Caught a cold

Solved
By Mac McMillan
Dec 23, 2012
Topic Status:
Not open for further replies.
  1. My system was running like a dog and intermittently crashing. I'm still using Xp with SP3.

    Symptoms Firefox randomly crashing and occaisionlly the blue screen of death.

    Downloaded the recommended SW from the stickie, ran some tests found 3 objects which Mal ware bytes has got rid of.

    Files Detected: 2
    C:\WINDOWS\KMService.exe (RiskWare.Tool.CK) -> Delete on reboot.
    C:\Documents and Settings\Ruth\My Documents\Downloads\Miro_setup.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.

    A residual problem that I have noticed is that add and remove programs won't populate. I downloaded tweaking.com_windows_repair_aio_setup.exe. AS I bought the PC off ebay I don't have the Windows disk so can't run the system repair test.

    I've also found that the system is running a bit slower still - any ideas - Could I be I still infected?
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 4-Step instructions and post the logs back here for my review.

    Also, include this scan:

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  3. Mac McMillan

    Mac McMillan Newcomer, in training Topic Starter Posts: 29

    My system seems to be ok now but still no add or remove in control panael

    Malwarebytes log

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.12.23.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Ruth :: RUTH-EE2492AB78 [administrator]

    23/12/2012 08:49:24
    mbam-log-2012-12-23 (08-49-24).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 378634
    Time elapsed: 2 hour(s), 16 minute(s), 57 second(s)

    Memory Processes Detected: 1
    C:\WINDOWS\KMService.exe (RiskWare.Tool.CK) -> 1048 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\WINDOWS\KMService.exe (RiskWare.Tool.CK) -> Delete on reboot.
    C:\Documents and Settings\Ruth\My Documents\Downloads\Miro_setup.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.

    (end)

    Attached Files:

    • dds.zip
      File size:
      10.7 KB
      Views:
      0
  4. Mac McMillan

    Mac McMillan Newcomer, in training Topic Starter Posts: 29

    # AdwCleaner v2.102 - Logfile created 12/24/2012 at 07:19:47
    # Updated 23/12/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Ruth - RUTH-EE2492AB78
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Ruth\My Documents\Downloads\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****

    Found : Application Updater

    ***** [Files / Folders] *****

    File Found : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\4h1xeyhx.ry0nwzgr.default\searchplugins\Search_Results.xml
    File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
    Folder Found : C:\Documents and Settings\All Users\Application Data\boost_interprocess
    Folder Found : C:\Documents and Settings\Ciaran\Application Data\Search Settings
    Folder Found : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\16qsmila.Default User\ConduitCommon
    Folder Found : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\16qsmila.Default User\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
    Folder Found : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\4h1xeyhx.ry0nwzgr.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
    Folder Found : C:\Documents and Settings\Ruth\Application Data\Search Settings
    Folder Found : C:\Documents and Settings\Ruth\Local Settings\Application Data\Ilivid Player
    Folder Found : C:\Program Files\Application Updater
    Folder Found : C:\Program Files\Common Files\spigot
    Folder Found : C:\Program Files\Ilivid

    ***** [Registry] *****

    Data Found : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll
    Data Found : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    Key Found : HKCU\Software\AppDataLow\Software\Search Settings
    Key Found : HKCU\Software\DataMngr
    Key Found : HKCU\Software\DataMngr_Toolbar
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B939CF93-F2CB-443d-956C-DC523D85C9DB}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B939CF93-F2CB-443d-956C-DC523D85C9DB}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Key Found : HKCU\Software\Search Settings
    Key Found : HKLM\Software\Application Updater
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
    Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
    Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
    Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
    Key Found : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
    Key Found : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO
    Key Found : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
    Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
    Key Found : HKLM\Software\DataMngr
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wincore MediaBar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar
    Key Found : HKLM\Software\Search Settings
    Key Found : HKU\S-1-5-21-1409082233-343818398-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v17.0.1 (en-US)

    File : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\16qsmila.Default User\prefs.js

    Found : user_pref("CT3013950..clientLogIsEnabled", true);
    Found : user_pref("CT3013950..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Found : user_pref("CT3013950..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Found : user_pref("CT3013950.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Found : user_pref("CT3013950.CT3013950", "CT3013950");
    Found : user_pref("CT3013950.CurrentServerDate", "17-6-2011");
    Found : user_pref("CT3013950.DialogsAlignMode", "LTR");
    Found : user_pref("CT3013950.DialogsGetterLastCheckTime", "Fri Jun 17 2011 09:31:03 GMT+0100 (GMT Daylight T[...]
    Found : user_pref("CT3013950.DownloadReferralCookieData", "");
    Found : user_pref("CT3013950.ExternalComponentPollDate129505101446450230", "Fri Jun 17 2011 09:31:03 GMT+010[...]
    Found : user_pref("CT3013950.FirstServerDate", "17-6-2011");
    Found : user_pref("CT3013950.FirstTime", true);
    Found : user_pref("CT3013950.FirstTimeFF3", true);
    Found : user_pref("CT3013950.FixPageNotFoundErrors", false);
    Found : user_pref("CT3013950.GroupingServerCheckInterval", 1440);
    Found : user_pref("CT3013950.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Found : user_pref("CT3013950.HasUserGlobalKeys", true);
    Found : user_pref("CT3013950.HomePageProtectorEnabled", true);
    Found : user_pref("CT3013950.Initialize", true);
    Found : user_pref("CT3013950.InitializeCommonPrefs", true);
    Found : user_pref("CT3013950.InstallationAndCookieDataSentCount", 1);
    Found : user_pref("CT3013950.InstalledDate", "Fri Jun 17 2011 09:31:05 GMT+0100 (GMT Daylight Time)");
    Found : user_pref("CT3013950.InvalidateCache", false);
    Found : user_pref("CT3013950.IsGrouping", false);
    Found : user_pref("CT3013950.IsMulticommunity", false);
    Found : user_pref("CT3013950.IsOpenThankYouPage", true);
    Found : user_pref("CT3013950.IsOpenUninstallPage", true);
    Found : user_pref("CT3013950.IsProtectorsInit", true);
    Found : user_pref("CT3013950.LanguagePackLastCheckTime", "Fri Jun 17 2011 09:31:05 GMT+0100 (GMT Daylight Ti[...]
    Found : user_pref("CT3013950.LanguagePackReloadIntervalMM", 1440);
    Found : user_pref("CT3013950.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Found : user_pref("CT3013950.LastLogin_3.4.2.0", "Fri Jun 17 2011 09:31:03 GMT+0100 (GMT Daylight Time)");
    Found : user_pref("CT3013950.LatestVersion", "3.2.5.2");
    Found : user_pref("CT3013950.Locale", "en");
    Found : user_pref("CT3013950.MCDetectTooltipHeight", "83");
    Found : user_pref("CT3013950.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Found : user_pref("CT3013950.MCDetectTooltipWidth", "295");
    Found : user_pref("CT3013950.MyStuffEnabledAtInstallation", true);
    Found : user_pref("CT3013950.OriginalFirstVersion", "3.4.2.0");
    Found : user_pref("CT3013950.RadioIsPodcast", false);
    Found : user_pref("CT3013950.RadioLastCheckTime", "Fri Jun 17 2011 09:31:05 GMT+0100 (GMT Daylight Time)");
    Found : user_pref("CT3013950.RadioLastUpdateIPServer", "3");
    Found : user_pref("CT3013950.RadioLastUpdateServer", "3");
    Found : user_pref("CT3013950.RadioMediaID", "9962");
    Found : user_pref("CT3013950.RadioMediaType", "Media Player");
    Found : user_pref("CT3013950.RadioMenuSelectedID", "EBRadioMenu_CT30139509962");
    Found : user_pref("CT3013950.RadioStationName", "California%20Rock");
    Found : user_pref("CT3013950.RadioStationURL", "hxxp://feedlive.net/california.asx");
    Found : user_pref("CT3013950.SavedHomepage", "hxxp://uk.yahoo.com/");
    Found : user_pref("CT3013950.SearchEngineBeforeUnload", "Secure Search");
    Found : user_pref("CT3013950.SearchFromAddressBarIsInit", true);
    Found : user_pref("CT3013950.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT301[...]
    Found : user_pref("CT3013950.SearchInNewTabEnabled", true);
    Found : user_pref("CT3013950.SearchInNewTabIntervalMM", 1440);
    Found : user_pref("CT3013950.SearchInNewTabLastCheckTime", "Fri Jun 17 2011 09:31:04 GMT+0100 (GMT Daylight [...]
    Found : user_pref("CT3013950.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Found : user_pref("CT3013950.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
    Found : user_pref("CT3013950.SearchProtectorEnabled", false);
    Found : user_pref("CT3013950.SearchProtectorToolbarDisabled", true);
    Found : user_pref("CT3013950.ServiceMapLastCheckTime", "Fri Jun 17 2011 09:31:00 GMT+0100 (GMT Daylight Time[...]
    Found : user_pref("CT3013950.SettingsLastCheckTime", "Fri Jun 17 2011 09:31:01 GMT+0100 (GMT Daylight Time)"[...]
    Found : user_pref("CT3013950.SettingsLastUpdate", "1307990365");
    Found : user_pref("CT3013950.ThirdPartyComponentsInterval", 504);
    Found : user_pref("CT3013950.ThirdPartyComponentsLastCheck", "Fri Jun 17 2011 09:31:00 GMT+0100 (GMT Dayligh[...]
    Found : user_pref("CT3013950.ThirdPartyComponentsLastUpdate", "1246786978");
    Found : user_pref("CT3013950.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3013950");
    Found : user_pref("CT3013950.UserID", "UN15550983301592658");
    Found : user_pref("CT3013950.ValidationData_Toolbar", 2);
    Found : user_pref("CT3013950.alertChannelId", "1405617");
    Found : user_pref("CT3013950.backendstorage.smspcntryinfo", "3232325F3434");
    Found : user_pref("CT3013950.backendstorage.smspcntryshort", "554B");
    Found : user_pref("CT3013950.backendstorage.smspcntryts", "31333038323939353439303135");
    Found : user_pref("CT3013950.backendstorage.smspctid", "435433303133393530");
    Found : user_pref("CT3013950.backendstorage.smsplng", "656E");
    Found : user_pref("CT3013950.backendstorage.smspunuid", "736D737031333038323939343733333430");
    Found : user_pref("CT3013950.backendstorage.smspunvwdalrts", "5B7B226F6964223A2230303138222C227669657773223A[...]
    Found : user_pref("CT3013950.backendstorage.smspviewstate", "33");
    Found : user_pref("CT3013950.backendstorage.url_history", "687474703A2F2F7777772E736174656C6C697465646972656[...]
    Found : user_pref("CT3013950.backendstorage.url_history_time", "31333038323939353331353631");
    Found : user_pref("CT3013950.components.1000034", false);
    Found : user_pref("CT3013950.components.1000234", false);
    Found : user_pref("CT3013950.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
    Found : user_pref("CT3013950.globalFirstTimeInfoLastCheckTime", "Fri Jun 17 2011 09:31:04 GMT+0100 (GMT Dayl[...]
    Found : user_pref("CT3013950.homepageProtectorEnableByLogin", true);
    Found : user_pref("CT3013950.initDone", true);
    Found : user_pref("CT3013950.isAppTrackingManagerOn", true);
    Found : user_pref("CT3013950.myStuffEnabled", true);
    Found : user_pref("CT3013950.myStuffPublihserMinWidth", 400);
    Found : user_pref("CT3013950.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Found : user_pref("CT3013950.myStuffServiceIntervalMM", 1440);
    Found : user_pref("CT3013950.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Found : user_pref("CT3013950.searchProtectorDialogDelayInSec", 10);
    Found : user_pref("CT3013950.searchProtectorEnableByLogin", true);
    Found : user_pref("CT3013950.testingCtid", "");
    Found : user_pref("CT3013950.toolbarAppMetaDataLastCheckTime", "Fri Jun 17 2011 09:31:03 GMT+0100 (GMT Dayli[...]
    Found : user_pref("CT3013950.toolbarContextMenuLastCheckTime", "Fri Jun 17 2011 09:31:05 GMT+0100 (GMT Dayli[...]
    Found : user_pref("CT3013950.usagesFlag", 2);
    Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3013950&Search[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1405617/1401275/UK", "\"0\"[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3013950", [...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.4.[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3013950",[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT3013950/CT3013950[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
    Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\MAC\\AppData\\Roaming\\Mozilla\\Fir[...]
    Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.4.2.0");
    Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://uk.search.yahoo.com/search?fr=mca[...]
    Found : user_pref("CommunityToolbar.ToolbarsList", "CT3013950");
    Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3013950");
    Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3013950");
    Found : user_pref("CommunityToolbar.globalUserId", "6af81c90-eb46-49be-ae0f-e54537680e75");
    Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jun 17 2011 09:31:0[...]
    Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
    Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
    Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jun 17 2011 09:31:14 GMT+010[...]
    Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Found : user_pref("CommunityToolbar.notifications.locale", "en");
    Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
    Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 17 2011 09:31:01 GMT+0100 (G[...]
    Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
    Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
    Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
    Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
    Found : user_pref("CommunityToolbar.notifications.userId", "195d3929-3a44-4843-a1a6-57a20773d368");
    Found : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"35\": {\"id\": \"35\",\"tit[...]

    File : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\4h1xeyhx.ry0nwzgr.default\prefs.js

    [OK] File is clean.

    File : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\dcle65ze.default-1356187840578\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v23.0.1271.97

    File : C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    Found [l.49] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=350&systemid=2&sr=0&q={searchTerms}"

    File : C:\Documents and Settings\Ciaran\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [17873 octets] - [24/12/2012 07:19:47]

    ########## EOF - C:\AdwCleaner[R1].txt - [17934 octets] ##########
  5. Mac McMillan

    Mac McMillan Newcomer, in training Topic Starter Posts: 29

    After delete

    # AdwCleaner v2.102 - Logfile created 12/24/2012 at 07:47:55
    # Updated 23/12/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Ruth - RUTH-EE2492AB78
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Ruth\My Documents\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : Application Updater

    ***** [Files / Folders] *****

    File Deleted : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\4h1xeyhx.ry0nwzgr.default\searchplugins\Search_Results.xml
    File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
    Folder Deleted : C:\Documents and Settings\Ciaran\Application Data\Search Settings
    Folder Deleted : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\16qsmila.Default User\ConduitCommon
    Folder Deleted : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\16qsmila.Default User\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
    Folder Deleted : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\4h1xeyhx.ry0nwzgr.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
    Folder Deleted : C:\Documents and Settings\Ruth\Application Data\Search Settings
    Folder Deleted : C:\Documents and Settings\Ruth\Local Settings\Application Data\Ilivid Player
    Folder Deleted : C:\Program Files\Application Updater
    Folder Deleted : C:\Program Files\Common Files\spigot
    Folder Deleted : C:\Program Files\Ilivid

    ***** [Registry] *****

    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll
    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B939CF93-F2CB-443d-956C-DC523D85C9DB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B939CF93-F2CB-443d-956C-DC523D85C9DB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Key Deleted : HKCU\Software\Search Settings
    Key Deleted : HKLM\Software\Application Updater
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
    Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wincore MediaBar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar
    Key Deleted : HKLM\Software\Search Settings
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v17.0.1 (en-US)

    File : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\16qsmila.Default User\prefs.js

    C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\16qsmila.Default User\user.js ... Deleted !

    Deleted : user_pref("CT3013950..clientLogIsEnabled", true);
    Deleted : user_pref("CT3013950..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT3013950..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT3013950.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT3013950.CT3013950", "CT3013950");
    Deleted : user_pref("CT3013950.CurrentServerDate", "17-6-2011");
    Deleted : user_pref("CT3013950.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT3013950.DialogsGetterLastCheckTime", "Fri Jun 17 2011 09:31:03 GMT+0100 (GMT Daylight T[...]
    Deleted : user_pref("CT3013950.DownloadReferralCookieData", "");
    Deleted : user_pref("CT3013950.ExternalComponentPollDate129505101446450230", "Fri Jun 17 2011 09:31:03 GMT+010[...]
    Deleted : user_pref("CT3013950.FirstServerDate", "17-6-2011");
    Deleted : user_pref("CT3013950.FirstTime", true);
    Deleted : user_pref("CT3013950.FirstTimeFF3", true);
    Deleted : user_pref("CT3013950.FixPageNotFoundErrors", false);
    Deleted : user_pref("CT3013950.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT3013950.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT3013950.HasUserGlobalKeys", true);
    Deleted : user_pref("CT3013950.HomePageProtectorEnabled", true);
    Deleted : user_pref("CT3013950.Initialize", true);
    Deleted : user_pref("CT3013950.InitializeCommonPrefs", true);
    Deleted : user_pref("CT3013950.InstallationAndCookieDataSentCount", 1);
    Deleted : user_pref("CT3013950.InstalledDate", "Fri Jun 17 2011 09:31:05 GMT+0100 (GMT Daylight Time)");
    Deleted : user_pref("CT3013950.InvalidateCache", false);
    Deleted : user_pref("CT3013950.IsGrouping", false);
    Deleted : user_pref("CT3013950.IsMulticommunity", false);
    Deleted : user_pref("CT3013950.IsOpenThankYouPage", true);
    Deleted : user_pref("CT3013950.IsOpenUninstallPage", true);
    Deleted : user_pref("CT3013950.IsProtectorsInit", true);
    Deleted : user_pref("CT3013950.LanguagePackLastCheckTime", "Fri Jun 17 2011 09:31:05 GMT+0100 (GMT Daylight Ti[...]
    Deleted : user_pref("CT3013950.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT3013950.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT3013950.LastLogin_3.4.2.0", "Fri Jun 17 2011 09:31:03 GMT+0100 (GMT Daylight Time)");
    Deleted : user_pref("CT3013950.LatestVersion", "3.2.5.2");
    Deleted : user_pref("CT3013950.Locale", "en");
    Deleted : user_pref("CT3013950.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT3013950.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Deleted : user_pref("CT3013950.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT3013950.MyStuffEnabledAtInstallation", true);
    Deleted : user_pref("CT3013950.OriginalFirstVersion", "3.4.2.0");
    Deleted : user_pref("CT3013950.RadioIsPodcast", false);
    Deleted : user_pref("CT3013950.RadioLastCheckTime", "Fri Jun 17 2011 09:31:05 GMT+0100 (GMT Daylight Time)");
    Deleted : user_pref("CT3013950.RadioLastUpdateIPServer", "3");
    Deleted : user_pref("CT3013950.RadioLastUpdateServer", "3");
    Deleted : user_pref("CT3013950.RadioMediaID", "9962");
    Deleted : user_pref("CT3013950.RadioMediaType", "Media Player");
    Deleted : user_pref("CT3013950.RadioMenuSelectedID", "EBRadioMenu_CT30139509962");
    Deleted : user_pref("CT3013950.RadioStationName", "California%20Rock");
    Deleted : user_pref("CT3013950.RadioStationURL", "hxxp://feedlive.net/california.asx");
    Deleted : user_pref("CT3013950.SavedHomepage", "hxxp://uk.yahoo.com/");
    Deleted : user_pref("CT3013950.SearchEngineBeforeUnload", "Secure Search");
    Deleted : user_pref("CT3013950.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT3013950.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT301[...]
    Deleted : user_pref("CT3013950.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT3013950.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT3013950.SearchInNewTabLastCheckTime", "Fri Jun 17 2011 09:31:04 GMT+0100 (GMT Daylight [...]
    Deleted : user_pref("CT3013950.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT3013950.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
    Deleted : user_pref("CT3013950.SearchProtectorEnabled", false);
    Deleted : user_pref("CT3013950.SearchProtectorToolbarDisabled", true);
    Deleted : user_pref("CT3013950.ServiceMapLastCheckTime", "Fri Jun 17 2011 09:31:00 GMT+0100 (GMT Daylight Time[...]
    Deleted : user_pref("CT3013950.SettingsLastCheckTime", "Fri Jun 17 2011 09:31:01 GMT+0100 (GMT Daylight Time)"[...]
    Deleted : user_pref("CT3013950.SettingsLastUpdate", "1307990365");
    Deleted : user_pref("CT3013950.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT3013950.ThirdPartyComponentsLastCheck", "Fri Jun 17 2011 09:31:00 GMT+0100 (GMT Dayligh[...]
    Deleted : user_pref("CT3013950.ThirdPartyComponentsLastUpdate", "1246786978");
    Deleted : user_pref("CT3013950.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3013950");
    Deleted : user_pref("CT3013950.UserID", "UN15550983301592658");
    Deleted : user_pref("CT3013950.ValidationData_Toolbar", 2);
    Deleted : user_pref("CT3013950.alertChannelId", "1405617");
    Deleted : user_pref("CT3013950.backendstorage.smspcntryinfo", "3232325F3434");
    Deleted : user_pref("CT3013950.backendstorage.smspcntryshort", "554B");
    Deleted : user_pref("CT3013950.backendstorage.smspcntryts", "31333038323939353439303135");
    Deleted : user_pref("CT3013950.backendstorage.smspctid", "435433303133393530");
    Deleted : user_pref("CT3013950.backendstorage.smsplng", "656E");
    Deleted : user_pref("CT3013950.backendstorage.smspunuid", "736D737031333038323939343733333430");
    Deleted : user_pref("CT3013950.backendstorage.smspunvwdalrts", "5B7B226F6964223A2230303138222C227669657773223A[...]
    Deleted : user_pref("CT3013950.backendstorage.smspviewstate", "33");
    Deleted : user_pref("CT3013950.backendstorage.url_history", "687474703A2F2F7777772E736174656C6C697465646972656[...]
    Deleted : user_pref("CT3013950.backendstorage.url_history_time", "31333038323939353331353631");
    Deleted : user_pref("CT3013950.components.1000034", false);
    Deleted : user_pref("CT3013950.components.1000234", false);
    Deleted : user_pref("CT3013950.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
    Deleted : user_pref("CT3013950.globalFirstTimeInfoLastCheckTime", "Fri Jun 17 2011 09:31:04 GMT+0100 (GMT Dayl[...]
    Deleted : user_pref("CT3013950.homepageProtectorEnableByLogin", true);
    Deleted : user_pref("CT3013950.initDone", true);
    Deleted : user_pref("CT3013950.isAppTrackingManagerOn", true);
    Deleted : user_pref("CT3013950.myStuffEnabled", true);
    Deleted : user_pref("CT3013950.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT3013950.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT3013950.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT3013950.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT3013950.searchProtectorDialogDelayInSec", 10);
    Deleted : user_pref("CT3013950.searchProtectorEnableByLogin", true);
    Deleted : user_pref("CT3013950.testingCtid", "");
    Deleted : user_pref("CT3013950.toolbarAppMetaDataLastCheckTime", "Fri Jun 17 2011 09:31:03 GMT+0100 (GMT Dayli[...]
    Deleted : user_pref("CT3013950.toolbarContextMenuLastCheckTime", "Fri Jun 17 2011 09:31:05 GMT+0100 (GMT Dayli[...]
    Deleted : user_pref("CT3013950.usagesFlag", 2);
    Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3013950&Search[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1405617/1401275/UK", "\"0\"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3013950", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.4.[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3013950",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT3013950/CT3013950[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
    Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\MAC\\AppData\\Roaming\\Mozilla\\Fir[...]
    Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.4.2.0");
    Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://uk.search.yahoo.com/search?fr=mca[...]
    Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3013950");
    Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3013950");
    Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3013950");
    Deleted : user_pref("CommunityToolbar.globalUserId", "6af81c90-eb46-49be-ae0f-e54537680e75");
    Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jun 17 2011 09:31:0[...]
    Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
    Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
    Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jun 17 2011 09:31:14 GMT+010[...]
    Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
    Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
    Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 17 2011 09:31:01 GMT+0100 (G[...]
    Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
    Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
    Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
    Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
    Deleted : user_pref("CommunityToolbar.notifications.userId", "195d3929-3a44-4843-a1a6-57a20773d368");
    Deleted : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"35\": {\"id\": \"35\",\"tit[...]

    File : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\4h1xeyhx.ry0nwzgr.default\prefs.js

    C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\4h1xeyhx.ry0nwzgr.default\user.js ... Deleted !

    [OK] File is clean.

    File : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\dcle65ze.default-1356187840578\prefs.js

    C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\dcle65ze.default-1356187840578\user.js ... Deleted !

    [OK] File is clean.

    -\\ Google Chrome v23.0.1271.97

    File : C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    Deleted [l.49] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=350&systemid=2&sr=0&q={searchTer[...]

    File : C:\Documents and Settings\Ciaran\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [18004 octets] - [24/12/2012 07:19:47]
    AdwCleaner[R2].txt - [18065 octets] - [24/12/2012 07:44:34]
    AdwCleaner[R3].txt - [18126 octets] - [24/12/2012 07:47:11]
    AdwCleaner[S3].txt - [18687 octets] - [24/12/2012 07:47:55]

    ########## EOF - C:\AdwCleaner[S3].txt - [18748 octets] ##########
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  7. Mac McMillan

    Mac McMillan Newcomer, in training Topic Starter Posts: 29

    Before I down load and run combo fix will it disconnect just this computor from the network. Also in other threads where combofix has been recommended there have been major difficulties in getting reconnected to the web, so a bit concerned that I won't be able to get back here to help resolve any probs. Will blowing the OS away and starting from scratch get rid of any resdiual problems.
  8. Mac McMillan

    Mac McMillan Newcomer, in training Topic Starter Posts: 29

    If I can't reconnect to the network what are the steps to get my network card working again!
  9. Mac McMillan

    Mac McMillan Newcomer, in training Topic Starter Posts: 29

    SInce last post, I tried to play a game and it crashed to blue screen, is thre a way of making that screen say up as its trying to tell me something?. Ran malwarebytes and IOBIT malware both returned no finds. Downloaded combofix just need the aswers to quiries above before running.
  10. Mac McMillan

    Mac McMillan Newcomer, in training Topic Starter Posts: 29

    If I decide to crash and rebuild would taking the drivers folder help or could something be hidden in the windows/system32 folder. Sorry to keep asking questions.
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    It should be fine for ComboFix. I doubt it'll disconnect the internet longer than a reboot. In order to scan your connection, it'll have to disconnect for a bit. :)
     
  12. Mac McMillan

    Mac McMillan Newcomer, in training Topic Starter Posts: 29

    ComboFix 12-12-25.02 - Ruth 25/12/2012 11:58:09.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3198.2303 [GMT 0:00]
    Running from: c:\documents and settings\Ruth\My Documents\Downloads\Malware checkers\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\docume~1\Ruth\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
    c:\documents and settings\Ruth\Local Settings\Temp\1.tmp\F_IN_BOX.dll
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-25 to 2012-12-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-24 14:10 . 2012-12-24 14:10 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12ED3B52-A7F8-42A5-B7E2-4E68DCF790A7}\MpKslc88f3f44.sys
    2012-12-24 06:53 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{12ED3B52-A7F8-42A5-B7E2-4E68DCF790A7}\mpengine.dll
    2012-12-23 13:45 . 2012-12-23 13:45 -------- d-----w- C:\RegBackup
    2012-12-23 12:34 . 2012-12-23 12:34 181064 ----a-w- c:\windows\PSEXESVC.EXE
    2012-12-23 12:33 . 2012-12-23 12:33 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
    2012-12-23 12:33 . 2012-12-23 12:33 -------- d-----w- c:\program files\Tweaking.com
    2012-12-23 08:47 . 2012-12-23 08:47 -------- d-----w- c:\documents and settings\Ruth\Application Data\Malwarebytes
    2012-12-23 08:46 . 2012-12-23 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-12-23 08:46 . 2012-12-23 08:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-12-23 08:46 . 2012-09-29 19:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-22 20:45 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-12-22 10:42 . 2012-12-22 10:42 -------- d-----w- c:\documents and settings\Ruth\Application DataIObit
    2012-12-21 11:47 . 2010-08-22 21:01 27072 ----a-w- c:\windows\system32\drivers\AFGSp50.sys
    2012-12-21 11:47 . 2012-12-21 11:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Affinegy
    2012-12-21 11:47 . 2012-12-21 11:47 -------- d-----w- c:\program files\Belkin
    2012-12-13 17:52 . 2012-12-13 17:52 -------- d-----w- c:\program files\NutsAboutNets
    2012-12-13 12:49 . 2012-12-13 12:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
    2012-12-05 18:26 . 2012-12-05 18:26 -------- d-----w- c:\program files\IObit Toolbar
    2012-12-02 19:04 . 2012-12-02 19:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-16 12:23 . 2004-09-08 11:05 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-13 14:13 . 2012-03-30 08:07 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-13 14:13 . 2011-11-22 13:44 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-11-13 01:25 . 2004-09-08 11:05 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-02 02:02 . 2004-09-08 11:05 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17 . 2004-09-08 11:05 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17 . 2004-09-08 11:05 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17 . 2004-09-08 11:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35 . 2004-09-08 11:05 385024 ------w- c:\windows\system32\html.iec
    2012-10-30 22:51 . 2011-12-01 18:00 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-10-30 22:51 . 2011-12-01 18:00 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-10-30 22:51 . 2011-12-01 18:00 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 22:51 . 2011-12-01 18:00 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-10-30 22:51 . 2011-12-01 18:00 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-10-30 22:51 . 2011-12-01 18:00 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-10-30 22:51 . 2011-12-01 18:00 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-10-30 22:51 . 2011-12-01 18:00 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-10-30 22:51 . 2011-12-01 18:00 41224 ----a-w- c:\windows\avastSS.scr
    2012-10-30 22:50 . 2011-12-01 18:00 227648 ----a-w- c:\windows\system32\aswBoot.exe
    2012-10-12 19:09 . 2011-12-03 09:40 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
    2012-10-02 18:04 . 2004-09-08 11:05 58368 ----a-w- c:\windows\system32\synceng.dll
    2010-10-12 16:33 . 2012-10-27 18:40 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
    2010-10-12 18:15 . 2012-10-27 18:40 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2010-10-12 16:37 . 2012-10-27 18:40 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2010-10-12 16:35 . 2012-10-27 18:40 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2010-10-12 16:34 . 2012-10-27 18:40 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2010-10-12 16:32 . 2012-10-27 18:40 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2010-10-12 16:35 . 2012-10-27 18:40 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2010-10-12 16:34 . 2012-10-27 18:40 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2010-07-14 12:42 . 2012-10-27 18:40 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2010-10-12 16:37 . 2012-10-27 18:40 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2012-11-29 08:27 . 2012-10-27 18:40 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-28 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
    "ADAiO2StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\ADAiO2MUI.exe" [2010-12-09 2362880]
    "InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-09-14 1501080]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-20 13881960]
    "IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-09-28 4473728]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
    .
    c:\documents and settings\Ruth\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
    backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Ruth^Start Menu^Programs^Startup^CNET TechTracker.lnk]
    backup=c:\windows\pss\CNET TechTracker.lnkStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADAiO2StatusMonitor]
    2010-12-09 00:28 2362880 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\ADAiO2MUI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    2010-03-13 14:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
    2008-04-14 13:42 27648 ----a-w- c:\windows\system32\conime.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
    2010-10-12 17:24 304568 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
    2012-12-02 09:19 3492504 ----a-w- c:\program files\Origin\Origin.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-01-16 17:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 13:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2010-12-30 03:09 1753192 ----a-w- c:\program files\NVIDIA Corporation\nview\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2011-12-05 15:49 20065384 ----a-w- c:\windows\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2012-08-29 10:58 1353080 ----a-w- c:\program files\Steam\steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-11-28 14:47 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
    "c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Guest\\Application Data\\Spotify\\spotify.exe"=
    "c:\\Program Files\\Participatory Culture Foundation\\Miro\\Miro_Downloader.exe"=
    "c:\\Documents and Settings\\Ciaran\\Application Data\\Spotify\\spotify.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Documents and Settings\\Ciaran\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
    "c:\\Program Files\\Origin Games\\Mass Effect 3\\Binaries\\Win32\\MassEffect3.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\BearShare Applications\\MediaBar\\Datamngr\\ToolBar\\dtUser.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [19/05/2012 06:20 14776]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [01/12/2011 18:00 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [01/12/2011 18:00 361032]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [14/07/2010 12:51 65584]
    R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [22/12/2012 10:36 1026432]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/12/2011 18:00 21256]
    R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [19/05/2012 06:20 821592]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [20/12/2011 18:55 13880]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [22/11/2012 10:29 3290304]
    R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [24/12/2012 13:38 246816]
    R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [24/12/2012 13:38 30408]
    R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [24/12/2012 13:38 16248]
    S2 KMService;KMService;c:\windows\system32\srvany.exe [10/12/2011 09:19 8192]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 12:28 160944]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26/12/2011 08:15 1691480]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [05/09/2012 15:56 234776]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 14:13]
    .
    2012-12-25 c:\windows\Tasks\ASC6_PerformanceMonitor.job
    - c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2012-12-02 14:59]
    .
    2012-12-25 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-06-30 22:50]
    .
    2012-12-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1409082233-343818398-839522115-1006Core.job
    - c:\documents and settings\Ciaran\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-05-10 08:43]
    .
    2012-12-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1409082233-343818398-839522115-1006UA.job
    - c:\documents and settings\Ciaran\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-05-10 08:43]
    .
    2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 14:46]
    .
    2012-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-28 14:46]
    .
    2012-12-25 c:\windows\Tasks\SmartDefrag_Startup.job
    - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2012-01-07 15:19]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://uk.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
    Trusted Zone: microsoft.com\office
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\documents and settings\Ruth\Application Data\Mozilla\Firefox\Profiles\dcle65ze.default-1356187840578\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=642886&p=
    FF - ExtSQL: 2012-12-02 17:29; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
    FF - ExtSQL: 2012-12-03 07:23; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-12-25 12:10
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1409082233-343818398-839522115-1003\Software\SecuROM\License information*]
    "datasecu"=hex:76,95,75,e7,5a,3e,01,7e,7b,bc,0e,38,bd,ff,cd,31,2a,ea,0e,36,ab,
    4c,0c,5f,83,9b,54,2d,89,09,e6,34,b9,d7,4a,22,0f,72,12,aa,04,1d,44,ec,02,1d,\
    "rkeysecu"=hex:6b,fd,67,b8,44,98,66,8e,93,77,9d,a7,45,a9,72,2c
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(8084)
    c:\windows\system32\WININET.dll
    c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
    c:\progra~1\MI1933~1\Office14\1033\GrooveIntlResource.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2012-12-25 12:16:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-12-25 12:16
    .
    Pre-Run: 50,362,978,304 bytes free
    Post-Run: 50,651,873,280 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP 3GB Professional" /noexecute=optin /fastdetect /3GB /USERVA=2500
    .
    - - End Of File - - 37A5D6977CBDB45043A5F2000DF63CB1
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    Sometimes these logs can be very large, in that case please attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  14. Mac McMillan

    Mac McMillan Newcomer, in training Topic Starter Posts: 29

    06:48:33.0093 0432 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    06:48:33.0375 0432 ============================================================
    06:48:33.0375 0432 Current date / time: 2012/12/27 06:48:33.0375
    06:48:33.0375 0432 SystemInfo:
    06:48:33.0375 0432
    06:48:33.0375 0432 OS Version: 5.1.2600 ServicePack: 3.0
    06:48:33.0375 0432 Product type: Workstation
    06:48:33.0375 0432 ComputerName: RUTH-EE2492AB78
    06:48:33.0375 0432 UserName: Ruth
    06:48:33.0375 0432 Windows directory: C:\WINDOWS
    06:48:33.0375 0432 System windows directory: C:\WINDOWS
    06:48:33.0375 0432 Processor architecture: Intel x86
    06:48:33.0375 0432 Number of processors: 2
    06:48:33.0375 0432 Page size: 0x1000
    06:48:33.0375 0432 Boot type: Normal boot
    06:48:33.0375 0432 ============================================================
    06:48:35.0890 0432 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
    06:48:35.0953 0432 ============================================================
    06:48:35.0953 0432 \Device\Harddisk0\DR0:
    06:48:35.0953 0432 MBR partitions:
    06:48:35.0953 0432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0xDEE2000
    06:48:35.0953 0432 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF2E2800, BlocksNum 0xD7CC800
    06:48:35.0953 0432 ============================================================
    06:48:36.0000 0432 C: <-> \Device\Harddisk0\DR0\Partition1
    06:48:39.0281 0432 D: <-> \Device\Harddisk0\DR0\Partition2
    06:48:39.0281 0432 ============================================================
    06:48:39.0281 0432 Initialize success
    06:48:39.0281 0432 ============================================================
    06:49:20.0140 5772 ============================================================
    06:49:20.0140 5772 Scan started
    06:49:20.0140 5772 Mode: Manual; SigCheck; TDLFS;
    06:49:20.0140 5772 ============================================================
    06:49:26.0703 5772 ================ Scan system memory ========================
    06:49:40.0203 5772 System memory - ok
    06:49:40.0203 5772 ================ Scan services =============================
    06:49:43.0453 5772 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
    06:49:43.0687 5772 Aavmker4 - ok
    06:49:43.0703 5772 Abiosdsk - ok
    06:49:43.0703 5772 abp480n5 - ok
    06:49:43.0734 5772 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    06:49:43.0890 5772 ACPI - ok
    06:49:44.0015 5772 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    06:49:44.0140 5772 ACPIEC - ok
    06:49:44.0234 5772 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    06:49:44.0250 5772 AdobeFlashPlayerUpdateSvc - ok
    06:49:44.0265 5772 adpu160m - ok
    06:49:44.0406 5772 [ 7652940ADA176D26D8938B9BE309F4EE ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
    06:49:44.0453 5772 AdvancedSystemCareService6 - ok
    06:49:44.0484 5772 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    06:49:44.0625 5772 aec - ok
    06:49:44.0671 5772 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    06:49:44.0687 5772 AFD - ok
    06:49:44.0781 5772 [ AC8AB164BF5B79318D3B7CE1F0198FFD ] AffinegyService C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    06:49:44.0890 5772 AffinegyService - ok
    06:49:44.0890 5772 AFGMp50 - ok
    06:49:44.0906 5772 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] AFGSp50 C:\WINDOWS\system32\Drivers\AFGSp50.sys
    06:49:44.0921 5772 AFGSp50 - ok
    06:49:44.0921 5772 Aha154x - ok
    06:49:44.0937 5772 aic78u2 - ok
    06:49:44.0937 5772 aic78xx - ok
    06:49:44.0968 5772 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    06:49:45.0109 5772 Alerter - ok
    06:49:45.0140 5772 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    06:49:45.0265 5772 ALG - ok
    06:49:45.0265 5772 AliIde - ok
    06:49:45.0359 5772 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
    06:49:45.0453 5772 Ambfilt - ok
    06:49:45.0468 5772 amsint - ok
    06:49:45.0562 5772 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    06:49:45.0578 5772 Apple Mobile Device - ok
    06:49:45.0625 5772 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    06:49:45.0796 5772 AppMgmt - ok
    06:49:45.0796 5772 asc - ok
    06:49:45.0796 5772 asc3350p - ok
    06:49:45.0796 5772 asc3550 - ok
    06:49:45.0921 5772 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    06:49:45.0953 5772 aspnet_state - ok
    06:49:45.0984 5772 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
    06:49:46.0015 5772 aswFsBlk - ok
    06:49:46.0015 5772 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
    06:49:46.0046 5772 aswMon2 - ok
    06:49:46.0078 5772 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
    06:49:46.0109 5772 aswRdr - ok
    06:49:46.0109 5772 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
    06:49:46.0156 5772 aswSnx - ok
    06:49:46.0171 5772 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
    06:49:46.0203 5772 aswSP - ok
    06:49:46.0218 5772 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
    06:49:46.0234 5772 aswTdi - ok
    06:49:46.0281 5772 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    06:49:46.0421 5772 AsyncMac - ok
    06:49:46.0500 5772 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    06:49:46.0640 5772 atapi - ok
    06:49:46.0640 5772 Atdisk - ok
    06:49:46.0671 5772 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    06:49:46.0796 5772 Atmarpc - ok
    06:49:46.0875 5772 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    06:49:47.0000 5772 AudioSrv - ok
    06:49:47.0093 5772 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    06:49:47.0234 5772 audstub - ok
    06:49:47.0375 5772 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    06:49:47.0390 5772 avast! Antivirus - ok
    06:49:47.0437 5772 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    06:49:47.0562 5772 Beep - ok
    06:49:47.0625 5772 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    06:49:47.0843 5772 BITS - ok
    06:49:47.0921 5772 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    06:49:47.0953 5772 Bonjour Service - ok
    06:49:47.0984 5772 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    06:49:48.0031 5772 Browser - ok
    06:49:48.0031 5772 catchme - ok
    06:49:48.0062 5772 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    06:49:48.0218 5772 cbidf2k - ok
    06:49:48.0265 5772 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    06:49:48.0390 5772 CCDECODE - ok
    06:49:48.0390 5772 cd20xrnt - ok
    06:49:48.0406 5772 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    06:49:48.0562 5772 Cdaudio - ok
    06:49:48.0593 5772 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    06:49:48.0703 5772 Cdfs - ok
    06:49:48.0796 5772 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    06:49:48.0937 5772 Cdrom - ok
    06:49:48.0937 5772 Changer - ok
    06:49:49.0000 5772 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    06:49:49.0140 5772 CiSvc - ok
    06:49:49.0187 5772 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    06:49:49.0328 5772 ClipSrv - ok
    06:49:49.0375 5772 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    06:49:49.0406 5772 clr_optimization_v2.0.50727_32 - ok
    06:49:49.0484 5772 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    06:49:49.0515 5772 clr_optimization_v4.0.30319_32 - ok
    06:49:49.0515 5772 CmdIde - ok
    06:49:49.0531 5772 COMSysApp - ok
    06:49:49.0531 5772 Cpqarray - ok
    06:49:49.0578 5772 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    06:49:49.0718 5772 CryptSvc - ok
    06:49:49.0750 5772 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
    06:49:49.0765 5772 ctxusbm - ok
    06:49:49.0765 5772 dac2w2k - ok
    06:49:49.0765 5772 dac960nt - ok
    06:49:49.0828 5772 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    06:49:49.0859 5772 DcomLaunch - ok
    06:49:49.0906 5772 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    06:49:50.0062 5772 Dhcp - ok
    06:49:50.0093 5772 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    06:49:50.0218 5772 Disk - ok
    06:49:50.0234 5772 dmadmin - ok
    06:49:50.0281 5772 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    06:49:50.0468 5772 dmboot - ok
    06:49:50.0500 5772 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    06:49:50.0640 5772 dmio - ok
    06:49:50.0656 5772 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    06:49:50.0812 5772 dmload - ok
    06:49:50.0859 5772 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    06:49:50.0968 5772 dmserver - ok
    06:49:51.0015 5772 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    06:49:51.0140 5772 DMusic - ok
    06:49:51.0234 5772 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    06:49:51.0281 5772 Dnscache - ok
    06:49:51.0328 5772 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    06:49:51.0453 5772 Dot3svc - ok
    06:49:51.0453 5772 dpti2o - ok
    06:49:51.0546 5772 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    06:49:51.0687 5772 drmkaud - ok
    06:49:51.0812 5772 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    06:49:51.0843 5772 e1express - ok
    06:49:51.0875 5772 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    06:49:52.0015 5772 EapHost - ok
    06:49:52.0140 5772 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    06:49:52.0250 5772 ERSvc - ok
    06:49:52.0328 5772 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    06:49:52.0375 5772 Eventlog - ok
    06:49:52.0421 5772 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    06:49:52.0468 5772 EventSystem - ok
    06:49:52.0484 5772 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    06:49:52.0625 5772 Fastfat - ok
    06:49:52.0656 5772 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    06:49:52.0718 5772 FastUserSwitchingCompatibility - ok
    06:49:52.0765 5772 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    06:49:52.0937 5772 Fdc - ok
    06:49:56.0031 5772 [ 9200A69413D69AB86ADD9BC81960BE7B ] FileMonitor C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
    06:49:56.0062 5772 FileMonitor - ok
    06:49:56.0078 5772 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    06:49:56.0218 5772 Fips - ok
    06:49:56.0234 5772 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    06:49:56.0375 5772 Flpydisk - ok
    06:49:56.0453 5772 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    06:49:56.0562 5772 FltMgr - ok
    06:49:56.0625 5772 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    06:49:56.0640 5772 FontCache3.0.0.0 - ok
    06:49:56.0671 5772 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    06:49:56.0796 5772 Fs_Rec - ok
    06:49:56.0890 5772 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    06:49:57.0031 5772 Ftdisk - ok
    06:49:57.0093 5772 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    06:49:57.0109 5772 GEARAspiWDM - ok
    06:49:57.0125 5772 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    06:49:57.0265 5772 Gpc - ok
    06:49:57.0359 5772 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    06:49:57.0390 5772 gupdate - ok
    06:49:57.0406 5772 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    06:49:57.0421 5772 gupdatem - ok
    06:49:57.0468 5772 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    06:49:57.0484 5772 gusvc - ok
    06:49:57.0515 5772 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    06:49:57.0656 5772 HDAudBus - ok
    06:49:57.0734 5772 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    06:49:57.0859 5772 helpsvc - ok
    06:49:57.0890 5772 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    06:49:58.0031 5772 HidServ - ok
    06:49:58.0093 5772 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    06:49:58.0218 5772 hidusb - ok
    06:49:58.0296 5772 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    06:49:58.0437 5772 hkmsvc - ok
    06:49:58.0437 5772 hpn - ok
    06:49:58.0515 5772 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    06:49:58.0578 5772 HTTP - ok
    06:49:58.0593 5772 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    06:49:58.0750 5772 HTTPFilter - ok
    06:49:58.0750 5772 i2omgmt - ok
    06:49:58.0750 5772 i2omp - ok
    06:49:58.0765 5772 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
    06:49:58.0890 5772 i8042prt - ok
    06:49:58.0906 5772 ialm - ok
    06:49:59.0015 5772 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    06:49:59.0093 5772 idsvc - ok
    06:49:59.0093 5772 igfx - ok
    06:49:59.0156 5772 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    06:49:59.0281 5772 Imapi - ok
    06:49:59.0328 5772 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    06:49:59.0468 5772 ImapiService - ok
    06:49:59.0531 5772 [ 8AE99EBE30E8338907361018D9030835 ] IMFservice C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
    06:49:59.0578 5772 IMFservice - ok
    06:49:59.0578 5772 ini910u - ok
    06:49:59.0812 5772 [ 5D138ADC44C43BF37634C8E528D75B1F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    06:50:00.0015 5772 IntcAzAudAddService - ok
    06:50:00.0031 5772 IntelIde - ok
    06:50:00.0078 5772 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    06:50:00.0203 5772 intelppm - ok
    06:50:00.0234 5772 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    06:50:00.0390 5772 Ip6Fw - ok
    06:50:00.0500 5772 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    06:50:00.0640 5772 IpFilterDriver - ok
    06:50:00.0656 5772 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    06:50:00.0796 5772 IpInIp - ok
    06:50:00.0890 5772 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    06:50:01.0031 5772 IpNat - ok
    06:50:01.0093 5772 [ 49918803B661367023BF325CF602AFDC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    06:50:01.0140 5772 iPod Service - ok
    06:50:01.0187 5772 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    06:50:01.0328 5772 IPSec - ok
    06:50:01.0375 5772 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    06:50:01.0515 5772 IRENUM - ok
    06:50:01.0562 5772 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    06:50:01.0687 5772 isapnp - ok
    06:50:01.0718 5772 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    06:50:01.0843 5772 Kbdclass - ok
    06:50:01.0859 5772 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    06:50:01.0968 5772 kbdhid - ok
    06:50:02.0078 5772 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    06:50:02.0203 5772 kmixer - ok
    06:50:02.0265 5772 [ 4635935FC972C582632BF45C26BFCB0E ] KMService C:\WINDOWS\system32\srvany.exe
    06:50:02.0296 5772 KMService ( UnsignedFile.Multi.Generic ) - warning
    06:50:02.0296 5772 KMService - detected UnsignedFile.Multi.Generic (1)
    06:50:02.0328 5772 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    06:50:02.0375 5772 KSecDD - ok
    06:50:02.0406 5772 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    06:50:02.0453 5772 lanmanserver - ok
    06:50:02.0500 5772 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    06:50:02.0562 5772 lanmanworkstation - ok
    06:50:02.0562 5772 lbrtfdc - ok
    06:50:02.0609 5772 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    06:50:02.0734 5772 LmHosts - ok
    06:50:02.0765 5772 [ 9E9306063ECD8AA91B3FB76678D3CEE2 ] LVUSBSta C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
    06:50:02.0796 5772 LVUSBSta - ok
    06:50:02.0859 5772 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
    06:50:02.0890 5772 McComponentHostService - ok
    06:50:02.0921 5772 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    06:50:03.0062 5772 Messenger - ok
    06:50:03.0125 5772 Microsoft SharePoint Workspace Audit Service - ok
    06:50:03.0156 5772 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    06:50:03.0281 5772 mnmdd - ok
    06:50:03.0359 5772 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    06:50:03.0500 5772 mnmsrvc - ok
    06:50:03.0546 5772 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    06:50:03.0671 5772 Modem - ok
    06:50:03.0718 5772 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
    06:50:03.0812 5772 Monfilt - ok
    06:50:03.0843 5772 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    06:50:03.0968 5772 Mouclass - ok
    06:50:04.0015 5772 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    06:50:04.0140 5772 mouhid - ok
    06:50:04.0203 5772 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    06:50:04.0312 5772 MountMgr - ok
    06:50:04.0421 5772 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    06:50:04.0453 5772 MozillaMaintenance - ok
    06:50:04.0500 5772 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    06:50:04.0531 5772 MpFilter - ok
    06:50:04.0687 5772 [ A69630D039C38018689190234F866D77 ] MpKsl820d5414 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D30DD423-8465-43D1-BA7F-D99176FECFB9}\MpKsl820d5414.sys
    06:50:04.0718 5772 MpKsl820d5414 - ok
    06:50:04.0718 5772 mraid35x - ok
    06:50:04.0750 5772 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    06:50:04.0875 5772 MRxDAV - ok
    06:50:04.0968 5772 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    06:50:05.0000 5772 MRxSmb - ok
    06:50:05.0046 5772 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    06:50:05.0187 5772 MSDTC - ok
    06:50:05.0234 5772 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    06:50:05.0343 5772 Msfs - ok
    06:50:05.0359 5772 MSIServer - ok
    06:50:05.0406 5772 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    06:50:05.0531 5772 MSKSSRV - ok
    06:50:05.0609 5772 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
    06:50:05.0640 5772 MsMpSvc - ok
    06:50:05.0656 5772 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    06:50:05.0781 5772 MSPCLOCK - ok
    06:50:05.0828 5772 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    06:50:05.0953 5772 MSPQM - ok
    06:50:05.0984 5772 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    06:50:06.0093 5772 mssmbios - ok
    06:50:06.0156 5772 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    06:50:06.0296 5772 MSTEE - ok
    06:50:06.0375 5772 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    06:50:06.0406 5772 Mup - ok
    06:50:06.0453 5772 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    06:50:06.0578 5772 NABTSFEC - ok
    06:50:06.0687 5772 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    06:50:06.0875 5772 napagent - ok
    06:50:06.0906 5772 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    06:50:07.0031 5772 NDIS - ok
    06:50:09.0921 5772 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    06:50:10.0046 5772 NdisIP - ok
    06:50:10.0093 5772 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    06:50:10.0125 5772 NdisTapi - ok
    06:50:10.0171 5772 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    06:50:10.0281 5772 Ndisuio - ok
    06:50:10.0312 5772 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    06:50:10.0437 5772 NdisWan - ok
    06:50:10.0500 5772 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    06:50:10.0515 5772 NDProxy - ok
    06:50:10.0640 5772 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    06:50:10.0687 5772 Nero BackItUp Scheduler 4.0 - ok
    06:50:10.0703 5772 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    06:50:10.0843 5772 NetBIOS - ok
    06:50:10.0875 5772 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    06:50:11.0031 5772 NetBT - ok
    06:50:11.0062 5772 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    06:50:11.0203 5772 NetDDE - ok
    06:50:11.0218 5772 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    06:50:11.0343 5772 NetDDEdsdm - ok
    06:50:11.0421 5772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    06:50:11.0546 5772 Netlogon - ok
    06:50:11.0593 5772 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    06:50:11.0765 5772 Netman - ok
    06:50:11.0796 5772 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    06:50:11.0812 5772 NetTcpPortSharing - ok
    06:50:11.0843 5772 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    06:50:11.0875 5772 Nla - ok
    06:50:11.0890 5772 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    06:50:12.0000 5772 Npfs - ok
    06:50:12.0031 5772 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    06:50:12.0203 5772 Ntfs - ok
    06:50:12.0265 5772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    06:50:12.0390 5772 NtLmSsp - ok
    06:50:12.0453 5772 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    06:50:12.0609 5772 NtmsSvc - ok
    06:50:12.0609 5772 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    06:50:12.0750 5772 Null - ok
    06:50:13.0062 5772 [ 5A72584C700298E82A0342DC4BB38892 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    06:50:13.0546 5772 nv - ok
    06:50:13.0578 5772 [ 50ACB7253D1104E5917E15A0670D63D5 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
    06:50:13.0593 5772 NVHDA - ok
    06:50:13.0640 5772 [ EF895A872F11AC584413F6BAEA2DDB50 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
    06:50:13.0656 5772 NVSvc - ok
    06:50:13.0703 5772 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    06:50:13.0843 5772 NwlnkFlt - ok
    06:50:13.0906 5772 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    06:50:14.0078 5772 NwlnkFwd - ok
    06:50:14.0156 5772 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    06:50:14.0187 5772 ose - ok
    06:50:14.0375 5772 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    06:50:14.0687 5772 osppsvc - ok
    06:50:14.0734 5772 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    06:50:14.0859 5772 Parport - ok
    06:50:14.0953 5772 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    06:50:15.0078 5772 PartMgr - ok
    06:50:15.0140 5772 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    06:50:15.0296 5772 ParVdm - ok
    06:50:15.0375 5772 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    06:50:15.0515 5772 PCI - ok
    06:50:15.0515 5772 PCIDump - ok
    06:50:15.0546 5772 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    06:50:15.0687 5772 PCIIde - ok
    06:50:15.0750 5772 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    06:50:15.0890 5772 Pcmcia - ok
    06:50:15.0890 5772 PDCOMP - ok
    06:50:15.0906 5772 PDFRAME - ok
    06:50:15.0906 5772 PDRELI - ok
    06:50:15.0906 5772 PDRFRAME - ok
    06:50:15.0906 5772 perc2 - ok
    06:50:15.0921 5772 perc2hib - ok
    06:50:16.0171 5772 [ 0DA6C5E0C8DA6CEBE52DAACFE7AE9DE6 ] PID_PEPI C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
    06:50:16.0265 5772 PID_PEPI - ok
    06:50:16.0281 5772 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    06:50:16.0312 5772 PlugPlay - ok
    06:50:16.0328 5772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    06:50:16.0453 5772 PolicyAgent - ok
    06:50:16.0515 5772 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    06:50:16.0640 5772 PptpMiniport - ok
    06:50:16.0656 5772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    06:50:16.0781 5772 ProtectedStorage - ok
    06:50:16.0796 5772 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    06:50:17.0000 5772 PSched - ok
    06:50:17.0046 5772 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    06:50:17.0156 5772 PSI_SVC_2 - ok
    06:50:17.0187 5772 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    06:50:17.0343 5772 Ptilink - ok
    06:50:17.0343 5772 ql1080 - ok
    06:50:17.0343 5772 Ql10wnt - ok
    06:50:17.0359 5772 ql12160 - ok
    06:50:17.0359 5772 ql1240 - ok
    06:50:17.0359 5772 ql1280 - ok
    06:50:17.0390 5772 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    06:50:17.0515 5772 RasAcd - ok
    06:50:17.0546 5772 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    06:50:17.0687 5772 RasAuto - ok
    06:50:17.0703 5772 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    06:50:17.0828 5772 Rasl2tp - ok
    06:50:17.0890 5772 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    06:50:18.0015 5772 RasMan - ok
    06:50:18.0031 5772 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    06:50:18.0156 5772 RasPppoe - ok
    06:50:18.0187 5772 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    06:50:18.0343 5772 Raspti - ok
    06:50:18.0421 5772 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    06:50:18.0546 5772 Rdbss - ok
    06:50:18.0562 5772 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    06:50:18.0703 5772 RDPCDD - ok
    06:50:18.0812 5772 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    06:50:18.0937 5772 rdpdr - ok
    06:50:19.0031 5772 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    06:50:19.0062 5772 RDPWD - ok
    06:50:19.0109 5772 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    06:50:19.0234 5772 RDSessMgr - ok
    06:50:19.0328 5772 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    06:50:19.0453 5772 redbook - ok
    06:50:19.0546 5772 [ D03FA5EC6B855FEE1EE16C5B0C0BA42C ] RegFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
    06:50:19.0562 5772 RegFilter - ok
    06:50:19.0593 5772 [ 24D3B49DAB660A8B8AFA40240E735E24 ] regi C:\WINDOWS\system32\drivers\regi.sys
    06:50:19.0625 5772 regi - ok
    06:50:19.0656 5772 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    06:50:19.0796 5772 RemoteAccess - ok
    06:50:19.0890 5772 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    06:50:20.0031 5772 RemoteRegistry - ok
    06:50:20.0046 5772 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    06:50:20.0171 5772 RpcLocator - ok
    06:50:20.0281 5772 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
    06:50:20.0328 5772 RpcSs - ok
    06:50:20.0359 5772 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    06:50:20.0515 5772 RSVP - ok
    06:50:20.0515 5772 rt2870 - ok
    06:50:20.0546 5772 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    06:50:20.0671 5772 SamSs - ok
    06:50:20.0718 5772 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    06:50:20.0859 5772 SCardSvr - ok
    06:50:20.0921 5772 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    06:50:21.0078 5772 Schedule - ok
    06:50:21.0171 5772 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    06:50:21.0281 5772 Secdrv - ok
    06:50:21.0328 5772 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    06:50:21.0468 5772 seclogon - ok
    06:50:21.0484 5772 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    06:50:21.0625 5772 SENS - ok
    06:50:21.0656 5772 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
    06:50:21.0781 5772 Serial - ok
    06:50:21.0859 5772 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    06:50:21.0984 5772 Sfloppy - ok
    06:50:22.0109 5772 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    06:50:22.0250 5772 SharedAccess - ok
    06:50:22.0343 5772 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    06:50:22.0375 5772 ShellHWDetection - ok
    06:50:22.0390 5772 Simbad - ok
    06:50:22.0531 5772 [ 3740B83AEC21D981065D7E819BD7E878 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    06:50:22.0625 5772 Skype C2C Service - ok
    06:50:22.0671 5772 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    06:50:22.0687 5772 SkypeUpdate - ok
    06:50:22.0718 5772 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    06:50:22.0875 5772 SLIP - ok
    06:50:22.0953 5772 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
    06:50:22.0968 5772 SmartDefragDriver - ok
    06:50:22.0984 5772 Sparrow - ok
    06:50:23.0000 5772 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    06:50:23.0125 5772 splitter - ok
    06:50:23.0203 5772 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    06:50:23.0250 5772 Spooler - ok
    06:50:23.0281 5772 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    06:50:23.0421 5772 sr - ok
    06:50:23.0531 5772 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    06:50:23.0656 5772 srservice - ok
    06:50:23.0687 5772 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    06:50:23.0734 5772 Srv - ok
    06:50:23.0781 5772 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    06:50:23.0921 5772 SSDPSRV - ok
    06:50:23.0953 5772 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    06:50:24.0093 5772 stisvc - ok
    06:50:24.0140 5772 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    06:50:24.0250 5772 streamip - ok
    06:50:24.0312 5772 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    06:50:24.0437 5772 swenum - ok
    06:50:24.0468 5772 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    06:50:24.0593 5772 swmidi - ok
    06:50:24.0593 5772 SwPrv - ok
    06:50:24.0609 5772 symc810 - ok
    06:50:24.0609 5772 symc8xx - ok
    06:50:24.0625 5772 sym_hi - ok
    06:50:24.0625 5772 sym_u3 - ok
    06:50:24.0671 5772 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    06:50:24.0796 5772 sysaudio - ok
    06:50:24.0875 5772 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    06:50:25.0031 5772 SysmonLog - ok
    06:50:25.0062 5772 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    06:50:25.0187 5772 TapiSrv - ok
    06:50:25.0218 5772 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    06:50:25.0250 5772 Tcpip - ok
    06:50:25.0281 5772 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    06:50:25.0421 5772 TDPIPE - ok
    06:50:25.0468 5772 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    06:50:25.0578 5772 TDTCP - ok
    06:50:25.0609 5772 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    06:50:25.0734 5772 TermDD - ok
    06:50:25.0796 5772 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    06:50:25.0937 5772 TermService - ok
    06:50:25.0953 5772 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    06:50:25.0984 5772 Themes - ok
    06:50:26.0015 5772 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    06:50:26.0171 5772 TlntSvr - ok
    06:50:26.0171 5772 TosIde - ok
    06:50:26.0250 5772 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    06:50:26.0390 5772 TrkWks - ok
    06:50:26.0515 5772 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    06:50:26.0640 5772 Udfs - ok
    06:50:26.0640 5772 ultra - ok
    06:50:26.0687 5772 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    06:50:26.0828 5772 Update - ok
    06:50:26.0875 5772 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    06:50:27.0015 5772 upnphost - ok
    06:50:27.0062 5772 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    06:50:27.0203 5772 UPS - ok
    06:50:27.0250 5772 [ CB41CD653916362CA5ECD242382A156E ] UrlFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
    06:50:27.0265 5772 UrlFilter - ok
    06:50:27.0312 5772 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
    06:50:27.0343 5772 USBAAPL - ok
    06:50:27.0375 5772 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    06:50:27.0515 5772 usbaudio - ok
    06:50:27.0578 5772 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    06:50:27.0718 5772 usbccgp - ok
    06:50:27.0765 5772 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    06:50:27.0875 5772 usbehci - ok
    06:50:27.0937 5772 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    06:50:28.0062 5772 usbhub - ok
    06:50:28.0109 5772 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    06:50:28.0234 5772 usbprint - ok
    06:50:28.0281 5772 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    06:50:28.0406 5772 usbscan - ok
    06:50:28.0453 5772 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    06:50:28.0593 5772 USBSTOR - ok
    06:50:28.0593 5772 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    06:50:28.0734 5772 usbuhci - ok
    06:50:28.0750 5772 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    06:50:28.0875 5772 VgaSave - ok
    06:50:28.0875 5772 ViaIde - ok
    06:50:28.0984 5772 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    06:50:29.0125 5772 VolSnap - ok
    06:50:29.0203 5772 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    06:50:29.0343 5772 VSS - ok
    06:50:29.0406 5772 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    06:50:29.0531 5772 W32Time - ok
    06:50:29.0546 5772 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    06:50:29.0687 5772 Wanarp - ok
    06:50:29.0687 5772 WDICA - ok
    06:50:29.0781 5772 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    06:50:29.0906 5772 wdmaud - ok
    06:50:29.0968 5772 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    06:50:30.0125 5772 WebClient - ok
    06:50:30.0203 5772 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    06:50:30.0328 5772 winmgmt - ok
    06:50:30.0406 5772 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    06:50:30.0515 5772 WinRM - ok
    06:50:30.0578 5772 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    06:50:30.0609 5772 WmdmPmSN - ok
    06:50:30.0640 5772 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    06:50:30.0703 5772 Wmi - ok
    06:50:30.0750 5772 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    06:50:30.0890 5772 WmiApSrv - ok
    06:50:31.0015 5772 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    06:50:31.0109 5772 WMPNetworkSvc - ok
    06:50:31.0234 5772 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    06:50:31.0281 5772 WPFFontCache_v0400 - ok
    06:50:31.0312 5772 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    06:50:31.0468 5772 WS2IFSL - ok
    06:50:31.0515 5772 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    06:50:31.0656 5772 wscsvc - ok
    06:50:31.0656 5772 WSearch - ok
    06:50:31.0687 5772 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    06:50:31.0812 5772 WSTCODEC - ok
    06:50:31.0875 5772 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    06:50:32.0015 5772 wuauserv - ok
    06:50:32.0062 5772 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    06:50:32.0093 5772 WudfPf - ok
    06:50:32.0125 5772 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    06:50:32.0156 5772 WudfRd - ok
    06:50:32.0203 5772 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    06:50:32.0250 5772 WudfSvc - ok
    06:50:32.0312 5772 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    06:50:32.0515 5772 WZCSVC - ok
    06:50:32.0546 5772 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    06:50:32.0703 5772 xmlprov - ok
    06:50:32.0703 5772 ================ Scan global ===============================
    06:50:32.0750 5772 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    06:50:32.0796 5772 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    06:50:32.0828 5772 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    06:50:32.0859 5772 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    06:50:32.0859 5772 [Global] - ok
    06:50:32.0859 5772 ================ Scan MBR ==================================
    06:50:32.0890 5772 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    06:50:33.0156 5772 \Device\Harddisk0\DR0 - ok
    06:50:33.0156 5772 ================ Scan VBR ==================================
    06:50:33.0156 5772 [ 785DC31E3CDCB9CCA37C9F090CA81E93 ] \Device\Harddisk0\DR0\Partition1
    06:50:33.0156 5772 \Device\Harddisk0\DR0\Partition1 - ok
    06:50:33.0171 5772 [ 960A3EE091D99F63435A052B31313A87 ] \Device\Harddisk0\DR0\Partition2
    06:50:33.0187 5772 \Device\Harddisk0\DR0\Partition2 - ok
    06:50:33.0187 5772 ============================================================
    06:50:33.0187 5772 Scan finished
    06:50:33.0187 5772 ============================================================
    06:50:33.0296 2112 Detected object count: 1
    06:50:33.0296 2112 Actual detected object count: 1
    06:50:52.0921 2112 KMService ( UnsignedFile.Multi.Generic ) - skipped by user
    06:50:52.0921 2112 KMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
    06:51:03.0187 3896 Deinitialize success
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  16. Mac McMillan

    Mac McMillan Newcomer, in training Topic Starter Posts: 29

    I'll answer these questions now and then run the test in a bit.

    • Slow computer - My computer was slow to boot before we did some of the tests its a bit quicker now. Ocaisionally it will not load or take its time in loading the icons in the systems tray e.g. MS security essentials, AVAST etc. This morning it loaded fine but then froze, this could be because the XP OS may be corrupted. I am thinking of blowing it away and reloading.
    • Error messages - no error messages
    • Fake antivirus alerts or the icon in the system tray - no fake virus messages no erroneous icons
    • svchost.exe running at 100% - nearly always @ 0
    • System crashes or blue screen of death - The main symptom of the error and what led me to believe I have gotten a virus was my firefox browser crashing regularly and 2 or 3 blue screens of death per session usually whilst streaming TV and browsing other web pages. Since running the tests Firefox hasn't crashed (touch wood) and I've had only 2 blue screens (one per last 2 days) whilst playing games.

    I forgot to thank you for all your help, it really is much appreciated. Has any of the downloaded logs told you anything?

    cheers

    MAC
  17. Mac McMillan

    Mac McMillan Newcomer, in training Topic Starter Posts: 29

    Log as requested

    C:\Documents and Settings\All Users\Application Data\Tarma

    Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application

    cleaned by deleting - quarantined
    C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\16qsmila.Default

    User\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application cleaned by deleting -

    quarantined
    C:\Documents and Settings\Ruth\Application

    Data\Mozilla\Firefox\Profiles\4h1xeyhx.ry0nwzgr.default\extensions\plugin@yontoo.com\content\overlay.js

    Win32/Adware.Yontoo application cleaned by deleting - quarantined
    C:\Documents and Settings\Ruth\Application

    Data\Mozilla\Firefox\Profiles\dcle65ze.default-1356187840578\extensions\plugin@yontoo.com\content\overlay.js

    Win32/Adware.Yontoo application cleaned by deleting - quarantined
    C:\Documents and Settings\Ruth\Application

    Data\Mozilla\Firefox\Profiles\uktkg795.default-1355917558250\extensions\plugin@yontoo.com\content\overlay.js

    Win32/Adware.Yontoo application cleaned by deleting - quarantined
    C:\Documents and Settings\Ruth\My Documents\Downloads\cnet2_150s6fb_27_d2k_aen_zip.exe a variant of

    Win32/InstallCore.D application cleaned by deleting - quarantined
    C:\Documents and Settings\Ruth\My Documents\Downloads\cnet2_WinDVD11_Pro_TBYB_exe.exe a variant of

    Win32/InstallCore.D application cleaned by deleting - quarantined
    C:\Documents and Settings\Ruth\My Documents\Downloads\defragsetup.exe a variant of Win32/ELEX application

    cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite

    application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application

    cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe a variant of

    Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application

    cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application

    cleaned by deleting - quarantined
    C:\Program Files\IObit Toolbar\IE\6.6\iobitToolbarIE.dll a variant of Win32/Toolbar.Widgi application

    cleaned by deleting - quarantined
    C:\Program Files\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting

    - quarantined
    C:\System Volume Information\_restore{D0660739-2BE9-461A-BD45-E5749B731D56}\RP410\A0160722.dll a variant of

    Win32/Toolbar.Widgi application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{D0660739-2BE9-461A-BD45-E5749B731D56}\RP410\A0160724.exe a variant of

    Win32/Toolbar.Widgi application cleaned by deleting - quarantined


    There was also an error in onlinecmdlinescanner.exe - it crashed

    AppName: onlinecmdlinescanner.exe AppVer: 0.0.0.0 ModName: esets_apiw_a.dll
    ModVer: 3.0.15.0 Offset: 00004440

    C:\DOCUME~1\Ruth\LOCALS~1\Temp\282_appcompat.txt

    I had some browser crashes whilst the test was running. I managed to get the log and tick the boxes for uninstall

    and delete quarentined files. Don't know if it did either.
  18. Mac McMillan

    Mac McMillan Newcomer, in training Topic Starter Posts: 29

    On restart I got the attached message, I've had this a couple of times since we've been doing these tests. Also on first reboot after scan the system tray did ot fully populate so restarted again system tray populated and the whilst posting this message I had a system crash.

    Whats the prognosis doc

    Attached Files:

  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let me know if those errors resolve after the following:

    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    [​IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start.
  20. Mac McMillan

    Mac McMillan Newcomer, in training Topic Starter Posts: 29

    Cant do 3 as I bought the PC on ebay and no disc came with it. Windows Repair asks for the disc. BTW Browser unstable and system unstable since that last test (no critisism implied or intended). I have my own clean xp home addition of XP shall I bite the bullet and blow the old OS away?
  21. Mac McMillan

    Mac McMillan Newcomer, in training Topic Starter Posts: 29

    Prob pointless but continued as instructed anyway
  22. Mac McMillan

    Mac McMillan Newcomer, in training Topic Starter Posts: 29

    After running I get the attached messages. The red shield is because ISC will not run. I also have no sound on BBC iplayer. I'm going to attempt the restore.

    Attached Files:

  23. Mac McMillan

    Mac McMillan Newcomer, in training Topic Starter Posts: 29

    Restored iplayer sound back can't run films from DVD using VLC opensource palyer. The whole system seems unstable now, System tray loads randomly and not all icons appear. Games crash after running for an hour with no probs. Ocaisional browser crashes. Getting to the point where I'm going to bite that bullet and blow the old OS away
  24. Mac McMillan

    Mac McMillan Newcomer, in training Topic Starter Posts: 29

    System got so unstable that Ive restored by reloading a new XP OS, The reinstall did not find my network card so can't connect to internet PSA device manager piccie with devices not found Hope you can help with this different problem

    Attached Files:

  25. Mac McMillan

    Mac McMillan Newcomer, in training Topic Starter Posts: 29

    If you can help PSA

    Attached Files:

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.