Adware Dealply infection

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Adware Dealply infection

Post by rlenihan on Thu 02 May 2013, 1:40 am

Help please I have tried everything to get rid of this infection. Malwarebytes, eset online scanner, norton power eraser and my symantec endpoint keeps finding it Here is the mesage from our antivirus program
Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: Adware.DealPly
File: C:\Documents and Settings\rlenihan\Local Settings\Temporary Internet Files\Content.IE5\1NEDWOOZ\opt_content[1].js
Location: Quarantine
Computer: RICKL-PC
User: rlenihan
Action taken: Quarantine succeeded : Access denied
Date found: Wednesday, May 01, 2013 10:42:50 AM

rlenihan

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2009-10-29
Operating System : XP

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by Superdave on Thu 02 May 2013, 6:21 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*******************************************************
Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

********************************************************
Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by rlenihan on Thu 02 May 2013, 6:57 am

# AdwCleaner v2.300 - Logfile

created 05/01/2013 at 15:27:53
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft

Windows XP Service Pack 3 (32 bits)
# User : rlenihan - RICKL-PC
# Boot Mode : Normal
# Running from : C:\Documents and

Settings\rlenihan\Desktop\new

programs\adwarecleaner\adwcleaner.ex

e
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found :

C:\DOCUME~1\jsullivan\LOCALS~1\Temp\

boost_interprocess
Folder Found : C:\Documents and

Settings\rlenihan\Application

Data\PriceGong
Folder Found : C:\Documents and

Settings\rlenihan\Local

Settings\Application Data\Conduit
Folder Found : C:\Documents and

Settings\rlenihan\Local

Settings\Application

Data\Google\Chrome\User

Data\Default\Extensions\cgpimkfhjdao

bobdomcikioipaenlhke
Folder Found : C:\Documents and

Settings\rlenihan\Local

Settings\Application

Data\Google\Chrome\User

Data\Default\Extensions\cgpimkfhjdao

bobdomcikioipaenlhke
Folder Found : C:\Documents and

Settings\rlenihan\Local

Settings\Application

Data\PackageAware
Folder Found : C:\Program

Files\Conduit

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found :

HKCU\Software\ConduitSearchScopes
Key Found :

HKCU\Software\Google\Chrome\Extensio

ns\cgpimkfhjdaobobdomcikioipaenlhke
Key Found :

HKCU\Software\Google\Chrome\Extensio

ns\cgpimkfhjdaobobdomcikioipaenlhke
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Viewpoint
Key Found :

HKLM\SOFTWARE\Classes\20070122200339

_auto_file
Key Found :

HKLM\SOFTWARE\Classes\20090113181753

_auto_file
Key Found :

HKLM\SOFTWARE\Classes\20090203204200

_auto_file
Key Found :

HKLM\SOFTWARE\Classes\20090323125414

_auto_file
Key Found :

HKLM\SOFTWARE\Classes\20090420144432

_auto_file
Key Found :

HKLM\SOFTWARE\Classes\CLSID\{3C47194

8-F874-49F5-B338-4F214A2EE0B1}
Key Found :

HKLM\SOFTWARE\Classes\Toolbar.CT2064

07
Key Found :

HKLM\SOFTWARE\Classes\Toolbar.CT3241

284
Key Found : HKLM\Software\Conduit
Key Found :

HKLM\SOFTWARE\Google\Chrome\Extensio

ns\cgpimkfhjdaobobdomcikioipaenlhke
Key Found :

HKLM\SOFTWARE\Google\Chrome\Extensio

ns\cgpimkfhjdaobobdomcikioipaenlhke
Key Found :

HKLM\Software\Microsoft\Windows\Curr

entVersion\Installer\UserData\S-1-5-

18\Components\063A857434EDED11A89380

0002C0A966
Key Found :

HKLM\Software\Microsoft\Windows\Curr

entVersion\Installer\UserData\S-1-5-

18\Components\0FF2AEFF45EEA0A48A4B33

C1973B6094
Key Found :

HKLM\Software\Microsoft\Windows\Curr

entVersion\Installer\UserData\S-1-5-

18\Components\305B09CE8C53A214DB5888

7F62F25536

***** [Internet Browsers] *****

-\\ Internet Explorer

v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and

Settings\rlenihan\Local

Settings\Application

Data\Google\Chrome\User

Data\Default\Preferences

Found [l.23] : icon_url =

"hxxp://search.conduit.com/fav.ico",
Found [l.26] : keyword =

"search.conduit.com",
Found [l.30] : search_url =

"hxxp://search.conduit.com/Results.a

spx?q={searchTerms}&SearchSource=49&

CUI=UN34181151041328202&ctid=CT32412

84&UM=2",
Found [l.31] : suggest_url =

"hxxp://suggest.search.conduit.com/C

SuggestJson.ashx?prefix={searchTerms

}&CUI=UN34181151041328202&UM=2"

*************************

AdwCleaner[R1].txt - [1096 octets] -

[01/05/2013 15:27:55]

########## EOF -

H:\AdwCleaner[R1].txt - [1096

octets] ##########

# AdwCleaner v2.300 - Logfile

created 05/01/2013 at 15:29:01
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft

Windows XP Service Pack 3 (32 bits)
# User : rlenihan - RICKL-PC
# Boot Mode : Normal
# Running from : C:\Documents and

Settings\rlenihan\Desktop\new

programs\adwarecleaner\adwcleaner.ex

e
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and

Settings\rlenihan\Local

Settings\Application

Data\Google\Chrome\User

Data\Default\Extensions\cgpimkfhjdao

bobdomcikioipaenlhke
Deleted on reboot : C:\Documents and

Settings\rlenihan\Local

Settings\Application

Data\Google\Chrome\User

Data\Default\Extensions\cgpimkfhjdao

bobdomcikioipaenlhke
Folder Deleted :

C:\DOCUME~1\jsullivan\LOCALS~1\Temp\

boost_interprocess
Folder Deleted : C:\Documents and

Settings\rlenihan\Application

Data\PriceGong
Folder Deleted : C:\Documents and

Settings\rlenihan\Local

Settings\Application Data\Conduit
Folder Deleted : C:\Documents and

Settings\rlenihan\Local

Settings\Application

Data\PackageAware
Folder Deleted : C:\Program

Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted :

HKCU\Software\ConduitSearchScopes
Key Deleted :

HKCU\Software\Google\Chrome\Extensio

ns\cgpimkfhjdaobobdomcikioipaenlhke
Key Deleted :

HKCU\Software\Headlight
Key Deleted :

HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted :

HKCU\Software\Viewpoint
Key Deleted :

HKLM\SOFTWARE\Classes\20070122200339

_auto_file
Key Deleted :

HKLM\SOFTWARE\Classes\20090113181753

_auto_file
Key Deleted :

HKLM\SOFTWARE\Classes\20090203204200

_auto_file
Key Deleted :

HKLM\SOFTWARE\Classes\20090323125414

_auto_file
Key Deleted :

HKLM\SOFTWARE\Classes\20090420144432

_auto_file
Key Deleted :

HKLM\SOFTWARE\Classes\CLSID\{3C47194

8-F874-49F5-B338-4F214A2EE0B1}
Key Deleted :

HKLM\SOFTWARE\Classes\Toolbar.CT2064

07
Key Deleted :

HKLM\SOFTWARE\Classes\Toolbar.CT3241

284
Key Deleted : HKLM\Software\Conduit
Key Deleted :

HKLM\SOFTWARE\Google\Chrome\Extensio

ns\cgpimkfhjdaobobdomcikioipaenlhke
Key Deleted :

HKLM\Software\Microsoft\Windows\Curr

entVersion\Installer\UserData\S-1-5-

18\Components\063A857434EDED11A89380

0002C0A966
Key Deleted :

HKLM\Software\Microsoft\Windows\Curr

entVersion\Installer\UserData\S-1-5-

18\Components\0FF2AEFF45EEA0A48A4B33

C1973B6094
Key Deleted :

HKLM\Software\Microsoft\Windows\Curr

entVersion\Installer\UserData\S-1-5-

18\Components\305B09CE8C53A214DB5888

7F62F25536

***** [Internet Browsers] *****

-\\ Internet Explorer

v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and

Settings\rlenihan\Local

Settings\Application

Data\Google\Chrome\User

Data\Default\Preferences

Deleted [l.23] : icon_url =

"hxxp://search.conduit.com/fav.ico",
Deleted [l.26] : keyword =

"search.conduit.com",
Deleted [l.30] : search_url =

"hxxp://search.conduit.com/Results.a

spx?q={searchTerms}&SearchSource=49&

CUI=UN34[...]
Deleted [l.31] : suggest_url =

"hxxp://suggest.search.conduit.com/C

SuggestJson.ashx?prefix={searchTerms

}&CUI=U[...]

*************************

AdwCleaner[R1].txt - [3423 octets] -

[01/05/2013 15:27:55]
AdwCleaner[S1].txt - [1116 octets] -

[01/05/2013 15:29:02]

########## EOF -

H:\AdwCleaner[S1].txt - [1116

octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by

Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Microsoft Windows XP x86
Ran by rlenihan on 05/01/2013 at

15:48:38.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry

Value]

HKEY_LOCAL_MACHINE\Software\Microsof

t\Internet

Explorer\SearchScopes\{0633EE93-D776

-472f-A0FF-E1416B8B2E3A}\\DisplayNam

e
Successfully repaired: [Registry

Value]

HKEY_LOCAL_MACHINE\Software\Microsof

t\Internet

Explorer\SearchScopes\{0633EE93-D776

-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key]

HKEY_CURRENT_USER\Software\Microsoft

\Internet

Explorer\SearchScopes\{FA2DBC50-63ED

-4F1B-9830-33434D614101}



~~~ Files

Successfully deleted: [File]

"C:\end"
Successfully deleted: [File]

C:\eula.1028.txt
Successfully deleted: [File]

C:\eula.1031.txt
Successfully deleted: [File]

C:\eula.1033.txt
Successfully deleted: [File]

C:\eula.1036.txt
Successfully deleted: [File]

C:\eula.1040.txt
Successfully deleted: [File]

C:\eula.1041.txt
Successfully deleted: [File]

C:\eula.1042.txt
Successfully deleted: [File]

C:\eula.2052.txt
Successfully deleted: [File]

C:\install.res.1028.dll
Successfully deleted: [File]

C:\install.res.1031.dll
Successfully deleted: [File]

C:\install.res.1033.dll
Successfully deleted: [File]

C:\install.res.1036.dll
Successfully deleted: [File]

C:\install.res.1040.dll
Successfully deleted: [File]

C:\install.res.1041.dll
Successfully deleted: [File]

C:\install.res.1042.dll
Successfully deleted: [File]

C:\install.res.2052.dll
Successfully deleted: [File]

C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder]

"C:\Documents and

Settings\rlenihan\Application

Data\strongvault"
Successfully deleted: [Folder]

"C:\Program Files\registry mechanic"
Successfully deleted: [Folder]

"C:\WINDOWS\system32\ai_recyclebin"
Successfully deleted: [Folder]

"C:\ai_recyclebin"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/01/2013 at

15:51:34.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~
Security check software returned

this
UNSUPPORTED OPERATING SYSTEM!

ABORTED!



rlenihan

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2009-10-29
Operating System : XP

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by Superdave on Thu 02 May 2013, 9:11 am

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by rlenihan on Thu 02 May 2013, 11:41 am

ComboFix 13-05-01.03 - rlenihan 05/01/2013 18:37:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2104 [GMT -4:00]
Running from: c:\documents and settings\rlenihan\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\rlenihan\GoToAssistDownloadHelper.exe
C:\install.exe
c:\windows\Downloaded Program Files\Install.inf
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab
c:\windows\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab
c:\windows\system32\aosmtp.dll
c:\windows\system32\DC120fc7_32.dll
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\UNWISE.EXE
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FAD
.
.
((((((((((((((((((((((((( Files Created from 2013-04-01 to 2013-05-01 )))))))))))))))))))))))))))))))
.
.
2013-05-01 19:48 . 2013-05-01 19:48 -------- d-----w- c:\windows\ERUNT
2013-05-01 19:48 . 2013-05-01 19:48 -------- d-----w- C:\JRT
2013-05-01 12:48 . 2013-05-01 12:48 167344 ----a-w- c:\windows\system32\mfevtps.exe.8c8a.deleteme
2013-05-01 12:46 . 2013-05-01 12:46 -------- d-----w- C:\Stinger_Quarantine
2013-04-30 15:57 . 2013-04-30 15:57 -------- d-----w- c:\windows\Microsoft Antimalware
2013-04-30 13:02 . 2013-05-01 12:38 -------- d-----w- c:\documents and settings\rlenihan\Local Settings\Application Data\NPE
2013-04-30 13:02 . 2013-04-30 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2013-04-29 20:37 . 2013-04-29 20:37 -------- d-----w- c:\program files\FileASSASSIN
2013-04-29 13:40 . 2013-04-29 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\VS Revo Group
2013-04-29 13:36 . 2013-04-29 13:36 -------- d-----w- c:\program files\VideoSaver
2013-04-29 13:26 . 2013-04-29 13:26 -------- d-----w- c:\documents and settings\rlenihan\Local Settings\Application Data\CRE
2013-04-18 14:30 . 2013-04-18 14:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-18 14:29 . 2013-04-18 14:29 0 ----a-w- c:\windows\system32\RENB04.tmp
2013-04-18 14:29 . 2013-04-18 14:29 0 ----a-w- c:\windows\system32\RENB03.tmp
2013-04-04 15:56 . 2013-04-04 15:56 -------- d-----w- c:\program files\Uniblue
2013-04-04 15:56 . 2013-04-04 15:56 -------- d-----w- c:\documents and settings\rlenihan\Application Data\Uniblue
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-18 14:30 . 2012-09-04 14:47 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-18 14:30 . 2012-05-14 20:23 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-18 14:30 . 2010-04-20 12:23 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-18 14:21 . 2012-04-04 14:46 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-18 14:21 . 2011-10-19 14:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-04 18:50 . 2008-10-27 14:18 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-08 14:55 . 2013-03-08 14:55 0 ----a-w- c:\windows\system32\RENC62.tmp
2013-03-08 14:55 . 2013-03-08 14:55 0 ----a-w- c:\windows\system32\RENC61.tmp
2013-03-08 08:36 . 2004-08-11 21:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2004-08-11 21:00 2149888 ------w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-04 02:59 2028544 ------w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-08-11 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-11 21:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-11 21:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-11 21:00 1867264 ------w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-11 21:00 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2004-08-11 21:11 2067456 ------w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-08-24 07:36 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-11 21:00 12928 ------w- c:\windows\system32\drivers\usb8023.sys
2013-02-09 02:03 . 2013-02-09 02:03 0 ----a-w- c:\windows\system32\RENC.tmp
2013-02-09 02:03 . 2013-02-09 02:03 0 ----a-w- c:\windows\system32\RENB.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{FCA0E497-33D1-4DBE-8FDB-7F9A597C8BC2}]
2013-04-23 21:57 133528 ----a-w- c:\program files\VideoSaver\VideoSaver.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\rlenihan\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\rlenihan\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\rlenihan\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\rlenihan\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
"Clipomatic"="c:\program files\Clipomatic\Clipomatic.exe" [1999-05-15 65536]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-03-20 1100120]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-07 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-07 29744]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 141848]
"CPMonitor"="c:\program files\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-12-18 3478752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\documents and settings\rlenihan\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-10-19 1316192]
Dropbox.lnk - c:\documents and settings\rlenihan\Application Data\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-25 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-6-27 572000]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1454471165-688789844-725345543-1112\Scripts\Logon\0\0]
"Script"=c:\winnt\SYSVOL\sysvol\bradyenterprises.com\scripts\BRScript.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1454471165-688789844-725345543-1136\Scripts\Logon\0\0]
"Script"=c:\winnt\SYSVOL\sysvol\bradyenterprises.com\scripts\BRScript.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1454471165-688789844-725345543-1155\Scripts\Logon\0\0]
"Script"=c:\winnt\SYSVOL\sysvol\bradyenterprises.com\scripts\BRScript.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1454471165-688789844-725345543-500\Scripts\Logon\0\0]
"Script"=c:\winnt\SYSVOL\sysvol\bradyenterprises.com\scripts\BRScript.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Delivery Agent.lnk]
backup=c:\windows\pss\QuickBooks Delivery Agent.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2013-01-26 11:08 4480768 ----a-w- c:\documents and settings\rlenihan\Local Settings\Application Data\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cookienator]
2009-10-19 05:29 1333472 ----a-w- c:\program files\Cookienator\cookienator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-03-28 17:40 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-08-30 14:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 17:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-01-12 07:09 488984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 08:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RWipeKbdDemon]
2010-04-13 23:35 73728 ----a-w- c:\program files\R-Wipe&Clean\RWKbdD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-08-07 22:59 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Roxio\\Digital Home 10\\RoxioUPnPRenderer10.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [06/24/2010 11:33 AM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [06/24/2010 11:33 AM 15856]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [06/06/2011 8:16 AM 13496]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\SymDS.sys [06/14/2012 1:13 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\SymEFA.sys [06/14/2012 1:13 PM 756856]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20130412.011\BHDrvx86.sys [04/23/2013 2:15 PM 1000024]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [06/24/2010 11:33 AM 25584]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys [06/14/2012 1:13 PM 136312]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [06/02/2009 7:05 PM 457200]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [09/30/2010 4:06 AM 169408]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [10/24/2012 5:32 PM 1026432]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [06/20/2007 2:30 PM 79168]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [11/01/2010 11:38 AM 3744]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [06/23/2009 5:40 PM 127352]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [06/09/2009 10:11 AM 155648]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [03/20/2013 4:35 PM 186200]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [06/23/2010 12:31 PM 12184]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [03/08/2010 9:06 AM 72672]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [11/01/2010 11:38 AM 3904]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [09/10/2012 2:25 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/27/2008 10:18 AM 701512]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [06/27/2012 3:25 AM 1326176]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [06/14/2012 1:13 PM 137224]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [04/25/2013 12:34 PM 3574624]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [05/01/2013 10:40 AM 106656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/27/2008 10:18 AM 22856]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [12/16/2011 10:19 AM 15544]
S2 gupdate1c985ffd758e9eb;Google Update Service (gupdate1c985ffd758e9eb);c:\program files\Google\Update\GoogleUpdate.exe [02/03/2009 9:03 AM 133104]
S2 HIT_PARA;HIT_PARA;c:\windows\system32\drivers\HIT_Para.sys [08/28/2008 9:51 AM 8204]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [06/23/2008 9:08 AM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [06/23/2008 9:06 AM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [06/23/2008 9:06 AM 166384]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [07/24/2009 8:33 AM 219632]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [06/27/2012 3:25 AM 681056]
S2 SessionLauncher;SessionLauncher;c:\docume~1\rlenihan\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\rlenihan\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S2 TeamViewer4;TeamViewer 4;"c:\program files\TeamViewer\Version4\TeamViewer_Service.exe" -service --> c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 esihdrv;esihdrv;\??\c:\docume~1\rlenihan\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\rlenihan\LOCALS~1\Temp\esihdrv.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [05/04/2010 4:09 PM 27064]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [06/23/2008 9:08 AM 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [06/23/2008 9:05 AM 1120752]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [07/24/2009 8:33 AM 1116656]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 14:19 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 14:21]
.
2013-05-01 c:\windows\Tasks\AdobeAAMUpdater-1.0-BRADYENTERPRISE-rlenihan.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20 11:27]
.
2013-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-05-01 c:\windows\Tasks\dsmonitor.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2013-04-04 18:47]
.
2013-05-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-07 11:39]
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 13:03]
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 13:03]
.
2013-05-01 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-12-09 15:27]
.
2013-05-01 c:\windows\Tasks\User_Feed_Synchronization-{CB8CBC48-7C4D-49D6-AD87-B5EFD2746333}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
2013-05-01 c:\windows\Tasks\VideoSaver Update.job
- c:\program files\VideoSaver\vdsvrur.exe [2013-04-23 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local;
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: amazon.com\www
Trusted Zone: bradyenterprises.com\mail
Trusted Zone: cinemanow.com
Trusted Zone: paypal.com\www
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
Trusted Zone: tripadvisor.com\www
TCP: DhcpNameServer = 192.168.1.4
DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} - [You must be registered and logged in to see this link.]
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-NavLogon - (no file)
Notify-SEP - c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-ccEvtMgr
SafeBoot-ccSetMgr
SafeBoot-Symantec Antivirus
SafeBoot-Symantec Antvirus
MSConfigStartUp-Garmin Lifetime Updater - c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
MSConfigStartUp-OpwareSE4 - c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
MSConfigStartUp-RegistryMechanic - c:\program files\Registry Mechanic\RegMech.exe
MSConfigStartUp-RWIP-UNB - h:\rlenihan\RWCCleaB.exe
MSConfigStartUp-SSBkgdUpdate - c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
AddRemove-DocLock - c:\program files\File & Folder Lock\uninst.exe
AddRemove-HASP Device Drivers - c:\windows\system32\UNWISE.EXE
AddRemove-Registry Mechanic_is1 - c:\program files\Registry Mechanic\unins000.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\rlenihan\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
AddRemove-WS_FTP Pro - f:\winnt\IsUninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2013-05-01 18:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Clipomatic = c:\program files\Clipomatic\Clipomatic.exe??|???Z?A~.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{860F37D0-88B9-EAFE-0DA223FC9F2D4B17}\{92B5FDE0-C227-B1B3-6D9FE8922DCBDAED}\{28D3DA4D-49F1-E4D4-1516D5318029455A}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(728)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(6072)
c:\windows\system32\WININET.dll
c:\documents and settings\rlenihan\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\LxrSII1s.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\System32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
c:\program files\teamviewer\version8\TeamViewer.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\TeamViewer\Version8\tv_w32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\IObit\Advanced SystemCare 6\DelayLoad.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2013-05-01 19:01:46 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-01 23:01
.
Pre-Run: 29,924,646,912 bytes free
Post-Run: 30,170,550,272 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 10E5970B9D546077316AED829D354B97

rlenihan

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2009-10-29
Operating System : XP

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by Superdave on Thu 02 May 2013, 12:52 pm

Internet Explorer's security is based upon a set of zones. Each zone has

different security in terms of what scripts and applications can be run from a site that is

in that zone. There is a security zone called the Trusted Zone. This zone has the lowest

security
and allows scripts and applications from sites in this zone to run without

your knowledge
. It is therefore a popular setting for malware sites to use so

that future infections can be easily done on your computer without your knowledge as these

sites will be in the Trusted Zone
. Therefore, I recommend that nothing be allowed in the

trusted zone. If you agree, please do the following.


Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    Firefox::
    Trusted Zone: amazon.com\www
    Trusted Zone: bradyenterprises.com\mail
    Trusted Zone: cinemanow.com
    Trusted Zone: paypal.com\www
    Trusted Zone: qflix.com
    Trusted Zone: roxio.com
    Trusted Zone: sonic.com\redirect
    Trusted Zone: sonic.com\redirect2
    Trusted Zone: tripadvisor.com\www

    DDS::
    Trusted Zone: amazon.com\www
    Trusted Zone: bradyenterprises.com\mail
    Trusted Zone: cinemanow.com
    Trusted Zone: paypal.com\www
    Trusted Zone: qflix.com
    Trusted Zone: roxio.com
    Trusted Zone: sonic.com\redirect
    Trusted Zone: sonic.com\redirect2
    Trusted Zone: tripadvisor.com\www

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • I don't need to see the log from this action.

************************************************

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by rlenihan on Thu 02 May 2013, 11:51 pm

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : [You must be registered and logged in to see this link.]
Website : [You must be registered and logged in to see this link.]
Blog : [You must be registered and logged in to see this link.]

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : rlenihan [Admin rights]
Mode : Scan -- Date : 05/02/2013 08:48:25
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x89E55F90)
SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x89DA68D8)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8A20D078)
SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (Unknown @ 0x89D786A8)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A180238)
SSDT[43] : NtCreateMutant @ 0x806177F2 -> HOOKED (Unknown @ 0x8A1C8EE0)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A02 -> HOOKED (Unknown @ 0x89D784C8)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x89DA0438)
SSDT[57] : NtDebugActiveProcess @ 0x80643C82 -> HOOKED (Unknown @ 0x89D78788)
SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x89E55070)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x89E489E0)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9332 -> HOOKED (Unknown @ 0x8A1C8FD0)
SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x89E55EB0)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x8A17FC40)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x89E48900)
SSDT[114] : NtOpenEvent @ 0x8060F1B0 -> HOOKED (Unknown @ 0x89D7DFD0)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x89DA0320)
SSDT[123] : NtOpenProcessToken @ 0x805EE000 -> HOOKED (Unknown @ 0x8A4460A8)
SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (Unknown @ 0x89D7DE30)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x89E55140)
SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (Unknown @ 0x89D785B8)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x89DA6998)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A193250)
SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x89E4D8C8)
SSDT[240] : NtSetSystemInformation @ 0x8060FE68 -> HOOKED (Unknown @ 0x89D78868)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x89D7DF10)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x89DAAC50)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A19D148)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x89DAAD30)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8A44D6D8)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x89D7B2A0)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x89D091F0)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x89D4F3C0)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x89D4F430)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x89D09260)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x89CA5E88)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x89D58948)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x89CA6630)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8A1CAFC0)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89C841A8)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A3858C0)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1601ABYS-18C0A0 +++++
--- User ---
[MBR] dea945c3ee3621b4bca3bf282f6c632c
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 152539 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SanDisk Cruzer USB Device +++++
--- User ---
[MBR] cc2722ce00da54d9761c6505dbd9f0de
[BSP] af6db586d308d85a8460cbfafb54fa0c : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 7629 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_05022013_02d0848.txt >>
RKreport[1]_S_05022013_02d0848.txt




rlenihan

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2009-10-29
Operating System : XP

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by Superdave on Fri 03 May 2013, 5:28 am

Please run RogueKiller again and delete those items.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by rlenihan on Fri 03 May 2013, 11:31 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5ad7341046f4e442b6a295e22d6068af
# engine=13731
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-01 02:59:35
# local_time=2013-04-30 10:59:35 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5893 16776638 33 7 109136575 109136575 0 0
# scanned=211007
# found=18
# cleaned=18
# scan_time=21860
sh=9F3D6D3FD87EBB83098E5615E98C6C8E929EAB84 ft=1 fh=b737a2242915c4a7 vn="Java/AngryIPScan.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\rlenihan\Desktop\new programs\CMAC\ipscan-win32-3.0-beta6.exe"
sh=066EC383C2A4DBBDD8EA15ACE1D39837FADAFF02 ft=1 fh=005a0dba193909a6 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\rlenihan\Desktop\new programs\Defrag\ARO2011_tbt.exe"
sh=3A456433BA46533220B12FB937F68C2FE5054756 ft=1 fh=de80fd98870b182c vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\rlenihan\Desktop\new programs\Duplicate Finder\duplicate-file-finder-setup.exe"
sh=B662EE7DF1E0B040B8B6BA986C73A278647B94D9 ft=1 fh=a0d009293ed74dab vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\rlenihan\Desktop\new programs\Image Burn\SetupImgBurn_2.5.6.0.exe"
sh=38D920413DA6977CEC22A54F59C537D61FB5E3A7 ft=1 fh=1552aabc3c379211 vn="a variant of Win32/ELEX application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\rlenihan\Desktop\new programs\Iobit\asc-setup.exe"
sh=54F618B30CB95D957F0ADED4450BA0BA98EE9A72 ft=0 fh=0000000000000000 vn="a variant of Win32/PSWTool.RouterPassView.B application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\rlenihan\Desktop\new programs\Password\routerpassview.zip"
sh=373FF239732EC6BC362DAF8E08FC2B4418175FFE ft=0 fh=0000000000000000 vn="a variant of Win32/SecurityXploded.A application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\rlenihan\Desktop\new programs\password decrypters\MSNLivePasswordDecryptor.zip"
sh=A662964405F978FA61E61F0C09FEA054EEB2678C ft=0 fh=0000000000000000 vn="a variant of Win32/SecurityXploded.A application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\rlenihan\Desktop\new programs\password decrypters\Facebook\FacebookPasswordDecryptor.zip"
sh=CA062508C0B03BB88FF22DFF8D4924FC95096121 ft=1 fh=15c8a451df620cac vn="a variant of Win32/SecurityXploded.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\rlenihan\Desktop\new programs\password decrypters\Facebook\FacebookPasswordDecryptor\Setup_FacebookPasswordDecryptor.exe"
sh=3E4E8A5FB0931648782A891CFE9FF495634F5CD5 ft=0 fh=0000000000000000 vn="a variant of Win32/SecurityXploded.A application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\rlenihan\Desktop\new programs\password decrypters\Google\GooglePasswordDecryptor.zip"
sh=4B0B52D211572E9A38A4542D85EFDB20EBA82AC0 ft=1 fh=f85cdf58e62b9982 vn="a variant of Win32/SecurityXploded.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\rlenihan\Desktop\new programs\password decrypters\MSNLivePasswordDecryptor\Setup_MSNLivePasswordDecryptor.exe"
sh=591CF93C197764750AD88D14D8180AC714EEEE41 ft=0 fh=0000000000000000 vn="a variant of Win32/SecurityXploded.A application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\rlenihan\Desktop\new programs\password decrypters\Outlook\OutlookPasswordDecryptor.zip"
sh=CC27DB40888B63188E10F08BCF99CCDBE41CB3FC ft=1 fh=8e672c7a52ab6d78 vn="a variant of Win32/SecurityXploded.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\rlenihan\Desktop\new programs\password decrypters\Outlook\OutlookPasswordDecryptor\Setup_OutlookPasswordDecryptor.exe"
sh=9E6680F6E2721EAE0D5FAB1F64C12DBC0F52850D ft=0 fh=0000000000000000 vn="a variant of Win32/SecurityXploded.A application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\rlenihan\Desktop\new programs\password decrypters\WS-FTP\WS_FTPPasswordDecryptor.zip"
sh=1D66D0A9E8A65CA8B43F3D6ECDC01AA2A35D566E ft=1 fh=82db5603dee2b061 vn="a variant of Win32/SecurityXploded.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\rlenihan\Desktop\new programs\password decrypters\WS-FTP\WS_FTPPasswordDecryptor\Setup_WS_FTPPasswordDecryptor.exe"
sh=94D46F5DD9A9B2BB7909CC1183193E4F67B84EF1 ft=1 fh=a627d34be406fc55 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\rlenihan\Desktop\new programs\Speed Utilities\WRCFree.exe"
sh=221F4B4A25BE1BC11A14F9733FE4F3504CD5CB23 ft=1 fh=1c4dd528ab0e1d89 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\rlenihan\Desktop\new programs\Speed Utilities\wufinstall.exe"
sh=AD44A69068930A5A5E100F7E1F14CF189842A670 ft=1 fh=7d75842fbbf8ffab vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\AWS\WeatherBug\Local\askToolbarInstaller-1.9.1.0.exe"
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5ad7341046f4e442b6a295e22d6068af
# engine=13743
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-03 12:12:28
# local_time=2013-05-02 08:12:28 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5893 16776638 33 7 109295748 109295748 0 0
# scanned=235867
# found=0
# cleaned=0
# scan_time=19282

There were a huge amount of files from a previous scan in the quarantine i deleted them. My symantec still comes up with notice of infections

rlenihan

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2009-10-29
Operating System : XP

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by Superdave on Fri 03 May 2013, 12:54 pm

Please download and install MicroSoft Security Essentials. Enable MSE and disable your current AV and run a scan with MSE. Please tell me what it finds.

Microsoft Security Essentials for Windows XP

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by rlenihan on Sat 04 May 2013, 2:50 am

Scan showed nothing found. Originally could not load it said I had no space available. Virus kept replicating files and took up 35 gigs in the Symantec temp files. Until I deleted symantec I was down to 100MB of space left I now have 57 Gig. Still had issues when running IE but not google chrome

rlenihan

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2009-10-29
Operating System : XP

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by Superdave on Sat 04 May 2013, 9:15 am

Scan showed nothing found.
Probably false positives from Symantec.
Still had issues when running IE but not google chrome.
Are you still having problems with IE? What are they?

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by rlenihan on Sun 05 May 2013, 12:31 am

AT THIS POINT I HAVE NOT SEEN ANY ADS YET

rlenihan

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2009-10-29
Operating System : XP

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by Superdave on Sun 05 May 2013, 4:52 am

Ok, let's do some cleanup.

To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

*****************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*****************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by rlenihan on Sun 05 May 2013, 10:40 am

Thanks for all your help. Hopefully I'm all set

rlenihan

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2009-10-29
Operating System : XP

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by Superdave on Sun 05 May 2013, 11:24 am

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by Superdave on Wed 08 May 2013, 6:10 am


  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

  • If an infected file is detected, the default action will be Cure, click on Continue.

  • If a suspicious file is detected, the default action will be Skip, click on Continue.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by rlenihan on Wed 08 May 2013, 6:22 am

15:16:30.0967 3304 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:16:31.0389 3304 ============================================================
15:16:31.0389 3304 Current date / time: 2013/05/07 15:16:31.0389
15:16:31.0389 3304 SystemInfo:
15:16:31.0389 3304
15:16:31.0389 3304 OS Version: 5.1.2600 ServicePack: 3.0
15:16:31.0389 3304 Product type: Workstation
15:16:31.0389 3304 ComputerName: RICKL-PC
15:16:31.0389 3304 UserName: rlenihan
15:16:31.0389 3304 Windows directory: C:\WINDOWS
15:16:31.0389 3304 System windows directory: C:\WINDOWS
15:16:31.0389 3304 Processor architecture: Intel x86
15:16:31.0389 3304 Number of processors: 2
15:16:31.0389 3304 Page size: 0x1000
15:16:31.0389 3304 Boot type: Normal boot
15:16:31.0389 3304 ============================================================
15:16:32.0264 3304 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:16:32.0279 3304 Drive \Device\Harddisk1\DR3 - Size: 0x1DCD80000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:16:32.0279 3304 ============================================================
15:16:32.0279 3304 \Device\Harddisk0\DR0:
15:16:32.0279 3304 MBR partitions:
15:16:32.0279 3304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x129ED876
15:16:32.0279 3304 \Device\Harddisk1\DR3:
15:16:32.0279 3304 MBR partitions:
15:16:32.0279 3304 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE6BE0
15:16:32.0279 3304 ============================================================
15:16:32.0342 3304 C: <-> \Device\Harddisk0\DR0\Partition1
15:16:32.0357 3304 ============================================================
15:16:32.0357 3304 Initialize success
15:16:32.0357 3304 ============================================================
15:18:05.0743 2080 ============================================================
15:18:05.0743 2080 Scan started
15:18:05.0743 2080 Mode: Manual;
15:18:05.0743 2080 ============================================================
15:18:07.0399 2080 ================ Scan system memory ========================
15:18:07.0414 2080 System memory - ok
15:18:07.0414 2080 ================ Scan services =============================
15:18:07.0664 2080 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:18:07.0664 2080 !SASCORE - ok
15:18:09.0055 2080 [ A15069EEC83EBC54150564B2585CFDBA ] 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
15:18:09.0477 2080 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
15:18:10.0711 2080 Abiosdsk - ok
15:18:11.0133 2080 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:18:11.0164 2080 abp480n5 - ok
15:18:11.0336 2080 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:18:11.0336 2080 ACPI - ok
15:18:11.0430 2080 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
15:18:11.0430 2080 ACPIEC - ok
15:18:11.0602 2080 [ 0F0A69496989912351284BB1BAA2CE57 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
15:18:11.0602 2080 ADIHdAudAddService - ok
15:18:11.0852 2080 [ 6D182C31ACF16213407F2768F1107FE3 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:18:12.0008 2080 Adobe LM Service - ok
15:18:12.0695 2080 [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
15:18:12.0695 2080 AdobeActiveFileMonitor9.0 - ok
15:18:12.0883 2080 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:18:12.0883 2080 AdobeFlashPlayerUpdateSvc - ok
15:18:12.0930 2080 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:18:12.0930 2080 adpu160m - ok
15:18:13.0602 2080 [ 7652940ADA176D26D8938B9BE309F4EE ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
15:18:13.0617 2080 AdvancedSystemCareService6 - ok
15:18:13.0773 2080 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
15:18:13.0773 2080 aec - ok
15:18:14.0133 2080 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
15:18:14.0133 2080 AFD - ok
15:18:14.0273 2080 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
15:18:14.0273 2080 agp440 - ok
15:18:14.0351 2080 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:18:14.0351 2080 agpCPQ - ok
15:18:14.0851 2080 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:18:14.0851 2080 Aha154x - ok
15:18:14.0867 2080 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:18:14.0867 2080 aic78u2 - ok
15:18:14.0883 2080 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:18:14.0883 2080 aic78xx - ok
15:18:15.0039 2080 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
15:18:15.0070 2080 Alerter - ok
15:18:15.0086 2080 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
15:18:15.0086 2080 ALG - ok
15:18:15.0258 2080 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
15:18:15.0320 2080 AliIde - ok
15:18:15.0492 2080 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:18:15.0664 2080 alim1541 - ok
15:18:15.0758 2080 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:18:15.0930 2080 amdagp - ok
15:18:17.0023 2080 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
15:18:17.0086 2080 amsint - ok
15:18:17.0742 2080 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:18:17.0773 2080 Apple Mobile Device - ok
15:18:17.0898 2080 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:18:17.0898 2080 AppMgmt - ok
15:18:18.0039 2080 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
15:18:18.0039 2080 asc - ok
15:18:18.0054 2080 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:18:18.0054 2080 asc3350p - ok
15:18:18.0101 2080 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:18:18.0101 2080 asc3550 - ok
15:18:18.0258 2080 [ 6295DD28D0ECBC4E6E450C279FEF5ED9 ] ASFIPmon C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
15:18:18.0258 2080 ASFIPmon - ok
15:18:18.0726 2080 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:18:18.0757 2080 aspnet_state - ok
15:18:18.0836 2080 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:18:18.0836 2080 AsyncMac - ok
15:18:18.0961 2080 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
15:18:18.0976 2080 atapi - ok
15:18:18.0976 2080 Atdisk - ok
15:18:19.0101 2080 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:18:19.0101 2080 Atmarpc - ok
15:18:19.0211 2080 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
15:18:19.0211 2080 AudioSrv - ok
15:18:19.0289 2080 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
15:18:19.0289 2080 audstub - ok
15:18:19.0414 2080 [ D0692F7B8217E3B82D2BFAC535816117 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:18:19.0429 2080 b57w2k - ok
15:18:20.0117 2080 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
15:18:20.0132 2080 BANTExt - ok
15:18:20.0226 2080 [ 5C68AC6F3E5B3E6D6A78E97D05E42C3A ] BASFND C:\Program Files\Broadcom\WMI\BASFND.sys
15:18:20.0226 2080 BASFND - ok
15:18:20.0445 2080 [ 90A87D49205B3893281203A477F66FE5 ] BCMNTIO C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
15:18:20.0445 2080 BCMNTIO - ok
15:18:20.0617 2080 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:18:20.0617 2080 Beep - ok
15:18:21.0867 2080 BHDrvx86 - ok
15:18:21.0992 2080 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
15:18:22.0054 2080 BITS - ok
15:18:22.0351 2080 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:18:22.0367 2080 Bonjour Service - ok
15:18:22.0617 2080 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
15:18:22.0617 2080 Browser - ok
15:18:22.0804 2080 catchme - ok
15:18:22.0898 2080 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:18:22.0898 2080 cbidf - ok
15:18:22.0913 2080 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
15:18:22.0913 2080 cbidf2k - ok
15:18:22.0976 2080 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:18:22.0976 2080 cd20xrnt - ok
15:18:23.0273 2080 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
15:18:23.0273 2080 Cdaudio - ok
15:18:24.0538 2080 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
15:18:24.0538 2080 Cdfs - ok
15:18:24.0554 2080 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:18:24.0554 2080 Cdrom - ok
15:18:24.0554 2080 Changer - ok
15:18:24.0648 2080 [ 127D4D0E9F78834FFD1EEEA3FCFB47C1 ] CinemaNow Service C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
15:18:24.0648 2080 CinemaNow Service - ok
15:18:24.0695 2080 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
15:18:24.0695 2080 CiSvc - ok
15:18:24.0757 2080 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
15:18:24.0757 2080 ClipSrv - ok
15:18:24.0851 2080 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:18:25.0101 2080 clr_optimization_v2.0.50727_32 - ok
15:18:25.0351 2080 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:18:25.0351 2080 clr_optimization_v4.0.30319_32 - ok
15:18:25.0366 2080 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:18:25.0366 2080 CmdIde - ok
15:18:25.0366 2080 COMSysApp - ok
15:18:25.0460 2080 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:18:25.0460 2080 Cpqarray - ok
15:18:25.0523 2080 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
15:18:25.0616 2080 cpudrv - ok
15:18:26.0210 2080 cpuz132 - ok
15:18:26.0210 2080 Crypkey License - ok
15:18:26.0366 2080 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
15:18:26.0366 2080 CryptSvc - ok
15:18:26.0413 2080 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:18:26.0413 2080 dac2w2k - ok
15:18:26.0445 2080 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:18:26.0445 2080 dac960nt - ok
15:18:26.0960 2080 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:18:26.0976 2080 DcomLaunch - ok
15:18:26.0976 2080 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
15:18:26.0976 2080 Dhcp - ok
15:18:27.0023 2080 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
15:18:27.0023 2080 Disk - ok
15:18:27.0038 2080 [ A0500678A33802D8954153839301D539 ] DLABMFSM C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
15:18:27.0038 2080 DLABMFSM - ok
15:18:27.0070 2080 [ B8D2F68CAC54D46281399F9092644794 ] DLABOIOM C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
15:18:27.0070 2080 DLABOIOM - ok
15:18:27.0070 2080 [ 0EE93AB799D1CB4EC90B36F3612FE907 ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
15:18:27.0070 2080 DLACDBHM - ok
15:18:27.0070 2080 [ 87413B94AE1FABC117C4E8AE6725134E ] DLADResM C:\WINDOWS\system32\Drivers\DLADResM.SYS
15:18:27.0070 2080 DLADResM - ok
15:18:27.0085 2080 [ 766A148235BE1C0039C974446E4C0EDC ] DLAIFS_M C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
15:18:27.0085 2080 DLAIFS_M - ok
15:18:27.0085 2080 [ 38267CCA177354F1C64450A43A4F7627 ] DLAOPIOM C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
15:18:27.0085 2080 DLAOPIOM - ok
15:18:27.0085 2080 [ FD363369FD313B46B5AEAB1A688B52E9 ] DLAPoolM C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
15:18:27.0085 2080 DLAPoolM - ok
15:18:27.0101 2080 [ 336AE18F0912EF4FBE5518849E004D74 ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
15:18:27.0101 2080 DLARTL_M - ok
15:18:27.0101 2080 [ FD85F682C1CC2A7CA878C7A448E6D87E ] DLAUDFAM C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
15:18:27.0101 2080 DLAUDFAM - ok
15:18:27.0101 2080 [ AF389CE587B6BF5BBDCD6F6ABE5EABC0 ] DLAUDF_M C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
15:18:27.0101 2080 DLAUDF_M - ok
15:18:27.0116 2080 dmadmin - ok
15:18:27.0148 2080 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
15:18:27.0179 2080 dmboot - ok
15:18:27.0210 2080 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
15:18:27.0210 2080 dmio - ok
15:18:27.0226 2080 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
15:18:27.0226 2080 dmload - ok
15:18:27.0257 2080 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
15:18:27.0257 2080 dmserver - ok
15:18:27.0257 2080 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
15:18:27.0257 2080 DMusic - ok
15:18:27.0304 2080 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:18:27.0304 2080 Dnscache - ok
15:18:27.0382 2080 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
15:18:27.0382 2080 DockLoginService - ok
15:18:27.0413 2080 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
15:18:27.0413 2080 Dot3svc - ok
15:18:27.0444 2080 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:18:27.0444 2080 dpti2o - ok
15:18:27.0460 2080 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:18:27.0460 2080 drmkaud - ok
15:18:27.0460 2080 [ 5D3B71BB2BB0009D65D290E2EF374BD3 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
15:18:27.0460 2080 DRVMCDB - ok
15:18:27.0476 2080 [ C591BA9F96F40A1FD6494DAFDCD17185 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
15:18:27.0476 2080 DRVNDDM - ok
15:18:27.0491 2080 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:18:27.0491 2080 E100B - ok
15:18:27.0523 2080 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
15:18:27.0538 2080 EapHost - ok
15:18:27.0648 2080 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:18:27.0648 2080 eeCtrl - ok
15:18:27.0679 2080 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:18:27.0679 2080 EraserUtilRebootDrv - ok
15:18:27.0710 2080 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
15:18:27.0710 2080 ERSvc - ok
15:18:27.0726 2080 esihdrv - ok
15:18:27.0757 2080 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
15:18:27.0757 2080 Eventlog - ok
15:18:27.0788 2080 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
15:18:27.0788 2080 EventSystem - ok
15:18:27.0835 2080 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
15:18:27.0835 2080 Fastfat - ok
15:18:27.0882 2080 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:18:27.0882 2080 FastUserSwitchingCompatibility - ok
15:18:27.0913 2080 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
15:18:27.0913 2080 Fax - ok
15:18:27.0944 2080 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
15:18:27.0944 2080 Fdc - ok
15:18:27.0960 2080 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
15:18:27.0960 2080 Fips - ok
15:18:27.0991 2080 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:18:27.0991 2080 Flpydisk - ok
15:18:28.0007 2080 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:18:28.0007 2080 FltMgr - ok
15:18:28.0069 2080 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:18:28.0069 2080 FontCache3.0.0.0 - ok
15:18:28.0085 2080 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:18:28.0085 2080 Fs_Rec - ok
15:18:28.0101 2080 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:18:28.0101 2080 Ftdisk - ok
15:18:28.0194 2080 [ 25619A6281DDCC6C60C6959E62112F98 ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
15:18:28.0194 2080 Garmin Core Update Service - ok
15:18:28.0226 2080 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:18:28.0226 2080 GEARAspiWDM - ok
15:18:28.0288 2080 [ FF0E0E6E5768B82BEAD44BFBCB9BDFE6 ] GoogleDesktopManager-010708-104812 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
15:18:28.0288 2080 GoogleDesktopManager-010708-104812 - ok
15:18:28.0319 2080 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:18:28.0319 2080 Gpc - ok
15:18:28.0366 2080 [ D956358054E99E6FFAC69CD87E893A89 ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
15:18:28.0366 2080 grmnusb - ok
15:18:28.0429 2080 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c985ffd758e9eb C:\Program Files\Google\Update\GoogleUpdate.exe
15:18:28.0429 2080 gupdate1c985ffd758e9eb - ok
15:18:28.0429 2080 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:18:28.0429 2080 gupdatem - ok
15:18:28.0476 2080 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:18:28.0476 2080 gusvc - ok
15:18:28.0538 2080 [ D95554949082FD29A04D351B58396718 ] Hardlock C:\WINDOWS\system32\drivers\hardlock.sys
15:18:28.0538 2080 Hardlock - ok
15:18:28.0569 2080 [ 2DD25F060DC9F79B5CDF33D90ED93669 ] Haspnt C:\WINDOWS\system32\drivers\Haspnt.sys
15:18:28.0569 2080 Haspnt - ok
15:18:28.0616 2080 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:18:28.0616 2080 HDAudBus - ok
15:18:28.0694 2080 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:18:28.0694 2080 helpsvc - ok
15:18:28.0726 2080 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
15:18:28.0726 2080 HidServ - ok
15:18:28.0726 2080 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:18:28.0726 2080 HidUsb - ok
15:18:28.0773 2080 [ 85B1B17FDFE2252D392A7FF634B46701 ] HIT_PARA C:\WINDOWS\system32\drivers\HIT_PARA.sys
15:18:28.0773 2080 HIT_PARA - ok
15:18:28.0804 2080 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
15:18:28.0804 2080 hkmsvc - ok
15:18:28.0835 2080 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
15:18:28.0835 2080 hpn - ok
15:18:28.0866 2080 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
15:18:28.0882 2080 HTTP - ok
15:18:28.0913 2080 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
15:18:28.0913 2080 HTTPFilter - ok
15:18:28.0944 2080 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
15:18:28.0944 2080 i2omgmt - ok
15:18:28.0944 2080 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:18:28.0944 2080 i2omp - ok
15:18:28.0976 2080 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:18:28.0976 2080 i8042prt - ok
15:18:29.0038 2080 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
15:18:29.0038 2080 IAANTMON - ok
15:18:29.0210 2080 [ B2768350BB50469AEB1AFE694372B613 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:18:29.0366 2080 ialm - ok
15:18:29.0397 2080 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
15:18:29.0397 2080 iaStor - ok
15:18:29.0476 2080 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:18:29.0476 2080 IDriverT - ok
15:18:29.0569 2080 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:18:29.0585 2080 idsvc - ok
15:18:29.0601 2080 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
15:18:29.0601 2080 Imapi - ok
15:18:29.0647 2080 [ 1ACAD13923E467E473C3EC503223F983 ] Imapi Helper C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
15:18:29.0663 2080 Imapi Helper - ok
15:18:29.0694 2080 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
15:18:29.0694 2080 ImapiService - ok
15:18:29.0726 2080 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:18:29.0726 2080 ini910u - ok
15:18:29.0741 2080 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
15:18:29.0757 2080 IntelIde - ok
15:18:29.0772 2080 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:18:29.0772 2080 intelppm - ok
15:18:29.0788 2080 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
15:18:29.0788 2080 Ip6Fw - ok
15:18:29.0819 2080 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:18:29.0835 2080 IpFilterDriver - ok
15:18:29.0851 2080 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:18:29.0851 2080 IpInIp - ok
15:18:29.0866 2080 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:18:29.0866 2080 IpNat - ok
15:18:29.0913 2080 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:18:29.0929 2080 iPod Service - ok
15:18:29.0944 2080 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:18:29.0944 2080 IPSec - ok
15:18:29.0976 2080 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
15:18:29.0976 2080 IRENUM - ok
15:18:29.0991 2080 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:18:29.0991 2080 isapnp - ok
15:18:30.0022 2080 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:18:30.0022 2080 Kbdclass - ok
15:18:30.0069 2080 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:18:30.0069 2080 kbdhid - ok
15:18:30.0101 2080 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
15:18:30.0101 2080 kmixer - ok
15:18:30.0147 2080 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
15:18:30.0147 2080 KSecDD - ok
15:18:30.0179 2080 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
15:18:30.0179 2080 lanmanserver - ok
15:18:30.0210 2080 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:18:30.0226 2080 lanmanworkstation - ok
15:18:30.0257 2080 [ BE2DC24D403643A2D1D98F33C7087B38 ] LBeepKE C:\WINDOWS\system32\Drivers\LBeepKE.sys
15:18:30.0257 2080 LBeepKE - ok
15:18:30.0257 2080 lbrtfdc - ok
15:18:30.0335 2080 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:18:30.0351 2080 LBTServ - ok
15:18:30.0382 2080 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:18:30.0382 2080 LHidFilt - ok
15:18:30.0554 2080 [ 6105B28F5D03C4AFFA7197B228768849 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
15:18:30.0632 2080 LiveUpdate - ok
15:18:30.0679 2080 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
15:18:30.0679 2080 LmHosts - ok
15:18:30.0710 2080 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:18:30.0710 2080 LMouFilt - ok
15:18:30.0757 2080 [ 7C12F93C005021861A36C11DF951891A ] LxrSII1d C:\WINDOWS\system32\Drivers\LxrSII1d.sys
15:18:30.0757 2080 LxrSII1d - ok
15:18:30.0757 2080 LxrSII1s - ok
15:18:30.0835 2080 [ 61330A29BD4230505A7618BC41693CBB ] MAPMEM C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
15:18:30.0835 2080 MAPMEM - ok
15:18:30.0851 2080 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
15:18:30.0851 2080 MBAMProtector - ok
15:18:30.0929 2080 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:18:30.0929 2080 MBAMScheduler - ok
15:18:30.0976 2080 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:18:30.0976 2080 MBAMService - ok
15:18:31.0054 2080 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
15:18:31.0054 2080 MDM - ok
15:18:31.0085 2080 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
15:18:31.0085 2080 Messenger - ok
15:18:31.0116 2080 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
15:18:31.0116 2080 mnmdd - ok
15:18:31.0163 2080 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
15:18:31.0163 2080 mnmsrvc - ok
15:18:31.0194 2080 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
15:18:31.0194 2080 Modem - ok
15:18:31.0226 2080 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:18:31.0241 2080 Mouclass - ok
15:18:31.0272 2080 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:18:31.0272 2080 mouhid - ok
15:18:31.0304 2080 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
15:18:31.0304 2080 MountMgr - ok
15:18:31.0351 2080 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:18:31.0351 2080 MpFilter - ok
15:18:31.0444 2080 [ A69630D039C38018689190234F866D77 ] MpKsl1c74a5c9 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3784B4EF-7C2D-49F5-B572-B463EC70830E}\MpKsl1c74a5c9.sys
15:18:31.0444 2080 MpKsl1c74a5c9 - ok
15:18:31.0460 2080 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:18:31.0460 2080 mraid35x - ok
15:18:31.0491 2080 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:18:31.0491 2080 MRxDAV - ok
15:18:31.0538 2080 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:18:31.0538 2080 MRxSmb - ok
15:18:31.0569 2080 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
15:18:31.0585 2080 MSDTC - ok
15:18:31.0585 2080 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:18:31.0585 2080 Msfs - ok
15:18:31.0585 2080 MSIServer - ok
15:18:31.0616 2080 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:18:31.0616 2080 MSKSSRV - ok
15:18:31.0663 2080 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:18:31.0663 2080 MsMpSvc - ok
15:18:31.0710 2080 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:18:31.0710 2080 MSPCLOCK - ok
15:18:31.0710 2080 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:18:31.0710 2080 MSPQM - ok
15:18:31.0741 2080 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:18:31.0741 2080 mssmbios - ok
15:18:31.0835 2080 MSSQL$MSSMLBIZ - ok
15:18:31.0866 2080 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:18:31.0866 2080 MSSQLServerADHelper - ok
15:18:31.0897 2080 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
15:18:31.0897 2080 Mup - ok
15:18:31.0944 2080 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
15:18:31.0944 2080 napagent - ok
15:18:32.0022 2080 NAVENG - ok
15:18:32.0022 2080 NAVEX15 - ok
15:18:32.0054 2080 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
15:18:32.0054 2080 NDIS - ok
15:18:32.0085 2080 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:18:32.0085 2080 NdisTapi - ok
15:18:32.0132 2080 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:18:32.0132 2080 Ndisuio - ok
15:18:32.0132 2080 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:18:32.0147 2080 NdisWan - ok
15:18:32.0179 2080 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
15:18:32.0179 2080 NDProxy - ok
15:18:32.0210 2080 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
15:18:32.0210 2080 NetBIOS - ok
15:18:32.0225 2080 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:18:32.0225 2080 NetBT - ok
15:18:32.0257 2080 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
15:18:32.0272 2080 NetDDE - ok
15:18:32.0272 2080 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
15:18:32.0272 2080 NetDDEdsdm - ok
15:18:32.0304 2080 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:18:32.0304 2080 Netlogon - ok
15:18:32.0335 2080 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
15:18:32.0335 2080 Netman - ok
15:18:32.0382 2080 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:18:32.0382 2080 NetTcpPortSharing - ok
15:18:32.0429 2080 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
15:18:32.0429 2080 Nla - ok
15:18:32.0460 2080 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:18:32.0460 2080 Npfs - ok
15:18:32.0491 2080 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
15:18:32.0491 2080 Ntfs - ok
15:18:32.0522 2080 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
15:18:32.0522 2080 NtLmSsp - ok
15:18:32.0569 2080 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
15:18:32.0569 2080 NtmsSvc - ok
15:18:32.0600 2080 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
15:18:32.0600 2080 Null - ok
15:18:32.0679 2080 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:18:32.0725 2080 nv - ok
15:18:32.0772 2080 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:18:32.0772 2080 NwlnkFlt - ok
15:18:32.0772 2080 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:18:32.0772 2080 NwlnkFwd - ok
15:18:32.0835 2080 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:18:32.0850 2080 odserv - ok
15:18:32.0882 2080 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:18:32.0882 2080 ose - ok
15:18:32.0913 2080 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
15:18:32.0913 2080 Parport - ok
15:18:32.0929 2080 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
15:18:32.0929 2080 PartMgr - ok
15:18:32.0960 2080 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
15:18:32.0960 2080 ParVdm - ok
15:18:32.0975 2080 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
15:18:32.0975 2080 PCI - ok
15:18:32.0975 2080 PCIDump - ok
15:18:33.0022 2080 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
15:18:33.0022 2080 PCIIde - ok
15:18:33.0054 2080 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
15:18:33.0054 2080 Pcmcia - ok
15:18:33.0069 2080 PDCOMP - ok
15:18:33.0069 2080 PDFRAME - ok
15:18:33.0069 2080 PDRELI - ok
15:18:33.0069 2080 PDRFRAME - ok
15:18:33.0100 2080 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
15:18:33.0100 2080 perc2 - ok
15:18:33.0100 2080 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:18:33.0100 2080 perc2hib - ok
15:18:33.0132 2080 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
15:18:33.0132 2080 PlugPlay - ok
15:18:33.0147 2080 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
15:18:33.0147 2080 PolicyAgent - ok
15:18:33.0179 2080 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:18:33.0194 2080 PptpMiniport - ok
15:18:33.0194 2080 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:18:33.0194 2080 ProtectedStorage - ok
15:18:33.0194 2080 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
15:18:33.0194 2080 PSched - ok
15:18:33.0241 2080 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
15:18:33.0241 2080 PSI - ok
15:18:33.0272 2080 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:18:33.0288 2080 Ptilink - ok
15:18:33.0304 2080 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:18:33.0304 2080 PxHelp20 - ok
15:18:33.0319 2080 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:18:33.0319 2080 ql1080 - ok
15:18:33.0319 2080 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:18:33.0335 2080 Ql10wnt - ok
15:18:33.0335 2080 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:18:33.0335 2080 ql12160 - ok
15:18:33.0350 2080 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:18:33.0350 2080 ql1240 - ok
15:18:33.0350 2080 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:18:33.0350 2080 ql1280 - ok
15:18:33.0366 2080 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:18:33.0366 2080 RasAcd - ok
15:18:33.0397 2080 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:18:33.0397 2080 RasAuto - ok
15:18:33.0413 2080 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:18:33.0413 2080 Rasl2tp - ok
15:18:33.0444 2080 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:18:33.0444 2080 RasMan - ok
15:18:33.0460 2080 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:18:33.0460 2080 RasPppoe - ok
15:18:33.0475 2080 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
15:18:33.0475 2080 Raspti - ok
15:18:33.0491 2080 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:18:33.0491 2080 Rdbss - ok
15:18:33.0491 2080 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:18:33.0491 2080 RDPCDD - ok
15:18:33.0538 2080 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:18:33.0538 2080 rdpdr - ok
15:18:33.0585 2080 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
15:18:33.0585 2080 RDPWD - ok
15:18:33.0616 2080 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
15:18:33.0616 2080 RDSessMgr - ok
15:18:33.0632 2080 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
15:18:33.0632 2080 redbook - ok
15:18:33.0663 2080 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:18:33.0678 2080 RemoteAccess - ok
15:18:33.0710 2080 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:18:33.0710 2080 RemoteRegistry - ok
15:18:33.0741 2080 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys
15:18:33.0741 2080 Revoflt - ok
15:18:33.0741 2080 RimUsb - ok
15:18:33.0819 2080 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
15:18:33.0835 2080 RimVSerPort - ok
15:18:33.0913 2080 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
15:18:33.0960 2080 ROOTMODEM - ok
15:18:34.0116 2080 [ 3F4AAE5C59413E22E1085880A545D5B9 ] Roxio UPnP Renderer 10 C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
15:18:34.0132 2080 Roxio UPnP Renderer 10 - ok
15:18:34.0147 2080 [ 74FAAD57B957AE6FA14D9D215762FA47 ] Roxio Upnp Server 10 C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
15:18:34.0147 2080 Roxio Upnp Server 10 - ok
15:18:34.0288 2080 [ DD15C6DBC5BFB093611772C11E774615 ] RoxLiveShare10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
15:18:34.0335 2080 RoxLiveShare10 - ok
15:18:34.0366 2080 RoxLiveShare9 - ok
15:18:34.0413 2080 [ 46D657DBE98ABFC28D61A095149667B5 ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
15:18:34.0491 2080 RoxMediaDB10 - ok
15:18:34.0616 2080 [ FF578453D3B3ADAAB22D7151D7F9E592 ] RoxMediaDB12 C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
15:18:34.0694 2080 RoxMediaDB12 - ok
15:18:34.0741 2080 [ 05CC01E8F4F186541A95F25EF57EB7E5 ] RoxWatch10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
15:18:34.0741 2080 RoxWatch10 - ok
15:18:34.0835 2080 [ 71B38B8DF1A9B55FC0FB64958CC7B9DD ] RoxWatch12 C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
15:18:34.0850 2080 RoxWatch12 - ok
15:18:34.0850 2080 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
15:18:34.0866 2080 RpcLocator - ok
15:18:34.0897 2080 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
15:18:34.0913 2080 RpcSs - ok
15:18:34.0944 2080 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
15:18:34.0960 2080 RSVP - ok
15:18:34.0975 2080 [ 237F769D0EE7F9594AA0086FD6B4BB75 ] RxFilter C:\WINDOWS\system32\DRIVERS\RxFilter.sys
15:18:34.0991 2080 RxFilter - ok
15:18:35.0022 2080 SABProcEnum - ok
15:18:35.0038 2080 [ 0B2D5D2341437D7D7E1A6C7BBCE3786A ] SahdIa32 C:\WINDOWS\system32\Drivers\SahdIa32.sys
15:18:35.0038 2080 SahdIa32 - ok
15:18:35.0069 2080 [ 7A5F65B16249AF2BC9D18D815F5D7172 ] SaibIa32 C:\WINDOWS\system32\Drivers\SaibIa32.sys
15:18:35.0069 2080 SaibIa32 - ok
15:18:35.0085 2080 [ E333C9515822DE586A3FF759A0C9B7BF ] SaibVd32 C:\WINDOWS\system32\Drivers\SaibVd32.sys
15:18:35.0085 2080 SaibVd32 - ok
15:18:35.0085 2080 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
15:18:35.0085 2080 SamSs - ok
15:18:35.0132 2080 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:18:35.0132 2080 SASDIFSV - ok
15:18:35.0147 2080 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:18:35.0147 2080 SASKUTIL - ok
15:18:35.0163 2080 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
15:18:35.0163 2080 SCardSvr - ok
15:18:35.0194 2080 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:18:35.0194 2080 Schedule - ok
15:18:35.0241 2080 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:18:35.0241 2080 Secdrv - ok
15:18:35.0272 2080 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
15:18:35.0272 2080 seclogon - ok
15:18:35.0382 2080 [ F70A51EB03EE7046784EF62EFCE9528E ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
15:18:35.0397 2080 Secunia PSI Agent - ok
15:18:35.0460 2080 [ AD56CEB08EEB517332355FDE9E5939C8 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
15:18:35.0475 2080 Secunia Update Agent - ok
15:18:35.0522 2080 [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys
15:18:35.0522 2080 SenFiltService - ok
15:18:35.0553 2080 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
15:18:35.0569 2080 SENS - ok
15:18:35.0600 2080 SepMasterService - ok
15:18:35.0632 2080 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
15:18:35.0632 2080 serenum - ok
15:18:35.0647 2080 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
15:18:35.0647 2080 Serial - ok
15:18:35.0725 2080 SessionLauncher - ok
15:18:35.0772 2080 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
15:18:35.0772 2080 Sfloppy - ok
15:18:35.0819 2080 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:18:35.0819 2080 SharedAccess - ok
15:18:35.0866 2080 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:18:35.0866 2080 ShellHWDetection - ok
15:18:35.0866 2080 Simbad - ok
15:18:35.0897 2080 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:18:35.0897 2080 sisagp - ok
15:18:35.0944 2080 [ 972DEA0D8149D73C5B7A2C97B2E749E3 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
15:18:35.0944 2080 SmartDefragDriver - ok
15:18:35.0944 2080 SmcService - ok
15:18:35.0944 2080 SNAC - ok
15:18:35.0991 2080 [ 60C377BE6B3CC83F6A8584934B181D2E ] SNMP C:\WINDOWS\System32\snmp.exe
15:18:35.0991 2080 SNMP - ok
15:18:36.0006 2080 [ 80A050795A107A76C2B1CD4CFBE010E6 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
15:18:36.0006 2080 SNMPTRAP - ok
15:18:36.0038 2080 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:18:36.0038 2080 Sparrow - ok
15:18:36.0053 2080 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
15:18:36.0053 2080 splitter - ok
15:18:36.0085 2080 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
15:18:36.0100 2080 Spooler - ok
15:18:36.0163 2080 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:18:36.0163 2080 SQLBrowser - ok
15:18:36.0210 2080 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:18:36.0210 2080 SQLWriter - ok
15:18:36.0210 2080 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
15:18:36.0210 2080 sr - ok
15:18:36.0256 2080 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
15:18:36.0256 2080 srservice - ok
15:18:36.0335 2080 [ D1646B3DB1E401A7FCE2F82547D0CE32 ] SRTSP C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSP.SYS
15:18:36.0350 2080 SRTSP - ok
15:18:36.0350 2080 [ AB26657D755CC81F073892D833DE426B ] SRTSPX C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSPX.SYS
15:18:36.0350 2080 SRTSPX - ok
15:18:36.0397 2080 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:18:36.0413 2080 Srv - ok
15:18:36.0460 2080 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:18:36.0460 2080 SSDPSRV - ok
15:18:36.0475 2080 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
15:18:36.0491 2080 StillCam - ok
15:18:36.0522 2080 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
15:18:36.0522 2080 stisvc - ok
15:18:36.0553 2080 [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:18:36.0569 2080 stllssvr - ok
15:18:36.0600 2080 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
15:18:36.0600 2080 swenum - ok
15:18:36.0600 2080 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
15:18:36.0600 2080 swmidi - ok
15:18:36.0616 2080 SwPrv - ok
15:18:36.0663 2080 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
15:18:36.0663 2080 symc810 - ok
15:18:36.0663 2080 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:18:36.0663 2080 symc8xx - ok
15:18:36.0710 2080 [ 4F52D56310FEF75249914F352DDE7D13 ] SymDS C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS
15:18:36.0710 2080 SymDS - ok
15:18:36.0756 2080 [ 6C30D676B806ED0324124C85146B46BC ] SymEFA C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS
15:18:36.0772 2080 SymEFA - ok
15:18:36.0788 2080 [ 98D28D08E68145FB550EE7670B43BAF2 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
15:18:36.0788 2080 SymEvent - ok
15:18:36.0835 2080 [ 057AC299D7A61BAB2A1BDC483280AE57 ] SymIRON C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\Ironx86.SYS
15:18:36.0835 2080 SymIRON - ok
15:18:36.0866 2080 [ 336CACE58F0359D5CBB1AE6B8A2FB205 ] SYMTDI C:\WINDOWS\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMTDI.SYS
15:18:36.0881 2080 SYMTDI - ok
15:18:36.0897 2080 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:18:36.0897 2080 sym_hi - ok
15:18:36.0913 2080 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:18:36.0913 2080 sym_u3 - ok
15:18:36.0944 2080 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
15:18:36.0944 2080 sysaudio - ok
15:18:36.0991 2080 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
15:18:36.0991 2080 SysmonLog - ok
15:18:37.0038 2080 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:18:37.0038 2080 TapiSrv - ok
15:18:37.0085 2080 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:18:37.0085 2080 Tcpip - ok
15:18:37.0131 2080 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
15:18:37.0131 2080 TDPIPE - ok
15:18:37.0147 2080 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
15:18:37.0147 2080 TDTCP - ok
15:18:37.0163 2080 TeamViewer4 - ok
15:18:37.0303 2080 [ 7C8DD5576695B3362202EF09B20C425E ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
15:18:37.0335 2080 TeamViewer8 - ok
15:18:37.0366 2080 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
15:18:37.0366 2080 TermDD - ok
15:18:37.0397 2080 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
15:18:37.0397 2080 TermService - ok
15:18:37.0413 2080 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
15:18:37.0413 2080 Themes - ok
15:18:37.0444 2080 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
15:18:37.0460 2080 TlntSvr - ok
15:18:37.0491 2080 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
15:18:37.0491 2080 TosIde - ok
15:18:37.0538 2080 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
15:18:37.0538 2080 TrkWks - ok
15:18:37.0569 2080 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
15:18:37.0585 2080 Udfs - ok
15:18:37.0600 2080 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
15:18:37.0600 2080 ultra - ok
15:18:37.0647 2080 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
15:18:37.0647 2080 Update - ok
15:18:37.0694 2080 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
15:18:37.0694 2080 upnphost - ok
15:18:37.0710 2080 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
15:18:37.0710 2080 UPS - ok
15:18:37.0741 2080 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
15:18:37.0741 2080 USBAAPL - ok
15:18:37.0772 2080 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:18:37.0772 2080 usbccgp - ok
15:18:37.0788 2080 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:18:37.0788 2080 usbehci - ok
15:18:37.0803 2080 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:18:37.0803 2080 usbhub - ok
15:18:37.0819 2080 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:18:37.0819 2080 usbprint - ok
15:18:37.0850 2080 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:18:37.0850 2080 usbscan - ok
15:18:37.0866 2080 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:18:37.0866 2080 USBSTOR - ok
15:18:37.0913 2080 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:18:37.0913 2080 usbuhci - ok
15:18:37.0913 2080 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
15:18:37.0913 2080 VgaSave - ok
15:18:37.0928 2080 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:18:37.0928 2080 viaagp - ok
15:18:37.0928 2080 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
15:18:37.0928 2080 ViaIde - ok
15:18:37.0960 2080 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
15:18:37.0960 2080 VolSnap - ok
15:18:38.0006 2080 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
15:18:38.0006 2080 VSS - ok
15:18:38.0053 2080 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
15:18:38.0053 2080 w32time - ok
15:18:38.0053 2080 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:18:38.0053 2080 Wanarp - ok
15:18:38.0100 2080 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:18:38.0100 2080 Wdf01000 - ok
15:18:38.0100 2080 WDICA - ok
15:18:38.0131 2080 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
15:18:38.0131 2080 wdmaud - ok
15:18:38.0147 2080 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:18:38.0147 2080 WebClient - ok
15:18:38.0209 2080 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:18:38.0209 2080 winmgmt - ok
15:18:38.0272 2080 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
15:18:38.0288 2080 WinRM - ok
15:18:38.0319 2080 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
15:18:38.0334 2080 WinUSB - ok
15:18:38.0350 2080 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
15:18:38.0350 2080 WmdmPmSN - ok
15:18:38.0381 2080 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
15:18:38.0397 2080 Wmi - ok
15:18:38.0397 2080 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:18:38.0413 2080 WmiApSrv - ok
15:18:38.0506 2080 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
15:18:38.0506 2080 WMPNetworkSvc - ok
15:18:38.0538 2080 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:18:38.0538 2080 WpdUsb - ok
15:18:38.0678 2080 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:18:38.0678 2080 WPFFontCache_v0400 - ok
15:18:39.0116 2080 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:18:39.0116 2080 WS2IFSL - ok
15:18:39.0788 2080 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
15:18:39.0803 2080 wscsvc - ok
15:18:39.0803 2080 WSearch - ok
15:18:40.0178 2080 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
15:18:40.0178 2080 wuauserv - ok
15:18:41.0616 2080 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:18:41.0616 2080 WudfPf - ok
15:18:42.0725 2080 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:18:43.0272 2080 WudfRd - ok
15:18:43.0303 2080 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
15:18:43.0303 2080 WudfSvc - ok
15:18:45.0006 2080 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
15:18:45.0006 2080 WZCSVC - ok
15:18:45.0381 2080 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
15:18:45.0381 2080 xmlprov - ok
15:18:45.0381 2080 ================ Scan global ===============================
15:18:45.0740 2080 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
15:18:46.0693 2080 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
15:18:47.0834 2080 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
15:18:48.0068 2080 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
15:18:48.0084 2080 [Global] - ok
15:18:48.0084 2080 ================ Scan MBR ==================================
15:18:48.0115 2080 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:18:50.0646 2080 \Device\Harddisk0\DR0 - ok
15:18:50.0662 2080 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR3
15:18:50.0693 2080 \Device\Harddisk1\DR3 - ok
15:18:50.0693 2080 ================ Scan VBR ==================================
15:18:50.0709 2080 [ 16CBFF6523EA125A2D1918F79ECE5EA4 ] \Device\Harddisk0\DR0\Partition1
15:18:50.0709 2080 \Device\Harddisk0\DR0\Partition1 - ok
15:18:50.0709 2080 [ C35993E638AED52480C7817D101FD0F1 ] \Device\Harddisk1\DR3\Partition1
15:18:50.0709 2080 \Device\Harddisk1\DR3\Partition1 - ok
15:18:50.0709 2080 ============================================================
15:18:50.0709 2080 Scan finished
15:18:50.0709 2080 ============================================================
15:18:50.0724 5916 Detected object count: 0
15:18:50.0724 5916 Actual detected object count: 0


Keeps trying to open this website
[You must be registered and logged in to see this link.]

rlenihan

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2009-10-29
Operating System : XP

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by Superdave on Wed 08 May 2013, 10:43 am

Please try running AdwCleaner and Junkware Removal tool again and post the logs.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by rlenihan on Wed 08 May 2013, 11:31 pm

# AdwCleaner v2.300 - Logfile created 05/08/2013 at 08:14:12
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : rlenihan - RICKL-PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\rlenihan\Desktop\new programs\adwarecleaner\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\rlenihan\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3423 octets] - [01/05/2013 15:27:55]
AdwCleaner[R2].txt - [728 octets] - [08/05/2013 08:14:12]
AdwCleaner[S1].txt - [3330 octets] - [01/05/2013 15:29:02]

########## EOF - H:\AdwCleaner[R2].txt - [728 octets] ##########
AFTER DELETE
# AdwCleaner v2.300 - Logfile created 05/08/2013 at 08:16:05
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : rlenihan - RICKL-PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\rlenihan\Desktop\new programs\adwarecleaner\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\rlenihan\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3423 octets] - [01/05/2013 15:27:55]
AdwCleaner[R2].txt - [1253 octets] - [08/05/2013 08:14:12]
AdwCleaner[R3].txt - [1311 octets] - [08/05/2013 08:15:42]
AdwCleaner[S1].txt - [3330 octets] - [01/05/2013 15:29:02]
AdwCleaner[S2].txt - [732 octets] - [08/05/2013 08:16:06]

########## EOF - H:\AdwCleaner[S2].txt - [732 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Microsoft Windows XP x86
Ran by rlenihan on 05/08/2013 at 8:24:11.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/08/2013 at 8:27:47.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

rlenihan

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2009-10-29
Operating System : XP

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by Superdave on Thu 09 May 2013, 5:04 am

Please try running ESET again and see if it comes up with anything.

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by rlenihan on Thu 09 May 2013, 1:11 pm

ESET found nothing my full version of Malwarebytes report below:
2013/05/08 08:18:44 -0400 RICKL-PC MESSAGE Starting protection
2013/05/08 08:18:44 -0400 RICKL-PC MESSAGE Protection started successfully
2013/05/08 08:18:44 -0400 RICKL-PC MESSAGE Starting IP protection
2013/05/08 08:19:43 -0400 RICKL-PC rlenihan MESSAGE IP Protection started successfully
2013/05/08 08:29:53 -0400 RICKL-PC rlenihan IP-BLOCK 188.165.125.102 (Type: outgoing)
2013/05/08 09:00:29 -0400 RICKL-PC rlenihan IP-BLOCK 188.165.125.102 (Type: outgoing)
2013/05/08 09:00:32 -0400 RICKL-PC rlenihan IP-BLOCK 188.165.125.102 (Type: outgoing)
2013/05/08 09:00:38 -0400 RICKL-PC rlenihan IP-BLOCK 188.165.125.102 (Type: outgoing)
2013/05/08 14:06:35 -0400 RICKL-PC rlenihan IP-BLOCK 188.165.125.102 (Type: outgoing)
2013/05/08 14:06:38 -0400 RICKL-PC rlenihan IP-BLOCK 188.165.125.102 (Type: outgoing)
2013/05/08 14:06:44 -0400 RICKL-PC rlenihan IP-BLOCK 188.165.125.102 (Type: outgoing)
2013/05/08 14:13:56 -0400 RICKL-PC rlenihan MESSAGE Executing scheduled update: Daily | Silent
2013/05/08 14:14:41 -0400 RICKL-PC rlenihan MESSAGE Starting database refresh
2013/05/08 14:14:41 -0400 RICKL-PC rlenihan MESSAGE Stopping IP protection
2013/05/08 14:14:41 -0400 RICKL-PC rlenihan MESSAGE IP Protection stopped successfully
2013/05/08 14:14:41 -0400 RICKL-PC rlenihan MESSAGE Scheduled update executed successfully: database updated from version v2013.05.07.08 to version v2013.05.08.06
2013/05/08 14:14:52 -0400 RICKL-PC rlenihan MESSAGE Database refreshed successfully
2013/05/08 14:14:52 -0400 RICKL-PC rlenihan MESSAGE Starting IP protection
2013/05/08 14:15:07 -0400 RICKL-PC rlenihan MESSAGE IP Protection started successfully
2013/05/08 14:21:13 -0400 RICKL-PC rlenihan MESSAGE Executing scheduled update: Daily
2013/05/08 14:21:24 -0400 RICKL-PC rlenihan MESSAGE Database already up-to-date
2013/05/08 19:29:07 -0400 RICKL-PC rlenihan MESSAGE Starting database refresh
2013/05/08 19:29:07 -0400 RICKL-PC rlenihan MESSAGE Stopping IP protection
2013/05/08 19:29:07 -0400 RICKL-PC rlenihan MESSAGE IP Protection stopped successfully
2013/05/08 19:29:22 -0400 RICKL-PC rlenihan MESSAGE Database refreshed successfully
2013/05/08 19:29:22 -0400 RICKL-PC rlenihan MESSAGE Starting IP protection
2013/05/08 19:29:41 -0400 RICKL-PC rlenihan MESSAGE IP Protection started successfully
2013/05/08 21:59:33 -0400 RICKL-PC MESSAGE Starting protection
2013/05/08 21:59:33 -0400 RICKL-PC MESSAGE Protection started successfully
2013/05/08 21:59:33 -0400 RICKL-PC MESSAGE Starting IP protection
2013/05/08 22:00:30 -0400 RICKL-PC (null) MESSAGE IP Protection started successfully
2013/05/08 22:07:31 -0400 RICKL-PC rlenihan IP-BLOCK 188.165.125.102 (Type: outgoing)
2013/05/08 22:07:34 -0400 RICKL-PC rlenihan IP-BLOCK 188.165.125.102 (Type: outgoing)
2013/05/08 22:07:40 -0400 RICKL-PC rlenihan IP-BLOCK 188.165.125.102 (Type: outgoing)
ONLY FOUND SOMETHING IN MY ZIP DRIVE

rlenihan

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2009-10-29
Operating System : XP

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by Superdave on Fri 10 May 2013, 5:19 am

•Make your Internet Explorer more secure - This can be done by following these simple instructions:

•From within Internet Explorer click on the Tools menu and then click on Options.

•Click once on the Security tab

•Click once on the Internet icon so it becomes highlighted.

•Click once on the Custom Level button.

•Change the Download signed ActiveX controls to Prompt

•Change the Download unsigned ActiveX controls to Disable

•Change the Initialize and script ActiveX controls not marked as safe to Disable

•Change the Installation of desktop items to Prompt

•Change the Launching programs and files in an IFRAME to Prompt

•Change the Navigate sub-frames across different domains to Prompt

•When all these settings have been made, click on the OK button

•If it prompts you as to whether or not you want to save the settings, press the Yes button.

•Next press the Apply button and then the OK to exit the Internet Properties page.

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by rlenihan on Fri 10 May 2013, 5:25 am

All those settings except navigate between frames were set that way

rlenihan

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2009-10-29
Operating System : XP

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by Superdave on Fri 10 May 2013, 9:11 am

So, what's happening now with your computer?

Superdave
Tech Staff


Tech Staff

Posts : 4189
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Adware Dealply infection

Post by Sponsored content Today at 4:40 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum