0462 5984 BFE - ok

13:30:16.0562 5984 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

13:30:16.0587 5984 BITS - ok

13:30:16.0597 5984 blbdrive - ok

13:30:16.0731 5984 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

13:30:16.0746 5984 Bonjour Service - ok

13:30:16.0784 5984 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

13:30:16.0791 5984 bowser - ok

13:30:16.0834 5984 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

13:30:16.0840 5984 BrFiltLo - ok

13:30:16.0856 5984 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

13:30:16.0862 5984 BrFiltUp - ok

13:30:16.0898 5984 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

13:30:16.0905 5984 Browser - ok

13:30:16.0944 5984 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

13:30:16.0951 5984 Brserid - ok

13:30:16.0968 5984 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

13:30:16.0975 5984 BrSerWdm - ok

13:30:17.0007 5984 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

13:30:17.0012 5984 BrUsbMdm - ok

13:30:17.0022 5984 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

13:30:17.0028 5984 BrUsbSer - ok

13:30:17.0045 5984 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

13:30:17.0052 5984 BTHMODEM - ok

13:30:17.0093 5984 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll

13:30:17.0100 5984 BthServ - ok

13:30:17.0148 5984 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS

13:30:17.0392 5984 BVRPMPR5 - ok

13:30:17.0457 5984 bvzneffn - ok

13:30:17.0496 5984 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

13:30:17.0505 5984 cdfs - ok

13:30:17.0551 5984 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

13:30:17.0559 5984 cdrom - ok

13:30:17.0619 5984 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

13:30:17.0626 5984 CertPropSvc - ok

13:30:17.0652 5984 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

13:30:17.0659 5984 circlass - ok

13:30:17.0719 5984 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

13:30:17.0729 5984 CLFS - ok

13:30:17.0804 5984 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:30:17.0810 5984 clr_optimization_v2.0.50727_32 - ok

13:30:17.0882 5984 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:30:17.0934 5984 clr_optimization_v4.0.30319_32 - ok

13:30:17.0970 5984 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

13:30:17.0976 5984 CmBatt - ok

13:30:18.0010 5984 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys

13:30:18.0040 5984 cmdide - ok

13:30:18.0083 5984 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

13:30:18.0089 5984 Compbatt - ok

13:30:18.0098 5984 COMSysApp - ok

13:30:18.0121 5984 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

13:30:18.0128 5984 crcdisk - ok

13:30:18.0148 5984 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

13:30:18.0155 5984 Crusoe - ok

13:30:18.0202 5984 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll

13:30:18.0210 5984 CryptSvc - ok

13:30:18.0285 5984 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys

13:30:18.0318 5984 CSC - ok

13:30:18.0391 5984 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll

13:30:18.0417 5984 CscService - ok

13:30:18.0504 5984 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

13:30:18.0519 5984 DcomLaunch - ok

13:30:18.0588 5984 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

13:30:18.0597 5984 DfsC - ok

13:30:18.0672 5984 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

13:30:18.0678 5984 Dhcp - ok

13:30:18.0707 5984 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

13:30:18.0714 5984 disk - ok

13:30:18.0748 5984 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

13:30:18.0756 5984 Dnscache - ok

13:30:18.0843 5984 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

13:30:18.0859 5984 dot3svc - ok

13:30:18.0904 5984 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

13:30:18.0913 5984 DPS - ok

13:30:18.0945 5984 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

13:30:18.0950 5984 drmkaud - ok

13:30:19.0037 5984 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

13:30:19.0053 5984 DXGKrnl - ok

13:30:19.0105 5984 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys

13:30:19.0120 5984 e1express - ok

13:30:19.0153 5984 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

13:30:19.0160 5984 E1G60 - ok

13:30:19.0206 5984 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

13:30:19.0209 5984 EapHost - ok

13:30:19.0252 5984 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

13:30:19.0261 5984 Ecache - ok

13:30:19.0318 5984 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

13:30:19.0352 5984 elxstor - ok

13:30:19.0447 5984 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

13:30:19.0463 5984 EMDMgmt - ok

13:30:19.0539 5984 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

13:30:19.0550 5984 EventSystem - ok

13:30:19.0704 5984 EvtEng (ba6063e3375f9bc11a9c8450a7f61e70) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

13:30:19.0723 5984 EvtEng - ok

13:30:19.0817 5984 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

13:30:19.0836 5984 exfat - ok

13:30:19.0869 5984 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

13:30:19.0887 5984 fastfat - ok

13:30:19.0917 5984 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

13:30:19.0923 5984 fdc - ok

13:30:19.0951 5984 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

13:30:19.0958 5984 fdPHost - ok

13:30:19.0998 5984 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

13:30:20.0005 5984 FDResPub - ok

13:30:20.0034 5984 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

13:30:20.0041 5984 FileInfo - ok

13:30:20.0075 5984 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

13:30:20.0081 5984 Filetrace - ok

13:30:20.0113 5984 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

13:30:20.0120 5984 flpydisk - ok

13:30:20.0151 5984 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

13:30:20.0163 5984 FltMgr - ok

13:30:20.0282 5984 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

13:30:20.0303 5984 FontCache - ok

13:30:20.0386 5984 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

13:30:20.0394 5984 FontCache3.0.0.0 - ok

13:30:20.0424 5984 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

13:30:20.0430 5984 Fs_Rec - ok

13:30:20.0463 5984 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

13:30:20.0469 5984 gagp30kx - ok

13:30:20.0521 5984 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

13:30:20.0528 5984 GEARAspiWDM - ok

13:30:20.0617 5984 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

13:30:20.0634 5984 gpsvc - ok

13:30:20.0745 5984 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

13:30:20.0754 5984 gupdate - ok

13:30:20.0771 5984 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

13:30:20.0775 5984 gupdatem - ok

13:30:20.0827 5984 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

13:30:20.0835 5984 gusvc - ok

13:30:20.0906 5984 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:30:20.0921 5984 HDAudBus - ok

13:30:20.0959 5984 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

13:30:20.0965 5984 HidBth - ok

13:30:20.0987 5984 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

13:30:20.0993 5984 HidIr - ok

13:30:21.0034 5984 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

13:30:21.0041 5984 hidserv - ok

13:30:21.0083 5984 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

13:30:21.0089 5984 HidUsb - ok

13:30:21.0137 5984 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

13:30:21.0149 5984 hkmsvc - ok

13:30:21.0205 5984 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

13:30:21.0224 5984 HpCISSs - ok

13:30:21.0356 5984 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys

13:30:21.0399 5984 HSF_DPV - ok

13:30:21.0434 5984 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

13:30:21.0439 5984 HSXHWAZL - ok

13:30:21.0489 5984 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

13:30:21.0496 5984 HTTP - ok

13:30:21.0552 5984 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys

13:30:21.0564 5984 hwdatacard - ok

13:30:21.0629 5984 hwusbfake (1d4d6d24256f61e6b08a3cf8184a78b8) C:\Windows\system32\DRIVERS\ewusbfake.sys

13:30:21.0632 5984 hwusbfake - ok

13:30:21.0663 5984 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

13:30:21.0669 5984 i2omp - ok

13:30:21.0721 5984 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

13:30:21.0729 5984 i8042prt - ok

13:30:21.0776 5984 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys

13:30:21.0782 5984 iaStor - ok

13:30:21.0838 5984 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

13:30:21.0854 5984 iaStorV - ok

13:30:21.0984 5984 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

13:30:21.0991 5984 IDriverT - ok

13:30:22.0115 5984 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:30:22.0160 5984 idsvc - ok

13:30:22.0296 5984 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

13:30:22.0304 5984 iirsp - ok

13:30:22.0370 5984 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

13:30:22.0384 5984 IKEEXT - ok

13:30:22.0438 5984 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys

13:30:22.0468 5984 intelide - ok

13:30:22.0503 5984 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

13:30:22.0509 5984 intelppm - ok

13:30:22.0553 5984 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

13:30:22.0563 5984 IPBusEnum - ok

13:30:22.0610 5984 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:30:22.0612 5984 IpFilterDriver - ok

13:30:22.0651 5984 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

13:30:22.0656 5984 iphlpsvc - ok

13:30:22.0660 5984 IpInIp - ok

13:30:22.0696 5984 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

13:30:22.0704 5984 IPMIDRV - ok

13:30:22.0743 5984 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

13:30:22.0750 5984 IPNAT - ok

13:30:22.0866 5984 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe

13:30:22.0885 5984 iPod Service - ok

13:30:22.0916 5984 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

13:30:22.0921 5984 IRENUM - ok

13:30:22.0954 5984 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys

13:30:22.0984 5984 isapnp - ok

13:30:23.0038 5984 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

13:30:23.0046 5984 iScsiPrt - ok

13:30:23.0076 5984 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

13:30:23.0084 5984 iteatapi - ok

13:30:23.0100 5984 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

13:30:23.0107 5984 iteraid - ok

13:30:23.0146 5984 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

13:30:23.0153 5984 kbdclass - ok

13:30:23.0173 5984 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys

13:30:23.0178 5984 kbdhid - ok

13:30:23.0214 5984 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:30:23.0225 5984 KeyIso - ok

13:30:23.0392 5984 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe

13:30:23.0435 5984 Kodak AiO Network Discovery Service - ok

13:30:23.0515 5984 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

13:30:23.0543 5984 KSecDD - ok

13:30:23.0626 5984 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

13:30:23.0640 5984 KtmRm - ok

13:30:23.0674 5984 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

13:30:23.0686 5984 LanmanServer - ok

13:30:23.0726 5984 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

13:30:23.0740 5984 LanmanWorkstation - ok

13:30:23.0786 5984 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

13:30:23.0792 5984 lltdio - ok

13:30:23.0837 5984 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

13:30:23.0854 5984 lltdsvc - ok

13:30:23.0890 5984 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

13:30:23.0898 5984 lmhosts - ok

13:30:23.0931 5984 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

13:30:23.0939 5984 LSI_FC - ok

13:30:23.0956 5984 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

13:30:23.0964 5984 LSI_SAS - ok

13:30:24.0007 5984 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

13:30:24.0018 5984 LSI_SCSI - ok

13:30:24.0054 5984 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

13:30:24.0065 5984 luafv - ok

13:30:24.0097 5984 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

13:30:24.0103 5984 MBAMProtector - ok

13:30:24.0191 5984 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

13:30:24.0208 5984 MBAMService - ok

13:30:24.0242 5984 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

13:30:24.0248 5984 mdmxsdk - ok

13:30:24.0302 5984 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

13:30:24.0305 5984 megasas - ok

13:30:24.0363 5984 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

13:30:24.0370 5984 Microsoft Office Groove Audit Service - ok

13:30:24.0410 5984 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

13:30:24.0419 5984 MMCSS - ok

13:30:24.0459 5984 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

13:30:24.0465 5984 Modem - ok

13:30:24.0503 5984 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

13:30:24.0509 5984 monitor - ok

13:30:24.0529 5984 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

13:30:24.0536 5984 mouclass - ok

13:30:24.0577 5984 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

13:30:24.0583 5984 mouhid - ok

13:30:24.0621 5984 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

13:30:24.0628 5984 MountMgr - ok

13:30:24.0704 5984 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

13:30:24.0711 5984 MozillaMaintenance - ok

13:30:24.0756 5984 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys

13:30:24.0764 5984 MpFilter - ok

13:30:24.0826 5984 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

13:30:24.0834 5984 mpio - ok

13:30:24.0969 5984 MpKsl5973fd37 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BCF65028-06D0-4C31-B04E-21989633D2C5}\MpKsl5973fd37.sys

13:30:24.0994 5984 MpKsl5973fd37 - ok

13:30:25.0037 5984 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

13:30:25.0049 5984 mpsdrv - ok

13:30:25.0116 5984 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

13:30:25.0131 5984 MpsSvc - ok

13:30:25.0186 5984 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

13:30:25.0194 5984 Mraid35x - ok

13:30:25.0234 5984 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

13:30:25.0244 5984 MRxDAV - ok

13:30:25.0280 5984 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:30:25.0287 5984 mrxsmb - ok

13:30:25.0347 5984 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:30:25.0362 5984 mrxsmb10 - ok

13:30:25.0398 5984 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:30:25.0405 5984 mrxsmb20 - ok

13:30:25.0428 5984 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys

13:30:25.0461 5984 msahci - ok

13:30:25.0499 5984 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

13:30:25.0507 5984 msdsm - ok

13:30:25.0553 5984 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

13:30:25.0564 5984 MSDTC - ok

13:30:25.0608 5984 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

13:30:25.0614 5984 Msfs - ok

13:30:25.0650 5984 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

13:30:25.0657 5984 msisadrv - ok

13:30:25.0698 5984 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

13:30:25.0719 5984 MSiSCSI - ok

13:30:25.0728 5984 msiserver - ok

13:30:25.0765 5984 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

13:30:25.0771 5984 MSKSSRV - ok

13:30:25.0855 5984 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe

13:30:25.0861 5984 MsMpSvc - ok

13:30:25.0899 5984 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

13:30:25.0905 5984 MSPCLOCK - ok

13:30:25.0916 5984 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

13:30:25.0923 5984 MSPQM - ok

13:30:25.0970 5984 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

13:30:25.0987 5984 MsRPC - ok

13:30:26.0023 5984 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

13:30:26.0029 5984 mssmbios - ok

13:30:26.0040 5984 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

13:30:26.0046 5984 MSTEE - ok

13:30:26.0071 5984 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

13:30:26.0074 5984 Mup - ok

13:30:26.0122 5984 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

13:30:26.0127 5984 napagent - ok

13:30:26.0171 5984 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

13:30:26.0179 5984 NativeWifiP - ok

13:30:26.0266 5984 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

13:30:26.0281 5984 NDIS - ok

13:30:26.0319 5984 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

13:30:26.0325 5984 NdisTapi - ok

13:30:26.0359 5984 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

13:30:26.0365 5984 Ndisuio - ok

13:30:26.0407 5984 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

13:30:26.0428 5984 NdisWan - ok

13:30:26.0453 5984 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

13:30:26.0460 5984 NDProxy - ok

13:30:26.0530 5984 Net Driver HPZ12 (80b7a96f908da13617e7e6832c5c6a64) C:\Windows\system32\HPZinw12.dll

13:30:26.0538 5984 Net Driver HPZ12 - ok

13:30:26.0574 5984 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

13:30:26.0580 5984 NetBIOS - ok

13:30:26.0618 5984 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

13:30:26.0638 5984 netbt - ok

13:30:26.0667 5984 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:30:26.0672 5984 Netlogon - ok

13:30:26.0736 5984 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

13:30:26.0750 5984 Netman - ok

13:30:26.0843 5984 NetMsmqActivator (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:30:26.0851 5984 NetMsmqActivator - ok

13:30:26.0862 5984 NetPipeActivator (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:30:26.0867 5984 NetPipeActivator - ok

13:30:26.0915 5984 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

13:30:26.0928 5984 netprofm - ok

13:30:26.0946 5984 NetTcpActivator (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:30:26.0951 5984 NetTcpActivator - ok

13:30:26.0960 5984 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:30:26.0964 5984 NetTcpPortSharing - ok

13:30:27.0180 5984 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys

13:30:27.0224 5984 NETw4v32 - ok

13:30:27.0723 5984 NETw5v32 (ba420e8ebfcad35581fe8e4c64f71469) C:\Windows\system32\DRIVERS\NETw5v32.sys

13:30:27.0791 5984 NETw5v32 - ok

13:30:27.0917 5984 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

13:30:27.0925 5984 nfrd960 - ok

13:30:27.0956 5984 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

13:30:27.0966 5984 NisDrv - ok

13:30:28.0042 5984 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe

13:30:28.0061 5984 NisSrv - ok

13:30:28.0118 5984 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

13:30:28.0129 5984 NlaSvc - ok

13:30:28.0169 5984 nlsX86cc (23688f610a5a16dd8b4d93d2f7bd44f6) C:\Windows\system32\NLSSRV32.EXE

13:30:28.0179 5984 nlsX86cc - ok

13:30:28.0207 5984 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

13:30:28.0215 5984 Npfs - ok

13:30:28.0253 5984 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

13:30:28.0263 5984 nsi - ok

13:30:28.0298 5984 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

13:30:28.0304 5984 nsiproxy - ok

13:30:28.0430 5984 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

13:30:28.0485 5984 Ntfs - ok

13:30:28.0521 5984 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

13:30:28.0530 5984 ntrigdigi - ok

13:30:28.0584 5984 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

13:30:28.0594 5984 Null - ok

13:30:29.0338 5984 nvlddmkm (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:30:29.0407 5984 nvlddmkm - ok

13:30:29.0590 5984 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

13:30:29.0597 5984 nvraid - ok

13:30:29.0613 5984 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

13:30:29.0620 5984 nvstor - ok

13:30:29.0669 5984 nvsvc (ded8f2c0070478f13c37f7bd849b83fa) C:\Windows\system32\nvvsvc.exe

13:30:29.0700 5984 nvsvc - ok

13:30:29.0735 5984 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys

13:30:29.0767 5984 nv_agp - ok

13:30:29.0777 5984 NwlnkFlt - ok

13:30:29.0792 5984 NwlnkFwd - ok

13:30:29.0958 5984 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

13:30:29.0984 5984 odserv - ok

13:30:30.0045 5984 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys

13:30:30.0071 5984 OEM02Dev - ok

13:30:30.0094 5984 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys

13:30:30.0100 5984 OEM02Vfx - ok

13:30:30.0149 5984 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

13:30:30.0155 5984 ohci1394 - ok

13:30:30.0249 5984 OrangeMobileBroadband_Service (6ad008e1dfb1b1e53b1420fc64055090) C:\Program Files\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe

13:30:30.0827 5984 OrangeMobileBroadband_Service - ok

13:30:30.0977 5984 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:30:30.0984 5984 ose - ok

13:30:31.0073 5984 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:30:31.0112 5984 p2pimsvc - ok

13:30:31.0130 5984 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:30:31.0145 5984 p2psvc - ok

13:30:31.0215 5984 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

13:30:31.0222 5984 Parport - ok

13:30:31.0261 5984 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys

13:30:31.0269 5984 partmgr - ok

13:30:31.0309 5984 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

13:30:31.0315 5984 Parvdm - ok

13:30:31.0358 5984 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

13:30:31.0368 5984 PcaSvc - ok

13:30:31.0409 5984 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

13:30:31.0430 5984 pci - ok

13:30:31.0461 5984 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

13:30:31.0468 5984 pciide - ok

13:30:31.0501 5984 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

13:30:31.0519 5984 pcmcia - ok

13:30:31.0625 5984 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

13:30:31.0667 5984 PEAUTH - ok

13:30:31.0850 5984 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

13:30:31.0883 5984 pla - ok

13:30:32.0034 5984 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

13:30:32.0049 5984 PlugPlay - ok

13:30:32.0099 5984 Pml Driver HPZ12 (0c155c5d8942b3cbcf9506a9d376b9ad) C:\Windows\system32\HPZipm12.dll

13:30:32.0108 5984 Pml Driver HPZ12 - ok

13:30:32.0181 5984 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:30:32.0187 5984 PNRPAutoReg - ok

13:30:32.0195 5984 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:30:32.0201 5984 PNRPsvc - ok

13:30:32.0255 5984 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

13:30:32.0278 5984 PolicyAgent - ok

13:30:32.0370 5984 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

13:30:32.0378 5984 PptpMiniport - ok

13:30:32.0407 5984 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

13:30:32.0413 5984 Processor - ok

13:30:32.0442 5984 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

13:30:32.0454 5984 ProfSvc - ok

13:30:32.0485 5984 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:30:32.0491 5984 ProtectedStorage - ok

13:30:32.0531 5984 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

13:30:32.0537 5984 PSched - ok

13:30:32.0661 5984 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

13:30:32.0679 5984 ql2300 - ok

13:30:32.0708 5984 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

13:30:32.0728 5984 ql40xx - ok

13:30:32.0783 5984 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

13:30:32.0801 5984 QWAVE - ok

13:30:32.0830 5984 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

13:30:32.0833 5984 QWAVEdrv - ok

13:30:32.0988 5984 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

13:30:33.0082 5984 R300 - ok

13:30:33.0174 5984 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll

13:30:33.0181 5984 RapiMgr - ok

13:30:33.0300 5984 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

13:30:33.0306 5984 RasAcd - ok

13:30:33.0347 5984 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

13:30:33.0358 5984 RasAuto - ok

13:30:33.0413 5984 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:30:33.0422 5984 Rasl2tp - ok

13:30:33.0477 5984 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

13:30:33.0491 5984 RasMan - ok

13:30:33.0521 5984 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

13:30:33.0527 5984 RasPppoe - ok

13:30:33.0557 5984 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

13:30:33.0566 5984 RasSstp - ok

13:30:33.0620 5984 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

13:30:33.0646 5984 rdbss - ok

13:30:33.0669 5984 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:30:33.0675 5984 RDPCDD - ok

13:30:33.0730 5984 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys

13:30:33.0739 5984 rdpdr - ok

13:30:33.0756 5984 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

13:30:33.0762 5984 RDPENCDD - ok

13:30:33.0823 5984 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys

13:30:33.0840 5984 RDPWD - ok

13:30:33.0986 5984 RegSrvc (7eeeec28a34516e66137f355dcc15bdb) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

13:30:33.0998 5984 RegSrvc - ok

13:30:34.0046 5984 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

13:30:34.0068 5984 RemoteAccess - ok

13:30:34.0109 5984 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

13:30:34.0120 5984 RemoteRegistry - ok

13:30:34.0147 5984 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys

13:30:34.0154 5984 rimmptsk - ok

13:30:34.0193 5984 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys

13:30:34.0200 5984 rimsptsk - ok

13:30:34.0219 5984 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys

13:30:34.0226 5984 rismxdp - ok

13:30:34.0251 5984 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

13:30:34.0262 5984 RpcLocator - ok

13:30:34.0349 5984 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

13:30:34.0363 5984 RpcSs - ok

13:30:34.0398 5984 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

13:30:34.0405 5984 rspndr - ok

13:30:34.0429 5984 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:30:34.0434 5984 SamSs - ok

13:30:34.0827 5984 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe

13:30:34.0890 5984 SBAMSvc - ok

13:30:35.0083 5984 sbapifs (3fff8cda4d2f29ca06f1557e85163c30) C:\Windows\system32\DRIVERS\sbapifs.sys

13:30:35.0229 5984 sbapifs - ok

13:30:35.0275 5984 SbFw (bcf3ba30c1cfa2942cf26c31384b37c7) C:\Windows\system32\drivers\SbFw.sys

13:30:35.0325 5984 SbFw - ok

13:30:35.0363 5984 SBFWIMCL (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\sbfwim.sys

13:30:35.0369 5984 SBFWIMCL - ok

13:30:35.0388 5984 SBFWIMCLMP (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\SBFWIM.sys

13:30:35.0392 5984 SBFWIMCLMP - ok

13:30:35.0440 5984 sbhips (1afd7178ab9c4fce2d332da7aa474fa6) C:\Windows\system32\drivers\sbhips.sys

13:30:35.0447 5984 sbhips - ok

13:30:35.0479 5984 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\Windows\system32\Drivers\SBKUPNT.SYS

13:30:35.0485 5984 SBKUPNT - ok

13:30:35.0523 5984 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

13:30:35.0529 5984 sbp2port - ok

13:30:35.0561 5984 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\Windows\system32\drivers\SBREdrv.sys

13:30:35.0910 5984 SBRE - ok

13:30:36.0151 5984 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

13:30:36.0176 5984 SBSDWSCService - ok

13:30:36.0366 5984 sbwtis (9bdf801a6c78e3f1e6fa1c5ca90baa8a) C:\Windows\system32\DRIVERS\sbwtis.sys

13:30:36.0374 5984 sbwtis - ok

13:30:36.0430 5984 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

13:30:36.0451 5984 SCardSvr - ok

13:30:36.0496 5984 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys

13:30:36.0505 5984 SCDEmu - ok

13:30:36.0593 5984 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

13:30:36.0611 5984 Schedule - ok

13:30:36.0651 5984 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

13:30:36.0653 5984 SCPolicySvc - ok

13:30:36.0705 5984 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

13:30:36.0725 5984 sdbus - ok

13:30:36.0773 5984 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

13:30:36.0784 5984 SDRSVC - ok

13:30:36.0814 5984 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

13:30:36.0821 5984 secdrv - ok

13:30:36.0853 5984 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

13:30:36.0863 5984 seclogon - ok

13:30:36.0884 5984 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

13:30:36.0895 5984 SENS - ok

13:30:36.0913 5984 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

13:30:36.0920 5984 Serenum - ok

13:30:36.0941 5984 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

13:30:36.0952 5984 Serial - ok

13:30:36.0970 5984 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

13:30:36.0978 5984 sermouse - ok

13:30:37.0022 5984 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

13:30:37.0034 5984 SessionEnv - ok

13:30:37.0069 5984 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

13:30:37.0076 5984 sffdisk - ok

13:30:37.0104 5984 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

13:30:37.0109 5984 sffp_mmc - ok

13:30:37.0122 5984 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

13:30:37.0128 5984 sffp_sd - ok

13:30:37.0159 5984 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

13:30:37.0167 5984 sfloppy - ok

13:30:37.0212 5984 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

13:30:37.0224 5984 SharedAccess - ok

13:30:37.0278 5984 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

13:30:37.0292 5984 ShellHWDetection - ok

13:30:37.0326 5984 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys

13:30:37.0357 5984 sisagp - ok

13:30:37.0395 5984 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

13:30:37.0403 5984 SiSRaid2 - ok

13:30:37.0428 5984 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

13:30:37.0437 5984 SiSRaid4 - ok

13:30:37.0773 5984 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

13:30:37.0834 5984 slsvc - ok

13:30:37.0958 5984 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

13:30:37.0964 5984 SLUINotify - ok

13:30:38.0024 5984 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

13:30:38.0033 5984 Smb - ok

13:30:38.0079 5984 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

13:30:38.0089 5984 SNMPTRAP - ok

13:30:38.0125 5984 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

13:30:38.0132 5984 spldr - ok

13:30:38.0187 5984 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

13:30:38.0199 5984 Spooler - ok

13:30:38.0255 5984 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

13:30:38.0266 5984 srv - ok

13:30:38.0313 5984 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

13:30:38.0331 5984 srv2 - ok

13:30:38.0352 5984 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

13:30:38.0364 5984 srvnet - ok

13:30:38.0412 5984 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys

13:30:38.0432 5984 ssadbus - ok

13:30:38.0463 5984 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys

13:30:38.0469 5984 ssadmdfl - ok

13:30:38.0513 5984 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys

13:30:38.0520 5984 ssadmdm - ok

13:30:38.0567 5984 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\Windows\system32\DRIVERS\ssadserd.sys

13:30:38.0588 5984 ssadserd - ok

13:30:38.0643 5984 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

13:30:38.0655 5984 SSDPSRV - ok

13:30:38.0710 5984 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

13:30:38.0722 5984 SstpSvc - ok

13:30:38.0764 5984 STacSV (b218068eba6f46f102b4218bdb81be0b) C:\Windows\system32\STacSV.exe

13:30:38.0776 5984 STacSV - ok

13:30:38.0837 5984 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys

13:30:38.0861 5984 STHDA - ok

13:30:38.0895 5984 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys

13:30:38.0901 5984 StillCam - ok

13:30:38.0969 5984 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

13:30:38.0986 5984 stisvc - ok

13:30:39.0008 5984 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

13:30:39.0015 5984 swenum - ok

13:30:39.0079 5984 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

13:30:39.0094 5984 swprv - ok

13:30:39.0125 5984 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

13:30:39.0132 5984 Symc8xx - ok

13:30:39.0158 5984 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

13:30:39.0165 5984 Sym_hi - ok

13:30:39.0179 5984 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

13:30:39.0187 5984 Sym_u3 - ok

13:30:39.0249 5984 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys

13:30:39.0267 5984 SynTP - ok

13:30:39.0352 5984 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

13:30:39.0371 5984 SysMain - ok

13:30:39.0400 5984 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

13:30:39.0414 5984 TabletInputService - ok

13:30:39.0471 5984 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

13:30:39.0484 5984 TapiSrv - ok

13:30:39.0522 5984 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

13:30:39.0533 5984 TBS - ok

13:30:39.0646 5984 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys

13:30:39.0666 5984 Tcpip - ok

13:30:39.0694 5984 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys

13:30:39.0709 5984 Tcpip6 - ok

13:30:39.0741 5984 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys

13:30:39.0747 5984 tcpipreg - ok

13:30:39.0787 5984 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

13:30:39.0793 5984 TDPIPE - ok

13:30:39.0825 5984 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

13:30:39.0831 5984 TDTCP - ok

13:30:39.0877 5984 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

13:30:39.0886 5984 tdx - ok

13:30:39.0925 5984 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

13:30:39.0937 5984 TermDD - ok

13:30:40.0011 5984 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

13:30:40.0047 5984 TermService - ok

13:30:40.0111 5984 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

13:30:40.0121 5984 Themes - ok

13:30:40.0155 5984 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

13:30:40.0161 5984 THREADORDER - ok

13:30:40.0194 5984 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

13:30:40.0206 5984 TrkWks - ok

13:30:40.0267 5984 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

13:30:40.0273 5984 TrustedInstaller - ok

13:30:40.0337 5984 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:30:40.0342 5984 tssecsrv - ok

13:30:40.0376 5984 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

13:30:40.0381 5984 tunmp - ok

13:30:40.0406 5984 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

13:30:40.0413 5984 tunnel - ok

13:30:40.0451 5984 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

13:30:40.0459 5984 uagp35 - ok

13:30:40.0511 5984 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

13:30:40.0520 5984 udfs - ok

13:30:40.0561 5984 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

13:30:40.0573 5984 UI0Detect - ok

13:30:40.0615 5984 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys

13:30:40.0647 5984 uliagpkx - ok

13:30:40.0692 5984 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

13:30:40.0718 5984 uliahci - ok

13:30:40.0746 5984 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

13:30:40.0753 5984 UlSata - ok

13:30:40.0770 5984 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

13:30:40.0785 5984 ulsata2 - ok

13:30:40.0814 5984 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

13:30:40.0821 5984 umbus - ok

13:30:40.0876 5984 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll

13:30:40.0890 5984 UmRdpService - ok

13:30:40.0951 5984 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

13:30:40.0965 5984 upnphost - ok

13:30:41.0013 5984 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys

13:30:41.0020 5984 USBAAPL - ok

13:30:41.0063 5984 usbccgp (

Share this post


Link to post
Share on other sites

Hi again,

 

I have just started to get the 'Mystart.Incredibar' problem again - I started up my firewalls/antivirus software after disabling them earlier to use Combofix, and though the internet seemed to be working smoothly for a few hours it has now gone back to redirecting to Mystart again (though only twice in the past few hours so far, so not too frequent yet). Ad-aware doesn't seem to be blocking it anymore either (not sure if I have restored the right settings in Adaware since turning it off?).

 

Would appreciate your help.

Share this post


Link to post
Share on other sites

Hello enoz.

 

My computer's still a bit sluggish

This could be caused by too many security programs on the system.

 

You have two security programs on the machine. Ad Aware and Microsoft Security Essentials.

This is very dangerous, as multiple antivirus/anti-spyware programs can interfere with one another and actually allow more viruses to get through.

It is important that only one antivirus/anti-spyware program is running real time protection.

I strongly suggest you either (1) uninstall one of the programs through Control Panel->Programs and features.

OR (2) keep both programs, but leave one of them disabled most of the time.

You can still use it for scanning your computer.

 

You also have two firewalls active. Windows firewall and Ad Aware. Please turn one of these off.

 

Reboot the computer.

 

Now, please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop.

Do NOT run it yet.

 

Close/disable all antivirus and anti malware programs so they do not interfere with the running of ComboFix.

 

Open Notepad:- Click Start->All Programs->Accessories click Notepad

Do not use any other text editor than Notepad or the script will fail.

Copy/paste the text in the quote box below into Notepad:

 

 

KILLALL::

 

Firefox::

FF - ProfilePath - c:\users\Eryl\AppData\Roaming\Mozilla\Firefox\Profiles\j8nhnjbp.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage -

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyEEs39y6&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 0a53d8e7000000000000001cbf908507

FF - user.js: extensions.incredibar_i.instlDay - 15502

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1420:04

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6OyEEs39y6

FF - user.js: extensions.incredibar_i.upn2n - 92261568522662926

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10604

FF - user.js: extensions.incredibar_i.ppd -

 

 

Save this as txtfile CFScript

 

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

 

CFScriptB-4.gif

 

This will start ComboFix again.

 

After reboot, (in case it asks to reboot), it will produce a log for you. Post that log in your next reply please.

 

Please reboot the computer (if ComboFix did not ask for a reboot)

 

Clean your Cache and Cookies in Firefox:

 

Go to Tools > Options.

Click Privacy in the menu on the left side of the Options window.

Click the Clear button located to the right of each option (History, Cookies, Private Data).

Click OK to close the Options window

Alternatively, you can clear all information stored while browsing by clicking Clear All.

A confirmation dialog box will be shown before clearing the information.

 

Please post:

ComboFix log.

Any problems remaining.

 

 

 

Rocket Grannie

Share this post


Link to post
Share on other sites

Thanks again for your time and help. I've now removed Ad Aware from my computer as suggested. I haven't seen the Mystart.Incredibar page so far.

 

The 'options' page in my firefox appears different to how you describe - I couldn't see any option under 'Privacy' for a list of History, Cookies and Private Data with 'clear' buttons, but I selected 'settings' and selected for it to clear all data and history upon exiting firefox. I then exited firefox so am guessing this is done now? I also clicked on 'Show Cookies' and selected 'Remove all' in there.

 

Computer is definitely performing quicker - e.g. MS Word opens immediately instead of taking a good 30 secs to respond.

 

 

Here is my log:

 

ComboFix 12-06-28.03 - Eryl 30/06/2012 18:11:16.3.2 - x86

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3069.2028 [GMT 1:00]

Running from: c:\users\Eryl\Desktop\ComboFix.exe

Command switches used :: c:\users\Eryl\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - Windows: deleted 192 bytes in 1 streams.

.

((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))

.

.

2012-06-30 17:17 . 2012-06-30 17:21 -------- d-----w- c:\users\Eryl\AppData\Local\temp

2012-06-30 17:17 . 2012-06-30 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-30 15:38 . 2012-06-30 15:38 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4F40882-7D07-4F02-9E45-B3BC471ADBB8}\offreg.dll

2012-06-30 13:12 . 2012-06-30 13:12 -------- d-----w- c:\programdata\GFI Software

2012-06-29 19:17 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4F40882-7D07-4F02-9E45-B3BC471ADBB8}\mpengine.dll

2012-06-29 12:43 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-28 22:07 . 2012-06-28 22:07 -------- d-----w- c:\program files\Common Files\Bitdefender

2012-06-24 22:12 . 2012-06-25 12:13 -------- d-----w- c:\users\Eryl\AppData\Roaming\QuickScan

2012-06-24 16:50 . 2012-06-24 16:50 -------- d-----w- c:\users\Eryl\AppData\Roaming\Malwarebytes

2012-06-24 16:41 . 2012-06-24 16:41 -------- d-----w- c:\programdata\Malwarebytes

2012-06-24 16:41 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-24 16:41 . 2012-06-24 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-24 11:16 . 2012-06-24 11:16 -------- d-----w- c:\users\Eryl\AppData\Local\Macromedia

2012-06-22 13:15 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 13:15 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 13:15 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 13:15 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 13:15 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-22 13:15 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 13:15 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 13:14 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 13:14 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-18 18:08 . 2012-06-24 14:29 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-06-18 18:08 . 2012-06-18 19:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-06-18 13:37 . 2012-06-30 13:13 -------- d-----w- c:\program files\Ad-Aware Antivirus

2012-06-14 07:21 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 07:21 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-14 07:21 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 07:20 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-06-14 07:20 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-12 16:33 . 2012-02-11 10:56 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C78C146-51DD-426B-B4F3-184CBC0B725A}\gapaengine.dll

2012-06-11 19:14 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll

2012-06-11 19:14 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll

2012-06-11 19:14 . 2005-07-14 11:31 32256 ----a-w- c:\windows\system32\AVSredirect.dll

2012-06-11 19:14 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll

2012-06-11 19:14 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll

2012-06-11 19:14 . 2012-06-11 19:14 -------- d-----w- c:\program files\AviSynth 2.5

2012-06-11 19:04 . 2004-07-02 00:00 327749 ----a-w- c:\windows\system32\drvc.dll

2012-06-11 19:04 . 2012-06-11 22:04 -------- d-----w- c:\users\Eryl\AppData\Roaming\systweak

2012-06-11 19:04 . 2012-06-11 19:04 447 ----a-w- C:\user.js

2012-06-11 19:03 . 2012-06-29 12:12 -------- d-----w- c:\program files\Web Assistant

2012-06-11 19:03 . 2012-06-11 22:08 -------- d-----w- c:\program files\eRightSoft

2012-06-11 18:47 . 2012-06-11 21:12 -------- d-----w- c:\programdata\NCH Software

2012-06-11 18:47 . 2012-06-11 22:08 -------- d-----w- c:\program files\NCH Software

2012-06-11 18:47 . 2012-06-11 21:12 -------- d-----w- c:\users\Eryl\AppData\Roaming\NCH Software

2012-06-02 09:54 . 2012-06-02 09:54 -------- d-----w- c:\program files\Common Files\xing shared

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 23:39 . 2012-04-04 15:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-23 23:39 . 2011-06-01 07:40 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 09:53 . 2008-01-24 11:48 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-06-02 09:53 . 2008-01-24 11:48 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-04-03 08:16 . 2012-05-11 16:35 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16 . 2012-05-11 16:35 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-24 18:24 . 2012-03-18 11:33 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-12-10 2756608]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-02 296056]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Launcher.lnk - c:\program files\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe [2011-11-2 505296]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk

backup=c:\windows\pss\Launcher.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Eryl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Eryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]

2007-07-27 16:43 118784 ----a-w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

c:\program files\Dell Support Center\bin\sprtcmd.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2006-10-03 11:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]

c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]

2007-12-03 05:58 36864 ----a-w- c:\windows\OEM02Mon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

c:\program files\Dell\MediaDirect\PCMService.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3554377867-2285584361-969781108-1000]

"EnableNotifications"=dword:00000001

"EnableNotificationsRef"=dword:00000002

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:39]

.

2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 17:14]

.

2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 17:14]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Eryl\AppData\Roaming\Mozilla\Firefox\Profiles\j8nhnjbp.default\

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-30 18:21

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Kodak\AiO\Center\EKAiOHostService.exe

c:\windows\system32\NLSSRV32.EXE

c:\program files\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\windows\system32\STacSV.exe

c:\program files\Web Assistant\ExtensionUpdaterService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Spybot - Search & Destroy\SDWinSec.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

.

**************************************************************************

.

Completion time: 2012-06-30 18:25:54 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-30 17:25

ComboFix2.txt 2012-06-29 12:39

.

Pre-Run: 18,788,069,376 bytes free

Post-Run: 18,736,066,560 bytes free

.

- - End Of File - - F43B0D1ABA7B0A2232E051252A23E090

Share this post


Link to post
Share on other sites

Could I also ask whether the combination of protection software I have on my computer at the moment is recommended? As far as I know I have: Spybot Search+Destroy, Malwarebytes, Windows Firewall with advanced security, MS Security Essentials all switched on. For some reason I can never seem to turn on Windows Defender though - it always crashes.

Share this post


Link to post
Share on other sites

Hello enoz.

 

Sorry to post again

That's great that you told me. I need to know what is happening with the machine.

 

Could I also ask whether the combination of protection software I have on my computer at the moment is recommended?

I'll give you some recommendations for this after your computer is clean.

 

thought I should mention that Mystart.Incredibar has just popped up again!

Pesky little devil isn't it?

 

It's possible you may have to uninstall/reinstall Firefox.

 

Let's see if ESET will find it. If it doesn't then we'll have to go look for it.

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    [*]Check "YES, I accept the Terms of Use."

    [*]Click the Start button.

    [*]Accept any security warnings from your browser.

    [*]Under scan settings, check "Scan Archives" and "Remove found threats"

    [*]Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, click List Threats

    [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Click the Back button.

    [*]Click the Finish button.

 

Rocket Grannie

Share this post


Link to post
Share on other sites

Hi, thanks again. Eset gave me the following note after running for a few hours:

 

C:\Qoobox\Quarantine\C\Windows\System32\.exe.vir Win32/Adware.RON.FSV application cleaned by deleting - quarantined

C:\Users\Eryl\Downloads\SUPERsetup.exe Win32/OpenCandy application cleaned by deleting - quarantined

Share this post


Link to post
Share on other sites

Hello enoz.

 

The good news is your logs appear to be clean.

 

If you are still getting the Mystart.Incredibar popups, please do the following:

 

Note: This scan will take a long time to complete.

 

Please download SystemLook from one of the links below and save it to your Desktop.

 

Download Mirror #1

Download Mirror #2

 

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
     
    
    :filefind
    incredibar
    mystart
    
    :folderfind
    *incredibar*
    *mystart*
    
    :regfind
    incredibar
    mystart
    
    


     

  • Click the Look button to start the scan.
  • When finished, a Notepad window will open with the results of the scan.
    Please post this log in your next reply.

Note: The log can also be found on your Desktop named SystemLook.txt

 

 

Rocket Grannie

Share this post


Link to post
Share on other sites

Hi Rocket Grannie,

 

I managed two days without seeing Mystart.Incredibar but it popped up again yesterday! My browser's now taking a while to load pages again...

 

Have run SystemLook, here are my results:

 

SystemLook 30.07.11 by jpshortstuff

Log created at 00:42 on 06/07/2012 by Eryl

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "incredibar"

No files found.

 

Searching for "mystart"

No files found.

 

========== folderfind ==========

 

Searching for "*incredibar*"

No folders found.

 

Searching for "*mystart*"

No folders found.

 

========== regfind ==========

 

Searching for "incredibar"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]

[HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]

[HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]

 

Searching for "mystart"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Web Assistant\script_storage]

"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.c

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]

[HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Web Assistant\script_storage]

"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"

[HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]

[HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]

 

-= EOF =-

 

 

Thanks for your help.

Share this post


Link to post
Share on other sites

Just to add that I seem to also have had a virus/link sent out to all my hotmail contacts today too - not sure of this is related but thought I should mention it. My browser is getting progressively slower as time goes on...

Share this post


Link to post
Share on other sites

Hello enoz.

 

There's entries in the Registry. Hopefully, this should fix it.

 

Now, please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop.

Do NOT run it yet.

 

Close/disable all antivirus and anti malware programs so they do not interfere with the running of ComboFix.

 

Open Notepad:- Click Start->All Programs->Accessories click Notepad

Do not use any other text editor than Notepad or the script will fail.

Copy/paste the text in the quote box below into Notepad:

 

 

KILLALL::

 

ClearJavaCache::

 

Registry::

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]

[-HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]

[-HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com]

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Web Assistant\script_storage]

"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.c

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]

[-HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Web Assistant\script_storage]

"WSG_whiteList"="{"search.babylon.com":"q","search.sweetim.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"

[-HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]

[-HKEY_USERS\S-1-5-21-3554377867-2285584361-969781108-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com\mystart]

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com\mystart]

 

 

Save this as txtfile CFScript

 

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

 

CFScriptB-4.gif

 

This will start ComboFix again.

 

After reboot, (in case it asks to reboot), it will produce a log for you. Post that log in your next reply please.

 

Please reboot the computer (if ComboFix did not ask for a reboot)

 

To regain control of your Hotmail account go here

 

Let me know what problems remain.

 

 

Rocket Grannie

Share this post


Link to post
Share on other sites

Thanks Rocket Grannie. Here's my log:

 

ComboFix 12-07-08.01 - Eryl 08/07/2012 17:02:33.4.2 - x86

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3069.1843 [GMT 1:00]

Running from: c:\users\Eryl\Desktop\ComboFix.exe

Command switches used :: c:\users\Eryl\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - Windows: deleted 0 bytes in 1 streams.

.

((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))

.

.

2012-07-08 16:08 . 2012-07-08 17:04 -------- d-----w- c:\users\Eryl\AppData\Local\temp

2012-07-08 16:08 . 2012-07-08 16:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-07 21:18 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EFFB87D-3263-415F-A3DA-07FAE1DFA3D2}\mpengine.dll

2012-07-05 21:22 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-04 20:43 . 2012-02-11 10:56 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA5F2D54-CA95-4CFC-A0AE-7097AF65759C}\gapaengine.dll

2012-07-01 17:22 . 2012-07-01 17:22 -------- d-----w- c:\program files\ESET

2012-06-30 13:12 . 2012-06-30 13:12 -------- d-----w- c:\programdata\GFI Software

2012-06-28 22:07 . 2012-06-28 22:07 -------- d-----w- c:\program files\Common Files\Bitdefender

2012-06-24 22:12 . 2012-06-25 12:13 -------- d-----w- c:\users\Eryl\AppData\Roaming\QuickScan

2012-06-24 16:50 . 2012-06-24 16:50 -------- d-----w- c:\users\Eryl\AppData\Roaming\Malwarebytes

2012-06-24 16:41 . 2012-06-24 16:41 -------- d-----w- c:\programdata\Malwarebytes

2012-06-24 16:41 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-24 16:41 . 2012-06-24 16:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-24 11:16 . 2012-06-24 11:16 -------- d-----w- c:\users\Eryl\AppData\Local\Macromedia

2012-06-22 13:15 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 13:15 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 13:15 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 13:15 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 13:15 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-22 13:15 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 13:15 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 13:14 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 13:14 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-18 18:08 . 2012-06-24 14:29 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-06-18 18:08 . 2012-06-18 19:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-06-18 13:37 . 2012-06-30 13:13 -------- d-----w- c:\program files\Ad-Aware Antivirus

2012-06-14 07:21 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 07:21 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-14 07:21 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 07:20 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-06-14 07:20 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-11 19:14 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll

2012-06-11 19:14 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll

2012-06-11 19:14 . 2005-07-14 11:31 32256 ----a-w- c:\windows\system32\AVSredirect.dll

2012-06-11 19:14 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll

2012-06-11 19:14 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll

2012-06-11 19:14 . 2012-06-11 19:14 -------- d-----w- c:\program files\AviSynth 2.5

2012-06-11 19:04 . 2004-07-02 00:00 327749 ----a-w- c:\windows\system32\drvc.dll

2012-06-11 19:04 . 2012-06-11 22:04 -------- d-----w- c:\users\Eryl\AppData\Roaming\systweak

2012-06-11 19:04 . 2012-06-11 19:04 447 ----a-w- C:\user.js

2012-06-11 19:03 . 2012-06-29 12:12 -------- d-----w- c:\program files\Web Assistant

2012-06-11 19:03 . 2012-06-11 22:08 -------- d-----w- c:\program files\eRightSoft

2012-06-11 18:47 . 2012-06-11 21:12 -------- d-----w- c:\programdata\NCH Software

2012-06-11 18:47 . 2012-06-11 22:08 -------- d-----w- c:\program files\NCH Software

2012-06-11 18:47 . 2012-06-11 21:12 -------- d-----w- c:\users\Eryl\AppData\Roaming\NCH Software

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 23:39 . 2012-04-04 15:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-23 23:39 . 2011-06-01 07:40 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 09:53 . 2008-01-24 11:48 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-06-02 09:53 . 2008-01-24 11:48 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-06-24 18:24 . 2012-03-18 11:33 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-12-10 2756608]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-02 296056]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Launcher.lnk - c:\program files\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe [2011-11-2 505296]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk

backup=c:\windows\pss\Launcher.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Eryl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:\users\Eryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]

2007-07-27 16:43 118784 ----a-w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

c:\program files\Dell Support Center\bin\sprtcmd.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2006-10-03 11:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]

c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]

2007-12-03 05:58 36864 ----a-w- c:\windows\OEM02Mon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

c:\program files\Dell\MediaDirect\PCMService.exe [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3554377867-2285584361-969781108-1000]

"EnableNotifications"=dword:00000001

"EnableNotificationsRef"=dword:00000002

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:39]

.

2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 17:14]

.

2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 17:14]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Eryl\AppData\Roaming\Mozilla\Firefox\Profiles\j8nhnjbp.default\

FF - prefs.js: browser.startup.homepage - www.google.co.uk

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-08 18:04

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\WLANExt.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Kodak\AiO\Center\EKAiOHostService.exe

c:\windows\system32\NLSSRV32.EXE

c:\program files\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\windows\system32\STacSV.exe

c:\program files\Web Assistant\ExtensionUpdaterService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Spybot - Search & Destroy\SDWinSec.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\windows\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Completion time: 2012-07-08 18:07:45 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-08 17:07

ComboFix2.txt 2012-06-30 17:25

ComboFix3.txt 2012-06-29 12:39

.

Pre-Run: 18,084,003,840 bytes free

Post-Run: 18,056,114,176 bytes free

.

- - End Of File - - CE993B9DEDF0DE7D0A96564BCAEB9449

Share this post


Link to post
Share on other sites

Hello enoz.

 

Your Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

 

Updating Java:

  • Go
    here
    and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: javaicon.gif
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

Now, you need to uninstall ComboFix.

 

The following will implement some cleanup procedures as well as reset System Restore points:

 

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

 

ComboFix /Uninstall

 

Note: The space between x and / is needed.

 

Please delete the Security Check folder on the Desktop.

 

Are there any further problems?

 

 

Rocket Grannie

Share this post


Link to post
Share on other sites

Hi,

 

Thank you - I have updated my Java as suggested. My internet seems to be responding much quicker lately. I did see the mystart.incredibar page pop up once on Friday - it was after searching for hotmail through the browser address bar in firefox, but I managed to close it straight away and since then it hasn't appeared at all - it's coming up to almost a whole week without trouble! :)

Share this post


Link to post
Share on other sites

Hello enoz.

 

it's coming up to almost a whole week without trouble!

That's great!

 

As a precaution, I suggest you:

Clean your Cache and Cookies in Firefox:

 

Go to Tools > Options.

Click Privacy in the menu on the left side of the Options window.

Click the Clear button located to the right of each option (History, Cookies, Private Data).

Click OK to close the Options window

Alternatively, you can clear all information stored while browsing by clicking Clear All.

A confirmation dialog box will be shown before clearing the information.

 

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections.

Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems.

As happy as we at SWI are to help you, for your sake we would rather not have repeat customers.

 

Note: All of the programs I am suggesting are either free or have free versions.

 

Please make sure to run your antivirus software regularly, and to keep it up-to-date. Most programs have an automatic update feature.

 

Keep MalwareBytes Anti-Malware updated and run it regularly.

 

SpywareBlaster

A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here

 

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

 

Please make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware from being installed.

Please set your anti-virus and anti-spyware programs to check for updates automatically. If the programs are not able to update automatically, then I suggest you manually check for updates every few days.

 

Windows needs to be kept up-to-date.

 

Windows Updates are available from here

 

IMPORTANT: Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

 

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

 

http://www.spywarewarrior.com/rogue_anti-spyware.htm

 

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Chrome is another good option.

 

If you are interested, Firefox may be downloaded from here

Chrome is available here

 

PLEASE NOTE:

 

A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

 

Please also read Tony Klein's excellent article: How I got Infected in the First Place

 

Hopefully this should take care of your problems!

 

Safe Surfing:

 

Rocket Grannie.

Share this post


Link to post
Share on other sites

Thank you Rocket Grannie, really appreciate all your help! I haven't had any problems since my last post and will make sure I follow your instructions for the future.

 

Thank you for all your time helping me :)

 

enoz

Share this post


Link to post
Share on other sites

Since the issue appears to be resolved this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.