Articles

Solved Unable to use yahoo or google search engine

August 31, 2013 at 07:36:29
Specs: Windows XP

I am able to go to the yahoo website and enter words in the search engine, but then it never does anything except for "time-out", also I am unable to even get to the google website. I have tried both internet explorer and google chrome, but have been unable to get either oen to work.

See More: Unable to use yahoo or google search engine

Report •


✔ Best Answer
September 1, 2013 at 17:36:49

You should be right now.

Malware Prevention
http://www.malwarevault.com/prevent...
"There is no magic involved. The majority of malware is installed by the user themselves"
What's that message mean? click, click.

As you can see, you have a lot of stuff installed, that you did not know had been installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.



#1
August 31, 2013 at 08:11:56

Please download and install Malwarebytes Free then update all available definitions and perform a Full Scan, fix what it finds, and post back with the report log.

--------------------------------------------------
Apologies if I don't respond to your reply immediately. I don't check this site daily, but you're welcome to PM me as a reminder.


Report •

#2
August 31, 2013 at 09:13:17

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.31.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Robin :: ROBIN-B7857FE36 [administrator]

8/31/2013 11:15:33 AM
mbam-log-2013-08-31 (11-15-33).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 279297
Time elapsed: 52 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Robin\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Program Files\Uninstall Information\ib_uninst_566\uninstall.exe (Adware.InstallBrain) -> Quarantined and deleted successfully.

(end)


Report •

#3
August 31, 2013 at 12:54:33

Also run ADWCleaner on it, as bad toolbars can sometimes cause these issues:
http://www.bleepingcomputer.com/dow...
This program is not "installed" in the usual sense, you just save the download somewhere then double click the downloaded file to run it. Do the Scan, post that log on here too, the run the Clean.

Always pop back and let us know the outcome - thanks


Report •

Related Solutions

#4
September 1, 2013 at 12:03:04

# AdwCleaner v3.001 - Report created 01/09/2013 at 14:58:25
# Updated 24/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Robin - ROBIN-B7857FE36
# Running from : C:\Documents and Settings\Robin\Local Settings\Temporary Internet Files\Content.IE5\O3BJSXXM\AdwCleaner[1].exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\extensions\prefs.js ]


[ File : C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\zuujbczz.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [19879 octets] - [29/08/2013 22:59:10]
AdwCleaner[R1].txt - [10044 octets] - [29/08/2013 23:38:54]
AdwCleaner[R2].txt - [1259 octets] - [29/08/2013 23:44:32]
AdwCleaner[R3].txt - [1430 octets] - [01/09/2013 14:54:17]
AdwCleaner[R4].txt - [1490 octets] - [01/09/2013 14:57:47]
AdwCleaner[S0].txt - [10312 octets] - [29/08/2013 23:39:21]
AdwCleaner[S1].txt - [1495 octets] - [01/09/2013 14:55:57]
AdwCleaner[S2].txt - [1411 octets] - [01/09/2013 14:58:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1471 octets] ##########


Report •

#5
September 1, 2013 at 14:22:58

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
Official tutorial
http://tigzyrk.blogspot.com.au/2012...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller.

Report •

#6
September 1, 2013 at 14:54:40

RogueKiller V8.6.7 [Aug 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/rog...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Robin [Admin rights]
Mode : Remove -- Date : 09/01/2013 17:53:13
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Documents and Settings\Robin\Application Data\SearchProtect\bin\cltmng.exe [7]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-1202660629-527237240-725345543-1003\[...]\Run : SearchProtect (C:\Documents and Settings\Robin\Application Data\SearchProtect\bin\cltmng.exe [7]) -> [0x2] The system cannot find the file specified.
[SERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 5716 (C:\Documents and Settings\Robin\Local Settings\Temp\5716.sys [x]) -> DELETED
[SERVICE][ROGUE ST] HKLM\[...]\CS001\[...]\Services : 5716 (C:\Documents and Settings\Robin\Local Settings\Temp\5716.sys [x]) -> [0x3] The system cannot find the path specified.
[SERVICE][ROGUE ST] HKLM\[...]\CS003\[...]\Services : 5716 (C:\Documents and Settings\Robin\Local Settings\Temp\5716.sys [x]) -> DELETED
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][SUSP PATH] At1.job : C:\DOCUME~1\Robin\APPLIC~1\Searchya\UPDATE~1\UPDATE~1.EXE - /Check [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[DriverStartIo] : atapi.sys -> HOOKED ([Address] Unknown @ 0x893B92E2)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] aad13ad1a56172be1dc040addd85a861
[BSP] 170e6c550181bb1f7150a3eea3225b83 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152578 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] cb6aff77755b373a38725d55db26f88f
[BSP] 170e6c550181bb1f7150a3eea3225b83 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152578 Mo

Finished : << RKreport[0]_D_09012013_175313.txt >>
RKreport[0]_S_09012013_175240.txt


Report •

#7
September 1, 2013 at 15:18:22

Next steps.

1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
To run Unhide, simply download it to your desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
Copy & Paste the contents of the log. Let me know if it doesn't produce a log please.

2: Reboot

3: Run ComboFix. Copy & Paste the contents of the log please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
"There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
Run Defogger
http://majorgeeks.com/Defogger_d708...
http://www.bleepingcomputer.com/dow...
This program can enable and disable CD emulation, often required in removing difficult malware. Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/sec...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#8
September 1, 2013 at 15:27:07

Unhide Log

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 09/01/2013 06:21:46 PM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 57960 files processed.

The C:\DOCUME~1\Robin\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
* NoRun policy was found and deleted!
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Program finished at: 09/01/2013 06:25:44 PM
Execution time: 0 hours(s), 3 minute(s), and 58 seconds(s)


Report •

#9
September 1, 2013 at 15:47:14

Combofix log

ComboFix 13-09-01.02 - Robin 09/01/2013 18:36:06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1497.832 [GMT -4:00]
Running from: c:\documents and settings\Robin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Robin\Application Data\PriceGong
c:\documents and settings\Robin\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Robin\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Robin\Application Data\SearchProtect
c:\documents and settings\Robin\Application Data\SearchProtect\bin\ChromeModule.dll
c:\documents and settings\Robin\Application Data\SearchProtect\bin\cltmng.exe
c:\documents and settings\Robin\Application Data\SearchProtect\bin\CltMngSvc.exe
c:\documents and settings\Robin\Application Data\SearchProtect\bin\FirefoxModule.dll
c:\documents and settings\Robin\Application Data\SearchProtect\bin\InternetExplorerModule.dll
c:\documents and settings\Robin\Application Data\SearchProtect\bin\msvcp100.dll
c:\documents and settings\Robin\Application Data\SearchProtect\bin\msvcr100.dll
c:\documents and settings\Robin\Application Data\SearchProtect\bin\rep.dat
c:\documents and settings\Robin\Application Data\SearchProtect\bin\SPHook32.dll
c:\documents and settings\Robin\Application Data\SearchProtect\bin\SPRunner.exe
c:\documents and settings\Robin\Application Data\SearchProtect\Dialogs\dialogsApi.js
c:\documents and settings\Robin\Application Data\SearchProtect\Dialogs\lib\jquery.min.js
c:\documents and settings\Robin\Application Data\SearchProtect\Dialogs\lib\json2.js
c:\documents and settings\Robin\Application Data\SearchProtect\Dialogs\spbd\bubble.css
c:\documents and settings\Robin\Application Data\SearchProtect\Dialogs\spbd\bubble.js
c:\documents and settings\Robin\Application Data\SearchProtect\Dialogs\spbd\images\information.png
c:\documents and settings\Robin\Application Data\SearchProtect\Dialogs\spbd\images\x-default-LTR.png
c:\documents and settings\Robin\Application Data\SearchProtect\Dialogs\spbd\images\x-default-RTL.png
c:\documents and settings\Robin\Application Data\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\documents and settings\Robin\Application Data\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\documents and settings\Robin\Application Data\SearchProtect\Dialogs\spbd\main.html
c:\documents and settings\Robin\Application Data\SearchProtect\Dialogs\spsd\images\ok-button.png
c:\documents and settings\Robin\Application Data\SearchProtect\Dialogs\spsd\images\separation-line.png
c:\documents and settings\Robin\Application Data\SearchProtect\Dialogs\spsd\images\warning.png
c:\documents and settings\Robin\Application Data\SearchProtect\Dialogs\spsd\main.html
c:\documents and settings\Robin\Application Data\SearchProtect\Dialogs\spsd\SearchProtector.css
c:\documents and settings\Robin\Application Data\SearchProtect\Dialogs\spsd\settings.js
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\abstraction.js
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\application.js
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\Dialogs\dialogsApi.js
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\Dialogs\lib\json2.js
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\Dialogs\spbd\bubble.css
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\Dialogs\spbd\bubble.js
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\information.png
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\Dialogs\spbd\main.html
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\Dialogs\spsd\main.html
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\Dialogs\spsd\settings.js
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\nsprotector.js
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\popupTransparent.xul
c:\documents and settings\Robin\Application Data\SearchProtect\ffprotect\SProtectorRepository\EN
c:\documents and settings\Robin\Local Settings\Application Data\DefineExt\teMP.dat
c:\documents and settings\Robin\WINDOWS
c:\program files\Web Protect\WeBProtect.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\02bdfbf403bd5225.fb
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\3a35c2807d5b4203.fb
c:\windows\system32\Cache\461a44308884d8a6.fb
c:\windows\system32\Cache\493abd768a05133f.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\7e3ee9badd66fccc.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\c4e10d1be905349b.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\SET2B0.tmp
c:\windows\system32\SET2B2.tmp
c:\windows\system32\SET2C0.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET8E.tmp
c:\windows\system32\SET8F.tmp
c:\windows\system32\SET90.tmp
c:\windows\system32\SET94.tmp
c:\windows\system32\SET96.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\SET98.tmp
c:\windows\system32\SET99.tmp
c:\windows\system32\SETAA.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SYSHOST32
.
.
((((((((((((((((((((((((( Files Created from 2013-08-01 to 2013-09-01 )))))))))))))))))))))))))))))))
.
.
2013-09-01 22:42 . 2013-09-01 22:42 -------- d-----w- c:\documents and settings\Robin\Application Data\SearchProtect
2013-09-01 21:40 . 2013-09-01 21:40 -------- d-----w- c:\program files\7-Zip
2013-09-01 21:40 . 2013-09-01 21:40 -------- d-----w- c:\program files\SaveValet
2013-09-01 21:39 . 2013-09-01 22:39 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\DefineExt
2013-09-01 21:39 . 2013-09-01 21:39 -------- d-----w- c:\program files\privoxy
2013-09-01 21:39 . 2013-09-01 22:39 -------- d-----w- c:\program files\Web Protect
2013-09-01 21:38 . 2013-09-01 21:38 -------- d-----w- c:\program files\SearchProtect
2013-09-01 21:38 . 2013-09-01 22:15 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\WhiteSmoke_New
2013-09-01 21:38 . 2013-09-01 21:48 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\Conduit
2013-09-01 21:38 . 2013-09-01 21:38 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\CRE
2013-09-01 21:38 . 2013-09-01 21:38 -------- d-----w- c:\program files\Conduit
2013-09-01 21:37 . 2013-09-01 21:37 -------- d-----w- c:\documents and settings\Robin\Application Data\SwvUpdater
2013-08-30 03:32 . 2013-08-30 03:32 -------- d-----w- c:\windows\ERUNT
2013-08-30 03:20 . 2013-08-30 03:20 -------- d-----w- c:\documents and settings\Robin\Application Data\SUPERAntiSpyware.com
2013-08-30 03:20 . 2013-08-30 03:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-08-30 03:20 . 2013-08-30 03:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-08-30 03:03 . 2013-08-30 03:03 -------- d-----w- c:\documents and settings\Robin\Application Data\Malwarebytes
2013-08-30 03:02 . 2013-08-30 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-08-30 03:02 . 2013-08-30 03:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-30 03:02 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-30 02:58 . 2013-09-01 18:58 -------- d-----w- C:\AdwCleaner
2013-08-26 07:17 . 2013-08-26 07:20 -------- d-----w- c:\windows\system32\MRT
2013-08-25 17:24 . 2013-08-25 17:24 -------- d-----w- c:\windows\system32\wbem\Repository
2013-08-25 17:20 . 2013-08-25 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar
2013-08-25 17:20 . 2013-08-25 17:20 -------- d-----w- c:\documents and settings\Robin\Application Data\AVG SafeGuard toolbar
2013-08-25 17:20 . 2013-08-25 17:20 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-08-25 17:20 . 2013-08-25 17:20 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\AVG SafeGuard toolbar
2013-08-25 17:17 . 2013-08-25 17:17 -------- d-----w- c:\documents and settings\Robin\AppData
2013-08-24 07:00 . 2013-08-24 07:00 0 ----a-w- c:\windows\system32\drivers\avgtpx86(2).sys
2013-08-21 01:43 . 2013-08-21 01:43 -------- d-----w- c:\documents and settings\Robin\Local Settings\Application Data\Ahead
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-03 18:18 . 2006-10-19 01:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-30 04:05 . 2013-01-21 22:27 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-07-26 02:47 . 2004-08-04 04:56 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47 . 2004-08-04 04:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47 . 2004-08-04 04:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52 . 2004-08-04 02:59 385024 ----a-w- c:\windows\system32\html.iec
2013-07-10 10:37 . 2004-08-04 04:56 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03 . 2004-08-04 03:18 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-07 21:56 . 2004-08-04 04:56 920064 ----a-w- c:\windows\system32\wininet(3).dll
2013-06-07 21:56 . 2004-08-04 04:56 1215488 ----a-w- c:\windows\system32\urlmon(3).dll
2013-06-07 21:56 . 2004-08-04 04:56 105984 ----a-w- c:\windows\system32\url(3).dll
2013-06-04 07:23 . 2004-08-04 04:56 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-04 03:17 1876736 ----a-w- c:\windows\system32\win32k.sys
2011-12-22 01:44 . 2012-08-13 02:46 165816 ----a-w- c:\program files\4jres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"B5B00D39456A7E46839A446D32226DAEAB023E4D._service_run"="c:\documents and settings\Robin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013-01-17 1294288]
"TaskScheduler"="c:\prowin12\32bit\tasksch.exe" [2013-04-17 594976]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 5703920]
"ConduitFloatingPlugin_klibnahbojhkanfgaglnlalfkgpcppfi"="c:\program files\Conduit\CT3289847\plugins\TBVerifier.dll" [1617-11-28 287008]
"GoogleChromeAutoLaunch_D0D261EE8E6991613EF864B1814DB1CD"="c:\documents and settings\Robin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013-01-17 1294288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-08-29 296096]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-08 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-08 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-08 142872]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SearchProtectAll"="c:\program files\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]
"Privoxy"="c:\program files\privoxy\starthelp.exe" [2013-08-26 51115]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx [2011-2-23 323584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/11/2011 1:13 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 250080]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 302368]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [1/21/2013 6:27 PM 37664]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.SYS [8/22/2011 5:23 PM 16976]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/25/2011 1:49 AM 65584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [5/23/2013 4:11 PM 119056]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [11/2/2012 4:51 AM 5174392]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\SearchProtect\bin\CltMngSvc.exe [5/8/2013 2:18 AM 97056]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-26 c:\windows\Tasks\.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2013-09-01 c:\windows\Tasks\AmiUpdXp.job
- c:\documents and settings\Robin\Application Data\SwvUpdater\Updater.exe [2013-09-01 21:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:8118
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Robin\Application Data\Mozilla\Firefox\Profiles\zuujbczz.default\
FF - ExtSQL: 2013-09-01 00:00; gystqfr@ylgga.com; c:\documents and settings\Robin\Application Data\Mozilla\Firefox\Profiles\zuujbczz.default\extensions\gystqfr@ylgga.com
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);user_pref('network.proxy.type', 5);
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
HKCU-Run-SearchProtect - c:\documents and settings\Robin\Application Data\SearchProtect\bin\cltmng.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-01 18:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TaskScheduler = c:\prowin12\32bit\tasksch.exe????g?x\???I??x????d????????k?x????????<???????p?iR\???d?????iR????p???????$??????xq????????)7bd???,???8QD?????8???.kB??)7bd???d???P????LD??????????6A??????)7b?BF?d???%-7b????? D??????K@???E?r?9?&???!???p?9???E???9???????????9???E
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160812AS rev.3.ADJ -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x892532E2
NDIS: Realtek PCIe GBE Family Controller -> SendHandler -> 0x896d0098
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(5284)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\devldr32.exe
c:\program files\privoxy\privoxy.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-09-01 18:45:56 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-01 22:45
.
Pre-Run: 140,056,981,504 bytes free
Post-Run: 140,616,548,352 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3783117343492C0C2C0B13E2DB95C7FD
8F558EB6672622401DA993E1E865C861


Report •

#10
September 1, 2013 at 15:51:12

Good one daman4, that really nailed a lot.

Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/sec...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#11
September 1, 2013 at 16:08:49

Junk Removal Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.6 (08.30.2013:1)
OS: Microsoft Windows XP x86
Ran by Robin on Sun 09/01/2013 at 19:03:37.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_klibnahbojhkanfgaglnlalfkgpcppfi
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotect
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotectall

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\socialbit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\savevalet_ie
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289847
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2817C648-4141-4FD1-8ED7-74AA3E3BF7CA}

~~~ Files

Successfully deleted: [File] C:\WINDOWS\Tasks\amiupdxp.job
Successfully deleted: [File] C:\Program Files\4jres.dll
Successfully deleted: [File] "C:\end"

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Robin\Application Data\searchprotect"
Successfully deleted: [Folder] "C:\Documents and Settings\Robin\Application Data\swvupdater"
Successfully deleted: [Folder] "C:\Documents and Settings\Robin\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\Robin\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Documents and Settings\Robin\Local Settings\Application Data\defineext"
Successfully deleted: [Folder] "C:\Documents and Settings\Robin\Local Settings\Application Data\whitesmoke_new"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\savevalet"
Successfully deleted: [Folder] "C:\Program Files\searchprotect"

~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Documents and Settings\Robin\Application Data\mozilla\firefox\profiles\zuujbczz.default\user.js
Successfully deleted: [File] C:\Documents and Settings\Robin\Application Data\mozilla\firefox\profiles\zuujbczz.default\searchplugins\conduit.xml
Successfully deleted: [Folder] C:\Documents and Settings\Robin\Application Data\mozilla\firefox\profiles\zuujbczz.default\extensions\extension21804@extension21804.com
Successfully deleted: [Folder] C:\Documents and Settings\Robin\Application Data\mozilla\firefox\profiles\zuujbczz.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}

~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 09/01/2013 at 19:07:47.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#12
September 1, 2013 at 16:14:38

Beautiful.

Run TDSSKiller. Copy & Paste the contents of the log in your reply.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://support.kaspersky.com/faq/?q...
http://support.kaspersky.com/viruse...

After each fix or change we make, let me know how the comp is running. Example: Still cannot use yahoo or google search engine.
.


Report •

#13
September 1, 2013 at 16:23:31

19:21:43.0937 0x0574 TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
19:21:44.0390 0x0574 ============================================================
19:21:44.0390 0x0574 Current date / time: 2013/09/01 19:21:44.0390
19:21:44.0390 0x0574 SystemInfo:
19:21:44.0390 0x0574
19:21:44.0390 0x0574 OS Version: 5.1.2600 ServicePack: 3.0
19:21:44.0390 0x0574 Product type: Workstation
19:21:44.0390 0x0574 ComputerName: ROBIN-B7857FE36
19:21:44.0390 0x0574 UserName: Robin
19:21:44.0390 0x0574 Windows directory: C:\WINDOWS
19:21:44.0390 0x0574 System windows directory: C:\WINDOWS
19:21:44.0390 0x0574 Processor architecture: Intel x86
19:21:44.0390 0x0574 Number of processors: 2
19:21:44.0390 0x0574 Page size: 0x1000
19:21:44.0390 0x0574 Boot type: Normal boot
19:21:44.0390 0x0574 ============================================================
19:21:45.0218 0x0574 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:21:45.0218 0x0574 ============================================================
19:21:45.0218 0x0574 \Device\Harddisk0\DR0:
19:21:45.0218 0x0574 MBR partitions:
19:21:45.0218 0x0574 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A011FC
19:21:45.0218 0x0574 ============================================================
19:21:45.0250 0x0574 C: <-> \Device\Harddisk0\DR0\Partition1
19:21:45.0250 0x0574 ============================================================
19:21:45.0250 0x0574 Initialize success
19:21:45.0250 0x0574 ============================================================
19:21:47.0015 0x0b88 ============================================================
19:21:47.0015 0x0b88 Scan started
19:21:47.0015 0x0b88 Mode: Manual;
19:21:47.0015 0x0b88 ============================================================
19:21:48.0828 0x0b88 ================ Scan system memory ========================
19:21:48.0828 0x0b88 System memory - ok
19:21:48.0828 0x0b88 ================ Scan services =============================
19:21:48.0906 0x0b88 [ 9EBE730D4B5E3FF25EAAF5A59BA6CCFF ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:21:48.0906 0x0b88 !SASCORE - ok
19:21:48.0953 0x0b88 Abiosdsk - ok
19:21:48.0968 0x0b88 abp480n5 - ok
19:21:49.0015 0x0b88 [ EA38C961260F29295C6D03070FA9D0B5 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:21:49.0015 0x0b88 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: EA38C961260F29295C6D03070FA9D0B5, Fake md5: 8FD99680A539792A30E97944FDAECF17
19:21:49.0015 0x0b88 ACPI ( Virus.Win32.Rloader.a ) - infected
19:21:49.0015 0x0b88 ACPI - detected Virus.Win32.Rloader.a (0)
19:21:49.0046 0x0b88 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:21:49.0046 0x0b88 ACPIEC - ok
19:21:49.0046 0x0b88 adpu160m - ok
19:21:49.0078 0x0b88 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:21:49.0078 0x0b88 aec - ok
19:21:49.0109 0x0b88 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:21:49.0109 0x0b88 AFD - ok
19:21:49.0109 0x0b88 Aha154x - ok
19:21:49.0109 0x0b88 aic78u2 - ok
19:21:49.0125 0x0b88 aic78xx - ok
19:21:49.0156 0x0b88 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:21:49.0156 0x0b88 Alerter - ok
19:21:49.0171 0x0b88 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:21:49.0171 0x0b88 ALG - ok
19:21:49.0171 0x0b88 AliIde - ok
19:21:49.0171 0x0b88 Ambfilt - ok
19:21:49.0187 0x0b88 amsint - ok
19:21:49.0218 0x0b88 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:21:49.0218 0x0b88 AppMgmt - ok
19:21:49.0218 0x0b88 asc - ok
19:21:49.0218 0x0b88 asc3350p - ok
19:21:49.0234 0x0b88 asc3550 - ok
19:21:49.0281 0x0b88 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:21:49.0281 0x0b88 aspnet_state - ok
19:21:49.0312 0x0b88 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:21:49.0312 0x0b88 AsyncMac - ok
19:21:49.0343 0x0b88 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:21:49.0343 0x0b88 atapi - ok
19:21:49.0359 0x0b88 Atdisk - ok
19:21:49.0375 0x0b88 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:21:49.0375 0x0b88 Atmarpc - ok
19:21:49.0406 0x0b88 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:21:49.0406 0x0b88 AudioSrv - ok
19:21:49.0421 0x0b88 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:21:49.0421 0x0b88 audstub - ok
19:21:49.0562 0x0b88 [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
19:21:49.0687 0x0b88 AVGIDSAgent - ok
19:21:49.0718 0x0b88 [ EF67527CC2AD77D22AB1405C6470407E ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
19:21:49.0718 0x0b88 AVGIDSDriver - ok
19:21:49.0750 0x0b88 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
19:21:49.0750 0x0b88 AVGIDSFilter - ok
19:21:49.0765 0x0b88 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
19:21:49.0781 0x0b88 AVGIDSHX - ok
19:21:49.0781 0x0b88 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
19:21:49.0781 0x0b88 AVGIDSShim - ok
19:21:49.0796 0x0b88 [ 6671345A6E2669AF1966BAF68EC5620F ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:21:49.0796 0x0b88 Avgldx86 - ok
19:21:49.0812 0x0b88 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:21:49.0812 0x0b88 Avgmfx86 - ok
19:21:49.0828 0x0b88 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:21:49.0828 0x0b88 Avgrkx86 - ok
19:21:49.0859 0x0b88 [ 1647C720358DCC98ACF51E597C461C4D ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:21:49.0859 0x0b88 Avgtdix - ok
19:21:49.0890 0x0b88 [ F798F61B3B5642D7086B96A891B129D2 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
19:21:49.0890 0x0b88 avgtp - ok
19:21:49.0906 0x0b88 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:21:49.0921 0x0b88 avgwd - ok
19:21:49.0937 0x0b88 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:21:49.0937 0x0b88 Beep - ok
19:21:49.0953 0x0b88 [ 79D48920063220D5E0C55C5964234099 ] BIOS C:\WINDOWS\system32\drivers\BIOS.sys
19:21:49.0953 0x0b88 BIOS - ok
19:21:49.0984 0x0b88 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:21:50.0031 0x0b88 BITS - ok
19:21:50.0062 0x0b88 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:21:50.0062 0x0b88 Browser - ok
19:21:50.0140 0x0b88 catchme - ok
19:21:50.0156 0x0b88 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:21:50.0156 0x0b88 cbidf2k - ok
19:21:50.0156 0x0b88 cd20xrnt - ok
19:21:50.0171 0x0b88 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:21:50.0171 0x0b88 Cdaudio - ok
19:21:50.0203 0x0b88 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:21:50.0203 0x0b88 Cdfs - ok
19:21:50.0218 0x0b88 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:21:50.0218 0x0b88 Cdrom - ok
19:21:50.0234 0x0b88 Changer - ok
19:21:50.0250 0x0b88 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:21:50.0250 0x0b88 CiSvc - ok
19:21:50.0265 0x0b88 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:21:50.0265 0x0b88 ClipSrv - ok
19:21:50.0312 0x0b88 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:21:50.0312 0x0b88 clr_optimization_v2.0.50727_32 - ok
19:21:50.0390 0x0b88 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:21:50.0390 0x0b88 clr_optimization_v4.0.30319_32 - ok
19:21:50.0390 0x0b88 CmdIde - ok
19:21:50.0390 0x0b88 COMSysApp - ok
19:21:50.0406 0x0b88 Cpqarray - ok
19:21:50.0421 0x0b88 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:21:50.0421 0x0b88 CryptSvc - ok
19:21:50.0453 0x0b88 [ 71007BD2E1E26927FE3E4EB00C0BEEDF ] ctljystk C:\WINDOWS\system32\DRIVERS\ctljystk.sys
19:21:50.0453 0x0b88 ctljystk - ok
19:21:50.0484 0x0b88 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
19:21:50.0484 0x0b88 ctxusbm - ok
19:21:50.0484 0x0b88 dac2w2k - ok
19:21:50.0484 0x0b88 dac960nt - ok
19:21:50.0531 0x0b88 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:21:50.0546 0x0b88 DcomLaunch - ok
19:21:50.0578 0x0b88 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:21:50.0578 0x0b88 Dhcp - ok
19:21:50.0578 0x0b88 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:21:50.0578 0x0b88 Disk - ok
19:21:50.0593 0x0b88 dmadmin - ok
19:21:50.0625 0x0b88 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:21:50.0640 0x0b88 dmboot - ok
19:21:50.0640 0x0b88 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:21:50.0640 0x0b88 dmio - ok
19:21:50.0656 0x0b88 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:21:50.0656 0x0b88 dmload - ok

Report •

#14
September 1, 2013 at 16:23:52

19:21:50.0671 0x0b88 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:21:50.0671 0x0b88 dmserver - ok
19:21:50.0687 0x0b88 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:21:50.0687 0x0b88 DMusic - ok
19:21:50.0718 0x0b88 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:21:50.0718 0x0b88 Dnscache - ok
19:21:50.0734 0x0b88 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:21:50.0750 0x0b88 Dot3svc - ok
19:21:50.0750 0x0b88 dpti2o - ok
19:21:50.0750 0x0b88 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:21:50.0750 0x0b88 drmkaud - ok
19:21:50.0781 0x0b88 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:21:50.0781 0x0b88 EapHost - ok
19:21:50.0812 0x0b88 [ 01F83E1B5DCE05F5CB7D99113CA9E890 ] emu10k C:\WINDOWS\system32\drivers\emu10k1m.sys
19:21:50.0812 0x0b88 emu10k - ok
19:21:50.0828 0x0b88 [ 7FFA171CCE6A8BFC774862A578BA39A2 ] emu10k1 C:\WINDOWS\system32\drivers\ctlfacem.sys
19:21:50.0828 0x0b88 emu10k1 - ok
19:21:50.0875 0x0b88 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:21:50.0875 0x0b88 ERSvc - ok
19:21:50.0890 0x0b88 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:21:50.0890 0x0b88 Eventlog - ok
19:21:50.0921 0x0b88 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:21:50.0937 0x0b88 EventSystem - ok
19:21:50.0968 0x0b88 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:21:50.0968 0x0b88 Fastfat - ok
19:21:51.0000 0x0b88 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:21:51.0000 0x0b88 FastUserSwitchingCompatibility - ok
19:21:51.0015 0x0b88 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:21:51.0015 0x0b88 Fdc - ok
19:21:51.0031 0x0b88 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:21:51.0031 0x0b88 Fips - ok
19:21:51.0062 0x0b88 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:21:51.0062 0x0b88 Flpydisk - ok
19:21:51.0109 0x0b88 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:21:51.0109 0x0b88 FltMgr - ok
19:21:51.0203 0x0b88 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:21:51.0203 0x0b88 FontCache3.0.0.0 - ok
19:21:51.0218 0x0b88 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:21:51.0218 0x0b88 Fs_Rec - ok
19:21:51.0250 0x0b88 [ AAE37F0F2F613218DCE17B42A18C38DB ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
19:21:51.0250 0x0b88 FTDIBUS - ok
19:21:51.0265 0x0b88 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:21:51.0265 0x0b88 Ftdisk - ok
19:21:51.0281 0x0b88 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:21:51.0281 0x0b88 gameenum - ok
19:21:51.0312 0x0b88 [ D556CB79967E92B5CC69686D16C1D846 ] gdrv C:\WINDOWS\gdrv.sys
19:21:52.0062 0x0b88 gdrv - ok
19:21:52.0093 0x0b88 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:21:52.0093 0x0b88 Gpc - ok
19:21:52.0125 0x0b88 [ 79D48920063220D5E0C55C5964234099 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:21:52.0140 0x0b88 HDAudBus - ok
19:21:52.0187 0x0b88 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:21:52.0187 0x0b88 helpsvc - ok
19:21:52.0218 0x0b88 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:21:52.0218 0x0b88 HidServ - ok
19:21:52.0234 0x0b88 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:21:52.0234 0x0b88 hidusb - ok
19:21:52.0281 0x0b88 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:21:52.0281 0x0b88 hkmsvc - ok
19:21:52.0296 0x0b88 hpn - ok
19:21:52.0328 0x0b88 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:21:52.0328 0x0b88 HPZid412 - ok
19:21:52.0328 0x0b88 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:21:52.0328 0x0b88 HPZipr12 - ok
19:21:52.0328 0x0b88 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:21:52.0328 0x0b88 HPZius12 - ok
19:21:52.0359 0x0b88 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:21:52.0359 0x0b88 HTTP - ok
19:21:52.0406 0x0b88 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:21:52.0406 0x0b88 HTTPFilter - ok
19:21:52.0406 0x0b88 i2omgmt - ok
19:21:52.0406 0x0b88 i2omp - ok
19:21:52.0421 0x0b88 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:21:52.0437 0x0b88 i8042prt - ok
19:21:52.0562 0x0b88 [ F339B2E3A3F63CC14077D614A56A967B ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:21:52.0687 0x0b88 ialm - ok
19:21:52.0765 0x0b88 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:21:52.0796 0x0b88 idsvc - ok
19:21:52.0796 0x0b88 igfx - ok
19:21:52.0796 0x0b88 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:21:52.0812 0x0b88 Imapi - ok
19:21:52.0828 0x0b88 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:21:52.0828 0x0b88 ImapiService - ok
19:21:52.0828 0x0b88 ini910u - ok
19:21:53.0000 0x0b88 [ 9037C8BD3E896D7F2803A171FDEAEEF4 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:21:53.0171 0x0b88 IntcAzAudAddService - ok
19:21:53.0187 0x0b88 IntelIde - ok
19:21:53.0218 0x0b88 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:21:53.0218 0x0b88 intelppm - ok
19:21:53.0234 0x0b88 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:21:53.0234 0x0b88 Ip6Fw - ok
19:21:53.0265 0x0b88 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:21:53.0265 0x0b88 IpFilterDriver - ok
19:21:53.0281 0x0b88 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:21:53.0281 0x0b88 IpInIp - ok
19:21:53.0296 0x0b88 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:21:53.0296 0x0b88 IpNat - ok
19:21:53.0312 0x0b88 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:21:53.0312 0x0b88 IPSec - ok
19:21:53.0328 0x0b88 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:21:53.0328 0x0b88 IRENUM - ok
19:21:53.0359 0x0b88 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:21:53.0359 0x0b88 isapnp - ok
19:21:53.0406 0x0b88 [ 91061352084424820AC6268808CB8EE3 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
19:21:53.0406 0x0b88 JavaQuickStarterService - ok
19:21:53.0421 0x0b88 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:21:53.0421 0x0b88 Kbdclass - ok
19:21:53.0437 0x0b88 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:21:53.0437 0x0b88 kbdhid - ok
19:21:53.0453 0x0b88 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:21:53.0453 0x0b88 kmixer - ok
19:21:53.0468 0x0b88 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:21:53.0468 0x0b88 KSecDD - ok
19:21:53.0500 0x0b88 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:21:53.0500 0x0b88 lanmanserver - ok
19:21:53.0531 0x0b88 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:21:53.0562 0x0b88 lanmanworkstation - ok
19:21:53.0562 0x0b88 lbrtfdc - ok
19:21:53.0703 0x0b88 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:21:53.0703 0x0b88 LmHosts - ok
19:21:53.0750 0x0b88 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:21:53.0781 0x0b88 Messenger - ok
19:21:53.0828 0x0b88 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:21:53.0828 0x0b88 mnmdd - ok
19:21:54.0046 0x0b88 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:21:54.0078 0x0b88 mnmsrvc - ok
19:21:54.0140 0x0b88 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:21:54.0156 0x0b88 Modem - ok
19:21:54.0171 0x0b88 Monfilt - ok
19:21:54.0234 0x0b88 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:21:54.0250 0x0b88 Mouclass - ok
19:21:54.0328 0x0b88 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:21:54.0359 0x0b88 mouhid - ok
19:21:54.0375 0x0b88 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:21:54.0375 0x0b88 MountMgr - ok
19:21:54.0421 0x0b88 [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:21:54.0421 0x0b88 MozillaMaintenance - ok
19:21:54.0421 0x0b88 mraid35x - ok
19:21:54.0421 0x0b88 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:21:54.0437 0x0b88 MRxDAV - ok
19:21:54.0468 0x0b88 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:21:54.0468 0x0b88 MRxSmb - ok
19:21:54.0484 0x0b88 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:21:54.0500 0x0b88 MSDTC - ok
19:21:54.0515 0x0b88 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:21:54.0515 0x0b88 Msfs - ok
19:21:54.0515 0x0b88 MSIServer - ok
19:21:54.0546 0x0b88 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:21:54.0546 0x0b88 MSKSSRV - ok
19:21:54.0562 0x0b88 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:21:54.0562 0x0b88 MSPCLOCK - ok
19:21:54.0578 0x0b88 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:21:54.0593 0x0b88 MSPQM - ok
19:21:54.0609 0x0b88 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:21:54.0609 0x0b88 mssmbios - ok
19:21:54.0625 0x0b88 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:21:54.0625 0x0b88 Mup - ok
19:21:54.0656 0x0b88 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:21:54.0656 0x0b88 napagent - ok
19:21:54.0687 0x0b88 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:21:54.0687 0x0b88 NDIS - ok
19:21:54.0703 0x0b88 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:21:54.0703 0x0b88 NdisTapi - ok
19:21:54.0718 0x0b88 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:21:54.0718 0x0b88 Ndisuio - ok
19:21:54.0718 0x0b88 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:21:54.0718 0x0b88 NdisWan - ok
19:21:54.0734 0x0b88 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:21:54.0734 0x0b88 NDProxy - ok
19:21:54.0750 0x0b88 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:21:54.0750 0x0b88 NetBIOS - ok
19:21:54.0765 0x0b88 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:21:54.0765 0x0b88 NetBT - ok
19:21:54.0812 0x0b88 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:21:54.0812 0x0b88 NetDDE - ok
19:21:54.0812 0x0b88 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:21:54.0812 0x0b88 NetDDEdsdm - ok
19:21:54.0843 0x0b88 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:21:54.0843 0x0b88 Netlogon - ok
19:21:54.0859 0x0b88 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

Report •

#15
September 1, 2013 at 16:24:11

19:21:54.0859 0x0b88 Netman - ok
19:21:54.0890 0x0b88 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:21:54.0890 0x0b88 NetTcpPortSharing - ok
19:21:54.0937 0x0b88 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:21:54.0937 0x0b88 Nla - ok
19:21:54.0968 0x0b88 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:21:54.0968 0x0b88 Npfs - ok
19:21:55.0000 0x0b88 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:21:55.0000 0x0b88 Ntfs - ok
19:21:55.0015 0x0b88 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:21:55.0015 0x0b88 NtLmSsp - ok
19:21:55.0062 0x0b88 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:21:55.0062 0x0b88 NtmsSvc - ok
19:21:55.0109 0x0b88 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:21:55.0109 0x0b88 Null - ok
19:21:55.0328 0x0b88 [ C190757A29A9BC0199032F353DD2557A ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:21:55.0562 0x0b88 nv - ok
19:21:55.0609 0x0b88 [ 0258D664F93B4B01DDD621B8C084F322 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:21:55.0609 0x0b88 NVENETFD - ok
19:21:55.0625 0x0b88 [ 56EC9207906435EF1BF02F5C68E3FFEC ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:21:55.0625 0x0b88 nvnetbus - ok
19:21:55.0656 0x0b88 [ 8D64B827A6709C3D18F855619D7D89E9 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
19:21:55.0656 0x0b88 NVSvc - ok
19:21:55.0687 0x0b88 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:21:55.0687 0x0b88 NwlnkFlt - ok
19:21:55.0687 0x0b88 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:21:55.0703 0x0b88 NwlnkFwd - ok
19:21:55.0734 0x0b88 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:21:55.0750 0x0b88 ose - ok
19:21:55.0781 0x0b88 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:21:55.0781 0x0b88 Parport - ok
19:21:55.0796 0x0b88 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:21:55.0796 0x0b88 PartMgr - ok
19:21:55.0812 0x0b88 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:21:55.0812 0x0b88 ParVdm - ok
19:21:55.0828 0x0b88 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:21:55.0828 0x0b88 PCI - ok
19:21:55.0828 0x0b88 PCIDump - ok
19:21:55.0843 0x0b88 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:21:55.0843 0x0b88 PCIIde - ok
19:21:55.0859 0x0b88 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:21:55.0859 0x0b88 Pcmcia - ok
19:21:55.0859 0x0b88 PDCOMP - ok
19:21:55.0859 0x0b88 PDFRAME - ok
19:21:55.0875 0x0b88 PDRELI - ok
19:21:55.0875 0x0b88 PDRFRAME - ok
19:21:55.0875 0x0b88 perc2 - ok
19:21:55.0875 0x0b88 perc2hib - ok
19:21:55.0921 0x0b88 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:21:55.0921 0x0b88 PlugPlay - ok
19:21:55.0937 0x0b88 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:21:55.0937 0x0b88 PolicyAgent - ok
19:21:55.0937 0x0b88 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:21:55.0937 0x0b88 PptpMiniport - ok
19:21:55.0953 0x0b88 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:21:55.0953 0x0b88 ProtectedStorage - ok
19:21:55.0953 0x0b88 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:21:55.0953 0x0b88 PSched - ok
19:21:55.0968 0x0b88 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:21:55.0968 0x0b88 Ptilink - ok
19:21:55.0984 0x0b88 ql1080 - ok
19:21:55.0984 0x0b88 Ql10wnt - ok
19:21:55.0984 0x0b88 ql12160 - ok
19:21:55.0984 0x0b88 ql1240 - ok
19:21:56.0000 0x0b88 ql1280 - ok
19:21:56.0000 0x0b88 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:21:56.0015 0x0b88 RasAcd - ok
19:21:56.0031 0x0b88 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:21:56.0031 0x0b88 RasAuto - ok
19:21:56.0046 0x0b88 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:21:56.0046 0x0b88 Rasl2tp - ok
19:21:56.0078 0x0b88 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:21:56.0078 0x0b88 RasMan - ok
19:21:56.0078 0x0b88 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:21:56.0078 0x0b88 RasPppoe - ok
19:21:56.0093 0x0b88 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:21:56.0093 0x0b88 Raspti - ok
19:21:56.0125 0x0b88 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:21:56.0125 0x0b88 Rdbss - ok
19:21:56.0125 0x0b88 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:21:56.0125 0x0b88 RDPCDD - ok
19:21:56.0140 0x0b88 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:21:56.0140 0x0b88 rdpdr - ok
19:21:56.0171 0x0b88 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:21:56.0171 0x0b88 RDPWD - ok
19:21:56.0187 0x0b88 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:21:56.0187 0x0b88 RDSessMgr - ok
19:21:56.0218 0x0b88 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:21:56.0218 0x0b88 redbook - ok
19:21:56.0234 0x0b88 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:21:56.0250 0x0b88 RemoteAccess - ok
19:21:56.0265 0x0b88 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:21:56.0265 0x0b88 RemoteRegistry - ok
19:21:56.0296 0x0b88 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:21:56.0312 0x0b88 RpcLocator - ok
19:21:56.0328 0x0b88 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:21:56.0328 0x0b88 RpcSs - ok
19:21:56.0359 0x0b88 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:21:56.0359 0x0b88 RSVP - ok
19:21:56.0390 0x0b88 [ 00FD6811350E175585ABCF7D4A61DD90 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:21:56.0390 0x0b88 RTLE8023xp - ok
19:21:56.0406 0x0b88 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:21:56.0406 0x0b88 SamSs - ok
19:21:56.0437 0x0b88 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:21:56.0437 0x0b88 SASDIFSV - ok
19:21:56.0453 0x0b88 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:21:56.0453 0x0b88 SASKUTIL - ok
19:21:56.0468 0x0b88 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:21:56.0468 0x0b88 SCardSvr - ok
19:21:56.0500 0x0b88 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:21:56.0500 0x0b88 Schedule - ok
19:21:56.0531 0x0b88 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:21:56.0531 0x0b88 Secdrv - ok
19:21:56.0546 0x0b88 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:21:56.0562 0x0b88 seclogon - ok
19:21:56.0562 0x0b88 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:21:56.0562 0x0b88 SENS - ok
19:21:56.0578 0x0b88 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:21:56.0578 0x0b88 serenum - ok
19:21:56.0578 0x0b88 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:21:56.0578 0x0b88 Serial - ok
19:21:56.0609 0x0b88 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:21:56.0609 0x0b88 Sfloppy - ok
19:21:56.0625 0x0b88 [ 0B1A5E9CACB5CDD54A2815107BD7C772 ] sfman C:\WINDOWS\system32\drivers\sfmanm.sys
19:21:56.0625 0x0b88 sfman - ok
19:21:56.0656 0x0b88 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:21:56.0656 0x0b88 SharedAccess - ok
19:21:56.0671 0x0b88 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:21:56.0671 0x0b88 ShellHWDetection - ok
19:21:56.0671 0x0b88 Simbad - ok
19:21:56.0687 0x0b88 Sparrow - ok
19:21:56.0687 0x0b88 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:21:56.0687 0x0b88 splitter - ok
19:21:56.0718 0x0b88 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:21:56.0718 0x0b88 Spooler - ok
19:21:56.0734 0x0b88 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:21:56.0734 0x0b88 sr - ok
19:21:56.0750 0x0b88 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:21:56.0750 0x0b88 srservice - ok
19:21:56.0781 0x0b88 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:21:56.0781 0x0b88 Srv - ok
19:21:56.0796 0x0b88 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:21:56.0796 0x0b88 SSDPSRV - ok
19:21:56.0812 0x0b88 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:21:56.0828 0x0b88 stisvc - ok
19:21:56.0828 0x0b88 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:21:56.0828 0x0b88 swenum - ok
19:21:56.0843 0x0b88 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:21:56.0843 0x0b88 swmidi - ok
19:21:56.0843 0x0b88 SwPrv - ok
19:21:56.0843 0x0b88 symc810 - ok
19:21:56.0843 0x0b88 symc8xx - ok
19:21:56.0859 0x0b88 sym_hi - ok
19:21:56.0859 0x0b88 sym_u3 - ok
19:21:56.0875 0x0b88 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:21:56.0875 0x0b88 sysaudio - ok
19:21:56.0906 0x0b88 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:21:56.0906 0x0b88 SysmonLog - ok
19:21:56.0937 0x0b88 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:21:56.0937 0x0b88 TapiSrv - ok
19:21:56.0968 0x0b88 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:21:56.0984 0x0b88 Tcpip - ok
19:21:57.0015 0x0b88 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:21:57.0015 0x0b88 TDPIPE - ok
19:21:57.0046 0x0b88 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:21:57.0046 0x0b88 TDTCP - ok
19:21:57.0062 0x0b88 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:21:57.0062 0x0b88 TermDD - ok
19:21:57.0093 0x0b88 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:21:57.0093 0x0b88 TermService - ok
19:21:57.0125 0x0b88 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:21:57.0125 0x0b88 Themes - ok
19:21:57.0156 0x0b88 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:21:57.0156 0x0b88 TlntSvr - ok
19:21:57.0156 0x0b88 TosIde - ok
19:21:57.0187 0x0b88 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:21:57.0187 0x0b88 TrkWks - ok
19:21:57.0203 0x0b88 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:21:57.0203 0x0b88 Udfs - ok
19:21:57.0203 0x0b88 ultra - ok
19:21:57.0250 0x0b88 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:21:57.0250 0x0b88 Update - ok
19:21:57.0296 0x0b88 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:21:57.0312 0x0b88 upnphost - ok

Report •

#16
September 1, 2013 at 16:24:29

19:21:57.0328 0x0b88 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:21:57.0328 0x0b88 UPS - ok
19:21:57.0359 0x0b88 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:21:57.0359 0x0b88 usbccgp - ok
19:21:57.0390 0x0b88 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:21:57.0390 0x0b88 usbehci - ok
19:21:57.0390 0x0b88 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:21:57.0406 0x0b88 usbhub - ok
19:21:57.0453 0x0b88 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:21:57.0453 0x0b88 usbohci - ok
19:21:57.0484 0x0b88 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:21:57.0484 0x0b88 usbprint - ok
19:21:57.0500 0x0b88 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:21:57.0500 0x0b88 usbscan - ok
19:21:57.0515 0x0b88 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:21:57.0515 0x0b88 USBSTOR - ok
19:21:57.0531 0x0b88 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:21:57.0531 0x0b88 usbuhci - ok
19:21:57.0531 0x0b88 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:21:57.0531 0x0b88 VgaSave - ok
19:21:57.0546 0x0b88 ViaIde - ok
19:21:57.0562 0x0b88 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:21:57.0562 0x0b88 VolSnap - ok
19:21:57.0593 0x0b88 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:21:57.0609 0x0b88 VSS - ok
19:21:57.0656 0x0b88 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:21:57.0656 0x0b88 W32Time - ok
19:21:57.0671 0x0b88 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:21:57.0671 0x0b88 Wanarp - ok
19:21:57.0687 0x0b88 WDICA - ok
19:21:57.0687 0x0b88 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:21:57.0687 0x0b88 wdmaud - ok
19:21:57.0703 0x0b88 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:21:57.0703 0x0b88 WebClient - ok
19:21:57.0765 0x0b88 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:21:57.0765 0x0b88 winmgmt - ok
19:21:57.0781 0x0b88 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:21:57.0781 0x0b88 WmdmPmSN - ok
19:21:57.0812 0x0b88 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:21:57.0812 0x0b88 Wmi - ok
19:21:57.0843 0x0b88 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:21:57.0843 0x0b88 WmiAcpi - ok
19:21:57.0875 0x0b88 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:21:57.0875 0x0b88 WmiApSrv - ok
19:21:57.0953 0x0b88 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:21:58.0000 0x0b88 WMPNetworkSvc - ok
19:21:58.0125 0x0b88 [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:21:58.0140 0x0b88 WPFFontCache_v0400 - ok
19:21:58.0156 0x0b88 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:21:58.0156 0x0b88 WS2IFSL - ok
19:21:58.0187 0x0b88 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:21:58.0203 0x0b88 wscsvc - ok
19:21:58.0203 0x0b88 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:21:58.0218 0x0b88 wuauserv - ok
19:21:58.0234 0x0b88 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:21:58.0250 0x0b88 WudfPf - ok
19:21:58.0250 0x0b88 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:21:58.0265 0x0b88 WudfRd - ok
19:21:58.0265 0x0b88 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:21:58.0265 0x0b88 WudfSvc - ok
19:21:58.0296 0x0b88 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:21:58.0328 0x0b88 WZCSVC - ok
19:21:58.0359 0x0b88 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:21:58.0375 0x0b88 xmlprov - ok
19:21:58.0375 0x0b88 ================ Scan global ===============================
19:21:58.0406 0x0b88 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:21:58.0453 0x0b88 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
19:21:58.0453 0x0b88 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
19:21:58.0484 0x0b88 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:21:58.0484 0x0b88 [Global] - ok
19:21:58.0484 0x0b88 ================ Scan MBR ==================================
19:21:58.0531 0x0b88 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:21:58.0531 0x0b88 Suspicious mbr (Forged): \Device\Harddisk0\DR0
19:21:58.0562 0x0b88 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:21:58.0562 0x0b88 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:21:58.0562 0x0b88 ================ Scan VBR ==================================
19:21:58.0562 0x0b88 [ FD57DC4E3C871140FFD46EBE2D2663A0 ] \Device\Harddisk0\DR0\Partition1
19:21:58.0562 0x0b88 \Device\Harddisk0\DR0\Partition1 - ok
19:21:58.0562 0x0b88 ============================================================
19:21:58.0562 0x0b88 Scan finished
19:21:58.0562 0x0b88 ============================================================
19:21:58.0578 0x0cb8 Detected object count: 2
19:21:58.0578 0x0cb8 Actual detected object count: 2
19:22:26.0515 0x0cb8 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
19:22:28.0250 0x0cb8 Backup copy found, using it..
19:22:28.0812 0x0cb8 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
19:22:28.0812 0x0cb8 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
19:22:29.0546 0x0cb8 \Device\Harddisk0\DR0\# - copied to quarantine
19:22:29.0546 0x0cb8 \Device\Harddisk0\DR0 - copied to quarantine
19:22:29.0625 0x0cb8 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:22:29.0671 0x0cb8 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:22:29.0671 0x0cb8 \Device\Harddisk0\DR0\TDLFS\cmdx.dll - copied to quarantine
19:22:29.0703 0x0cb8 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:22:29.0703 0x0cb8 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:22:29.0734 0x0cb8 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:22:29.0750 0x0cb8 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:22:29.0765 0x0cb8 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:22:29.0765 0x0cb8 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:22:29.0781 0x0cb8 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:22:29.0781 0x0cb8 \Device\Harddisk0\DR0 - ok
19:22:29.0781 0x0cb8 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

Report •

#17
September 1, 2013 at 16:29:02

"19:22:29.0781 0x0cb8 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot"
Did you?

Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.


Report •

#18
September 1, 2013 at 16:29:18

I am able to get to those sites now and do search's :-)

Report •

#19
September 1, 2013 at 16:32:04

" I am able to get to those sites now and do search's :-)"
Good one, we are getting there.


Report •

#20
September 1, 2013 at 16:33:21

Results of screen317's Security Check version 0.99.73
Windows XP Service Pack 3 x86
Internet Explorer 8
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date! (On Access scanning [b]disabled[/b]!)
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java(TM) 6 Update 27
[color=red][b]Java version out of Date![/b][/color]
Adobe Reader 9 [color=red][b]Adobe Reader out of Date![/b][/color]
Mozilla Firefox (23.0.1)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
AVG avgwdsvc.exe
AVG avgtray.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C:: 17% [color=red][b]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/b][/color]
[b][u]````````````````````End of Log``````````````````````[/b][/u]

Report •

#21
September 1, 2013 at 16:35:16

Please download and run ListParts by Farbar (for 32-bit system):
http://download.bleepingcomputer.co...
Click on the Scan button.
The scan results will open in Notepad.
Copy and Paste the contents into your reply.

Report •

#22
September 1, 2013 at 16:36:57

ListParts by Farbar Version: 10-05-2013
Ran by Robin (administrator) on 01-09-2013 at 19:35:59
Windows XP (X86)
Running From: C:\Documents and Settings\Robin\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 38%
Total physical RAM: 1497.46 MB
Available physical RAM: 925.98 MB
Total Pagefile: 2020 MB
Available Pagefile: 1449.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1998.32 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:149 GB) (Free:130.94 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: (My Disc) (CDROM) (Total:0.34 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 149 GB 32 KB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 149 GB Healthy System (partition with boot components)
======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: B8000000
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)


****** End Of Log ******


Report •

#23
September 1, 2013 at 16:45:11

"ListParts by Farbar Version: 10-05-2013"
Good result, the rootkit hasn't hidden any files on a partition.

To improve your security, if you don't have any programs using Java, uninstall it. It is under constant attack by hackers. If any program complains, get back to me, virtually all programs have a non Java equivelant.

Otherwise update to improve your security.
Java(TM) 6 Update 27
[color=red][b]Java version out of Date![/b][/color]
Adobe Reader 9 [color=red][b]Adobe Reader out of Date![/b][/color]

Run ESET Online Scanner, Copy and Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/sec...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#24
September 1, 2013 at 17:20:04

It did not give me a log, but this is what I was able to get

C:\System Volume Information\_restore{975F7D8E-B55E-4CC5-95A1-EA0E4DD3B057}\RP808\A0093231.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2013_19.21.44\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AZD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2013_19.21.44\mbr0000\tdlfs0000\tsk0002.dta a variant of Win64/Olmarik.BF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2013_19.21.44\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.WV trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2013_19.21.44\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2013_19.21.44\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2013_19.21.44\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.09.2013_19.21.44\rtkt0000\svc0000\tsk0000.dta Win32/Simda.M.Gen trojan deleted - quarantined


Report •

#25
September 1, 2013 at 17:32:54

Looks good, mainly dealt with the quarantined files.

System Restore will have infected files in it, turning System Restore OFF & then ON will remove them.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310...

Uninstall ComboFix. The reason we remove Combofix, is that a new version comes out nearly every day.
Turn off all active protection software.
Push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
Please Copy and Paste the following into the box > ComboFix /Uninstall and click OK.
Or,
Start > Run, Copy and Paste > ComboFix /uninstall and click OK.
Or,
Start > All Programs > Accessories > Command Prompt, Copy and Paste > ComboFix /uninstall and hit > Enter.
Qoobox is a folder created by Combofix to quarantine any infected files.
http://www.bleepingcomputer.com/com...


Report •

#26
September 1, 2013 at 17:36:49
✔ Best Answer

You should be right now.

Malware Prevention
http://www.malwarevault.com/prevent...
"There is no magic involved. The majority of malware is installed by the user themselves"
What's that message mean? click, click.

As you can see, you have a lot of stuff installed, that you did not know had been installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.


Report •

#27
September 1, 2013 at 17:44:38

Am I good to go now? Also, can I uninstall most of these programs that I had to download?

Report •

#28
September 1, 2013 at 17:50:34

"can I uninstall most of these programs that I had to download?"
My toolbox has the latest versions of all those programs.

Your choice of what you keep installed.

Eset only needs updating to use again. Very handy for using on another computer.

message edited by Johnw


Report •

#29
September 1, 2013 at 17:54:40

Would you suggest keeping the programs and just deleting the logs then?

Report •


Ask Question