Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

How to deal with malware infected files

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

How to deal with malware infected files

Unread postby constantin » January 22nd, 2013, 10:51 am

Thank you for your reply. In accordance with it I reconstructed my topic as follows.
My issue started on Jan.16, 2013 by sudden system closing in a „STOP Blue Screen” followed by auto restart and so on endlessly. Due to very high frequency of this I cold not read the message on blue screen.
I moved to safe mode and found the system is stable and working.
Then I tried to restart at the latest known good performance. No cure.
Then I tried to go back at a restoration point on Jan14, before the issue. No cure.
I selected a restoring point in Dec. 2012. Also no cure.
All time in safe mode, I created a supplementary page file of 1000 M in partition D. Result : Blue screen became stable and auto restarts ceased. So I could read the error message on blue screen
„STOP : 0x0000001A (0x00041785,0xc0c00000, 0x8207c290, 0x00000000)”. But the issue still.
In safe mode I used the Windows Tools to check the system. It returned everything is OK. Device Manager shown all devices and their drivers are healthy, despite my HP printer and external USB flash drives are not „read” by the system.
I suspected RAM (1015 M, DDR 2) be in trouble. So I used a Memtest 86 bootable CD and performed 5 passes of complete tests. No errors have been found. Issue persists.
Then I used a Hirens Boot CD which contains a Mini Windows XP and started with this one.
In this I ran a device check and found that „hp psc 1300 series (DOT 4)” at IEEE 1284.4 devices and „Generic volume” at storage volumes devices are marked with the yellow sign.
Also, from Hirens Boot CD I ran out an virus scan with ClamWin Antivirus. It returned 5 founds as follows:
1. C\WINDOWS\system 32\sol.exe : Win.Trojan.Sword-1867 FOUND
2. C\WINDOWS\system32\dllcache\sol.exe : Win.Trojan.Sword-1867 FOUND
3. C\WINDOWS\installer\ce260msi : Win.Trojan.Genome-1288 FOUND
4. C\ProgramFiles\Ashampoo\Ash.Mag.Security2\SelfDecryptExtract.exe : Vorm.Autorun- 6418 FOUND
5. C\ProgramFiles\64Uninstall TelevisionFanatic.dll : Adware.MyWebSearch-18 FOUND

Since this antivirus program has not a malware removal module or other help offer, I do not know how to deal with these files to disinfect them without doing any harm to the system.
So, I will appreciate a valuable help from you and any other suggestion to get out of my issue.
Now I add the DDS.txt and Attach.txt. :
DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Tinel at 15:01:17 on 2013-01-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.639 [GMT 2:00]
.
AV: Norton AntiVirus Online *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.mg5.mail.yahoo.com/neo/launch
uURLSearchHooks: {76a39c95-086b-44df-bb69-b9e158ecffcf} - <orphaned>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\19.9.0.9\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [Remote_Agent] "c:\program files\cyberlink\powervcrii\RemoteAgent.exe"
mRun: [NBAgent] "c:\program files\nero\nero 11\nero backitup\NBAgent.exe" /WinStart
mRun: [K!IR.exe] c:\program files\k!tv\K!IR.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [emMON] emMON.exe
mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Agent] "c:\program files\cyberlink\powervcrii\Agent.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
StartupFolder: c:\docume~1\tinel\startm~1\programs\startup\pandausbvaccine.lnk - c:\program files\panda usb vaccine\USBVaccine.exe
StartupFolder: c:\docume~1\tinel\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp image zone fast start.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee security scan plus.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoFileAssociate = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\tinel\application data\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\tinel\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... mvadvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 8707055906
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{806A836F-8D3F-4DB3-9487-EE6E71C0264C} : DHCPNameServer = 192.168.1.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
IFEO: dropcypher.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: isoexport.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: loader.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: mediabuilder.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: photopad.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tinel\application data\mozilla\firefox\profiles\7pqu4e97.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://us.mg4.mail.yahoo.com/neo/launch ... 0klv0pff1g
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\tinel\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\tinel\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\tinel\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\common~1\nero\browserplugin\npBrowserPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitroie.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-01-12 01:03; {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}; c:\documents and settings\tinel\application data\mozilla\firefox\profiles\7pqu4e97.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - ExtSQL: !HIDDEN! 2012-12-05 20:32; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\common files\dvdvideosoft\plugins\ff
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - d4a546ec00000000000000158307c9c5
FF - user.js: extensions.BabylonToolbar_i.hardId - d4a546ec00000000000000158307c9c5
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15394
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:00:21
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.searchya_i.hmpg - true
FF - user.js: extensions.searchya_i.hmpgUrl - hxxp://searchya.com/?chnl=dcom-100&s=0& ... tBtDyCtDtB
FF - user.js: extensions.searchya_i.dfltSrch - true
FF - user.js: extensions.searchya_i.srchPrvdr - SearchYa!
FF - user.js: extensions.searchya_i.dnsErr - true
FF - user.js: extensions.searchya_i.newTabUrl - hxxp://searchya.com/?chnl=dcom-100&s=2& ... tBtDyCtDtB
FF - user.js: extensions.searchya_i.newTab - false
FF - user.js: extensions.searchya_i.tlbrSrchUrl - hxxp://searchya.com/?chnl=fxtb-01&s=3&cr=xx&cd=yy&q=
FF - user.js: extensions.searchya_i.id - d4a546ec00000000000000158307c9c5
FF - user.js: extensions.searchya_i.instlDay - 15494
FF - user.js: extensions.searchya_i.vrsn - 1.5.13.0
FF - user.js: extensions.searchya_i.vrsni - 1.5.13.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.5.13.019:34:55
FF - user.js: extensions.searchya_i.prtnrId - ironsrc
FF - user.js: extensions.searchya_i.prdct - searchya
FF - user.js: extensions.searchya_i.aflt - orgnl
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya_i.tlbrId - base
FF - user.js: extensions.searchya_i.instlRef - fxtb-01
FF - user.js: extensions.searchya_i.dfltLng -
FF - user.js: extensions.searchya_i.excTlbr - false
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-1-6 50312]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-8-9 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-8-9 12464]
R0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\system32\drivers\SMR311.SYS [2012-10-6 97440]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1309000.009\symds.sys [2012-10-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1309000.009\symefa.sys [2012-10-2 924320]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-1-6 43784]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\bashdefs\20130111.001\BHDrvx86.sys [2013-1-15 995488]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1309000.009\ccsetx86.sys [2012-10-2 132768]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-1-6 16008]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-1-6 185864]
S1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\system32\drivers\SleeN17.sys [2010-2-17 94560]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1309000.009\ironx86.sys [2012-10-2 149624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\siteadvisor\mcsacore.exe [2012-8-29 95232]
S2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-11-25 687400]
S2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\19.9.0.9\ccsvchst.exe [2012-10-2 138272]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.17.48\SymcPCCULaunchSvc.exe [2012-4-4 123320]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-7-16 35088]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.17.48\ccSvcHst.exe [2012-4-4 126392]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2012-7-4 1528672]
S3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;c:\windows\system32\drivers\a311.sys [2011-10-25 31287]
S3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;c:\windows\system32\drivers\a310.sys [2011-10-25 33335]
S3 cpudrv;cpudrv;\??\c:\program files\systemrequirementslab\cpudrv.sys --> c:\program files\systemrequirementslab\cpudrv.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-10-30 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-10-30 8456]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\ipsdefs\20130113.001\IDSXpx86.sys [2013-1-13 373728]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\virusdefs\20130116.006\NAVENG.SYS [2013-1-16 93296]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\virusdefs\20130116.006\NAVEX15.SYS [2013-1-16 1603824]
S3 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\nitro pdf\professional 7\NitroPDFDriverService2.exe [2012-5-16 184840]
S3 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-5-16 184848]
S3 SystemExplorerHelpService;System Explorer Service;c:\program files\system explorer\service\SystemExplorerService.exe [2012-12-5 567256]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2012-1-6 61064]
S4 Guard Agent;Guard Agent;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-1-6 23176]
S4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-5-16 69640]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
.
=============== Created Last 30 ================
.
2013-01-21 12:14:23 -------- d-----w- c:\program files\ACW
2013-01-21 12:06:42 -------- d-----w- c:\documents and settings\all users\application data\Panda Security
2013-01-21 12:06:39 -------- d-----w- c:\program files\Panda USB Vaccine
2013-01-18 10:32:09 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-01-18 10:32:09 -------- d-----w- c:\windows\system32\wbem\Repository
2013-01-18 10:26:25 -------- d-----w- C:\Output
2013-01-18 10:23:05 -------- d-----w- c:\documents and settings\all users\application data\SystemExplorer
2013-01-18 10:23:03 -------- d-----w- c:\program files\System Explorer
2013-01-18 10:22:49 -------- d-----w- c:\program files\Uniblue
2013-01-18 10:22:48 -------- d-----w- c:\documents and settings\tinel\application data\Uniblue
2013-01-13 15:57:30 -------- d-----w- c:\documents and settings\tinel\application data\WinZip
2013-01-13 15:52:32 -------- d-----w- c:\program files\WinZip System Utilities Suite
2013-01-12 23:15:32 -------- d-----w- c:\program files\SopCast
2013-01-11 11:48:12 -------- d-----w- c:\program files\System Explorer(2)
.
==================== Find3M ====================
.
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 17:09:37 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-15 17:09:37 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-27 09:52:51 707728 ----a-w- c:\program files\64Uninstall TelevisionFanatic.dll
2012-11-27 09:52:51 179336 ----a-w- c:\program files\64res.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
2012-10-30 21:36:50 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-30 21:36:49 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-30 21:36:48 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-30 21:36:48 746984 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 15:02:05.56 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/25/2011 1:35:07 PM
System Uptime: 1/22/2013 12:10:50 PM (3 hours ago)
.
Motherboard: Uniwill | | 755II5
Processor: Mobile Intel(R) Celeron(R) CPU 2.50GHz | CPU 1 | 2500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 34 GiB total, 11.894 GiB free.
D: is FIXED (NTFS) - 59 GiB total, 24.752 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Description: Generic volume
Device ID: STORAGE\REMOVABLEMEDIA\8&1FB7FF92&0&RM
Manufacturer: Microsoft
Name: Generic volume
PNP Device ID: STORAGE\REMOVABLEMEDIA\8&1FB7FF92&0&RM
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Image File Execution Options =============
.
IFEO: dropcypher.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: isoexport.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: loader.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: mediabuilder.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: photopad.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: pixillion.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: portablesafe.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: prism.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: safe.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: shredder.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: shredderlow.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: trueimage.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: unins000.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: uninstall.exe - "C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe"
IFEO: Your Image File Name Here without a path - ntsd -d
.
==== Installed Programs ======================
.
1-Click YouTube Downloader 5.0
123 Pdf to Word Converter for Doc Free 6.5
1300
1300_Help
1300Tour
1300Trb
7-Zip 4.65
Acronis True Image Home
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe® Photoshop® Album Starter Edition 3.2
Advertising Center
Ailt BMP JPG JPEG to Word Converter 5.7
AiO_Scan
AiOSoftware
Ashampoo Burning Studio 11 v.11.0.4
Ashampoo Burning Studio 9.21
Ashampoo Magical Security 2.02
Ashampoo Office 2008 (C:\Program Files\Ashampoo\Ashampoo Office 2010)
Ashampoo Office 2010
Ashampoo Photo Optimizer 5 v.5.1.5
Ashampoo Slideshow Studio HD 2 2.0.5
Ashampoo Snap 5 v.5.1.5
Ashampoo WinOptimizer 6.60
Ashampoo WinOptimizer 9 v.9.04.31
BufferChm
CardWorks Business Card Software
CNET TechTracker
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
convertor-html version 1.0.0.0
Copy
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CreativeProjects
CreativeProjectsTemplates
CueTour
DBX Recovery Free 1.0
Delete Doctor 2.3
Destinations
Director
DocProc
DocumentViewer
DP8381x 10/100 PCI Network Adapter Driver
EASEUS Data Recovery Wizard 4.0.1
EASEUS Partition Master 9.1.0 Home Edition
EaseUS Todo Backup Free 4.0
Easy Card Creator
ESBE Hydronic Selection
Fax
Free All Office Converter Pro 5.8
Free DWG Viewer 7.1
Free PDF to Word Converter 2.0
Free Studio version 5.8.0.1201
Google Earth Plug-in
Google SketchUp 8
Google Talk Plugin
Google Update Helper
Hercules Smart TV USB2 Drivers
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
HP Diagnostic Assistant
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
HP Unload DLL Patch
HPSystemDiagnostics
Html to Word Doc Rtf Converter 3000 7.4
Incomedia WebSite X5 v9 - Compact
InstantShare
InstantShareAlert
Intel(R) Extreme Graphics Driver
Java 7 Update 9
Java Auto Updater
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
My Family Tree
Need4 Software Launcher 8.1
Need4 Video Converter 9
Nero 11
Nero 9 Essentials
Nero Audio Pack 1
Nero BackItUp 11
Nero BackItUp 11 Help (CHM)
Nero Backup Drivers
Nero Blu-ray Player
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero Cliparts
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero CoverDesigner 11
Nero CoverDesigner 11 Help (CHM)
Nero Disc Menus Basic
Nero Effects Basic
Nero Express 11
Nero Express 11 Help (CHM)
Nero Image Samples
Nero Installer
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Kwik Themes Basic
Nero Online Upgrade
Nero PiP Effects Basic
Nero Recode 11
Nero Recode 11 Help (CHM)
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero SharedVideoCodecs
Nero SoundTrax 11
Nero SoundTrax 11 Help (CHM)
Nero StartSmart
Nero StartSmart OEM
Nero Update
Nero Video 11
Nero Video 11 Help (CHM)
Nero Video Samples
Nero WaveEditor 11
Nero WaveEditor 11 Help (CHM)
nero.prerequisites.msi
neroxml
Nitro Pro 7
Nitro Reader 2
Norton AntiVirus
Norton Bootable Recovery Tool Wizard
Norton PC Checkup
OfficePrinter 2.0
Open DBX Files Free 1.0
Overland
Page Wunder
Panda USB Vaccine 1.0.1.4
PhotoGallery
PhotoPad Image Editor
PhotoScape
Picasa 3
Pixillion Image Converter
PowerVCR II
PrintScreen
Prism Video File Converter
ProductContext
QFolder
QuickProjects
Readme
Recovery Toolbox for Outlook Express 1.2
Revo Uninstaller 1.94
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SkinsHP1
Skype Click to Call
Skype™ 5.10
Smart Link 56K Modem
SmartPack 1.21.0
Steganos Safe 2012
System Explorer 3.9.9
System Requirements Lab Test
The KMPlayer (remove only)
The Weather Channel App
TrayApp
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual Slideshow
VLC media player 2.0.3
Weather Watcher
WebFldrs XP
WebReg
Welcome App (Start-up experience)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinZip 11.2
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
YouTube Downloader 3.5
Youtube Grabber + Accelerator
.
==== Event Viewer Messages From Past Week ========
.
1/22/2013 12:11:26 PM, error: Dhcp [1002] - The IP address lease 192.168.1.33 for the Network Card with network address 00030D0ECB3C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/21/2013 12:33:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E9376CC6-121A-447E-81CF-D8BCC200007C}
1/21/2013 1:38:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58}
1/18/2013 5:47:34 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/17/2013 8:59:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_NAV eeCtrl EUBKMON EUDSKACS EUFDDISK Fips IntelIde intelppm ohci1394 SLEE_17_DRIVER SRTSPX SymIRON SYMTDI
1/17/2013 8:45:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
1/17/2013 8:44:01 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/17/2013 8:40:24 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/17/2013 8:39:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service TuneUp.UtilitiesSvc with arguments "" in order to run the server: {5EF1CF5D-87A9-434B-8786-2A08E1C30F6C}
1/17/2013 2:08:15 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/17/2013 2:06:13 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/17/2013 12:44:41 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccSet_NAV eeCtrl EUBKMON EUDSKACS EUFDDISK Fips IntelIde intelppm IPSec MRxSmb NetBIOS NetBT ohci1394 RasAcd Rdbss SLEE_17_DRIVER SRTSPX SymIRON SYMTDI Tcpip
1/17/2013 12:44:41 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
1/17/2013 12:44:41 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/17/2013 12:44:41 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/17/2013 12:44:41 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/17/2013 11:46:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/17/2013 11:42:41 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
1/17/2013 11:28:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/17/2013 1:33:12 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/17/2013 1:30:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
1/17/2013 1:03:44 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
1/17/2013 1:03:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service COMSysApp with arguments "" in order to run the server: {182C40F0-32E4-11D0-818B-00A0C9231C29}
.
==== End Of File ===========================
constantin
Regular Member
 
Posts: 18
Joined: January 22nd, 2013, 4:48 am
Advertisement
Register to Remove

Re: How to deal with malware infected files

Unread postby nunped » January 24th, 2013, 5:21 pm

Hello constantin, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems. I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: How to deal with malware infected files

Unread postby constantin » January 24th, 2013, 5:52 pm

Hello Nunped

Thank you for reply. I acknowledge that my behavior concerning this issue complies totally with the rules you mentioned in your reply.
I am still waiting for further help.
Thank you,
Constantin
constantin
Regular Member
 
Posts: 18
Joined: January 22nd, 2013, 4:48 am

Re: How to deal with malware infected files

Unread postby nunped » January 25th, 2013, 9:01 pm

Hi constantin,

Can we tell how you got access to Office Professional?
Is this computer used for any kind of business?

Please run:
MGADiag
  • Please download this tool from Microsoft.
  • Double-click MGADiag.exe
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

and...
CKScanner
Please download CKScanner ... Save it to your desktop.
This program should only be run once!
Make sure that CKScanner.exe is on the your desktop before running the application!

  • Double-click on the CKScanner.exe icon... then click the Search For Files button.
  • When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  • Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  • Please copy/paste the contents of ckfiles.txt in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: How to deal with malware infected files

Unread postby constantin » January 26th, 2013, 5:32 am

Hi, Nunpad

Thank you for answering.

No, this computer is not used for any kind of business.

The results of MGDiag:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-8DR2H-RBCX6-9HR23
Windows Product Key Hash: AhLZ50FiGIAYv8mzGPQYadOviJo=
Windows Product ID: 55277-OEM-2111907-00117
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {C5469C53-3ABD-40E4-89DE-AF060B2630A1}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office XP Professional - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{C5469C53-3ABD-40E4-89DE-AF060B2630A1}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9HR23</PKey><PID>55277-OEM-2111907-00117</PID><PIDType>2</PIDType><SID>S-1-5-21-1390067357-220523388-1801674531</SID><SYSTEM><Manufacturer>FUJITSU SIEMENS</Manufacturer><Model>Amilo L Series</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1.02 </Version><SMBIOSVersion major="2" minor="3"/><Date>20031107000000.000000+000</Date><SLPBIOS> FUJITSU SIEMENS, FSC SYSTEM, FSC SERVER, FUJITSU SIEMENS</SLPBIOS></BIOS><HWID>44483D07018400E2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GTB Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Professional</Name><Ver>10</Ver><Val>4DCE77C4C7251C2</Val><Hash>VUmp0p/tFqfCf356JzVk2BiYKbE=</Hash><Pid>54186-641-2802252-17028</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="10" Result="100"/><App Id="16" Version="10" Result="100"/><App Id="18" Version="10" Result="100"/><App Id="1A" Version="10" Result="100"/><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1FFB0:Fujitsu Siemens Computers|1876A:Fujitsu Siemens Computers|172E4:GENUINE C&C INC|18772:Siemens AG|18772:Siemens AG
Marker string from OEMBIOS.DAT: FUJITSU SIEMENS, FSC SYSTEM, FSC SERVER, FUJITSU SIEMENS

OEM Activation 2.0 Data-->
N/A

And here is the report from CKScanner:
CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.PLNARK
----- EOF -----
constantin
Regular Member
 
Posts: 18
Joined: January 22nd, 2013, 4:48 am

Re: How to deal with malware infected files

Unread postby constantin » January 26th, 2013, 5:36 am

Hi, Nunpad

Thank you for answering.

No, this computer is not used for any kind of business.

The results of MGDiag:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-8DR2H-RBCX6-9HR23
Windows Product Key Hash: AhLZ50FiGIAYv8mzGPQYadOviJo=
Windows Product ID: 55277-OEM-2111907-00117
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {C5469C53-3ABD-40E4-89DE-AF060B2630A1}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office XP Professional - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{C5469C53-3ABD-40E4-89DE-AF060B2630A1}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-9HR23</PKey><PID>55277-OEM-2111907-00117</PID><PIDType>2</PIDType><SID>S-1-5-21-1390067357-220523388-1801674531</SID><SYSTEM><Manufacturer>FUJITSU SIEMENS</Manufacturer><Model>Amilo L Series</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>1.02 </Version><SMBIOSVersion major="2" minor="3"/><Date>20031107000000.000000+000</Date><SLPBIOS> FUJITSU SIEMENS, FSC SYSTEM, FSC SERVER, FUJITSU SIEMENS</SLPBIOS></BIOS><HWID>44483D07018400E2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GTB Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0050048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office XP Professional</Name><Ver>10</Ver><Val>4DCE77C4C7251C2</Val><Hash>VUmp0p/tFqfCf356JzVk2BiYKbE=</Hash><Pid>54186-641-2802252-17028</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="10" Result="100"/><App Id="16" Version="10" Result="100"/><App Id="18" Version="10" Result="100"/><App Id="1A" Version="10" Result="100"/><App Id="1B" Version="10" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1FFB0:Fujitsu Siemens Computers|1876A:Fujitsu Siemens Computers|172E4:GENUINE C&C INC|18772:Siemens AG|18772:Siemens AG
Marker string from OEMBIOS.DAT: FUJITSU SIEMENS, FSC SYSTEM, FSC SERVER, FUJITSU SIEMENS

OEM Activation 2.0 Data-->
N/A

And here is the report from CKScanner:
CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.PLNARK
----- EOF -----
constantin
Regular Member
 
Posts: 18
Joined: January 22nd, 2013, 4:48 am

Re: How to deal with malware infected files

Unread postby nunped » January 27th, 2013, 12:23 pm

Hi constantin,

Step 1 Image Please download Junkware Removal Tool and save it to your desktop.
  • Shut down your protection software as shown in This topic now to avoid potential conflicts.
  • Run the tool by double-clicking it.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Step 2 Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Step 3 Please download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

For your next post:
  1. JRT.txt
  2. MBAM log
  3. OTL.txt and Extras.txt
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: How to deal with malware infected files

Unread postby constantin » January 28th, 2013, 6:42 am

Hi, Nunpad

Thank you for help.
I tried twice to send the results you last asked for, but the file exceeds the limit of characters number and the message was rejected. So, I shall divide the answer into two replies.

Down there is the first one :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.2 (01.26.2013:2)
OS: Microsoft Windows XP x86
Ran by Tinel on Sun 01/27/2013 at 22:46:17.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] defaulttabupdate
Successfully deleted: [Service] defaulttabupdate



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{33aa308b-b565-4376-ac66-59ee9b6ad13e}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\default tab
Successfully deleted: [Registry Key] hkey_local_machine\software\default tab
Successfully deleted: [Registry Key] hkey_current_user\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\esrv.searchyaesrvc
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\esrv.searchyaesrvc.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\i
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ironsource.searchyaappcore
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ironsource.searchyaappcore.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ironsource.searchyadskbnd
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ironsource.searchyadskbnd.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ironsource.searchyahlpr
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ironsource.searchyahlpr.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\agi"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Tinel\Application Data\application updater"
Successfully deleted: [Folder] "C:\Documents and Settings\Tinel\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Tinel\Application Data\defaulttab"
Successfully deleted: [Folder] "C:\Documents and Settings\Tinel\Application Data\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Documents and Settings\Tinel\Application Data\pricegong"
Successfully deleted: [Folder] "C:\Documents and Settings\Tinel\Local Settings\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Tinel\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Program Files\ironsource"
Successfully deleted: [Folder] "C:\Program Files\Common Files\spigot"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Documents and Settings\Tinel\Application Data\mozilla\firefox\profiles\7pqu4e97.default\user.js
Successfully deleted: [File] C:\Documents and Settings\Tinel\Application Data\mozilla\firefox\profiles\7pqu4e97.default\extensions\addon@defaulttab.com.xpi
Successfully deleted: [File] C:\Documents and Settings\Tinel\Application Data\mozilla\firefox\profiles\7pqu4e97.default\searchplugins\search-here.xml
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted the following from C:\Documents and Settings\Tinel\Application Data\mozilla\firefox\profiles\7pqu4e97.default\prefs.js

user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "affID=110482");
user_pref("extensions.BabylonToolbar.bbDpng", 24);
user_pref("extensions.BabylonToolbar.dfltSrch", false);
user_pref("extensions.BabylonToolbar.hmpg", false);
user_pref("extensions.BabylonToolbar.id", "d4a546ec00000000000000158307c9c5");
user_pref("extensions.BabylonToolbar.instlDay", "15394");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.lastDP", 24);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1713:00:21");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "9.0");
user_pref("extensions.BabylonToolbar.newTab", true);
user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 68655832);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.smplGrp", "none");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1713:00:21");
user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110482");
user_pref("extensions.BabylonToolbar_i.hardId", "d4a546ec00000000000000158307c9c5");
user_pref("extensions.BabylonToolbar_i.id", "d4a546ec00000000000000158307c9c5");
user_pref("extensions.BabylonToolbar_i.instlDay", "15394");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1713:00:21");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.defaulttab.active.affiliate", 2652);
user_pref("extensions.defaulttab.active.overridechromesearch", false);
user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
user_pref("extensions.defaulttab.active.yw3i", "W3i_IA,206,0_0,Search,20130104,18179,0,0,0");
user_pref("extensions.defaulttab.browserID", "AEEF5364CCF2F04B81B0F8F7E145FEE7");
user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search Here|Search He
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installedVersion", "1.4.3");
user_pref("extensions.searchya.admin", false);
user_pref("extensions.searchya.aflt", "orgnl");
user_pref("extensions.searchya.cntry", "RO");
user_pref("extensions.searchya.dfltLng", "");
user_pref("extensions.searchya.dfltSrch", true);
user_pref("extensions.searchya.excTlbr", false);
user_pref("extensions.searchya.hdrMd5", "A8E30910C1C2C883350DED0B67704129");
user_pref("extensions.searchya.hmpg", true);
user_pref("extensions.searchya.id", "d4a546ec00000000000000158307c9c5");
user_pref("extensions.searchya.instlDay", "15494");
user_pref("extensions.searchya.instlRef", "fxtb-01");
user_pref("extensions.searchya.isDcmntCmplt", true);
user_pref("extensions.searchya.lastVrsnTs", "1.5.13.019:15:10");
user_pref("extensions.searchya.mntrvrsn", "1.2.0");
user_pref("extensions.searchya.newTab", false);
user_pref("extensions.searchya.newTabUrl", "hxxp://searchya.com/?chnl=dcom-100&s=2&cr=797552488&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDtB");
user_pref("extensions.searchya.noFFXTlbr", false);
user_pref("extensions.searchya.prdct", "searchya");
user_pref("extensions.searchya.propectorlck", 77303779);
user_pref("extensions.searchya.prtkHmpg", 1);
user_pref("extensions.searchya.prtnrId", "ironsrc");
user_pref("extensions.searchya.sg", "none");
user_pref("extensions.searchya.smplGrp", "none");
user_pref("extensions.searchya.srchPrvdr", "SearchYa!");
user_pref("extensions.searchya.tlbrId", "base");
user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://searchya.com/?chnl=fxtb-01&s=3&cr=xx&cd=yy&q=");
user_pref("extensions.searchya.vrsn", "1.5.13.0");
user_pref("extensions.searchya.vrsnTs", "1.5.13.019:15:10");
user_pref("extensions.searchya.vrsni", "1.5.13.0");
user_pref("extensions.searchya_i.aflt", "orgnl");
user_pref("extensions.searchya_i.dfltLng", "");
user_pref("extensions.searchya_i.dfltSrch", true);
user_pref("extensions.searchya_i.dnsErr", true);
user_pref("extensions.searchya_i.excTlbr", false);
user_pref("extensions.searchya_i.hmpg", true);
user_pref("extensions.searchya_i.hmpgUrl", "hxxp://searchya.com/?chnl=dcom-100&s=0&cr=797552488&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDtB");
user_pref("extensions.searchya_i.id", "d4a546ec00000000000000158307c9c5");
user_pref("extensions.searchya_i.instlDay", "15494");
user_pref("extensions.searchya_i.instlRef", "fxtb-01");
user_pref("extensions.searchya_i.newTab", false);
user_pref("extensions.searchya_i.newTabUrl", "hxxp://searchya.com/?chnl=dcom-100&s=2&cr=797552488&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDtB");
user_pref("extensions.searchya_i.prdct", "searchya");
user_pref("extensions.searchya_i.prtnrId", "ironsrc");
user_pref("extensions.searchya_i.smplGrp", "none");
user_pref("extensions.searchya_i.srchPrvdr", "SearchYa!");
user_pref("extensions.searchya_i.tlbrId", "base");
user_pref("extensions.searchya_i.tlbrSrchUrl", "hxxp://searchya.com/?chnl=fxtb-01&s=3&cr=xx&cd=yy&q=");
user_pref("extensions.searchya_i.vrsn", "1.5.13.0");
user_pref("extensions.searchya_i.vrsnTs", "1.5.13.019:34:55");
user_pref("extensions.searchya_i.vrsni", "1.5.13.0");
user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=15957405-8C1A-4948-AD8C-159CD8086ADD&n=77ee6747&ptnrS=XPxdm447YYro&
user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
user_pref("extensions.toolbar.mindspark._64Members_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2012112711");
user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPxdm447YYro");
user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "7013");
user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "15957405-8C1A-4948-AD8C-159CD8086ADD");
user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1354009978442");
user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false);
user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", false);
user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/27/2013 at 22:56:03.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.27.08

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Tinel :: TINEL-UCJA9IB1F [administrator]

Protection: Disabled

1/27/2013 11:17:07 PM
mbam-log-2013-01-27 (23-17-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247089
Time elapsed: 6 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\64Uninstall TelevisionFanatic.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)
constantin
Regular Member
 
Posts: 18
Joined: January 22nd, 2013, 4:48 am

Re: How to deal with malware infected files

Unread postby constantin » January 28th, 2013, 6:46 am

...and here is the second part of reply, concerning the OTL reports :

OTL logfile created on: 1/27/2013 11:37:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Tinel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.36 Mb Total Physical Memory | 703.44 Mb Available Physical Memory | 69.28% Memory free
4.34 Gb Paging File | 4.16 Gb Available in Paging File | 95.87% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048D:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 10.00 Gb Free Space | 29.25% Space Free | Partition Type: NTFS
Drive D: | 58.97 Gb Total Space | 24.11 Gb Free Space | 40.88% Space Free | Partition Type: NTFS

Computer Name: TINEL-UCJA9IB1F | User Name: Tinel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/27 18:43:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tinel\Desktop\OTL.exe
PRC - [2013/01/19 16:26:52 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/24 01:09:02 | 000,083,456 | ---- | M] () -- C:\Program Files\NCH Software\ExpressZip\ezcm.dll
MOD - [2013/01/19 16:26:50 | 003,022,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/16 14:33:14 | 000,094,728 | ---- | M] () -- C:\Program Files\Nitro PDF\Professional 7\NPShellExtension.dll
MOD - [2011/10/11 13:28:16 | 000,101,248 | ---- | M] () -- C:\Program Files\Need4 Video Converter 9\vcContext.dll
MOD - [2010/11/17 15:03:40 | 000,187,904 | ---- | M] () -- C:\Program Files\Steganos Safe 2012\ShellExtension.dll
MOD - [2010/02/12 09:37:50 | 000,633,696 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\ContextHandler.dll
MOD - [2008/11/18 11:03:16 | 001,074,536 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo Magical Security 2\AshPPCor.dll
MOD - [2008/11/18 11:03:10 | 000,128,360 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo Magical Security 2\ash_lang.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2002/08/29 14:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/19 16:26:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/17 12:39:20 | 001,214,216 | ---- | M] (Bitdefender) [Auto | Stopped] -- C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe -- (pdserv)
SRV - [2012/12/15 19:09:39 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/30 23:36:49 | 000,161,768 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/21 06:58:38 | 000,567,256 | ---- | M] (Mister Group) [Disabled | Stopped] -- C:\Program Files\System Explorer\service\SystemExplorerService.exe -- (SystemExplorerHelpService)
SRV - [2012/07/13 13:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/07/05 17:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/04 09:49:04 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/06/16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe -- (NAV)
SRV - [2012/06/15 11:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/05/16 20:11:42 | 000,184,848 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012/05/16 14:33:14 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012/05/16 14:33:06 | 000,184,840 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe -- (NitroDriverReadSpool2)
SRV - [2012/04/04 09:48:07 | 000,123,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.48\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/12/22 23:09:56 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Disabled | Stopped] -- C:\Program Files\EASEUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2011/12/22 23:09:46 | 000,061,064 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Disabled | Stopped] -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2011/12/14 14:57:35 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/11/25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/04/09 21:42:00 | 000,492,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008/04/09 20:14:18 | 000,431,384 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/08/09 09:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/05/20 11:24:20 | 000,045,056 | ---- | M] ( ) [Disabled | Stopped] -- C:\WINDOWS\System32\slserv.exe -- (SLService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Tinel\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2013/01/16 19:09:27 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20130116.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/16 19:09:27 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20130116.006\NAVENG.SYS -- (NAVENG)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/12/06 21:22:30 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/10/24 01:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20130111.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/10/06 23:50:46 | 000,097,440 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SMR311.SYS -- (SMR311)
DRV - [2012/09/01 02:27:25 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20130113.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/07/06 04:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NAV\1309000.009\srtsp.sys -- (SRTSP)
DRV - [2012/07/06 04:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NAV\1309000.009\srtspx.sys -- (SRTSPX)
DRV - [2012/06/07 06:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NAV\1309000.009\ccsetx86.sys -- (ccSet_NAV)
DRV - [2012/05/22 03:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1309000.009\symefa.sys -- (SymEFA)
DRV - [2012/05/03 09:43:34 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012/04/18 04:13:32 | 000,388,216 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NAV\1309000.009\symtdi.sys -- (SYMTDI)
DRV - [2012/04/18 03:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NAV\1309000.009\ironx86.sys -- (SymIRON)
DRV - [2012/03/26 21:41:13 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/30 00:34:04 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2011/12/30 00:34:04 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/12/30 00:33:52 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2011/12/30 00:33:30 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2011/12/22 23:09:40 | 000,185,864 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV - [2011/12/22 23:09:38 | 000,043,784 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2011/12/22 23:09:32 | 000,016,008 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/12/22 23:09:30 | 000,050,312 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/12/01 10:40:16 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NBVol.sys -- (NBVol)
DRV - [2011/12/01 10:40:16 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2011/07/29 13:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/07/25 20:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1309000.009\symds.sys -- (SymDS)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/16 02:45:44 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2010/02/17 14:21:12 | 000,094,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SleeN17.sys -- (SLEE_17_DRIVER)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2006/09/12 21:21:46 | 000,292,864 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2006/08/21 23:38:46 | 000,007,168 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2005/04/08 10:48:18 | 000,179,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio)
DRV - [2004/08/05 10:35:24 | 000,019,200 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2004/08/03 21:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\recagent.sys -- (RecAgent)
DRV - [2004/03/23 16:18:44 | 000,100,925 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2004/03/23 16:18:32 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2003/06/04 13:15:12 | 001,295,600 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2003/05/20 11:23:10 | 000,210,592 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2003/05/20 11:19:24 | 000,085,688 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2003/05/19 13:30:02 | 000,169,120 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2003/05/13 08:58:34 | 000,521,408 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2003/03/13 16:13:56 | 000,031,287 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a311.sys -- ({5C8B2B62-A385-11d5-A78B-00104B672758})
DRV - [2003/03/13 16:13:52 | 000,033,335 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a310.sys -- ({5C8B2B65-A385-11d5-A78B-00104B672758})
DRV - [2003/01/16 23:19:32 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2001/08/17 14:12:32 | 000,016,074 | ---- | M] (NETGEAR Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FA312nd5.sys -- (FA312)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mg5.mail.yahoo.com/neo/launch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C 74 4A 12 50 47 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {76a39c95-086b-44df-bb69-b9e158ecffcf} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {F1217F34-C82E-45D1-B37E-52427536D77E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{11FB3F2E-ADAD-4370-A9A1-59E5384E26A2}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{F1217F34-C82E-45D1-B37E-52427536D77E}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.1.1.5%20-%202
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.4.0
FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BrowserPlugin\npBrowserPlugin.dll (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Tinel\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Tinel\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Tinel\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Tinel\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2012/01/31 18:24:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/09/25 09:32:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 16:26:53 | 000,000,000 | ---D | M]

[2012/02/24 13:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tinel\Application Data\Mozilla\Extensions
[2013/01/27 22:55:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tinel\Application Data\Mozilla\Firefox\Profiles\7pqu4e97.default\extensions
[2013/01/18 12:23:00 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Tinel\Application Data\Mozilla\Firefox\Profiles\7pqu4e97.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2013/01/18 12:23:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Tinel\Application Data\Mozilla\Firefox\Profiles\7pqu4e97.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2012/10/21 10:01:33 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Documents and Settings\Tinel\Application Data\Mozilla\Firefox\Profiles\7pqu4e97.default\extensions\maps@ovi.com
[2013/01/19 16:38:13 | 000,533,221 | ---- | M] () (No name found) -- C:\Documents and Settings\Tinel\Application Data\Mozilla\Firefox\Profiles\7pqu4e97.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/12/11 21:38:25 | 000,036,098 | ---- | M] () (No name found) -- C:\Documents and Settings\Tinel\Application Data\Mozilla\Firefox\Profiles\7pqu4e97.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012/11/23 20:46:38 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\Tinel\Application Data\Mozilla\Firefox\Profiles\7pqu4e97.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/22 12:49:53 | 000,091,556 | ---- | M] () (No name found) -- C:\Documents and Settings\Tinel\Application Data\Mozilla\Firefox\Profiles\7pqu4e97.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
[2012/07/25 08:44:14 | 000,000,003 | ---- | M] () (No name found) -- C:\Documents and Settings\Tinel\Application Data\Mozilla\Firefox\Profiles\7pqu4e97.default\extensions\maps@ovi.com\plugins\package.XPI
[2013/01/19 16:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/19 16:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/31 18:24:02 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPLGN
[2012/09/25 09:32:28 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2013/01/19 16:26:52 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/19 16:26:44 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/19 16:26:44 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2002/08/29 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {76a39c95-086b-44df-bb69-b9e158ecffcf} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {76A39C95-086B-44DF-BB69-B9E158ECFFCF} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Tinel\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Tinel\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 8707055906 (WUWebControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{806A836F-8D3F-4DB3-9487-EE6E71C0264C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/25 12:33:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/27 23:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tinel\Application Data\Malwarebytes
[2013/01/27 23:11:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/27 23:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/01/27 23:11:39 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/01/27 23:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/27 23:08:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/01/27 22:46:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/01/27 22:46:07 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/27 18:43:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tinel\Desktop\OTL.exe
[2013/01/27 18:36:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tinel\Desktop\Depan.TuneUp-Ian.2013
[2013/01/27 18:35:39 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tinel\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/27 18:33:10 | 000,536,387 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Tinel\Desktop\JRT.exe
[2013/01/27 13:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tinel\Desktop\INSTALERS PROGR.CUMPARAT
[2013/01/26 13:22:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 60-Second Virus Scanner
[2013/01/26 11:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2013/01/26 00:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\QuickScan
[2013/01/25 23:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tinel\Desktop\DEPAN. PC-IAN.2013
[2013/01/25 21:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tinel\Desktop\SHORTCUTS
[2013/01/24 21:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013/01/24 01:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Utilities
[2013/01/24 01:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tinel\Start Menu\Programs\NCH Software Suite
[2013/01/23 11:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN
[2013/01/23 11:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
[2013/01/23 11:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2013/01/22 23:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tinel\Application Data\SUPERAntiSpyware.com
[2013/01/22 23:34:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/01/22 23:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/01/22 23:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/01/22 21:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tinel\Doctor Web
[2013/01/22 20:38:02 | 002,964,544 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Tinel\Desktop\NPE.exe
[2013/01/21 14:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\ACW
[2013/01/21 14:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2013/01/21 14:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
[2013/01/21 14:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2013/01/19 16:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/18 12:26:25 | 000,000,000 | ---D | C] -- C:\Output
[2013/01/18 12:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2013/01/18 12:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\System Explorer
[2013/01/18 12:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\System Explorer
[2013/01/18 12:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[2013/01/18 12:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2013/01/18 12:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tinel\Application Data\Uniblue
[2013/01/13 17:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tinel\Application Data\WinZip
[2013/01/13 17:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip System Utilities Suite
[2013/01/13 01:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2013/01/11 13:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\System Explorer(2)
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/27 23:33:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/27 23:11:42 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/27 22:38:02 | 000,000,307 | ---- | M] () -- C:\Documents and Settings\Tinel\Desktop\How to disable firewall.url
[2013/01/27 22:32:23 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\Tinel\Desktop\How to disable an antivirus program.url
[2013/01/27 18:43:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tinel\Desktop\OTL.exe
[2013/01/27 18:35:47 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tinel\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/27 18:33:10 | 000,536,387 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Tinel\Desktop\JRT.exe
[2013/01/27 18:20:58 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\Tinel\Desktop\Vibraţia vindecării.url
[2013/01/27 13:15:31 | 000,842,128 | ---- | M] () -- C:\Documents and Settings\Tinel\Desktop\Document.rtf
[2013/01/27 13:13:51 | 000,205,130 | ---- | M] () -- C:\Documents and Settings\Tinel\Desktop\Print Screen.bmp
[2013/01/27 00:37:35 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Tinel\Desktop\MalWare Removal.1.url
[2013/01/26 13:22:46 | 000,052,108 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1359199325.bdinstall.bin
[2013/01/26 11:07:31 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\Tinel\Desktop\Notepad.lnk
[2013/01/26 11:01:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/26 00:20:49 | 000,051,676 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1359152412.bdinstall.bin
[2013/01/25 23:13:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\cardworksShakeIcon.job
[2013/01/25 23:02:12 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\prismDowngrade.job
[2013/01/25 23:02:12 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2013/01/25 23:00:35 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\photopadShakeIcon.job
[2013/01/25 21:07:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/24 21:02:46 | 000,045,837 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1359054109.bdinstall.bin
[2013/01/24 19:32:25 | 000,000,220 | ---- | M] () -- C:\boot.ini
[2013/01/23 15:09:59 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\Tinel\Desktop\Microsoft Community Help.url
[2013/01/23 11:34:13 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
[2013/01/23 11:28:45 | 000,000,212 | ---- | M] () -- C:\WINDOWS\tasks\dsmonitor.job
[2013/01/23 11:28:30 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\Tinel\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2013/01/22 23:34:54 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/01/22 20:38:03 | 002,964,544 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Tinel\Desktop\NPE.exe
[2013/01/22 13:05:11 | 000,000,607 | ---- | M] () -- C:\Documents and Settings\Tinel\Desktop\OUTLOOK EXPRESS.lnk
[2013/01/21 13:38:00 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/01/18 12:34:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tinel\Application Data\.NANotifyHere
[2013/01/17 12:02:47 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/17 11:50:32 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/16 19:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/16 19:05:01 | 000,001,188 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-220523388-1801674531-1004UA.job
[2013/01/16 19:05:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/16 00:05:05 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-220523388-1801674531-1004Core.job
[2013/01/13 17:54:21 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\WINZIPSS-WINZIPSSOneClickCare.job
[2013/01/13 17:54:12 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
[2013/01/10 14:48:12 | 000,503,550 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/10 14:48:12 | 000,088,908 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/27 23:11:42 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/27 22:37:38 | 000,000,307 | ---- | C] () -- C:\Documents and Settings\Tinel\Desktop\How to disable firewall.url
[2013/01/27 22:31:45 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Tinel\Desktop\How to disable an antivirus program.url
[2013/01/27 18:20:31 | 000,000,159 | ---- | C] () -- C:\Documents and Settings\Tinel\Desktop\Vibraţia vindecării.url
[2013/01/27 13:15:31 | 000,842,128 | ---- | C] () -- C:\Documents and Settings\Tinel\Desktop\Document.rtf
[2013/01/27 13:13:51 | 000,205,130 | ---- | C] () -- C:\Documents and Settings\Tinel\Desktop\Print Screen.bmp
[2013/01/27 00:37:09 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Tinel\Desktop\MalWare Removal.1.url
[2013/01/26 13:22:46 | 000,052,108 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1359199325.bdinstall.bin
[2013/01/26 11:07:31 | 000,001,519 | ---- | C] () -- C:\Documents and Settings\Tinel\Desktop\Notepad.lnk
[2013/01/26 00:20:49 | 000,051,676 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1359152412.bdinstall.bin
[2013/01/25 23:02:12 | 000,000,324 | ---- | C] () -- C:\WINDOWS\tasks\prismDowngrade.job
[2013/01/25 23:00:35 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\photopadShakeIcon.job
[2013/01/24 21:02:46 | 000,045,837 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1359054109.bdinstall.bin
[2013/01/24 01:09:02 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Express Zip.lnk
[2013/01/23 15:09:24 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Tinel\Desktop\Microsoft Community Help.url
[2013/01/23 11:34:13 | 000,000,220 | ---- | C] () -- C:\WINDOWS\tasks\DriverScanner.job
[2013/01/23 11:28:45 | 000,000,212 | ---- | C] () -- C:\WINDOWS\tasks\dsmonitor.job
[2013/01/23 11:28:30 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\Tinel\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2013/01/22 23:34:54 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/01/21 01:43:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/21 01:35:47 | 000,000,210 | ---- | C] () -- C:\Documents and Settings\Tinel\Desktop\Y! Mail.url
[2013/01/20 18:26:53 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Tinel\Desktop\Google.url
[2013/01/17 00:16:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tinel\Application Data\.NANotifyHere
[2013/01/13 17:54:20 | 000,000,448 | ---- | C] () -- C:\WINDOWS\tasks\WINZIPSS-WINZIPSSOneClickCare.job
[2013/01/13 17:54:12 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
[2012/11/27 12:52:24 | 000,179,336 | ---- | C] () -- C:\Program Files\64res.dll
[2012/06/02 21:19:49 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2012/06/02 21:19:49 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2012/06/02 21:19:48 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2012/06/02 21:19:48 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\office.exe
[2012/05/29 19:32:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/02/16 19:49:49 | 001,638,136 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1390067357-220523388-1801674531-1004-0.dat
[2012/02/16 17:51:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 02:01:56 | 000,189,658 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/24 00:28:50 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\kbdrost.dll
[2012/01/24 00:28:50 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\kbdropr.dll
[2012/01/24 00:28:50 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\kbdro2.dll
[2012/01/24 00:28:50 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\kbdro1.dll
[2012/01/06 12:14:10 | 000,043,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2012/01/02 12:19:48 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011/12/17 00:12:37 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/12/02 20:59:20 | 000,104,156 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/12/02 20:59:20 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/12/02 01:14:52 | 000,104,078 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2011/12/02 01:14:52 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2011/11/14 01:50:26 | 000,004,871 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\etgxespc.rpo
[2011/11/10 19:22:21 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/11/04 23:29:01 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2011/11/04 23:28:50 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2011/11/04 22:50:04 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2011/11/04 22:40:43 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2011/11/03 19:57:49 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2011/10/30 21:10:34 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/10/30 21:10:34 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/10/30 21:10:34 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/10/30 21:10:34 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/10/30 21:10:34 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/10/28 22:38:05 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Tinel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/27 19:08:50 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2011/10/27 13:29:26 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Tinel\Local Settings\Application Data\fusioncache.dat
[2011/10/25 15:24:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/25 15:23:21 | 000,186,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/25 13:07:22 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2011/10/25 13:07:22 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\slmh.exe
[2011/10/25 13:07:22 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\minirec.exe
[2011/10/25 13:07:22 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2011/10/25 13:07:22 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SmCfg.exe
[2011/10/25 13:07:22 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2011/10/25 12:35:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/25 12:30:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2011/10/27 13:11:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/01/06 21:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2013/01/23 11:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2011/11/14 00:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2012/01/02 00:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CAM Development
[2012/08/09 23:03:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/05/27 19:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2011/11/14 01:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Need4Video
[2012/05/31 12:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2013/01/21 14:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012/06/02 21:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smart Soft
[2012/10/06 23:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMR311
[2013/01/18 12:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2012/12/03 01:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/08/09 23:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/11/14 01:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/01/13 22:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2012/08/09 23:03:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/12/30 00:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\Acronis
[2012/08/30 23:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\Ashampoo
[2012/09/19 10:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\Ashampoo Slideshow Studio HD 2
[2012/11/07 17:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\CBS Interactive
[2012/05/31 12:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\Downloaded Installations
[2012/12/05 20:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\DVDVideoSoft
[2012/02/20 01:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\ESBE Selection
[2012/05/27 19:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\FileOpen
[2012/06/02 21:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\Free PDF to Word Converter
[2012/05/16 16:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\IGC
[2012/01/17 19:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\JurexPro
[2011/10/30 00:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\Leadertech
[2013/01/13 17:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\Nitro PDF
[2012/05/14 23:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\PhotoScape
[2011/12/15 10:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\SoftMaker
[2012/12/06 01:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\Steganos
[2012/10/31 14:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\SystemRequirementsLab
[2012/02/02 16:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\TeamViewer
[2012/08/09 23:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\TuneUp Software
[2013/01/23 11:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\Uniblue
[2012/11/07 22:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\vso
[2013/01/18 14:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\WeatherWatcher
[2013/01/13 17:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\WinZip
[2012/05/27 20:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tinel\Application Data\YCanPDF

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\WINDOWS:nlsPreferences
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >


OTL Extras logfile created on: 1/27/2013 11:37:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Tinel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.36 Mb Total Physical Memory | 703.44 Mb Available Physical Memory | 69.28% Memory free
4.34 Gb Paging File | 4.16 Gb Available in Paging File | 95.87% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048D:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 10.00 Gb Free Space | 29.25% Space Free | Partition Type: NTFS
Drive D: | 58.97 Gb Total Space | 24.11 Gb Free Space | 40.88% Space Free | Partition Type: NTFS

Computer Name: TINEL-UCJA9IB1F | User Name: Tinel | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\CyberLink\PowerVCRII\PVCR.exe" = C:\Program Files\CyberLink\PowerVCRII\PVCR.exe:*:Enabled:PowerVCR II -- (CyberLink Corp.)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\Tinel\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Tinel\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Nero\KM\KwikMedia.exe" = C:\Program Files\Nero\KM\KwikMedia.exe:*:Enabled:Nero Kwik Media -- (Nero AG)
"C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe" = C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe:LocalSubNet:Enabled:Agent.exe -- (CHENGDU YIWO Tech Development Co., Ltd)
"C:\Documents and Settings\Tinel\Local Settings\Temp\HBCD\download.exe" = C:\Documents and Settings\Tinel\Local Settings\Temp\HBCD\download.exe:*:Enabled:download -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{05C6B128-1B40-4495-9CB9-090B368BFA0A}" = Nero Video Samples
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{2168A879-1BA2-46B8-B671-7F5A1DDDBC55}" = ESBE Hydronic Selection
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29E2C1C6-D76A-41D3-980F-6E346AA9A6A8}" = Nero Cliparts
"{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic
"{2B5B8788-8189-4BF2-A4D5-6368A5FA8EA6}" = Hercules Smart TV USB2 Drivers
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35AC8A61-6D0C-4B36-9DFA-86B5276AE38D}" = DP8381x 10/100 PCI Network Adapter Driver
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3f409a0f-2ce0-4169-9b88-daf11a9de8ce}" = Nero 9 Essentials
"{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1" = System Explorer 3.9.9
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{414D143D-7DB6-47A6-9E23-1914FD1B535A}_is1" = Incomedia WebSite X5 v9 - Compact
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{45FC15ED-1713-4394-ACDF-866E23F46F46}" = 1300_Help
"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E03E0F0-9530-4D74-A6EE-0FF134EBA6F0}" = 1300Trb
"{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = Welcome App (Start-up experience)
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{750808DC-427A-4347-B875-DAD16696FC47}" = Nitro Reader 2
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{810B7362-6B05-4714-AF6A-EF3A20CCD634}" = Nero 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8EBB8452-274B-465D-8324-00B0832FBB00}" = Ashampoo Office 2010
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{93CE3EBA-29A9-461F-B9C7-64C4C681C642}" = Nitro Pro 7
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B24F8C38-099E-4C29-A5B2-F012B5E22CAB}" = 1300Tour
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 7.1
"{BA9A0063-68B5-47B3-91EA-214AD5B79EFB}" = 1300
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BDDA03FF-47BE-4aa9-B4FA-06EA477A6B36}" = OfficePrinter 2.0
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4C6DF25-0E59-46EE-B24B-DF8749D8FF3A}" = Nero Image Samples
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}" = Bitdefender 60-Second Virus Scanner
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D62576C2-C084-4698-974A-5BE77714FDDD}" = System Requirements Lab Test
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DC7A1CE2-D28A-45B9-84AC-4D8A21D37FDA}_is1" = Weather Watcher
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic
"{E2A932B8-A1D0-4386-B77E-5E3C6D0398A5}" = Easy Card Creator
"{E6BB6BFE-1F0D-4D93-8627-360069111273}" = My Family Tree
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0BA5720-E189-11D4-9EA1-0050BAE317E1}" = PowerVCR II
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F8B5AA77-05D5-45BD-8FE3-F9E3631D72FB}" = EASEUS Data Recovery Wizard 4.0.1
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FADC3DC0-BCD9-4F6A-BB9D-360D695C5791}" = Steganos Safe 2012
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"123 Pdf to Word Converter for Doc Free_is1" = 123 Pdf to Word Converter for Doc Free 6.5
"1-Click YouTube Downloader_is1" = 1-Click YouTube Downloader 5.0
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Ailt BMP JPG JPEG to Word Converter_is1" = Ailt BMP JPG JPEG to Word Converter 5.7
"Ashampoo Burning Studio 11_is1" = Ashampoo Burning Studio 11 v.11.0.4
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"Ashampoo Magical Security 2_is1" = Ashampoo Magical Security 2.02
"Ashampoo Photo Optimizer 5_is1" = Ashampoo Photo Optimizer 5 v.5.1.5
"Ashampoo Slideshow Studio HD 2_is1" = Ashampoo Slideshow Studio HD 2 2.0.5
"Ashampoo Snap 5_is1" = Ashampoo Snap 5 v.5.1.5
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"Ashampoo WinOptimizer 9_is1" = Ashampoo WinOptimizer 9 v.9.04.31
"CardWorks" = CardWorks Business Card Software
"convertor-html 1.0.0.0_is1" = convertor-html version 1.0.0.0
"DBX Recovery Free_is1" = DBX Recovery Free 1.0
"Delete Doctor" = Delete Doctor 2.3
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"EaseUS Todo Backup Free 4.0_is1" = EaseUS Todo Backup Free 4.0
"ExpressZip" = Express Zip
"Free All Office Converter Pro_is1" = Free All Office Converter Pro 5.8
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 2.0
"Free Studio_is1" = Free Studio version 5.8.0.1201
"HP Photo & Imaging" = HP Image Zone 4.2
"Html to Word Doc Rtf Converter 3000_is1" = Html to Word Doc Rtf Converter 3000 7.4
"ie8" = Windows Internet Explorer 8
"InstallShield_{35AC8A61-6D0C-4B36-9DFA-86B5276AE38D}" = DP8381x 10/100 PCI Network Adapter Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAV" = Norton AntiVirus
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"Need4 Software Launcher" = Need4 Software Launcher 8.1
"Need4 Video Converter 9" = Need4 Video Converter 9
"NortonPCCheckup" = Norton PC Checkup
"Open DBX Files Free_is1" = Open DBX Files Free 1.0
"PhotoPad" = PhotoPad Image Editor
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Pixillion" = Pixillion Image Converter
"Recovery Toolbox for Outlook Express_is1" = Recovery Toolbox for Outlook Express 1.2
"Revo Uninstaller" = Revo Uninstaller 1.94
"SLAMRNTV" = Smart Link 56K Modem
"sm-un1.u32" = Ashampoo Office 2008 (C:\Program Files\Ashampoo\Ashampoo Office 2010)
"The KMPlayer" = The KMPlayer (remove only)
"The Weather Channel App" = The Weather Channel App
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Visual Slideshow" = Visual Slideshow
"VLC media player" = VLC media player 2.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Youtube Grabber + Accelerator" = Youtube Grabber + Accelerator

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5156a83ab16fdfa6" = Page Wunder
"CNET TechTracker" = CNET TechTracker

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/3/2012 3:22:23 PM | Computer Name = TINEL-UCJA9IB1F | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.6866.0, faulting module
winword.exe, version 10.0.6866.0, fault address 0x000261a8.

Error - 11/12/2012 5:57:32 AM | Computer Name = TINEL-UCJA9IB1F | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0455251c.

Error - 11/30/2012 7:14:36 PM | Computer Name = TINEL-UCJA9IB1F | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0328e910.

Error - 1/10/2013 1:18:19 PM | Computer Name = TINEL-UCJA9IB1F | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 1/16/2013 7:03:44 PM | Computer Name = TINEL-UCJA9IB1F | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007043c: InitEventCollector fail

Error - 1/17/2013 2:41:50 AM | Computer Name = TINEL-UCJA9IB1F | Source = .NET Runtime | ID = 1026
Description = Application: BackItUp.exe Framework Version: v4.0.30319 Description:
The process was terminated due to an unhandled exception. Exception Info: System.Net.Sockets.SocketException
Stack:

at System.Net.Sockets.Socket..ctor(System.Net.Sockets.AddressFamily, System.Net.Sockets.SocketType,
System.Net.Sockets.ProtocolType) at System.Net.Sockets.TcpListener..ctor(System.Net.IPAddress,
Int32) at System.Runtime.Remoting.Channels.Tcp.TcpServerChannel.SetupChannel()

at System.Runtime.Remoting.Channels.Tcp.TcpServerChannel..ctor(System.Collections.IDictionary,
System.Runtime.Remoting.Channels.IServerChannelSinkProvider, System.Runtime.Remoting.Channels.IAuthorizeRemotingConnection)

at System.Runtime.Remoting.Channels.Tcp.TcpServerChannel..ctor(System.Collections.IDictionary,
System.Runtime.Remoting.Channels.IServerChannelSinkProvider) at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.RegisterChannel(ChannelType,
Boolean) at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[])

at BackItUp.EntryPoint.Main(System.String[])

Error - 1/21/2013 8:14:30 AM | Computer Name = TINEL-UCJA9IB1F | Source = ACW_DE | ID = 2
Description =

Error - 1/21/2013 8:14:57 AM | Computer Name = TINEL-UCJA9IB1F | Source = ACW_DE | ID = 2
Description =

Error - 1/24/2013 6:07:55 PM | Computer Name = TINEL-UCJA9IB1F | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x038a251c.

Error - 1/27/2013 5:06:49 PM | Computer Name = TINEL-UCJA9IB1F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

[ System Events ]
Error - 1/27/2013 12:44:04 PM | Computer Name = TINEL-UCJA9IB1F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/27/2013 5:05:45 PM | Computer Name = TINEL-UCJA9IB1F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/27/2013 5:07:01 PM | Computer Name = TINEL-UCJA9IB1F | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 1/27/2013 5:09:50 PM | Computer Name = TINEL-UCJA9IB1F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/27/2013 5:11:01 PM | Computer Name = TINEL-UCJA9IB1F | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86 ccSet_NAV eeCtrl EUBKMON EUDSKACS EUFDDISK Fips IntelIde intelppm ohci1394 SASDIFSV
SASKUTIL
SLEE_17_DRIVER
SRTSPX
SymIRON
SYMTDI

Error - 1/27/2013 5:32:15 PM | Computer Name = TINEL-UCJA9IB1F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/27/2013 5:33:26 PM | Computer Name = TINEL-UCJA9IB1F | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 1/27/2013 5:33:51 PM | Computer Name = TINEL-UCJA9IB1F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/27/2013 5:34:53 PM | Computer Name = TINEL-UCJA9IB1F | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx86 ccSet_NAV eeCtrl EUBKMON EUDSKACS EUFDDISK Fips IntelIde intelppm ohci1394 SASDIFSV
SASKUTIL
SLEE_17_DRIVER
SRTSPX
SymIRON
SYMTDI

Error - 1/27/2013 5:35:35 PM | Computer Name = TINEL-UCJA9IB1F | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

[ TuneUp Events ]
Error - 9/5/2012 1:53:27 PM | Computer Name = TINEL-UCJA9IB1F | Source = TuneUp.UtilitiesSvc | ID = 300
Description =


< End of report >
constantin
Regular Member
 
Posts: 18
Joined: January 22nd, 2013, 4:48 am

Re: How to deal with malware infected files

Unread postby nunped » January 30th, 2013, 8:02 am

Hi constantin,

Are you still seeing the same blue screen when you try to log on normal mode?



Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy and paste the contents of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    babylon
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: How to deal with malware infected files

Unread postby constantin » January 30th, 2013, 8:57 am

Hi,
Thank you for helping !
Here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 14:43 on 30/01/2013 by Tinel
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
C:\Program Files\Google\Google SketchUp 8\Materials\Colors-Named\0129_WhiteSmoke.skm --a---- 1526 bytes [11:31 26/11/2011] [11:31 26/11/2011] AD41BC61879535202A0D3867FFB67716

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
C:\RECYCLER\S-1-5-21-1390067357-220523388-1801674531-1004\Dc6167\Reclamatie la babylon.htm --a---- 50195 bytes [19:58 01/03/2012] [19:58 01/03/2012] 1CAAB3A38A8777E02BE6D6EEA24B8C14
C:\RECYCLER\S-1-5-21-1390067357-220523388-1801674531-1004\Dc6167\To remove Babylon.url --a---- 152 bytes [22:48 24/02/2012] [22:49 24/02/2012] D283781C9DAA6082BFD28E800BEB995D

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
C:\RECYCLER\S-1-5-21-1390067357-220523388-1801674531-1004\Dc6167\Reclamatie la babylon_files d------ [19:58 01/03/2012]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
No data found.

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B760674538A35F241999134C94EA70A1]
"AA5ABB74F6AC14A458D87A7A672FA9B8"="C:\Program Files\Google\Google SketchUp 8\Materials\Colors-Named\0129_WhiteSmoke.skm"

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1390067357-220523388-1801674531-1004\Software\Trolltech]
[HKEY_USERS\S-1-5-21-1390067357-220523388-1801674531-1004\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"014"="babylon search"
[HKEY_USERS\S-1-5-21-1390067357-220523388-1801674531-1004\Software\Microsoft\Search Assistant\ACMru\5603]
"014"="babylon search"

-= EOF =-
constantin
Regular Member
 
Posts: 18
Joined: January 22nd, 2013, 4:48 am

Re: How to deal with malware infected files

Unread postby nunped » January 30th, 2013, 2:38 pm

Hi constantin,

Step 1 - OTL fix
  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:commands
[createrestorepoint]

:OTL
O3 - HKLM\..\Toolbar: (no name) - {76a39c95-086b-44df-bb69-b9e158ecffcf} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {76A39C95-086B-44DF-BB69-B9E158ECFFCF} - No CLSID value found.
@Alternate Data Stream - 192 bytes -> C:\WINDOWS:nlsPreferences
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
IE - HKCU\..\URLSearchHook: {76a39c95-086b-44df-bb69-b9e158ecffcf} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,DefaultScope = {F1217F34-C82E-45D1-B37E-52427536D77E}

:Reg
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-1390067357-220523388-1801674531-1004\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"014"=-
[HKEY_USERS\S-1-5-21-1390067357-220523388-1801674531-1004\Software\Microsoft\Search Assistant\ACMru\5603]
"014"=-

:files
C:\Program Files\Google\Google SketchUp 8\Materials\Colors-Named\0129_WhiteSmoke.skm
C:\RECYCLER\S-1-5-21-1390067357-220523388-1801674531-1004\Dc6167\Reclamatie la babylon.htm
C:\RECYCLER\S-1-5-21-1390067357-220523388-1801674531-1004\Dc6167\To remove Babylon.url
C:\RECYCLER\S-1-5-21-1390067357-220523388-1801674531-1004\Dc6167\Reclamatie la babylon_files

:commands
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.


Step 2 - ESET NOD32 Online Scan
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then right click on it and select "run as administrator" to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Do NOT use the computer while the scan is running... make sure all other programs and windows are closed!


Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
  1. Click the [Run ESET Online Scanner] button.
  2. Read the End User License Agreement and check the box: [Yes, I accept the terms of use].
  3. Click the green [Start] button.
  4. Accept any security warnings from your browser and allow the download/installation of any require files.
    If your browser blocks or halts a download, please allow it to download any required files.
  5. Under scan settings:
    • Check "Scan archives"
    • Remove found threats is UNCHECKED
  6. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  7. Click the [Start] button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running.
  8. When the scan completes, press the text: Image
  9. Press the text: Image ... then save the file to your desktop as ESETScan.txt.
  10. Press the [Back] button, then press the [Finish] button.
  11. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Remember to enable your Anti-virus protection before continuing!


Step 3
Are you still seeing an error message when you boot in normal mode?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: How to deal with malware infected files

Unread postby constantin » January 31st, 2013, 7:10 am

Hi
Thank you to continue helping me.

Re Step 1, here are the results from OTL.fix :

All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 10
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{76a39c95-086b-44df-bb69-b9e158ecffcf} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76a39c95-086b-44df-bb69-b9e158ecffcf}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{76A39C95-086B-44DF-BB69-B9E158ECFFCF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76A39C95-086B-44DF-BB69-B9E158ECFFCF}\ not found.
ADS C:\WINDOWS:nlsPreferences deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{76a39c95-086b-44df-bb69-b9e158ecffcf} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76a39c95-086b-44df-bb69-b9e158ecffcf}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1390067357-220523388-1801674531-1004\Software\Trolltech\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603\\014 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1390067357-220523388-1801674531-1004\Software\Microsoft\Search Assistant\ACMru\5603\\014 not found.
========== FILES ==========
C:\Program Files\Google\Google SketchUp 8\Materials\Colors-Named\0129_WhiteSmoke.skm moved successfully.
C:\RECYCLER\S-1-5-21-1390067357-220523388-1801674531-1004\Dc6167\Reclamatie la babylon.htm moved successfully.
C:\RECYCLER\S-1-5-21-1390067357-220523388-1801674531-1004\Dc6167\To remove Babylon.url moved successfully.
File\Folder C:\RECYCLER\S-1-5-21-1390067357-220523388-1801674531-1004\Dc6167\Reclamatie la babylon_files not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 2843 bytes

User: Administrator.TINEL-UCJA9IB1F
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 5993548 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Tinel
->Temp folder emptied: 135939573 bytes
->Temporary Internet Files folder emptied: 150232934 bytes
->FireFox cache emptied: 201341598 bytes
->Flash cache emptied: 1717 bytes

%systemdrive% .tmp files removed: 33618586 bytes
%systemroot% .tmp files removed: 1099790 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51082 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 178146068 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1044026824 bytes

Total Files Cleaned = 1,670.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01312013_002014

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

****************EOF*******************

Re Step 2, here are the results from Eset Online Scan :

C:\Documents and Settings\All Users\Application Data\YouTube Downloader\ytd_installer.exe Win32/Toolbar.Widgi application
C:\Documents and Settings\Tinel\Desktop\DEPAN. PC-IAN.2013\Hirens Boot CD\Hiren's.BootCD.15.2.iso Win32/PSWTool.KonBoot.A application
C:\Documents and Settings\Tinel\Desktop\DEPAN. PC-IAN.2013\Hirens.BootCD.15.2.zip Win32/PSWTool.KonBoot.A application
C:\Documents and Settings\Tinel\Desktop\DEPAN. PC-IAN.2013\hwmonitor_1.21-setup.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\WebSite X5 v9 - Compact\imRegister.exe a variant of MSIL/Packed.CryptoObfuscator.I application
D:\INSTALLERS\INSTALLERS\cbsi-3_2_5_41-10703122.exe a variant of Win32/CNETInstaller.A application
D:\INSTALLERS\INSTALLERS\cbsidlm-cbsi4_1_2-PhotoScape-10703122.exe a variant of Win32/CNETInstaller.A application
D:\INSTALLERS\INSTALLERS\cnet2_deletedr_exe.exe a variant of Win32/InstallCore.D application
D:\INSTALLERS\INSTALLERS\cnet2_free-pdf-to-word-converter_exe.exe a variant of Win32/InstallCore.D application
D:\INSTALLERS\INSTALLERS\cnet_revosetup_exe.exe a variant of Win32/InstallCore.D application
D:\INSTALLERS\INSTALLERS\FreeStudio(1).exe Win32/OpenCandy application
D:\INSTALLERS\INSTALLERS\FreeStudio.exe multiple threats
D:\INSTALLERS\cbsi-3_2_5_41-10703122.exe a variant of Win32/CNETInstaller.A application
D:\INSTALLERS\cnet2_deletedr_exe.exe a variant of Win32/InstallCore.D application
D:\INSTALLERS\cnet2_free-pdf-to-word-converter_exe.exe a variant of Win32/InstallCore.D application
D:\INSTALLERS\cnet_revosetup_exe.exe a variant of Win32/InstallCore.D application
D:\INSTALLERS\FreeStudio.exe multiple threats
D:\INSTALLERS\setup_wsx5_cp_9_1_2_1923.exe a variant of MSIL/Packed.CryptoObfuscator.I application
D:\INSTALLERS.1\cbsidlm-cbsi5_2_0_83-The_KMPlayer-BP2-10659939.exe a variant of Win32/CNETInstaller.A application
D:\INSTALLERS.1\cnet2_vso_downloader_setup_exe.exe a variant of Win32/InstallCore.D application
D:\INSTALLERS.1\FreeImageConvertAndResize.exe Win32/OpenCandy application
D:\INSTALLERS.1\FreeStudio.exe Win32/OpenCandy application
D:\MY DOCUM\Aduse din desktop 17.01.13\UTILITARE\CONVERTERS\cnet2_free-pdf-to-word-converter_exe.exe a variant of Win32/InstallCore.D application
D:\MY DOCUM\Aduse din desktop 17.01.13\UTILITARE\WebSite X5\setup_wsx5_cp_9_1_2_1923.exe a variant of MSIL/Packed.CryptoObfuscator.I application
D:\P R O G R A M E\INSTALERE NOI\inst.Duplicate File Finder\cbsidlm-tr1_7-Duplicate_File_Finder-75785451.exe Win32/DownloadAdmin.D application
D:\P R O G R A M E\INSTALERE NOI\inst.PhotoScape v.3.6.3\PhotoScape_V3-6-3.exe Win32/OpenCandy application
D:\P R O G R A M E\INSTALERE NOI\cbsidlm-tr1_7-DFX_Audio_Enhancer-ORG-10048113.exe Win32/DownloadAdmin.D application
D:\P R O G R A M E\INSTALERE NOI\cbsidlm-tr1_8-Free_Slideshow_Maker-BP2-75758786.exe Win32/DownloadAdmin.E application

***********************EOF*****************************

Re Step 3 : Yes, I still having BSOD with the same message when boot in normal mode. So, my issue still persist.
Thank you again.
constantin
Regular Member
 
Posts: 18
Joined: January 22nd, 2013, 4:48 am

Re: How to deal with malware infected files

Unread postby nunped » February 1st, 2013, 7:40 pm

Hi constantin,

Next:
Run Microsoft Safety Scanner

  • Hold down Control then click on the following link to open a new window to Microsoft Safety Scanner
  • Click Download Now
  • When asked to Run or Save, choose Run. (Unless it's to be run on a different PC)
  • OK the User Account Permission or the query "Do you want to run this software".
  • If you get a message saying "running this type of program could harm your computer" or similar, just ignore it and tell it to Run anyway.
  • Click the box to Accept the license agreement. Click Next.
  • Click Next to run the Scan.
  • Click the Quick Scan button. (... also Full Scan option)
  • Click Next
  • (If it finds nothing, it will just Exit. It still does create a report file.)
  • If it has found anything, check the box titled "Help Remove potentially unwanted software"
  • Click Next.
  • (The Dialog label will become "Cleaning your computer"). It may take a while.
  • After this operation completes, click Finish.
  • When removals are complete, it will report through a link, "View detailed results of the scan"
  • Clicking the link will popup a report in Notepad.
  • Please post the contents of the file in a reply.
  • The report file is also saved here: C:\Windows\debug\msert.log
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: How to deal with malware infected files

Unread postby constantin » February 2nd, 2013, 7:42 am

Hi,
Thank you.
Here is the log:


---------------------------------------------------------------------------------------

Microsoft Safety Scanner v1.0, (build 1.143.1366.0)
Started On Sat Feb 02 02:01:54 2013
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Safety Scanner Finished On Sat Feb 02 02:21:07 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Safety Scanner v1.0, (build 1.143.1366.0)
Started On Sat Feb 02 12:26:28 2013
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Safety Scanner Finished On Sat Feb 02 13:02:49 2013


Return code: 0 (0x0)

*************************EOF*****************************

Question : Those two „Scan ERROR......” are something consistent ?
Thank you.
constantin
Regular Member
 
Posts: 18
Joined: January 22nd, 2013, 4:48 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 19 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware