Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Re occurring Explorer.exe problem [Solved]


  • This topic is locked This topic is locked

#1
Sking0

Sking0

    Member

  • Member
  • PipPipPip
  • 172 posts
I had this problem of explorer.exe causing my pc to start up with a blank desktop (just wallpaper).
I have to use task manager/file/new task (run...)/explore.exe/run to get the desktop running and then i have to
turn on zonealarm as it seems to stop zonealarm starting up too.
Sometimes when i run CoD UO i get a zonealrm pop up say something like 'CoD UO is trying to communicate with C/windows/explorer.exe. Do you want to allow this?'
I have it set to 'Allow' everything i want to use in zonealarm application control. Been using zonealarm for years and i am fully competent on its uses/settings.
I did have this problem before and one of the GTG guys sorted it for me but it re occurred about two weeks later. The initial problem seemed to be with a file i downloaded
which was a minimiser for CoD UO. I ran malwarebytes and zonealarm but they never seemed to find this problem. After running Kaspersky from a link given to me by the
guy who helped me it found this file and it all seemed ok.
I haven't run any malware/spyware programs this time because i am pretty sure they will not find the problem (as before).

I am running Windows XP. SP3. AMD Phenom 9950 quad core 2.60 GHz. 3.25 GB RAM.
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

  • 0

#3
Sking0

Sking0

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
Here is the Checkup txt.

Results of screen317's Security Check version 0.99.53
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Extreme Security
ZoneAlarm Security Toolbar
ZoneAlarm DataLock
ZoneAlarm Security
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java™ 6 Update 27
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox 14.0.1 Firefox out of Date!
Mozilla Thunderbird (7.0.1) Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
did you get a report from DDS?


gringo
  • 0

#5
Sking0

Sking0

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
Hi. I wasn't sure whether you wanted them 1 at a time. Sorry.

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Simon King at 16:25:33 on 2012-10-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2578 [GMT 1:00]
.
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Extreme Security Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Simon King\My Documents\Defogger.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll
BHO: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: ZoneAlarm Security Toolbar: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - c:\program files\zonealarm_security\prxtbZone.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4D94816B-E72D-488F-879B-72A38EF08273} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\simon king\application data\mozilla\firefox\profiles\anb7uxoh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2925418&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Extreme Security Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\simon king\application data\mozilla\firefox\profiles\anb7uxoh.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\Npindeo.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2012-09-25 16:06; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-10-14 132184]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2011-3-1 16048]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-9-21 327256]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-12-18 525840]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2011-3-1 162096]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-6-6 21992]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 Start BT in service;Start BT in service;c:\program files\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-12-27 51816]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-3-2 100368]
R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2011-11-3 36744]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-3-12 27632]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-24 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-18 250808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-2-23 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-24 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-25 113120]
S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-3-10 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-3-10 8576]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\drivers\procexp151.sys --> c:\windows\system32\drivers\PROCEXP151.SYS [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-6-23 27064]
S3 RTCore32;RTCore32;c:\program files\msi afterburner\RTCore32.sys [2005-5-25 4608]
S3 WinAutomation Service;WinAutomation Service;c:\program files\winautomation\WinAutomation.ServiceAgent.exe [2011-1-25 166912]
.
=============== File Associations ===============
.
ShellExec: starrynight.exe: open=c:\program files\starry night pro 5\starrynight.exe
.
=============== Created Last 30 ================
.
2012-10-19 08:10:29 -------- d-----w- c:\documents and settings\simon king\local settings\application data\Research In Motion
2012-10-19 08:10:27 -------- d-----w- c:\documents and settings\simon king\application data\Research In Motion
2012-10-19 08:09:32 35328 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2012-10-19 08:08:58 -------- d-----w- c:\documents and settings\all users\application data\Research In Motion
2012-10-19 08:08:48 -------- d-----w- c:\program files\Research In Motion
2012-10-19 08:08:48 -------- d-----w- c:\program files\common files\XCPCSync.OEM
2012-10-19 08:08:48 -------- d-----w- c:\program files\common files\Research In Motion
2012-10-08 13:53:26 -------- d-----w- c:\documents and settings\simon king\local settings\application data\Imaginova Canada
2012-10-08 13:52:37 244416 ----a-w- c:\windows\system32\system32MSFLXGRD.OCX
2012-10-08 13:52:37 209608 ----a-w- c:\windows\system32\TABCTL32.OCX
2012-10-08 13:52:37 110592 ----a-w- c:\windows\system32\libfli.dll
2012-10-08 13:52:37 103744 ----a-w- c:\windows\system32\MSCOMM32.OCX
2012-10-08 13:52:37 -------- d-----w- c:\program files\common files\ASCOM
2012-10-08 13:50:31 -------- d-----w- c:\windows\Cache
2012-10-08 13:37:40 -------- d--h--w- c:\program files\Zero G Registry
2012-10-08 13:37:40 -------- d-----w- c:\program files\Starry Night Pro 5
2012-10-08 13:37:23 -------- d--h--w- c:\documents and settings\simon king\InstallAnywhere
2012-10-08 11:20:08 -------- d-----w- C:\hplanet
2012-10-01 15:02:01 -------- d-----w- c:\documents and settings\simon king\local settings\application data\Downloaded Installations
2012-10-01 14:48:29 -------- d-----w- c:\documents and settings\all users\application data\TomTom
2012-10-01 14:48:04 -------- d-----w- c:\documents and settings\simon king\local settings\application data\TomTom
2012-10-01 14:48:04 -------- d-----w- c:\documents and settings\simon king\application data\TomTom
2012-10-01 14:47:57 -------- d-----w- c:\program files\TomTom International B.V
2012-10-01 14:47:43 -------- d-----w- c:\program files\TomTom HOME 2
2012-10-01 14:41:56 -------- d-----w- c:\program files\TomTom DesktopSuite
2012-10-01 10:18:59 -------- d-----w- c:\documents and settings\simon king\local settings\application data\Sun
2012-10-01 10:17:21 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-01 10:17:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-10-21 11:47:35 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-10-21 11:47:26 202448 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-10-09 11:18:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 11:18:16 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-01 10:16:54 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-01 10:16:54 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-25 15:05:41 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-25 15:05:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-07 19:22:52 81920 ------r- c:\windows\bwUnin-6.1.4.36-8876480L.exe
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-19 15:09:59 270336 ----a-w- c:\program files\Uninstall.exe
2011-12-19 15:09:59 127592 ----a-w- c:\program files\Intro_Video.exe
2011-12-19 15:05:58 102400 ----a-w- c:\program files\srEXT_Unzip.dll
2011-12-19 15:05:57 90185 ----a-w- c:\program files\srDD_Glide3x.dll
2011-12-19 15:05:57 741438 ----a-w- c:\program files\sr.dll
2011-12-19 15:05:57 57434 ----a-w- c:\program files\srEXT_LWOImporter.dll
2011-12-19 15:05:57 53337 ----a-w- c:\program files\srEXT_default.dll
2011-12-19 15:05:57 45142 ----a-w- c:\program files\srEXT_Inspector.dll
2011-12-19 15:05:57 36942 ----a-w- c:\program files\srDD_OpenGL.dll
2011-12-19 15:05:57 118876 ----a-w- c:\program files\srEXT_JPEGImporter.dll
2011-03-07 16:45:42 5296197 ----a-w- c:\program files\CheatEngine60.exe
2011-03-06 20:23:17 38147376 ----a-w- c:\program files\QuickTimeInstaller.exe
2011-03-06 19:31:26 670992 ----a-w- c:\program files\RealPlayer.exe
2011-02-26 19:41:52 3194296 ----a-w- c:\program files\spywareblastersetup44.exe
2011-02-26 17:04:15 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2011-02-25 18:05:49 7133675 ----a-w- c:\program files\xfire_installer_43094.exe
2010-12-22 19:00:00 565313 ----a-w- c:\program files\Supreme_v1.035.exe
2010-12-22 19:00:00 565313 ----a-w- c:\program files\Supreme.exe
2010-11-14 07:00:00 30720 ----a-w- c:\program files\Display_Config.exe
.
============= FINISH: 16:26:31.64 ===============


And the attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 23/02/2011 10:44:42
System Uptime: 25/10/2012 15:54:57 (1 hours ago)
.
Motherboard: ASRock | | K10N78hSLI-GLAN
Processor: AMD Phenom™ 9950 Quad-Core Processor | CPUSocket | 2599/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 699 GiB total, 618.158 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth PAN Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: IVT Corporation
Name: Bluetooth PAN Network Adapter
PNP Device ID: ROOT\NET\0000
Service: BT
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6210 Navigator
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6210 Navigator
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 6210 Navigator
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd
.
==== System Restore Points ===================
.
RP520: 28/07/2012 19:24:03 - System Checkpoint
RP521: 29/07/2012 20:18:14 - System Checkpoint
RP522: 31/07/2012 13:29:11 - Installed Driver Manager.
RP523: 01/08/2012 13:31:51 - System Checkpoint
RP524: 01/08/2012 20:20:24 - Restore Operation
RP525: 04/08/2012 06:51:44 - System Checkpoint
RP526: 05/08/2012 10:49:45 - System Checkpoint
RP527: 08/08/2012 10:17:49 - System Checkpoint
RP528: 11/08/2012 20:23:00 - System Checkpoint
RP529: 12/08/2012 21:11:33 - System Checkpoint
RP530: 14/08/2012 06:16:06 - System Checkpoint
RP531: 15/08/2012 13:49:33 - System Checkpoint
RP532: 16/08/2012 12:29:08 - Software Distribution Service 3.0
RP533: 17/08/2012 20:19:30 - System Checkpoint
RP534: 19/08/2012 11:42:28 - System Checkpoint
RP535: 20/08/2012 11:55:33 - System Checkpoint
RP536: 21/08/2012 14:11:25 - System Checkpoint
RP537: 22/08/2012 18:00:40 - System Checkpoint
RP538: 24/08/2012 09:11:38 - System Checkpoint
RP539: 25/08/2012 10:10:24 - System Checkpoint
RP540: 26/08/2012 00:20:15 - Removed Call of Duty - United Offensive
RP541: 27/08/2012 12:10:41 - System Checkpoint
RP542: 28/08/2012 16:26:14 - System Checkpoint
RP543: 29/08/2012 16:31:49 - System Checkpoint
RP544: 30/08/2012 19:40:36 - System Checkpoint
RP545: 01/09/2012 18:16:47 - System Checkpoint
RP546: 02/09/2012 18:24:46 - System Checkpoint
RP547: 03/09/2012 18:51:25 - System Checkpoint
RP548: 04/09/2012 19:45:30 - System Checkpoint
RP549: 05/09/2012 20:04:37 - System Checkpoint
RP550: 06/09/2012 20:59:15 - System Checkpoint
RP551: 07/09/2012 20:11:54 - Installed Logitech Desktop Messenger
RP552: 07/09/2012 20:12:31 - Installed Logitech ImageStudio
RP553: 07/09/2012 20:18:28 - Removed Logitech Desktop Messenger
RP554: 07/09/2012 20:18:41 - Removed Logitech IM Video Companion
RP555: 07/09/2012 20:18:57 - Removed Logitech ImageStudio
RP556: 07/09/2012 20:22:47 - Installed Logitech Desktop Messenger
RP557: 07/09/2012 20:23:17 - Installed Logitech ImageStudio
RP558: 08/09/2012 20:30:06 - System Checkpoint
RP559: 08/09/2012 21:15:06 - Software Distribution Service 3.0
RP560: 09/09/2012 22:00:17 - System Checkpoint
RP561: 10/09/2012 22:01:10 - System Checkpoint
RP562: 11/09/2012 22:02:32 - System Checkpoint
RP563: 12/09/2012 08:36:02 - Software Distribution Service 3.0
RP564: 14/09/2012 17:54:06 - System Checkpoint
RP565: 15/09/2012 18:10:26 - System Checkpoint
RP566: 16/09/2012 18:58:55 - System Checkpoint
RP567: 17/09/2012 19:17:04 - System Checkpoint
RP568: 18/09/2012 19:51:08 - System Checkpoint
RP569: 19/09/2012 20:31:01 - System Checkpoint
RP570: 20/09/2012 22:31:32 - System Checkpoint
RP571: 22/09/2012 10:29:54 - System Checkpoint
RP572: 22/09/2012 11:42:38 - Software Distribution Service 3.0
RP573: 23/09/2012 12:32:41 - System Checkpoint
RP574: 24/09/2012 12:56:31 - System Checkpoint
RP575: 26/09/2012 16:39:58 - System Checkpoint
RP576: 27/09/2012 16:40:28 - System Checkpoint
RP577: 28/09/2012 17:10:50 - System Checkpoint
RP578: 29/09/2012 18:55:41 - System Checkpoint
RP579: 30/09/2012 19:21:20 - System Checkpoint
RP580: 01/10/2012 11:16:45 - Installed Java 7 Update 7
RP581: 01/10/2012 16:03:02 - Installed TomTom HOME.
RP582: 02/10/2012 17:46:39 - System Checkpoint
RP583: 03/10/2012 19:17:11 - System Checkpoint
RP584: 04/10/2012 19:26:00 - System Checkpoint
RP585: 06/10/2012 00:34:10 - System Checkpoint
RP586: 07/10/2012 09:35:47 - System Checkpoint
RP587: 08/10/2012 11:58:30 - System Checkpoint
RP588: 09/10/2012 17:34:00 - System Checkpoint
RP589: 10/10/2012 13:34:15 - Software Distribution Service 3.0
RP590: 11/10/2012 07:55:29 - Software Distribution Service 3.0
RP591: 12/10/2012 14:20:56 - System Checkpoint
RP592: 13/10/2012 17:04:47 - System Checkpoint
RP593: 14/10/2012 18:42:04 - System Checkpoint
RP594: 15/10/2012 19:27:46 - System Checkpoint
RP595: 16/10/2012 19:34:27 - System Checkpoint
RP596: 17/10/2012 20:06:41 - System Checkpoint
RP597: 18/10/2012 20:43:03 - System Checkpoint
RP598: 19/10/2012 09:08:25 - Installed BlackBerry Desktop Software.
RP599: 20/10/2012 10:27:36 - System Checkpoint
RP600: 21/10/2012 10:39:05 - System Checkpoint
RP601: 23/10/2012 20:13:21 - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 2.0
Adobe Reader 8.3.1
Amazon MP3 Downloader 1.0.9
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Processor Driver
Any Video Converter 3.2.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASCOM Platform 3.0
ATI AVIVO Codecs
ATI Problem Report Wizard
Bandicam
Bandisoft MPEG-1 Decoder
BlackBerry Desktop Software 7.1
Bluesoleil2.7.0.13 VoIP Release 071227
Bonjour
BT Broadband Desktop Help
BTHomeHub
Call of Duty - United Offensive
Call of Duty Game of the Year Edition
CamStudio
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help English
CCleaner
Cheat Engine 5.6.1
CPUID CPU-Z 1.57.1
CyberLink InstantBurn
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Drakan - Order of the Flame
DX-Ball 2
EA SPORTS online 2004
Easy CD-DA Extractor 16
Express Zip File Compression Software
Fiddler2
Fraps (remove only)
Free FLV Converter V 6.98.0
GameSpy Arcade
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Hi-Def Suite
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
HP Image Zone 4.2
Image Resizer Powertoy Clone for Windows
Internet Download Manager
iTunes
Java 7 Update 7
Java Auto Updater
Java™ 6 Update 27
JDs Auto Speed Tester
LAME v3.98.3 for Audacity
Logitech Desktop Messenger
Logitech IM Video Companion
Logitech ImageStudio
Logitech Print Service
Logitech Vid
Logitech Webcam Software
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo Trial
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC100_CRT_SP1_x86
MOUSE Editor
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (7.0.1)
Mplayer.com
MSI Afterburner 2.1.0
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nexus Mod Manager
Nokia Connectivity Cable Driver
Nokia Software Updater
Nokia Suite
NVIDIA Control Panel 266.58
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA Graphics Driver 266.58
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
Origin
PC Connectivity Solution
PC Tune-Up
Pixillion Image Converter
Power2Go 5.0
PowerBackup
QFolder
Quake 4™
Quake 4™ Demo
Quake II
QuickTime
Re-Volt
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller Pro 2.5.8
RoboForm 7-6-4 (All Users)
Saitek NT Controller Drivers
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Shockwave
Sniper Ghost Warrior (1.0)
Speccy
Starry Night Pro 5
Steam
SUPERAntiSpyware
System Requirements Lab
The Elder Scrolls V: Skyrim
Tiger Woods PGA TOUR 2004
Tiger Woods PGA TOUR® 12: The Masters
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2553092)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Vegas Movie Studio HD Platinum 10.0
Vuze
WavePad Sound Editor
WebFldrs XP
WinAutomation
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Xfire (remove only)
Youtube Downloader HD v. 2.5
Youtube to MP3 Converter v. 1.2
ZoneAlarm Antivirus
ZoneAlarm DataLock
ZoneAlarm Extreme Security
ZoneAlarm Firewall
ZoneAlarm Security
ZoneAlarm Security Toolbar
.
==== End Of File ===========================
  • 0

#6
Sking0

Sking0

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
Hi. I wasn't sure whether you wanted them 1 at a time. Sorry.

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Simon King at 16:25:33 on 2012-10-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2578 [GMT 1:00]
.
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Extreme Security Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Simon King\My Documents\Defogger.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll
BHO: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: ZoneAlarm Security Toolbar: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - c:\program files\zonealarm_security\prxtbZone.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4D94816B-E72D-488F-879B-72A38EF08273} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\simon king\application data\mozilla\firefox\profiles\anb7uxoh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2925418&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Extreme Security Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\simon king\application data\mozilla\firefox\profiles\anb7uxoh.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\Npindeo.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2012-09-25 16:06; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-10-14 132184]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2011-3-1 16048]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-9-21 327256]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-12-18 525840]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2011-3-1 162096]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-6-6 21992]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 Start BT in service;Start BT in service;c:\program files\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-12-27 51816]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-3-2 100368]
R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2011-11-3 36744]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-3-12 27632]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-24 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-18 250808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-2-23 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-24 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-25 113120]
S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-3-10 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-3-10 8576]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\drivers\procexp151.sys --> c:\windows\system32\drivers\PROCEXP151.SYS [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-6-23 27064]
S3 RTCore32;RTCore32;c:\program files\msi afterburner\RTCore32.sys [2005-5-25 4608]
S3 WinAutomation Service;WinAutomation Service;c:\program files\winautomation\WinAutomation.ServiceAgent.exe [2011-1-25 166912]
.
=============== File Associations ===============
.
ShellExec: starrynight.exe: open=c:\program files\starry night pro 5\starrynight.exe
.
=============== Created Last 30 ================
.
2012-10-19 08:10:29 -------- d-----w- c:\documents and settings\simon king\local settings\application data\Research In Motion
2012-10-19 08:10:27 -------- d-----w- c:\documents and settings\simon king\application data\Research In Motion
2012-10-19 08:09:32 35328 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2012-10-19 08:08:58 -------- d-----w- c:\documents and settings\all users\application data\Research In Motion
2012-10-19 08:08:48 -------- d-----w- c:\program files\Research In Motion
2012-10-19 08:08:48 -------- d-----w- c:\program files\common files\XCPCSync.OEM
2012-10-19 08:08:48 -------- d-----w- c:\program files\common files\Research In Motion
2012-10-08 13:53:26 -------- d-----w- c:\documents and settings\simon king\local settings\application data\Imaginova Canada
2012-10-08 13:52:37 244416 ----a-w- c:\windows\system32\system32MSFLXGRD.OCX
2012-10-08 13:52:37 209608 ----a-w- c:\windows\system32\TABCTL32.OCX
2012-10-08 13:52:37 110592 ----a-w- c:\windows\system32\libfli.dll
2012-10-08 13:52:37 103744 ----a-w- c:\windows\system32\MSCOMM32.OCX
2012-10-08 13:52:37 -------- d-----w- c:\program files\common files\ASCOM
2012-10-08 13:50:31 -------- d-----w- c:\windows\Cache
2012-10-08 13:37:40 -------- d--h--w- c:\program files\Zero G Registry
2012-10-08 13:37:40 -------- d-----w- c:\program files\Starry Night Pro 5
2012-10-08 13:37:23 -------- d--h--w- c:\documents and settings\simon king\InstallAnywhere
2012-10-08 11:20:08 -------- d-----w- C:\hplanet
2012-10-01 15:02:01 -------- d-----w- c:\documents and settings\simon king\local settings\application data\Downloaded Installations
2012-10-01 14:48:29 -------- d-----w- c:\documents and settings\all users\application data\TomTom
2012-10-01 14:48:04 -------- d-----w- c:\documents and settings\simon king\local settings\application data\TomTom
2012-10-01 14:48:04 -------- d-----w- c:\documents and settings\simon king\application data\TomTom
2012-10-01 14:47:57 -------- d-----w- c:\program files\TomTom International B.V
2012-10-01 14:47:43 -------- d-----w- c:\program files\TomTom HOME 2
2012-10-01 14:41:56 -------- d-----w- c:\program files\TomTom DesktopSuite
2012-10-01 10:18:59 -------- d-----w- c:\documents and settings\simon king\local settings\application data\Sun
2012-10-01 10:17:21 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-01 10:17:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-10-21 11:47:35 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-10-21 11:47:26 202448 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-10-09 11:18:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 11:18:16 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-01 10:16:54 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-01 10:16:54 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-25 15:05:41 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-25 15:05:41 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-07 19:22:52 81920 ------r- c:\windows\bwUnin-6.1.4.36-8876480L.exe
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-19 15:09:59 270336 ----a-w- c:\program files\Uninstall.exe
2011-12-19 15:09:59 127592 ----a-w- c:\program files\Intro_Video.exe
2011-12-19 15:05:58 102400 ----a-w- c:\program files\srEXT_Unzip.dll
2011-12-19 15:05:57 90185 ----a-w- c:\program files\srDD_Glide3x.dll
2011-12-19 15:05:57 741438 ----a-w- c:\program files\sr.dll
2011-12-19 15:05:57 57434 ----a-w- c:\program files\srEXT_LWOImporter.dll
2011-12-19 15:05:57 53337 ----a-w- c:\program files\srEXT_default.dll
2011-12-19 15:05:57 45142 ----a-w- c:\program files\srEXT_Inspector.dll
2011-12-19 15:05:57 36942 ----a-w- c:\program files\srDD_OpenGL.dll
2011-12-19 15:05:57 118876 ----a-w- c:\program files\srEXT_JPEGImporter.dll
2011-03-07 16:45:42 5296197 ----a-w- c:\program files\CheatEngine60.exe
2011-03-06 20:23:17 38147376 ----a-w- c:\program files\QuickTimeInstaller.exe
2011-03-06 19:31:26 670992 ----a-w- c:\program files\RealPlayer.exe
2011-02-26 19:41:52 3194296 ----a-w- c:\program files\spywareblastersetup44.exe
2011-02-26 17:04:15 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2011-02-25 18:05:49 7133675 ----a-w- c:\program files\xfire_installer_43094.exe
2010-12-22 19:00:00 565313 ----a-w- c:\program files\Supreme_v1.035.exe
2010-12-22 19:00:00 565313 ----a-w- c:\program files\Supreme.exe
2010-11-14 07:00:00 30720 ----a-w- c:\program files\Display_Config.exe
.
============= FINISH: 16:26:31.64 ===============
  • 0

#7
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#8
Sking0

Sking0

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
Here is \AdwCleaner[S1].txt

Roguekiller would not run properly. It would get to 'checking proxy' and stop responding. Couldn't end it with task manager and
had to re-boot to get rid of it.

# AdwCleaner v2.005 - Logfile created 10/26/2012 at 16:52:54
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Simon King - SIMON
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Simon King\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Simon King\Application Data\Mozilla\Firefox\Profiles\anb7uxoh.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Simon King\Application Data\Mozilla\Firefox\Profiles\anb7uxoh.default\searchplugins\daemon-search.xml
File Deleted : C:\Program Files\Uninstall.exe
Folder Deleted : C:\Documents and Settings\All Users\Application Data\FREEzeFlipSA
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\Simon King\Application Data\Mozilla\Firefox\Profiles\anb7uxoh.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\Simon King\Application Data\Mozilla\Firefox\Profiles\anb7uxoh.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
Folder Deleted : C:\Documents and Settings\Simon King\Application Data\Mozilla\Firefox\Profiles\anb7uxoh.default\extensions\staged
Folder Deleted : C:\Documents and Settings\Simon King\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Simon King\Local Settings\Application Data\Vuze_Remote
Folder Deleted : C:\Documents and Settings\Simon King\Local Settings\Application Data\ZoneAlarm_Security
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ZoneAlarm_Security

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\CToolbar
Key Deleted : HKCU\Software\FREEzeFlipSA
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB35C569-5624-4CFC-8043-E5139F55A073}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB35C569-5624-4CFC-8043-E5139F55A073}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\ZoneAlarm_Security
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEB40468-2C9A-4868-A0A2-A5318974F879}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\FREEzeFlip
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36486A77-3A5C-4BF8-8C0E-3BD2D161193C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3DFEEE67-50F6-4E3C-861C-92193F36910F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FREEzeFlipSA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopperReportsSA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm_Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FEB40468-2C9A-4868-A0A2-A5318974F879}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm_Security Toolbar
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\ZoneAlarm_Security
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Simon King\Application Data\Mozilla\Firefox\Profiles\anb7uxoh.default\prefs.js

Deleted : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2504091.CTID", "CT2504091");
Deleted : user_pref("CT2504091.CurrentServerDate", "24-2-2011");
Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2504091.DownloadReferralCookieData", "");
Deleted : user_pref("CT2504091.EMailNotifierPollDate", "Thu Feb 24 2011 20:14:01 GMT+0000 (GMT Standard Time)"[...]
Deleted : user_pref("CT2504091.FeedLastCount129079840422964131", 0);
Deleted : user_pref("CT2504091.FeedPollDate128891351169457140", "Thu Feb 24 2011 20:14:01 GMT+0000 (GMT Standa[...]
Deleted : user_pref("CT2504091.FeedPollDate129079840422964131", "Thu Feb 24 2011 20:14:01 GMT+0000 (GMT Standa[...]
Deleted : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Deleted : user_pref("CT2504091.FirstServerDate", "24-2-2011");
Deleted : user_pref("CT2504091.FirstTime", true);
Deleted : user_pref("CT2504091.FirstTimeFF3", true);
Deleted : user_pref("CT2504091.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2504091.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2504091.Initialize", true);
Deleted : user_pref("CT2504091.InitializeCommonPrefs", true);
Deleted : user_pref("CT2504091.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2504091.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2504091.InstalledDate", "Thu Feb 24 2011 20:14:01 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2504091.IsGrouping", false);
Deleted : user_pref("CT2504091.IsMulticommunity", false);
Deleted : user_pref("CT2504091.IsOpenThankYouPage", false);
Deleted : user_pref("CT2504091.IsOpenUninstallPage", false);
Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Thu Feb 24 2011 20:14:02 GMT+0000 (GMT Standard Ti[...]
Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2504091.LastLogin_2.7.2.0", "Thu Feb 24 2011 20:14:01 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2504091.LatestVersion", "2.7.2.0");
Deleted : user_pref("CT2504091.Locale", "en-us");
Deleted : user_pref("CT2504091.LoginCache", 4);
Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Thu Feb 24 2011 20:14:01 GMT+0000 (GMT Standard [...]
Deleted : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Thu Feb 24 2011 20:14:00 GMT+0000 (GMT Standard Time)"[...]
Deleted : user_pref("CT2504091.SettingsLastUpdate", "1297858754");
Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Thu Feb 24 2011 20:14:00 GMT+0000 (GMT Standar[...]
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted : user_pref("CT2504091.UserID", "UN50748711047090898");
Deleted : user_pref("CT2504091.alertChannelId", "897164");
Deleted : user_pref("CT2504091.clientLogIsEnabled", false);
Deleted : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2504091.myStuffEnabled", true);
Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2645238..clientLogIsEnabled", false);
Deleted : user_pref("CT2645238..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2645238..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2645238.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2645238.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2645238.CTID", "CT2645238");
Deleted : user_pref("CT2645238.CurrentServerDate", "28-5-2012");
Deleted : user_pref("CT2645238.DSInstall", false);
Deleted : user_pref("CT2645238.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2645238.DialogsGetterLastCheckTime", "Mon May 28 2012 11:45:58 GMT+0100 (GMT Daylight T[...]
Deleted : user_pref("CT2645238.DownloadReferralCookieData", "");
Deleted : user_pref("CT2645238.EMailNotifierPollDate", "Fri Dec 02 2011 16:23:49 GMT+0000 (GMT Standard Time)"[...]
Deleted : user_pref("CT2645238.FirstServerDate", "27-11-2011");
Deleted : user_pref("CT2645238.FirstTime", true);
Deleted : user_pref("CT2645238.FirstTimeFF3", true);
Deleted : user_pref("CT2645238.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2645238.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2645238.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2645238.HPInstall", false);
Deleted : user_pref("CT2645238.HasUserGlobalKeys", true);
Deleted : user_pref("CT2645238.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2645238.HomepageBeforeUnload", "hxxp://www.google.co.uk/webhp?sourceid=navclient-ff");
Deleted : user_pref("CT2645238.Initialize", true);
Deleted : user_pref("CT2645238.InitializeCommonPrefs", true);
Deleted : user_pref("CT2645238.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2645238.InstallationId", "CT2645238_ZoneAlarm_Security.exe");
Deleted : user_pref("CT2645238.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2645238.InstalledDate", "Sun Nov 27 2011 13:54:03 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2645238.IsAlertDBUpdated", true);
Deleted : user_pref("CT2645238.IsGrouping", false);
Deleted : user_pref("CT2645238.IsInitSetupIni", true);
Deleted : user_pref("CT2645238.IsMulticommunity", false);
Deleted : user_pref("CT2645238.IsOpenThankYouPage", false);
Deleted : user_pref("CT2645238.IsOpenUninstallPage", false);
Deleted : user_pref("CT2645238.LanguagePackLastCheckTime", "Mon May 28 2012 11:50:03 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("CT2645238.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2645238.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2645238.LastLogin_3.12.0.7", "Wed Apr 25 2012 14:24:48 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2645238.LastLogin_3.12.2.3", "Mon May 28 2012 16:50:28 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2645238.LastLogin_3.8.0.8", "Fri Dec 02 2011 16:23:51 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2645238.LatestVersion", "3.12.2.3");
Deleted : user_pref("CT2645238.Locale", "en");
Deleted : user_pref("CT2645238.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2645238.MCDetectTooltipShow", false);
Deleted : user_pref("CT2645238.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Deleted : user_pref("CT2645238.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2645238.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2645238.OriginalFirstVersion", "3.8.0.8");
Deleted : user_pref("CT2645238.RadioShrinked", "shrinked");
Deleted : user_pref("CT2645238.RadioShrinkedFromSetup", true);
Deleted : user_pref("CT2645238.SHRINK_TOOLBAR", 0);
Deleted : user_pref("CT2645238.SearchBoxWidth", 474);
Deleted : user_pref("CT2645238.SearchCaption", "ZoneAlarm Security Customized Web Search");
Deleted : user_pref("CT2645238.SearchEngineBeforeUnload", "ZoneAlarm Extreme Security Customized Web Search");
Deleted : user_pref("CT2645238.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2645238.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT264[...]
Deleted : user_pref("CT2645238.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2645238.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2645238.SearchInNewTabLastCheckTime", "Mon May 28 2012 11:50:03 GMT+0100 (GMT Daylight [...]
Deleted : user_pref("CT2645238.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2645238.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2645238.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2645238.SearchProtectorEnabled", true);
Deleted : user_pref("CT2645238.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2645238.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2645238.ServiceMapLastCheckTime", "Mon May 28 2012 11:50:03 GMT+0100 (GMT Daylight Time[...]
Deleted : user_pref("CT2645238.SettingsLastCheckTime", "Mon May 28 2012 16:50:25 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2645238.SettingsLastUpdate", "1337169810");
Deleted : user_pref("CT2645238.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2645238&SearchSource=13");
Deleted : user_pref("CT2645238.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2645238.ThirdPartyComponentsLastCheck", "Sun Nov 27 2011 13:54:01 GMT+0000 (GMT Standar[...]
Deleted : user_pref("CT2645238.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2645238.ToolbarShrinkedFromSetup", true);
Deleted : user_pref("CT2645238.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2645238");
Deleted : user_pref("CT2645238.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2645238.UserID", "UN34244591357008736");
Deleted : user_pref("CT2645238.ValidationData_Search", 1);
Deleted : user_pref("CT2645238.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2645238.alertChannelId", "1037922");
Deleted : user_pref("CT2645238.approveUntrustedApps", false);
Deleted : user_pref("CT2645238.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2645238.globalFirstTimeInfoLastCheckTime", "Fri Dec 02 2011 16:23:51 GMT+0000 (GMT Stan[...]
Deleted : user_pref("CT2645238.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2645238.initDone", true);
Deleted : user_pref("CT2645238.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2645238.isFirstRadioInstallation", false);
Deleted : user_pref("CT2645238.myStuffEnabled", true);
Deleted : user_pref("CT2645238.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2645238.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2645238.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2645238.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2645238.oldAppsList", "129194820424161790,129194820424318041,111,129194820424474292,129[...]
Deleted : user_pref("CT2645238.revertSettingsEnabled", true);
Deleted : user_pref("CT2645238.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2645238.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2645238.testingCtid", "");
Deleted : user_pref("CT2645238.toolbarAppMetaDataLastCheckTime", "Mon May 28 2012 11:50:03 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2645238.toolbarContextMenuLastCheckTime", "Sun Nov 27 2011 13:54:05 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2645238.usagesFlag", 2);
Deleted : user_pref("CT2925418..clientLogIsEnabled", true);
Deleted : user_pref("CT2925418..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2925418..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2925418.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2925418.CTID", "CT2925418");
Deleted : user_pref("CT2925418.CurrentServerDate", "5-11-2011");
Deleted : user_pref("CT2925418.DSInstall", true);
Deleted : user_pref("CT2925418.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2925418.DialogsGetterLastCheckTime", "Sat Nov 05 2011 20:44:51 GMT+0000 (GMT Standard T[...]
Deleted : user_pref("CT2925418.DownloadReferralCookieData", "");
Deleted : user_pref("CT2925418.EMailNotifierPollDate", "Sat Nov 05 2011 20:44:50 GMT+0000 (GMT Standard Time)"[...]
Deleted : user_pref("CT2925418.FirstServerDate", "5-11-2011");
Deleted : user_pref("CT2925418.FirstTime", true);
Deleted : user_pref("CT2925418.FirstTimeFF3", true);
Deleted : user_pref("CT2925418.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2925418.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2925418.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2925418.HPInstall", false);
Deleted : user_pref("CT2925418.HasUserGlobalKeys", true);
Deleted : user_pref("CT2925418.Initialize", true);
Deleted : user_pref("CT2925418.InitializeCommonPrefs", true);
Deleted : user_pref("CT2925418.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2925418.InstallationType", "Unknown");
Deleted : user_pref("CT2925418.InstalledDate", "Sat Nov 05 2011 20:44:52 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2925418.IsGrouping", false);
Deleted : user_pref("CT2925418.IsInitSetupIni", true);
Deleted : user_pref("CT2925418.IsMulticommunity", false);
Deleted : user_pref("CT2925418.IsOpenThankYouPage", true);
Deleted : user_pref("CT2925418.IsOpenUninstallPage", true);
Deleted : user_pref("CT2925418.LanguagePackLastCheckTime", "Sat Nov 05 2011 20:44:52 GMT+0000 (GMT Standard Ti[...]
Deleted : user_pref("CT2925418.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2925418.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2925418.LastLogin_3.7.0.6", "Sat Nov 05 2011 20:44:52 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2925418.LatestVersion", "3.7.0.6");
Deleted : user_pref("CT2925418.Locale", "en");
Deleted : user_pref("CT2925418.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2925418.MCDetectTooltipShow", false);
Deleted : user_pref("CT2925418.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Deleted : user_pref("CT2925418.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2925418.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2925418.OriginalFirstVersion", "3.7.0.6");
Deleted : user_pref("CT2925418.RadioShrinked", "shrinked");
Deleted : user_pref("CT2925418.RadioShrinkedFromSetup", true);
Deleted : user_pref("CT2925418.SHRINK_TOOLBAR", 0);
Deleted : user_pref("CT2925418.SearchCaption", "ZoneAlarm Extreme Security Customized Web Search");
Deleted : user_pref("CT2925418.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2925418.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT292[...]
Deleted : user_pref("CT2925418.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2925418.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2925418.SearchInNewTabLastCheckTime", "Sat Nov 05 2011 20:44:52 GMT+0000 (GMT Standard [...]
Deleted : user_pref("CT2925418.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2925418.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2925418.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2925418.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2925418.ServiceMapLastCheckTime", "Sat Nov 05 2011 20:44:49 GMT+0000 (GMT Standard Time[...]
Deleted : user_pref("CT2925418.SettingsLastCheckTime", "Sat Nov 05 2011 20:44:49 GMT+0000 (GMT Standard Time)"[...]
Deleted : user_pref("CT2925418.SettingsLastUpdate", "1319226263");
Deleted : user_pref("CT2925418.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2925418&SearchSource=13");
Deleted : user_pref("CT2925418.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2925418.ThirdPartyComponentsLastCheck", "Sat Nov 05 2011 20:44:49 GMT+0000 (GMT Standar[...]
Deleted : user_pref("CT2925418.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2925418.ToolbarShrinkedFromSetup", true);
Deleted : user_pref("CT2925418.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2925418");
Deleted : user_pref("CT2925418.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2925418.UserID", "UN92295218720760367");
Deleted : user_pref("CT2925418.ValidationData_Toolbar", 1);
Deleted : user_pref("CT2925418.alertChannelId", "1317307");
Deleted : user_pref("CT2925418.approveUntrustedApps", false);
Deleted : user_pref("CT2925418.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2925418.globalFirstTimeInfoLastCheckTime", "Sat Nov 05 2011 20:44:51 GMT+0000 (GMT Stan[...]
Deleted : user_pref("CT2925418.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2925418.initDone", true);
Deleted : user_pref("CT2925418.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2925418.isFirstRadioInstallation", false);
Deleted : user_pref("CT2925418.myStuffEnabled", true);
Deleted : user_pref("CT2925418.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2925418.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2925418.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2925418.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2925418.revertSettingsEnabled", true);
Deleted : user_pref("CT2925418.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2925418.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2925418.testingCtid", "");
Deleted : user_pref("CT2925418.toolbarAppMetaDataLastCheckTime", "Sat Nov 05 2011 20:44:50 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2925418.toolbarContextMenuLastCheckTime", "Sat Nov 05 2011 20:44:52 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2925418.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "ZoneAlarm Extreme Security Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2645238/CT2645238[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1037922/1033633/UK", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1317307/1312978/UK", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2645238", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2925418", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2645238",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2925418",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2645238&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2925418&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/38/264/CT2645238/Images/6340849608501725[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"67e[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Simon King\\Applic[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://listen.grooveshark.com/", "800x598");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?sourceid=na[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2504091,CT2925418,CT2645238");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091,CT2925418,CT2645238");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2925418,CT2645238");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Dec 02 2011 16:23:49 GMT+0000 (GMT[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "9206acb4-2625-473b-ad5f-7622c97d1ed8");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2925418");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Nov 27 2011 13:54:0[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Dec 02 2011 16:23:58 GMT+000[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Dec 02 2011 16:23:50 GMT+0000 (G[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "fe5bf8cf-4814-4ad2-a412-cce3172eb753");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.co.uk/webhp?sourceid=navclient-ff"[...]
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Deleted : user_pref("browser.search.defaultthis.engineName", "ZoneAlarm Extreme Security Customized Web Search[...]
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2925418&Sea[...]
Deleted : user_pref("browser.search.selectedEngine", "ZoneAlarm Extreme Security Customized Web Search");
Deleted : user_pref("extensions.FastestTube_wombat.CachedhxxpRequest.hxxp://lite.adlesse.com/addon/helper.php?[...]
Deleted : user_pref("extensions.FastestTube_wombat.script_loader.data", "[{\"type\":\"content\",\"code\":\"\\/[...]
Deleted : user_pref("extensions.ntk.HISTORY", "[{\"title\":\"Facebook\",\"icon\":{\"spec\":\"moz-anno:favicon:[...]
Deleted : user_pref("extensions.ntk.recentClosedPers", "hxxps://www.facebook.com/index.php?stype=lo&lh=Ac9UdAC[...]

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\yz0hkpz9.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Simon King\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [31010 octets] - [26/10/2012 16:51:38]
AdwCleaner[S1].txt - [31195 octets] - [26/10/2012 16:52:54]

########## EOF - C:\AdwCleaner[S1].txt - [31256 octets] ##########
  • 0

#9
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#10
Sking0

Sking0

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
No problems with any of that 'combofix' part. Will let you know how it goes. The start up 'explorer.exe' problem is very random so it may be a few days until i know it is fixed.
Here is the combofix log.

ComboFix 12-10-26.05 - Simon King 27/10/2012 15:54:02.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2692 [GMT 1:00]
Running from: c:\documents and settings\Simon King\Desktop\ComboFix.exe
FW: ZoneAlarm Extreme Security Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1322084635.bdinstall.bin
c:\documents and settings\All Users\Application Data\1322151705.bdinstall.bin
c:\documents and settings\All Users\Application Data\1322388806.bdinstall.bin
c:\documents and settings\All Users\Application Data\1322388995.bdinstall.bin
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Simon King\Application Data\IDM\idmmzcc3
c:\documents and settings\Simon King\Application Data\IDM\idmmzcc3\chrome.manifest
c:\documents and settings\Simon King\Application Data\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\documents and settings\Simon King\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
c:\documents and settings\Simon King\Application Data\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\documents and settings\Simon King\Application Data\IDM\idmmzcc3\install.js
c:\documents and settings\Simon King\Application Data\IDM\idmmzcc3\install.rdf
c:\documents and settings\Simon King\Application Data\IDM\idmmzcc3\META-INF\manifest.mf
c:\documents and settings\Simon King\Application Data\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\documents and settings\Simon King\Application Data\IDM\idmmzcc3\META-INF\zigbert.sf
c:\documents and settings\Simon King\WINDOWS
c:\program files\xfire_installer_43094.exe
c:\windows\system32\PowerToyReadme.htm
.
.
((((((((((((((((((((((((( Files Created from 2012-09-27 to 2012-10-27 )))))))))))))))))))))))))))))))
.
.
2012-10-26 16:00 . 2012-10-26 16:06 13952 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-10-19 08:10 . 2012-10-19 08:10 -------- d-----w- c:\documents and settings\Simon King\Local Settings\Application Data\Research In Motion
2012-10-19 08:10 . 2012-10-19 08:11 -------- d-----w- c:\documents and settings\Simon King\Application Data\Research In Motion
2012-10-19 08:09 . 2011-07-20 13:13 35328 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2012-10-19 08:08 . 2012-10-19 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2012-10-19 08:08 . 2012-10-19 08:09 -------- d-----w- c:\program files\Common Files\Research In Motion
2012-10-19 08:08 . 2012-10-19 08:08 -------- d-----w- c:\program files\Common Files\XCPCSync.OEM
2012-10-19 08:08 . 2012-10-19 08:08 -------- d-----w- c:\program files\Research In Motion
2012-10-08 13:53 . 2012-10-08 13:53 -------- d-----w- c:\documents and settings\Simon King\Local Settings\Application Data\Imaginova Canada
2012-10-08 13:52 . 2012-10-08 13:52 -------- d-----w- c:\program files\Common Files\ASCOM
2012-10-08 13:52 . 2002-06-02 16:07 110592 ----a-w- c:\windows\system32\libfli.dll
2012-10-08 13:52 . 2000-12-05 23:00 209608 ----a-w- c:\windows\system32\TABCTL32.OCX
2012-10-08 13:52 . 2000-05-22 14:58 244416 ----a-w- c:\windows\system32\system32MSFLXGRD.OCX
2012-10-08 13:52 . 1998-06-24 09:56 103744 ----a-w- c:\windows\system32\MSCOMM32.OCX
2012-10-08 13:50 . 2012-10-08 13:50 -------- d-----w- c:\windows\Cache
2012-10-08 13:50 . 2012-10-08 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2012-10-08 13:37 . 2012-10-18 19:28 -------- d-----w- c:\program files\Starry Night Pro 5
2012-10-08 13:37 . 2012-10-08 13:49 -------- d--h--w- c:\program files\Zero G Registry
2012-10-08 13:37 . 2012-10-08 13:37 -------- d--h--w- c:\documents and settings\Simon King\InstallAnywhere
2012-10-08 11:20 . 2012-10-08 11:20 -------- d-----w- C:\hplanet
2012-10-01 15:02 . 2012-10-01 15:02 -------- d-----w- c:\documents and settings\Simon King\Local Settings\Application Data\Downloaded Installations
2012-10-01 14:48 . 2012-10-01 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2012-10-01 14:48 . 2012-10-01 14:48 -------- d-----w- c:\documents and settings\Simon King\Local Settings\Application Data\TomTom
2012-10-01 14:48 . 2012-10-01 14:48 -------- d-----w- c:\documents and settings\Simon King\Application Data\TomTom
2012-10-01 14:47 . 2012-10-01 14:47 -------- d-----w- c:\program files\TomTom International B.V
2012-10-01 14:47 . 2012-10-01 15:03 -------- d-----w- c:\program files\TomTom HOME 2
2012-10-01 14:41 . 2012-10-01 14:41 -------- d-----w- c:\program files\TomTom DesktopSuite
2012-10-01 10:18 . 2012-10-01 10:18 -------- d-----w- c:\documents and settings\Simon King\Local Settings\Application Data\Sun
2012-10-01 10:18 . 2012-10-01 10:18 -------- d-----w- c:\program files\Common Files\Java
2012-10-01 10:17 . 2012-10-01 10:16 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-01 10:17 . 2012-10-01 10:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-26 18:10 . 2011-02-24 19:46 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-10-26 18:10 . 2011-02-24 19:46 202448 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-10-09 11:18 . 2012-04-18 15:05 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 11:18 . 2011-05-20 06:15 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-01 10:16 . 2011-02-23 12:04 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-01 10:16 . 2011-02-23 12:04 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-25 15:05 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-25 15:05 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-07 19:22 . 2012-09-07 19:12 81920 ------r- c:\windows\bwUnin-6.1.4.36-8876480L.exe
2012-08-28 15:14 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-19 15:09 . 2011-12-19 15:05 127592 ----a-w- c:\program files\Intro_Video.exe
2011-12-19 15:05 . 2011-12-19 15:05 102400 ----a-w- c:\program files\srEXT_Unzip.dll
2011-12-19 15:05 . 2011-12-19 15:05 90185 ----a-w- c:\program files\srDD_Glide3x.dll
2011-12-19 15:05 . 2011-12-19 15:05 741438 ----a-w- c:\program files\sr.dll
2011-12-19 15:05 . 2011-12-19 15:05 57434 ----a-w- c:\program files\srEXT_LWOImporter.dll
2011-12-19 15:05 . 2011-12-19 15:05 53337 ----a-w- c:\program files\srEXT_default.dll
2011-12-19 15:05 . 2011-12-19 15:05 45142 ----a-w- c:\program files\srEXT_Inspector.dll
2011-12-19 15:05 . 2011-12-19 15:05 36942 ----a-w- c:\program files\srDD_OpenGL.dll
2011-12-19 15:05 . 2011-12-19 15:05 118876 ----a-w- c:\program files\srEXT_JPEGImporter.dll
2011-03-07 16:45 . 2011-03-07 16:45 5296197 ----a-w- c:\program files\CheatEngine60.exe
2011-03-06 20:23 . 2011-03-06 20:21 38147376 ----a-w- c:\program files\QuickTimeInstaller.exe
2011-03-06 19:31 . 2011-03-06 19:31 670992 ----a-w- c:\program files\RealPlayer.exe
2011-02-26 19:41 . 2011-02-26 19:41 3194296 ----a-w- c:\program files\spywareblastersetup44.exe
2011-02-26 17:04 . 2011-02-26 17:03 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2010-12-22 19:00 . 2010-12-22 19:00 565313 ----a-w- c:\program files\Supreme_v1.035.exe
2010-12-22 19:00 . 2010-12-22 19:00 565313 ----a-w- c:\program files\Supreme.exe
2010-11-14 07:00 . 2010-11-14 07:00 30720 ----a-w- c:\program files\Display_Config.exe
2012-08-14 17:57 . 2011-10-27 22:22 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-24 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-12-18 73360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-12-06 16:05 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-09-25 15:05 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-08-28 06:41 247768 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm]
2011-12-18 20:04 73360 ----a-w- c:\program files\CheckPoint\ZoneAlarm\zatray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=
"c:\\Program Files\\Origin Games\\Tiger Woods 12\\TWOLauncher.exe"=
"c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\skyrim\\SkyrimLauncher.exe"=
.
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [01/03/2011 17:00 16048]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [14/10/2010 17:08 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [01/03/2011 17:00 162096]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [06/06/2011 08:04 21992]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [03/11/2011 15:44 27016]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [03/11/2011 15:44 497280]
R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [27/12/2007 16:39 51816]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [28/08/2012 07:41 92632]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [02/03/2012 18:01 100368]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [03/11/2011 15:44 36744]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [12/03/2011 20:37 27632]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/02/2011 19:46 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18/04/2012 16:05 250808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [23/02/2011 20:39 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [24/02/2011 19:46 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [25/05/2012 20:34 113120]
S3 MSICDSetup;MSICDSetup;\??\d:\cdriver.sys --> d:\CDriver.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10/03/2012 17:40 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10/03/2012 17:40 8576]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:37 4640000]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [23/06/2012 22:45 27064]
S3 RTCore32;RTCore32;c:\program files\MSI Afterburner\RTCore32.sys [25/05/2005 04:39 4608]
S3 WinAutomation Service;WinAutomation Service;c:\program files\WinAutomation\WinAutomation.ServiceAgent.exe [25/01/2011 14:25 166912]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 13:23]
.
2012-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2012-10-20 c:\windows\Tasks\expresszipShakeIcon.job
- c:\program files\NCH Software\ExpressZip\expresszip.exe [2011-09-02 10:53]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-24 18:46]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-24 18:46]
.
2012-06-14 c:\windows\Tasks\pixillionDowngrade.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2011-10-11 19:59]
.
2012-06-14 c:\windows\Tasks\pixillionShakeIcon.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2011-10-11 19:59]
.
2012-10-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-287218729-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 13:27]
.
2012-10-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-287218729-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 13:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Simon King\Application Data\Mozilla\Firefox\Profiles\anb7uxoh.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en-GB&q=
FF - ExtSQL: 2012-09-25 16:06; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ISW - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-27 15:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1844237615-287218729-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{414D94B0-F712-9582-A874-42D9ADDAD9FA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ac,46,35,9a,8d,4c,a9,d9,f0,80,6b,ad,7c,0c,a3,72,2a,de,24,a0,26,
33,9f,ba,0d,f4,21,0b,22,e6,43,18,be,2f,09,dc,49,38,40,8f,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{93c60861-b448-408d-a2b0-02b14f666fee}]
@Denied: (Full) (Everyone)
"Model"=dword:0000003e
"Therad"=dword:0000000e
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0b\04\11\14-.t"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
.
- - - - - - - > 'lsass.exe'(816)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
.
- - - - - - - > 'csrss.exe'(720)
c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
.
Completion time: 2012-10-27 16:01:44
ComboFix-quarantined-files.txt 2012-10-27 15:01
.
Pre-Run: 663,681,282,048 bytes free
Post-Run: 663,707,873,280 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 5CA8EFBE20D8575FFB6FB9DE291FC7E3
  • 0

Advertisements


#11
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings Sking0

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#12
Sking0

Sking0

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
Post removed by sking0

Edited by Sking0, 28 October 2012 - 02:49 AM.

  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


first you have not told me what is worse.


what program caused this or when.


Gringo
  • 0

#14
Sking0

Sking0

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
More than likely it was combofix. But like i said, i could have just restored the whole pc in 5 hours.
  • 0

#15
Sking0

Sking0

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 172 posts
When i tried to play CoD UO. I got this message ...

ttempting 44 kHz 16 bit stereo sound
2D provider initialized at 9969280 0 90439028
available 3D providers:
Miles sound system initialization failed
WARNING: loaded sound file 'sound/misc/mouse_click.wav' couldn't be read
WARNING: loaded sound file 'sound/misc/mouse_over.wav' couldn't be read
WARNING: streamed sound 'sound/music/mainmenu1.mp3' not found
----- CL_Shutdown -----
RE_Shutdown( 1 )
Shutting down OpenGL subsystem
...wglMakeCurrent( NULL, NULL ): success
...deleting GL context: success
...releasing DC: success
...destroying window
...resetting display
...shutting down QGL
...unloading OpenGL DLL
-----------------------
Hunk_Clear: reset the hunk ok
3 sound file(s) are missing or in a bad format

I reinstalled the game and it made no difference. i didn't think the explorer.exe problem would come to this.
Reinstalled Realplayer too.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP