Take a look. [Archive] - Safer-Networking Forums

vlermuis812

2013-12-25, 10:26

Hi,

I tried to use a 3G modem on my laptop to connect to the internet but it wouldn't work.

I took it to the Cellphone provider shop who installed the latest spybot to remove malware and the internet connection is working now.

I hope someone can take a look so I can be sure the laptop is clean.

I've followed the 'before you post' page:

Backed up the registry with ERUNT.

DDS.txt
=======
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by IngramA at 16:48:09 on 2013-12-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.114 [GMT 2:00]
.
FW: Trend Micro OfficeScan Enterprise Client Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Documents and Settings\All Users\Application Data\MTN Online_1\OnlineUpdate\ouc.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\MSTask.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\System32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Everything\Everything.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files\CLCL\CLCL.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Program Files\MTN Online_1\MTN Online.exe
C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.telkomportal.telkom.co.za/
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NokiaSuite.exe] c:\program files\nokia\nokia suite\NokiaSuite.exe -tray
uRun: [ABBYY Screenshot Reader Retail] <no file>
uRunOnce: [SpybotDeletingF690] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\SchedLgU.Txt"
uRunOnce: [SpybotDeletingF8686] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\SchedLgU.Txt"
mRun: [Everything] "c:\program files\everything\Everything.exe" -startup
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRunOnce: [SpybotDeletingE8107] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\SchedLgU.Txt"
mRunOnce: [SpybotDeletingE6357] "c:\program files\spybot - search & destroy 2\sddelfile.exe" "c:\windows\SchedLgU.Txt"
dRun: [MSMSGS] "c:\program files\messenger\MSMSGS.EXE" /background
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\ingrama\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\ingrama\startm~1\programs\startup\shortc~1.lnk - c:\program files\clcl\CLCL.exe
uPolicies-Explorer: ForceStartMenuLogOff = dword:1
uPolicies-Explorer: DisablePersonalDirChange = dword:1
uPolicies-Explorer: NoWelcomeScreen = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
uPolicies-System: Wallpaper = \\telkom.co.za\telkom\software\OPS_BACKGROUND_DT\tnn.htm
uPolicies-System: WallpaperStyle = 2
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-Windows\System: UserPolicyMode = dword:2
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} - hxxp://www.digitallibrary.telkom.co.za/download/CfxIEAx.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1360346637716
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: Interfaces\{2EB6F251-7B93-42DF-A3B5-DCDF6ABD0DD1} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{582486D8-603B-4DE3-A9E2-4216A866A086} : NameServer = 209.212.96.1 208.67.220.220
TCP: Interfaces\{F9BA9D68-68B0-408A-AAF3-E9E1B16186F4} : DHCPNameServer = 165.144.220.85
Notify: AtiExtEvent - Ati2evxx.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;c:\program files\abbyy screenshot reader\NetworkLicenseServer.exe [2009-5-14 759048]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-12-23 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-12-23 1369624]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\TmXPFlt.sys [2004-3-30 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2004-3-30 36432]
R2 Wmgnt;Wmgnt Protocol;c:\windows\system32\drivers\wmgnt.sys [2005-10-12 11445]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2013-12-23 11136]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2013-12-23 89856]
R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\drivers\ew_jucdcecm.sys [2013-12-23 66688]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2013-12-23 73984]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2013-12-23 26624]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-11-24 27632]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ingrama\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\ingrama\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ingrama\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\ingrama\locals~1\temp\sas_selfextract\SASKUTIL.sys [?]
S2 MTN Online. RunOuc;MTN Online. OUC;c:\program files\mtn online_1\updatedog\ouc.exe [2013-12-23 246112]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-12-23 168384]
S3 BazisPortableCDBus;Portable WinCDEmu driver;c:\windows\system32\drivers\BazisPortableCDBus.sys [2013-2-27 152576]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2013-12-23 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2013-12-23 239488]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-2-19 24576]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-2-19 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-2-19 8576]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [2005-1-26 82501]
S3 PCX500MP;Cisco 350 Series Lower Device Filter;c:\windows\system32\drivers\pcx500mp.sys [2005-1-26 4990]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2012-2-19 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2012-2-19 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2012-2-19 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2012-2-19 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2012-2-19 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2012-2-19 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2012-2-19 109736]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [2009-12-4 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [2009-12-4 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [2009-12-4 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [2009-12-4 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [2009-12-4 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [2009-12-4 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [2009-12-4 110120]
S3 sadpt;Serial Adapter Driver;c:\windows\system32\drivers\sadpt.sys [2005-10-12 5666]
S3 SASENUM;SASENUM;\??\c:\docume~1\ingrama\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\ingrama\locals~1\temp\sas_selfextract\SASENUM.SYS [?]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2012-2-19 155344]
S3 VVBETHERNET;Virata Virtual Bus Ethernet driver;c:\windows\system32\drivers\vvbeth.sys [2004-12-29 16534]
S3 vvbususb;Virata USB VvBus driver;c:\windows\system32\drivers\vvbususb.sys [2004-12-29 51304]
S4 OfcPfwSvc;OfficeScanNT Personal Firewall;c:\program files\trend micro\officescan client\OfcPfwSvc.exe [2004-8-22 229456]
S4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2011-11-24 90112]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2011-11-27 86016]
.
=============== Created Last 30 ================
.
2013-12-23 11:59:19 -------- d-----w- c:\documents and settings\ingrama\local settings\application data\Google
2013-12-23 11:08:32 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-12-23 11:08:11 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-12-23 11:08:03 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-12-23 10:33:51 -------- d-----w- c:\documents and settings\ingrama\local settings\application data\Opera
2013-12-23 10:32:10 -------- d-----w- c:\documents and settings\all users\application data\MTN Online_1
2013-12-23 10:31:48 89856 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2013-12-23 10:31:48 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2013-12-23 10:31:48 73984 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2013-12-23 10:31:48 66688 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2013-12-23 10:31:48 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2013-12-23 10:31:48 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2013-12-23 10:31:48 239488 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2013-12-23 10:31:48 195200 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2013-12-23 10:31:48 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2013-12-23 10:31:48 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-12-23 10:31:48 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2013-12-23 10:29:55 -------- d-----w- c:\program files\MTN Online_1
2013-12-21 14:37:22 -------- d-----w- c:\documents and settings\all users\application data\MTN Online
2013-12-21 14:37:01 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-12-21 14:37:00 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2013-12-21 14:33:02 -------- d-----w- c:\documents and settings\all users\application data\DatacardService
2013-12-03 07:09:19 -------- d-----w- C:\ATP_NPPCYC01_3DEC2013
2013-11-29 12:15:03 -------- d-----w- C:\BGS_ATP_LAPPIES
2013-11-25 05:50:19 -------- d-----w- C:\ATP_NPPCYC01_25NOV2013
.
==================== Find3M ====================
.
2013-12-23 10:30:23 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
.
============= FINISH: 16:49:23.61 ===============

aswMBR.txt
==========
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-23 16:56:12
-----------------------------
16:56:12.286 OS Version: Windows 5.1.2600 Service Pack 3
16:56:12.286 Number of processors: 1 586 0x905
16:56:12.286 ComputerName: GAD-100434 UserName: IngramA
16:56:12.746 Initialize success
17:06:53.808 AVAST engine defs: 13122300
17:07:02.551 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:07:02.551 Disk 0 Vendor: IC25N080ATMR04-0 MO4OAD0A Size: 76319MB BusType: 3
17:07:03.262 Disk 0 MBR read successfully
17:07:03.262 Disk 0 MBR scan
17:07:09.180 Disk 0 Windows XP default MBR code
17:07:09.210 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
17:07:12.335 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 41943 MB offset 64260
17:07:13.386 Disk 0 Partition - 00 05 Extended 34342 MB offset 85963815
17:07:13.406 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 34342 MB offset 85963878
17:07:14.027 Disk 0 scanning sectors +156296385
17:07:14.969 Disk 0 scanning C:\WINDOWS\system32\drivers
17:08:07.304 Service scanning
17:08:56.114 Modules scanning
17:09:14.601 Disk 0 trace - called modules:
17:09:14.611 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:09:14.611 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8377dab8]
17:09:14.611 3 CLASSPNP.SYS[f87b4fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x837aa840]
17:09:17.565 AVAST engine scan C:\WINDOWS
17:09:31.335 AVAST engine scan C:\WINDOWS\system32
17:13:28.305 AVAST engine scan C:\WINDOWS\system32\drivers
17:14:04.788 AVAST engine scan C:\Documents and Settings\ingrama
17:15:23.271 AVAST engine scan C:\Documents and Settings\All Users
17:16:16.537 Scan finished successfully
17:25:26.769 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ingrama\Desktop\MBR.dat"
17:25:26.769 The log file has been saved successfully to "C:\Documents and Settings\ingrama\Desktop\aswMBR.txt"
========================================================

Spybot 2.0.12.0 was installed by the shop.
I can not find the teatimer setting.

Search results from Spybot - Search & Destroy

2013/12/25 10:18:14 AM
Scan took 00:52:48.
33 items found.

Right Media: [SBI $19447DDC] Tracking cookie (Internet Explorer (Inactive Users): ingrama) (Browser: Cookie, nothing done)

DoubleClick: [SBI $19447DDC] Tracking cookie (Internet Explorer (Inactive Users): ingrama) (Browser: Cookie, nothing done)

Common Dialogs: [SBI $19447DDC] History (12 files) (Registry Key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: [SBI $19447DDC] Activity: SchedLgU.Txt (File, nothing done)
C:\WINDOWS\SchedLgU.Txt
Properties.size=1043
Properties.md5=316CE58A69A0B8FADBB1E083D8C34F53
Properties.filedate=1387917527
Properties.filedatetext=2013-12-24 22:38:47

Log: [SBI $19447DDC] Install: setupapi.log (File, nothing done)
C:\WINDOWS\setupapi.log
Properties.size=638
Properties.md5=CF4FFE8DAAEFE1ECAF68F594825024A7
Properties.filedate=1387951199
Properties.filedatetext=2013-12-25 07:59:59

Log: [SBI $19447DDC] Shutdown: System32\wbem\logs\wbemcore.log (File, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Properties.size=29757
Properties.md5=314622F33D2C6B7108CB963883026ACB
Properties.filedate=1387959410
Properties.filedatetext=2013-12-25 10:16:50

Log: [SBI $19447DDC] Shutdown: System32\wbem\logs\wbemess.log (File, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Properties.size=19018
Properties.md5=358EAE4C5E8F94205B44D269334C7CF4
Properties.filedate=1387951635
Properties.filedatetext=2013-12-25 08:07:14

Log: [SBI $19447DDC] Shutdown: System32\wbem\logs\wbemprox.log (File, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log
Properties.size=1077
Properties.md5=84B65E3D8E8C79471F67D41EDEA14608
Properties.filedate=1387902994
Properties.filedatetext=2013-12-24 18:36:34

Log: [SBI $19447DDC] Shutdown: System32\wbem\logs\wbemsnmp.log (File, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemsnmp.log
Properties.size=2
Properties.md5=F3B25701FE362EC84616A93A45CE9998
Properties.filedate=1387810191
Properties.filedatetext=2013-12-23 16:49:50

Log: [SBI $19447DDC] Shutdown: System32\wbem\logs\wmiprov.log (File, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
Properties.size=134
Properties.md5=B7EECBC9A8525159C33356B6724BA96E
Properties.filedate=1387951253
Properties.filedatetext=2013-12-25 08:00:53

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-147766\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\PE_C_MICHAEN\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-147766\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\PE_C_MICHAEN\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-147766\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS Office 11.0 (Word): [SBI $15AC27CE] Recent file list (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-147766\Software\Microsoft\Office\11.0\Word\Data\Settings

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-147766\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-147766\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-147766\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $B7EBA926] Last visited history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1614895754-287218729-682003330-147766\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Cache: [SBI $49804B54] Browser: Cache (9) (Browser: Cache, nothing done)

History: [SBI $49804B54] Browser: History (8) (Browser: History, nothing done)

Cache: [SBI $49804B54] Browser: Cache (46) (Browser: Cache, nothing done)

History: [SBI $49804B54] Browser: History (13) (Browser: History, nothing done)

Cache: [SBI $49804B54] Browser: Cache (36) (Browser: Cache, nothing done)

History: [SBI $49804B54] Browser: History (46) (Browser: History, nothing done)

Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)

Cookie: [SBI $49804B54] Browser: Cookie (87) (Browser: Cookie, nothing done)

Cache: [SBI $49804B54] Browser: Cache (5) (Browser: Cache, nothing done)

History: [SBI $49804B54] Browser: History (107) (Browser: History, nothing done)

History: [SBI $49804B54] Browser: History (196) (Browser: History, nothing done)

--- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2013-12-23 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2013-11-12 Includes\Adware.sbi (*)
2013-12-17 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2013-10-16 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2013-10-29 Includes\KeyloggersC.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-12-17 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-12-10 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-10-29 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-12-03 Includes\TrojansC-03.sbi (*)
2013-12-17 Includes\TrojansC-04.sbi (*)
2013-12-10 Includes\TrojansC-05.sbi (*)
2013-08-06 Includes\TrojansC.sbi (*)

=================================
END

Oops,

Forget to attach the zip file.

OCD

2013-12-26, 20:55

Hi vlermuis812,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Important Note for Vista and Windows 7 & 8 users:

These tools MUST be run from the executable.(.exe) every time you run them with Admin Rights (Right click, choose "Run as Administrator")

Please stay with this topic until I let you know that your system appears to be "All Clear"

=========================

Are you experiencing any problems?
You don't seem to have an Anti-Virus program running. Are you using one?

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Security Check

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).

Save it to your Desktop.
Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) AdwCleaner v3: Scan & Clean (http://www.bleepingcomputer.com/download/adwcleaner/)

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Junkware Removal Tool

Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

=========================

In your next post please provide the following:

check-up.txt
AdwCleaner[S0].txt
JRT.txt
How is the computer running?

vlermuis812

2013-12-27, 10:58

Hi OCD,

Thanks for your time.

1. The laptop is very slow.
2. I have Norton security scan.It runs a scan at random times,slowing the laptop down.

This is a company laptop, so I can not run programs as Administrator. I hope you can still help.

Security Check
===============
Results of screen317's Security Check version 0.99.77
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
CCleaner
Java(TM) 6 Update 29
Java version out of Date!
Adobe Reader 7 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
All Users Application Data MTN Online_1 OnlineUpdate\ouc.exe
MTN Online_1 MTN Online.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 38% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

# AdwCleaner v3.016 - Report created 27/12/2013 at 09:05:22
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : IngramA - GAD-100434
# Running from : C:\Documents and Settings\ingrama\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

*************************

AdwCleaner[R0].txt - [1337 octets] - [27/12/2013 08:55:02]
AdwCleaner[S0].txt - [1272 octets] - [27/12/2013 09:05:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1332 octets] ##########

AdwCleaner v3: Scan & Clean
===========================
# AdwCleaner v3.016 - Report created 27/12/2013 at 09:05:22
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : IngramA - GAD-100434
# Running from : C:\Documents and Settings\ingrama\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

*************************

AdwCleaner[R0].txt - [1337 octets] - [27/12/2013 08:55:02]
AdwCleaner[S0].txt - [1272 octets] - [27/12/2013 09:05:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1332 octets] ##########

Junkware Removal Tool
=====================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by IngramA on 2013/12/27 at 10:41:28.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2013/12/27 at 10:46:39.22
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

There is a update window for Spybot Search & Destroy opening at windows startup. How can I disable it?

END

OCD

2013-12-27, 18:45

Hi vlermuis812,

This is a company laptop, so I can not run programs as Administrator. I hope you can still help.

Unfortunately, with this machine being a company computer I will be unable to help. Please read the information at the link provided for our policy. - Personal Computers (http://forums.spybot.info/showpost.php?p=25712&postcount=5)

vlermuis812

2013-12-27, 19:55

I understand. Please remove this thread from the forum.

Thanks.

OCD

2013-12-27, 21:46

Hi vlermuis812,

You're welcome.

Since this issue appears to be resolved ... this Topic will be closed.