Jump to content
Geddy1961

removing yieldmanager

Recommended Posts

i was told to copy and paste these 2 logs here.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 06/11/2011 12:22:45

System Uptime: 03/06/2013 08:10:27 (2 hours ago)

.

Motherboard: Dell Inc. | | 0T656F

Processor: Intel Pentium III Xeon processor | CPU | 2493/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 111.256 GiB free.

D: is CDROM (CDFS)

E: is FIXED (NTFS) - 596 GiB total, 399.855 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.03)

ANIO Service

ANIWZCS2 Service

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Auto Lyrics

Avanquest update

Bonjour

BT Desktop Help

BTHomeHub

CCleaner

D-Link Wireless N DWA-140

Download Accelerator Plus (DAP)

Driving Theory Test Professional v2.4.0.0

Easy Phone Sync

EPSON Scan

ESET Online Scanner v3

GoToAssist Corporate

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976002-v5)

Intel® Graphics Media Accelerator Driver

iTunes

Java 7 Update 21

Java Auto Updater

Java SE Development Kit 7 Update 13

K-Lite Codec Pack 9.7.5 (Full)

LeapFrog Connect

LeapFrog Leapster Explorer Plugin

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Corporation

Microsoft LifeCam

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Add-in 1.5

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyFreeCodec

Nero 6 Ultra Edition

Netscape Navigator (9.0.0.6)

PhotoNow! 1.0

PowerDirector

QuickTime

Recover Disc 2.0

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB2792100)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2799329)

Security Update for Windows Internet Explorer 8 (KB2809289)

Security Update for Windows Internet Explorer 8 (KB2817183)

Security Update for Windows Internet Explorer 8 (KB2829530)

Security Update for Windows Internet Explorer 8 (KB2847204)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2586448)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2808735)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820197)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB2829361)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

SoftwareUpdater

SoulSeek 157 NS 13e

SoulseekQt

SpeedBit Video Accelerator

SpeedBit Video Downloader

Strongvault Online Backup

SUPERAntiSpyware

Tweaking.com - Windows Repair (All in One)

Uninstall Helper

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)

VCD Cutter 1.1

VLC media player 2.0.0

WebFldrs XP

Winamp

Winamp Detector Plug-in

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows PowerShell 1.0

WinRAR archiver

Xilisoft Video Converter Ultimate

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

30/05/2013 08:20:07, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Media Player Network Sharing Service service to connect.

30/05/2013 08:20:07, error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

30/05/2013 03:22:47, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Software Updater service to connect.

30/05/2013 03:22:47, error: Service Control Manager [7000] - The Software Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

28/05/2013 08:44:13, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

03/06/2013 08:35:39, error: Service Control Manager [7022] - The Terminal Services service hung on starting.

03/06/2013 08:35:39, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.

03/06/2013 08:35:39, error: Service Control Manager [7001] - The Fast User Switching Compatibility service depends on the Terminal Services service which failed to start because of the following error: After starting, the service hung in a start-pending state.

03/06/2013 08:35:17, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

02/06/2013 20:32:12, error: Service Control Manager [7000] - The MRESP50 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified.

02/06/2013 20:32:11, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

02/06/2013 20:32:11, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

02/06/2013 20:32:11, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

02/06/2013 20:32:11, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

02/06/2013 20:32:05, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

02/06/2013 20:32:05, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2

Run by User at 10:16:21 on 2013-06-03

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2037.869 [GMT 1:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ================

.

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\vVX1000.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe

C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe

C:\Program Files\DAP\DAP.EXE

C:\Program Files\Samsung\Kies\Kies.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uSearchAssistant = hxxp://www.google.com

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: SBCONVERT Class: {92A9ACF4-9333-43AE-9698-DB283326F87F} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll

BHO: SBCONVERT Class: {A1056498-D09A-41E4-864B-505EDD640D9E} - c:\program files\speedbit video downloader\toolbar\SpeedBitVideoDownloader.dll

BHO: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - c:\program files\dap\LinkVerifier.dll

BHO: Auto Lyrics: {DAEB9E85-4694-4F9B-85CB-2F28987872D7} - c:\program files\autolyrics\autolrcs.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - c:\program files\speedbit video downloader\toolbar\Grabber.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet

uRun: [speedBitVideoAccelerator] "c:\program files\speedbit video accelerator\VideoAccelerator.exe" /startup

uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP

uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [uTorrent] "c:\documents and settings\user\application data\utorrent\uTorrent.exe" /MINIMIZED

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [VX1000] c:\windows\vVX1000.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe

mRun: [D-Link D-Link Wireless N DWA-140] c:\program files\d-link\dwa-140 revb\AirNCFG.exe

mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [userFaultCheck] c:\windows\system32\dumprep 0 -u

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: c:\program files\speedbit video accelerator\lsp3.2.2.5\SBLSP.dll

DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1320585147328

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{56371F02-5AF3-4740-B579-671BF06180FF} : DHCPNameServer = 192.168.1.254

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\830\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\kvvgi3y1.default\

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\common files\motive\npMotiveRequest.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.shownSelectionUI - true

FF - user.js: extensions.delta.tlbrSrchUrl -

FF - user.js: extensions.delta.id - 0cbef6ec0000000000000023ae7e1d75

FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

FF - user.js: extensions.delta.instlDay - 15853

FF - user.js: extensions.delta.vrsn - 1.8.21.5

FF - user.js: extensions.delta.vrsni - 1.8.21.5

FF - user.js: extensions.delta.vrsnTs - 1.8.21.514:00:52

FF - user.js: extensions.delta.prtnrId - delta

FF - user.js: extensions.delta.prdct - delta

FF - user.js: extensions.delta.aflt - babsst

FF - user.js: extensions.delta.smplGrp - none

FF - user.js: extensions.delta.tlbrId - base

FF - user.js: extensions.delta.instlRef - sst

FF - user.js: extensions.delta.dfltLng - en

FF - user.js: extensions.delta.ffxUnstlRst - true

FF - user.js: extensions.delta.admin - false

FF - user.js: extensions.delta_i.babTrack - affID=119722&tt=gc_

FF - user.js: extensions.delta_i.srcExt - ss

FF - user.js: extensions.delta.autoRvrt - false

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta.newTab - false

.

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 195296]

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2011-11-6 24064]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-12 398184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-14 682344]

R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~2\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~2\VideoAcceleratorService.exe -start -scm [?]

R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2011-11-6 176640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-14 21104]

S0 cerc6;cerc6; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-1-21 83168]

S3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2009-10-9 33792]

S3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2012-3-5 715520]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2011-11-10 86824]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2011-11-10 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2011-11-10 114600]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2011-11-10 108328]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2011-11-10 26024]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2011-11-10 104616]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2011-11-10 109736]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-1-21 181344]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2013-06-02 19:27:41 -------- d-----w- C:\TDSSKiller_Quarantine

2013-06-02 14:32:45 7016152 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{eede6b0a-3de3-4a0d-a1eb-e6b39211cbb2}\mpengine.dll

2013-06-02 09:41:33 -------- d-----w- c:\documents and settings\user\application data\SUPERAntiSpyware.com

2013-06-02 09:41:23 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-06-02 09:41:23 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2013-06-02 01:18:54 7016152 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-06-01 07:48:21 -------- d-----w- c:\program files\AutoLyrics

2013-06-01 07:47:57 -------- d-----w- C:\temp

2013-05-28 12:58:23 -------- d-----w- c:\program files\SoftwareUpdater

2013-05-20 11:40:53 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat

2013-05-20 11:00:26 -------- d-----w- c:\documents and settings\user\application data\Toolbar4

2013-05-15 15:03:58 -------- d-----w- c:\documents and settings\user\application data\Xilisoft

2013-05-15 15:01:45 -------- d-----w- c:\program files\Xilisoft

2013-05-15 15:01:45 -------- d-----w- c:\documents and settings\all users\application data\Xilisoft

2013-05-13 12:01:17 -------- d-----w- c:\documents and settings\user\application data\Babylon

2013-05-13 12:01:17 -------- d-----w- c:\documents and settings\all users\application data\Babylon

2013-05-13 11:26:32 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys

2013-05-13 11:26:32 15232 ----a-w- c:\windows\system32\drivers\MPE.sys

2013-05-13 11:26:17 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll

2013-05-13 11:26:17 363520 ----a-w- c:\windows\system32\PsisDecd.dll

2013-05-13 11:26:16 56832 ----a-w- c:\windows\system32\MSDvbNP.ax

2013-05-13 11:26:15 33280 ----a-w- c:\windows\system32\PsisRndr.ax

2013-05-13 11:26:15 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys

2013-05-13 11:26:15 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys

2013-05-13 11:26:14 18432 ----a-w- c:\windows\system32\BdaPlgIn.ax

2013-05-11 10:37:28 209472 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2013-05-11 10:37:28 209472 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2013-05-15 11:07:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-15 11:07:13 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-05-15 11:07:07 17613192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll

2013-04-16 22:17:14 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-04-16 22:17:14 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2013-04-12 23:28:55 385024 ----a-w- c:\windows\system32\html.iec

2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys

2013-04-04 04:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-03-13 20:52:48 69632 ----a-w- c:\windows\system32\CUUpdateComponent.ocx

2013-03-13 20:52:48 421888 ----a-w- c:\windows\system32\ComputerUpdaterLM.ocx

2013-03-13 20:52:48 131072 ----a-w- c:\windows\system32\SafeAppRichList.ocx

2013-03-09 19:49:09 861088 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-03-09 19:49:09 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-07-12 08:19:00 2174976 ----a-w- c:\program files\common files\atimpenc.dll

.

============= FINISH: 10:17:09.18 ===============

Share this post


Link to post
Share on other sites

Hi there,

my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Scan with adwCleaner

Scan with adwCleaner

Please download AdwCleaner to your desktop.

  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[s1].txt also.

I see you use Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.

  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.

I also see that you´ve used TDSS-Killer. It creates its logs at the system drive, for example C:\TDSSKiller.<version_date_time>log.txt

Please post these logfiles, too.

Share this post


Link to post
Share on other sites

# AdwCleaner v2.301 - Logfile created 06/03/2013 at 12:05:13

# Updated 16/05/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : User - DELL-360

# Boot Mode : Normal

# Running from : C:\Documents and Settings\User\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\All Users\Application Data\Speedbit

File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kvvgi3y1.default\searchplugins\Babylon.xml

File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kvvgi3y1.default\searchplugins\BrowserProtect.xml

File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kvvgi3y1.default\searchplugins\delta.xml

File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kvvgi3y1.default\searchplugins\speedbit.xml

File Deleted : C:\END

File Deleted : C:\WINDOWS\Tasks\Auto Lyrics Update.job

Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Speedbit Video Downloader

Folder Deleted : C:\Documents and Settings\User\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kvvgi3y1.default\CT1729633

Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kvvgi3y1.default\extensions\{b52de586-c0f5-4d19-8593-69542c4b9f8b}

Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kvvgi3y1.default\extensions\ffxtlbr@babylon.com

Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kvvgi3y1.default\Smartbar

Folder Deleted : C:\Documents and Settings\User\Application Data\PriceGong

Folder Deleted : C:\Documents and Settings\User\Application Data\Toolbar4

Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Conduit

Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Speedbit

Folder Deleted : C:\Program Files\Ask.com

Folder Deleted : C:\Program Files\AutoLyrics

Folder Deleted : C:\Program Files\Common Files\Speedbit

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\Speedbit Video Downloader

***** [Registry] *****

Key Deleted : HKCU\Software\AutoLyrics

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\ilivid

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DAEB9E85-4694-4F9B-85CB-2F28987872D7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAEB9E85-4694-4F9B-85CB-2F28987872D7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\PriceGong

Key Deleted : HKCU\Software\SBConvert

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\SpeedBit

Key Deleted : HKLM\SOFTWARE\5b558c8ce23ab912

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DAEB9E85-4694-4F9B-85CB-2F28987872D7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}

Key Deleted : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert

Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\autolyrics@man-soft.net

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdater

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SPEEDbit Video Downloader

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAEB9E85-4694-4F9B-85CB-2F28987872D7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\autolyrics@man-soft.net

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader

Key Deleted : HKLM\Software\SoftwareUpdater

Key Deleted : HKLM\Software\SpeedBit

Key Deleted : HKLM\Software\Tarma Installer

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=5c9729fe-89d4-42f3-9fc6-1862c0bb4aaf&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=5c9729fe-89d4-42f3-9fc6-1862c0bb4aaf&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kvvgi3y1.default\prefs.js

C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kvvgi3y1.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [12646 octets] - [09/02/2013 17:03:35]

AdwCleaner[s2].txt - [10391 octets] - [03/06/2013 12:05:13]

########## EOF - C:\AdwCleaner[s2].txt - [10452 octets] ##########

Share this post


Link to post
Share on other sites

The TDSS-Killer run at 20:27 took out several services which aren´t malware but may be neccessary for some of your programs to work correctly.

If you are facing any software issues, you should think about restoring the backups TDSS-Killer has made.

How is your computer behaving? Are any issues left or can we do the cleanup?

Share this post


Link to post
Share on other sites

That´s what we wanted.

Let´s do a cross check with ESET online scanner to ensure no malware is present:

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Share this post


Link to post
Share on other sites

C:\Documents and Settings\User\My Documents\iLividSetup.exe Win32/Toolbar.SearchSuite application

C:\Documents and Settings\User\My Documents\VCDCutterSetup.exe multiple threats

C:\Documents and Settings\User\My Documents\Programs\VideoCutterSetup.exe Win32/Adware.RK.AP application

C:\Program Files\SoftwareUpdater\uninstall.exe a variant of Win32/ToolkitOffers.A application

C:\WINDOWS\Temp\Optimizer_Pro.exe multiple threats

Share this post


Link to post
Share on other sites

Press the Windows- and the R-key simultanously.

Within the textbox, write appwiz.cpl, click OK.

Search for and remove the following programs

SoftwareUpdater

close the window.

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-06-2013 03

Ran by User (administrator) on 03-06-2013 14:26:49

Running from C:\Documents and Settings\User\Desktop

Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe

(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe

(Alcatel-Lucent) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe

(Microsoft Corporation) C:\WINDOWS\vVX1000.exe

(Wireless Service) C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

(D-Link Corp.) C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe

(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(SpeedBit LTD) C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe

(Samsung) C:\Program Files\Samsung\Kies\Kies.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe

() C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe

(Yahoo! Inc.) C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

(SpeedBit Ltd.) C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2008-07-16] (Analog Devices, Inc.)

HKLM\...\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2011824 2012-11-23] (Alcatel-Lucent)

HKLM\...\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)

HKLM\...\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)

HKLM\...\Run: [VX1000] C:\WINDOWS\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)

HKLM\...\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [98304 2009-05-07] (Wireless Service)

HKLM\...\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe [1683456 2009-05-07] (D-Link Corp.)

HKLM\...\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" [298376 2012-09-28] (LeapFrog Enterprises, Inc.)

HKLM\...\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" [74752 2011-12-09] (Nullsoft, Inc.)

HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)

HKLM\...\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)

HKLM\...\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u [x]

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\830\G2AWinLogon.dll [X]

Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)

HKCU\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6595928 2012-05-25] (Yahoo! Inc.)

HKCU\...\Run: [speedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup [1493704 2012-02-04] (SpeedBit LTD)

HKCU\...\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP [3774680 2012-08-25] (Speedbit Ltd.)

HKCU\...\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload [1476104 2012-12-20] (Samsung)

HKCU\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [x]

HKCU\...\Run: [uTorrent] "C:\Documents and Settings\User\Application Data\uTorrent\uTorrent.exe" /MINIMIZED [x]

HKCU\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4760816 2013-05-15] (SUPERAntiSpyware.com)

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: SBCONVERT Class - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll No File

BHO: SpeedBit Link Verification Helper - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll (Speedbit Ltd.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

Toolbar: HKCU -No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File

Toolbar: HKCU -No Name - {57334934-2D47-006A-76A7-7A786E7484D7} - No File

PDF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab

PDF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Winsock: Catalog9 01 C:\Program Files\SpeedBit Video Accelerator\LSP3.2.2.5\SBLSP.dll [121704] (Apple Inc.)

Winsock: Catalog9 02 C:\Program Files\SpeedBit Video Accelerator\LSP3.2.2.5\SBLSP.dll [121704] (Apple Inc.)

Winsock: Catalog9 24 C:\Program Files\SpeedBit Video Accelerator\LSP3.2.2.5\SBLSP.dll [92672] (Microsoft Corporation)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kvvgi3y1.default

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @ei.MyWebFace_5a.com/Plugin - C:\Program Files\MyWebFace_5aEI\Installr\1.bin\NP5aEISB.dll No File

FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)

FF Plugin: @Motive.com/npMotiveRequest,version=1.0 - C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)

FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Yahoo! Toolbar - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kvvgi3y1.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF Extension: DownloadHelper - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kvvgi3y1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF Extension: Flash and Video Download - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kvvgi3y1.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()

R2 VideoAcceleratorService; C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe [265928 2012-02-04] (SpeedBit Ltd.)

R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)

R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)

R3 k57w2k; C:\Windows\System32\DRIVERS\k57xp32.sys [176640 2008-07-16] (Broadcom Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)

S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)

S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)

S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)

S3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [715520 2009-04-15] (Ralink Technology, Corp.)

S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)

S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)

S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)

S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)

S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)

S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)

S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R0 SFAUDIO; C:\Windows\System32\drivers\sfaudio.sys [24064 2008-07-16] (Sonic Focus, Inc)

S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)

S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)

S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)

S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)

S4 Abiosdsk; No ImagePath

S4 abp480n5; No ImagePath

S4 adpu160m; No ImagePath

S4 Aha154x; No ImagePath

S4 aic78u2; No ImagePath

S4 aic78xx; No ImagePath

S4 AliIde; No ImagePath

S4 amsint; No ImagePath

S4 asc; No ImagePath

S4 asc3350p; No ImagePath

S4 asc3550; No ImagePath

S4 Atdisk; No ImagePath

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S4 cd20xrnt; No ImagePath

S0 cerc6; No ImagePath

S1 Changer; No ImagePath

S4 CmdIde; No ImagePath

S4 Cpqarray; No ImagePath

U4 dac2w2k; No ImagePath

S4 dac960nt; No ImagePath

S4 dpti2o; No ImagePath

S4 hpn; No ImagePath

S1 i2omgmt; No ImagePath

S4 i2omp; No ImagePath

S4 ini910u; No ImagePath

S4 IntelIde; No ImagePath

S1 lbrtfdc; No ImagePath

S4 mraid35x; No ImagePath

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

S3 MRESP50; System32\Drivers\MRESP50.sys [x]

S1 PCIDump; No ImagePath

S3 PDCOMP; No ImagePath

S3 PDFRAME; No ImagePath

S3 PDRELI; No ImagePath

S3 PDRFRAME; No ImagePath

S4 perc2; No ImagePath

S4 perc2hib; No ImagePath

S4 ql1080; No ImagePath

S4 Ql10wnt; No ImagePath

S4 ql12160; No ImagePath

S4 ql1240; No ImagePath

S4 ql1280; No ImagePath

S4 Simbad; No ImagePath

S4 Sparrow; No ImagePath

S4 symc810; No ImagePath

S4 symc8xx; No ImagePath

S4 sym_hi; No ImagePath

S4 sym_u3; No ImagePath

S4 TosIde; No ImagePath

S4 ultra; No ImagePath

S4 ViaIde; No ImagePath

S3 WDICA; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-03 14:26 - 2013-06-03 14:26 - 01356197 ____A (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe

2013-06-03 14:26 - 2013-06-03 14:26 - 00000000 ____D C:\FRST

2013-06-03 14:21 - 2013-06-03 14:21 - 00006790 ____A C:\Windows\FaxSetup.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00006639 ____A C:\Windows\iis6.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00005816 ____A C:\Windows\ocgen.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00004591 ____A C:\Windows\tsoc.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00002504 ____A C:\Windows\comsetup.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00001891 ____A C:\Windows\imsins.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00001850 ____A C:\Windows\msmqinst.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00001810 ____A C:\Windows\ntdtcsetup.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00001592 ____A C:\Windows\netfxocm.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00000719 ____A C:\Windows\MedCtrOC.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00000479 ____A C:\Windows\msgsocm.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00000469 ____A C:\Windows\ocmsn.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00000311 ____A C:\Windows\tabletoc.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00000000 ____A C:\Windows\setuperr.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00000000 ____A C:\Windows\setupact.log

2013-06-03 14:07 - 2013-06-03 14:07 - 00000433 ____A C:\Documents and Settings\User\Desktop\eset.txt

2013-06-03 12:07 - 2013-06-03 12:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Speedbit

2013-06-03 12:07 - 2013-06-03 12:07 - 00000000 ____A C:\Documents and Settings\User\DAP.LOG

2013-06-03 12:05 - 2013-06-03 12:05 - 00010522 ____A C:\AdwCleaner[s2].txt

2013-06-03 12:04 - 2013-06-03 12:04 - 00632031 ____A C:\Documents and Settings\User\Desktop\adwcleaner.exe

2013-06-03 10:17 - 2013-06-03 10:17 - 00019738 ____A C:\Documents and Settings\User\Desktop\attach.txt

2013-06-03 10:17 - 2013-06-03 10:17 - 00016731 ____A C:\Documents and Settings\User\Desktop\dds.txt

2013-06-03 10:14 - 2013-06-03 10:14 - 00688992 ____R (Swearware) C:\Documents and Settings\User\Desktop\dds.scr

2013-06-02 23:06 - 2013-06-02 23:15 - 00021300 ____A C:\Documents and Settings\User\Desktop\enzyme write up_1

2013-06-02 23:06 - 2013-06-02 23:06 - 00020698 ____A C:\Documents and Settings\User\Desktop\enzyme write up

2013-06-02 20:27 - 2013-06-02 20:27 - 00000000 ____D C:\TDSSKiller_Quarantine

2013-06-02 20:23 - 2013-06-02 20:24 - 02237968 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\User\Desktop\tdsskiller.exe

2013-06-02 16:58 - 2013-06-02 16:58 - 00000018 ____A C:\Documents and Settings\User\My Documents\malwarebytes forum.txt

2013-06-02 10:41 - 2013-06-02 10:41 - 00001678 ____A C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

2013-06-02 10:41 - 2013-06-02 10:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-06-02 10:41 - 2013-06-02 10:41 - 00000000 ____D C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com

2013-06-02 10:41 - 2013-06-02 10:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2013-05-28 13:58 - 2013-06-02 20:29 - 00000000 ____D C:\Program Files\SoftwareUpdater

2013-05-28 10:30 - 2013-05-28 10:30 - 00000247 ____A C:\Documents and Settings\User\My Documents\tv licence payment may 28th.txt

2013-05-27 17:29 - 2013-05-27 17:54 - 00000000 ____D C:\Documents and Settings\User\Application Data\Audacity

2013-05-27 17:28 - 2013-05-27 17:28 - 21281052 ____A (Audacity Team ) C:\Documents and Settings\User\My Documents\audacity-win-2.0.3.exe

2013-05-25 11:01 - 2013-05-25 11:06 - 00000000 ____D C:\Documents and Settings\User\My Documents\Tommy Liverpool Kit - may 25th 2013

2013-05-20 12:40 - 2013-05-20 12:40 - 00000000 ____A C:\Windows\System32\TempWmicBatchFile.bat

2013-05-15 16:03 - 2013-05-15 16:03 - 00000000 ____D C:\Documents and Settings\User\Application Data\Xilisoft

2013-05-15 16:01 - 2013-05-15 16:01 - 00000000 ____D C:\Program Files\Xilisoft

2013-05-15 16:01 - 2013-05-15 16:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Xilisoft

2013-05-15 15:23 - 2013-05-15 15:23 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$

2013-05-15 15:20 - 2013-05-15 15:20 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$

2013-05-14 08:22 - 2013-05-14 08:22 - 00137869 ____A C:\hcwclear.txt

2013-05-14 08:21 - 2013-05-14 08:21 - 00150128 ____A (Hauppauge Computer Works) C:\Documents and Settings\User\My Documents\hcwclear.exe

2013-05-13 12:42 - 2013-05-13 12:42 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\CyberLink

2013-05-13 12:26 - 2008-04-14 05:42 - 00363520 ___AC C:\Windows\System32\dllcache\psisdecd.dll

2013-05-13 12:26 - 2008-04-14 05:42 - 00363520 ____A C:\Windows\System32\PsisDecd.dll

2013-05-13 12:26 - 2008-04-14 05:42 - 00056832 ___AC C:\Windows\System32\dllcache\msdvbnp.ax

2013-05-13 12:26 - 2008-04-14 05:42 - 00056832 ____A C:\Windows\System32\MSDvbNP.ax

2013-05-13 12:26 - 2008-04-14 05:42 - 00033280 ___AC C:\Windows\System32\dllcache\psisrndr.ax

2013-05-13 12:26 - 2008-04-14 05:42 - 00033280 ____A C:\Windows\System32\PsisRndr.ax

2013-05-13 12:26 - 2008-04-14 05:42 - 00018432 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\bdaplgin.ax

2013-05-13 12:26 - 2008-04-14 05:42 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\BdaPlgIn.ax

2013-05-13 12:26 - 2008-04-14 00:16 - 00015232 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mpe.sys

2013-05-13 12:26 - 2008-04-14 00:16 - 00015232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MPE.sys

2013-05-13 12:26 - 2008-04-14 00:16 - 00011776 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\bdasup.sys

2013-05-13 12:26 - 2008-04-14 00:16 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BdaSup.sys

2013-05-13 12:20 - 2013-05-13 12:20 - 00000000 ____D C:\Documents and Settings\User\My Documents\CyberLink

2013-05-13 12:17 - 2013-05-15 15:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CyberLink

2013-05-13 12:17 - 2013-05-13 12:17 - 00000000 ____D C:\Documents and Settings\User\Application Data\CyberLink

2013-05-13 12:12 - 2013-05-13 12:12 - 00001688 ____A C:\Documents and Settings\User\My Documents\CyberLink PowerDirector.lnk

2013-05-13 12:11 - 2013-05-27 17:19 - 00000000 ____D C:\Program Files\CyberLink

2013-05-10 10:02 - 2013-05-10 10:02 - 00000000 ____D C:\Documents and Settings\User\Application Data\dvdcss

2013-05-07 08:21 - 2013-05-07 08:21 - 06577464 ____A C:\Documents and Settings\User\My Documents\Attachments_201357_2.zip

2013-05-07 08:20 - 2013-05-07 08:21 - 09245261 ____A C:\Documents and Settings\User\My Documents\Attachments_201357_1.zip

2013-05-07 08:20 - 2013-05-07 08:20 - 07909799 ____A C:\Documents and Settings\User\My Documents\Attachments_201357.zip

2013-05-04 08:12 - 2013-06-03 09:37 - 00000000 ____D C:\Documents and Settings\User\Desktop\New Folder (3)

==================== One Month Modified Files and Folders ========

2013-06-03 14:26 - 2013-06-03 14:26 - 01356197 ____A (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe

2013-06-03 14:26 - 2013-06-03 14:26 - 00000000 ____D C:\FRST

2013-06-03 14:21 - 2013-06-03 14:21 - 00006790 ____A C:\Windows\FaxSetup.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00006639 ____A C:\Windows\iis6.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00005816 ____A C:\Windows\ocgen.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00004591 ____A C:\Windows\tsoc.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00002504 ____A C:\Windows\comsetup.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00001891 ____A C:\Windows\imsins.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00001850 ____A C:\Windows\msmqinst.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00001810 ____A C:\Windows\ntdtcsetup.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00001592 ____A C:\Windows\netfxocm.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00000719 ____A C:\Windows\MedCtrOC.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00000479 ____A C:\Windows\msgsocm.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00000469 ____A C:\Windows\ocmsn.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00000311 ____A C:\Windows\tabletoc.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00000000 ____A C:\Windows\setuperr.log

2013-06-03 14:21 - 2013-06-03 14:21 - 00000000 ____A C:\Windows\setupact.log

2013-06-03 14:21 - 2011-11-06 13:20 - 01264086 ____A C:\Windows\WindowsUpdate.log

2013-06-03 14:18 - 2012-08-25 14:17 - 00000776 ____A C:\Windows\Tasks\SBWUpdateTask_Time_cbef6ec-0023AE7E1D75.job

2013-06-03 14:07 - 2013-06-03 14:07 - 00000433 ____A C:\Documents and Settings\User\Desktop\eset.txt

2013-06-03 14:07 - 2012-03-31 22:06 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-03 13:33 - 2012-12-19 22:23 - 00000000 ____D C:\Documents and Settings\User\Desktop\New Folder (2)

2013-06-03 12:46 - 2011-11-10 21:53 - 00000000 ____D C:\Documents and Settings\User\Application Data\vlc

2013-06-03 12:16 - 2013-02-26 22:55 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job

2013-06-03 12:07 - 2013-06-03 12:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Speedbit

2013-06-03 12:07 - 2013-06-03 12:07 - 00000000 ____A C:\Documents and Settings\User\DAP.LOG

2013-06-03 12:07 - 2011-11-11 13:07 - 00000159 ____A C:\Windows\wiadebug.log

2013-06-03 12:07 - 2011-11-11 13:07 - 00000050 ____A C:\Windows\wiaservc.log

2013-06-03 12:07 - 2008-04-14 13:00 - 00002206 ____A C:\Windows\System32\wpa.dbl

2013-06-03 12:06 - 2013-03-16 14:27 - 00000276 ____A C:\Windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-73586283-2000478354-682003330-1003.job

2013-06-03 12:06 - 2012-08-25 14:17 - 00000776 ____A C:\Windows\Tasks\SBWUpdateTask_Logon_cbef6ec-0023AE7E1D75.job

2013-06-03 12:06 - 2011-11-06 13:29 - 00032024 ____A C:\Windows\SchedLgU.Txt

2013-06-03 12:06 - 2011-11-06 13:29 - 00000178 ___SH C:\Documents and Settings\User\ntuser.ini

2013-06-03 12:06 - 2011-11-06 13:29 - 00000062 __ASH C:\Documents and Settings\User\Local Settings\desktop.ini

2013-06-03 12:06 - 2011-11-06 13:29 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini

2013-06-03 12:06 - 2011-11-06 13:29 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-03 12:06 - 2011-11-06 13:23 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini

2013-06-03 12:05 - 2013-06-03 12:05 - 00010522 ____A C:\AdwCleaner[s2].txt

2013-06-03 12:04 - 2013-06-03 12:04 - 00632031 ____A C:\Documents and Settings\User\Desktop\adwcleaner.exe

2013-06-03 10:17 - 2013-06-03 10:17 - 00019738 ____A C:\Documents and Settings\User\Desktop\attach.txt

2013-06-03 10:17 - 2013-06-03 10:17 - 00016731 ____A C:\Documents and Settings\User\Desktop\dds.txt

2013-06-03 10:14 - 2013-06-03 10:14 - 00688992 ____R (Swearware) C:\Documents and Settings\User\Desktop\dds.scr

2013-06-03 09:37 - 2013-05-04 08:12 - 00000000 ____D C:\Documents and Settings\User\Desktop\New Folder (3)

2013-06-02 23:15 - 2013-06-02 23:06 - 00021300 ____A C:\Documents and Settings\User\Desktop\enzyme write up_1

2013-06-02 23:06 - 2013-06-02 23:06 - 00020698 ____A C:\Documents and Settings\User\Desktop\enzyme write up

2013-06-02 23:02 - 2012-12-03 23:05 - 00000000 ____D C:\Documents and Settings\User\Desktop\New Folder

2013-06-02 21:14 - 2011-11-10 20:53 - 00000000 ____D C:\Program Files\CCleaner

2013-06-02 21:00 - 2013-01-20 09:33 - 00000420 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{B63C40F8-7EA7-49A7-80E3-8F685E85CD33}.job

2013-06-02 20:29 - 2013-05-28 13:58 - 00000000 ____D C:\Program Files\SoftwareUpdater

2013-06-02 20:29 - 2011-11-10 20:32 - 00000000 ____D C:\Program Files\Common Files\Motive

2013-06-02 20:27 - 2013-06-02 20:27 - 00000000 ____D C:\TDSSKiller_Quarantine

2013-06-02 20:24 - 2013-06-02 20:23 - 02237968 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\User\Desktop\tdsskiller.exe

2013-06-02 19:57 - 2011-11-06 14:12 - 00000000 __SHD C:\Documents and Settings\User\UserData

2013-06-02 17:51 - 2012-04-30 19:12 - 00000000 ____D C:\Documents and Settings\User\Application Data\Winamp

2013-06-02 16:58 - 2013-06-02 16:58 - 00000018 ____A C:\Documents and Settings\User\My Documents\malwarebytes forum.txt

2013-06-02 15:26 - 2011-12-25 14:33 - 00000000 ____D C:\Windows\2437DF07D3CB4D858397ED8AE9ED26D5.TMP

2013-06-02 10:41 - 2013-06-02 10:41 - 00001678 ____A C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

2013-06-02 10:41 - 2013-06-02 10:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-06-02 10:41 - 2013-06-02 10:41 - 00000000 ____D C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com

2013-06-02 10:41 - 2013-06-02 10:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2013-06-01 14:09 - 2013-03-16 14:27 - 00000284 ____A C:\Windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-73586283-2000478354-682003330-1003.job

2013-06-01 11:11 - 2012-03-04 10:42 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job

2013-05-30 16:25 - 2011-11-10 21:05 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-05-30 12:06 - 2011-11-10 20:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Soulseek

2013-05-29 07:34 - 2012-03-06 13:57 - 00000007 ____A C:\Windows\System32\ANIWZCSUSERNAME

2013-05-28 10:30 - 2013-05-28 10:30 - 00000247 ____A C:\Documents and Settings\User\My Documents\tv licence payment may 28th.txt

2013-05-27 17:54 - 2013-05-27 17:29 - 00000000 ____D C:\Documents and Settings\User\Application Data\Audacity

2013-05-27 17:28 - 2013-05-27 17:28 - 21281052 ____A (Audacity Team ) C:\Documents and Settings\User\My Documents\audacity-win-2.0.3.exe

2013-05-27 17:19 - 2013-05-13 12:11 - 00000000 ____D C:\Program Files\CyberLink

2013-05-27 17:18 - 2011-11-10 20:47 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

2013-05-25 11:06 - 2013-05-25 11:01 - 00000000 ____D C:\Documents and Settings\User\My Documents\Tommy Liverpool Kit - may 25th 2013

2013-05-24 12:28 - 2012-09-17 14:20 - 00000443 ____A C:\Documents and Settings\User\My Documents\EDF PAYBACK.txt

2013-05-23 14:00 - 2012-03-17 17:41 - 00552960 __ASH C:\Documents and Settings\User\My Documents\Thumbs.db

2013-05-20 12:56 - 2011-11-10 20:46 - 00000000 ____D C:\Documents and Settings\User\Application Data\Skype

2013-05-20 12:56 - 2011-11-10 20:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype

2013-05-20 12:40 - 2013-05-20 12:40 - 00000000 ____A C:\Windows\System32\TempWmicBatchFile.bat

2013-05-15 16:03 - 2013-05-15 16:03 - 00000000 ____D C:\Documents and Settings\User\Application Data\Xilisoft

2013-05-15 16:01 - 2013-05-15 16:01 - 00000000 ____D C:\Program Files\Xilisoft

2013-05-15 16:01 - 2013-05-15 16:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Xilisoft

2013-05-15 15:49 - 2011-11-06 13:12 - 00268600 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-15 15:42 - 2011-11-11 13:40 - 00000000 ____D C:\Windows\Microsoft.NET

2013-05-15 15:31 - 2011-11-06 13:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help

2013-05-15 15:30 - 2011-11-06 13:13 - 00542886 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-15 15:23 - 2013-05-15 15:23 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$

2013-05-15 15:23 - 2011-11-06 14:10 - 00000000 ____D C:\Windows\$hf_mig$

2013-05-15 15:20 - 2013-05-15 15:20 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$

2013-05-15 15:20 - 2011-11-06 14:46 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-15 15:04 - 2013-05-13 12:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CyberLink

2013-05-15 12:07 - 2013-02-27 22:07 - 17613192 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe

2013-05-15 12:07 - 2012-03-31 22:06 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-05-15 12:07 - 2011-11-10 20:39 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-05-14 13:21 - 2011-11-19 20:20 - 00000000 ____D C:\Documents and Settings\User\Application Data\Media Player Classic

2013-05-14 08:22 - 2013-05-14 08:22 - 00137869 ____A C:\hcwclear.txt

2013-05-14 08:21 - 2013-05-14 08:21 - 00150128 ____A (Hauppauge Computer Works) C:\Documents and Settings\User\My Documents\hcwclear.exe

2013-05-13 12:42 - 2013-05-13 12:42 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\CyberLink

2013-05-13 12:20 - 2013-05-13 12:20 - 00000000 ____D C:\Documents and Settings\User\My Documents\CyberLink

2013-05-13 12:17 - 2013-05-13 12:17 - 00000000 ____D C:\Documents and Settings\User\Application Data\CyberLink

2013-05-13 12:14 - 2011-11-06 15:08 - 00069632 ____A C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2013-05-13 12:12 - 2013-05-13 12:12 - 00001688 ____A C:\Documents and Settings\User\My Documents\CyberLink PowerDirector.lnk

2013-05-10 10:02 - 2013-05-10 10:02 - 00000000 ____D C:\Documents and Settings\User\Application Data\dvdcss

2013-05-08 11:32 - 2011-11-11 13:58 - 00000000 ____D C:\Documents and Settings\User\Tracing

2013-05-08 11:24 - 2011-11-06 13:13 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-05-07 08:21 - 2013-05-07 08:21 - 06577464 ____A C:\Documents and Settings\User\My Documents\Attachments_201357_2.zip

2013-05-07 08:21 - 2013-05-07 08:20 - 09245261 ____A C:\Documents and Settings\User\My Documents\Attachments_201357_1.zip

2013-05-07 08:20 - 2013-05-07 08:20 - 07909799 ____A C:\Documents and Settings\User\My Documents\Attachments_201357.zip

2013-05-07 05:27 - 2008-04-14 13:00 - 06015488 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll

2013-05-07 05:27 - 2008-04-14 13:00 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Lo

Share this post


Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-06-2013 03

Ran by User at 2013-06-03 14:27:27 Run:

Running from C:\Documents and Settings\User\Desktop

Boot Mode: Normal

==========================================================

==================== Installed Programs =======================

Adobe AIR (Version: 3.1.0.4880)

Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)

Adobe Flash Player 11 Plugin (Version: 11.7.700.202)

Adobe Reader XI (11.0.03) (Version: 11.0.03)

ANIO Service

ANIWZCS2 Service

Apple Application Support (Version: 2.3.3)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (Version: 2.1.3.127)

Avanquest update (Version: 1.30)

Bonjour (Version: 3.0.0.10)

BT Desktop Help

BTHomeHub

CCleaner (Version: 4.02)

D-Link Wireless N DWA-140

Download Accelerator Plus (DAP) (Version: 10036 (Build 2451))

Driving Theory Test Professional v2.4.0.0

Easy Phone Sync (Version: 57)

EPSON Scan

ESET Online Scanner v3

GoToAssist Corporate (Version: 10.2.0.830)

GoToAssist Corporate (Version: 9.0.570)

Intel® Graphics Media Accelerator Driver

iTunes (Version: 11.0.2.26)

Java 7 Update 21 (Version: 7.0.210)

Java Auto Updater (Version: 2.1.9.5)

Java SE Development Kit 7 Update 13 (Version: 1.7.0.130)

K-Lite Codec Pack 9.7.5 (Full) (Version: 9.7.5)

LeapFrog Connect (Version: 4.2.9.15649)

LeapFrog Leapster Explorer Plugin (Version: 4.2.11.15696)

Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)

Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)

Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Choice Guard (Version: 2.0.48.0)

Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)

Microsoft Corporation (Version: 9.0.30729.1)

Microsoft LifeCam (Version: 3.22.270.0)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Security Client (Version: 4.2.0223.1)

Microsoft Security Essentials (Version: 4.2.223.1)

Microsoft Silverlight (Version: 5.1.20125.0)

Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)

Mozilla Maintenance Service (Version: 20.0.1)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MyFreeCodec

Nero 6 Ultra Edition

Netscape Navigator (9.0.0.6) (Version: 9.0.0.6 (en-US))

PhotoNow! 1.0 (Version: 3.0.4004)

PowerDirector

QuickTime (Version: 7.73.80.64)

Recover Disc 2.0 (Version: 2.0)

Samsung Kies (Version: 2.5.1.12123_2)

SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)

SoulSeek 157 NS 13e

SoulseekQt

SpeedBit Video Accelerator (Version: 3307(build_3013))

Strongvault Online Backup (Version: 5.0.2.34)

SUPERAntiSpyware (Version: 5.6.1020)

Tweaking.com - Windows Repair (All in One) (Version: 1.9.8)

Uninstall Helper (Version: 2.0.1.0)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)

Update for Windows XP (KB2345886) (Version: 1)

Update for Windows XP (KB2467659) (Version: 1)

Update for Windows XP (KB2541763) (Version: 1)

Update for Windows XP (KB2616676-v2) (Version: 2)

Update for Windows XP (KB2641690) (Version: 1)

Update for Windows XP (KB2661254-v2) (Version: 2)

Update for Windows XP (KB2718704) (Version: 1)

Update for Windows XP (KB2736233) (Version: 1)

Update for Windows XP (KB2749655) (Version: 1)

Update for Windows XP (KB898461) (Version: 1)

Update for Windows XP (KB951978) (Version: 1)

Update for Windows XP (KB955759) (Version: 1)

Update for Windows XP (KB961503) (Version: 1)

Update for Windows XP (KB968389) (Version: 1)

Update for Windows XP (KB971029) (Version: 1)

Update for Windows XP (KB971737) (Version: 1)

Update for Windows XP (KB973687) (Version: 1)

Update for Windows XP (KB973815) (Version: 1)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)

VCD Cutter 1.1

VLC media player 2.0.0 (Version: 2.0.0)

WebFldrs XP (Version: 9.50.7523)

Winamp (Version: 5.623 )

Winamp Detector Plug-in (Version: 1.0.0.1)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)

Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8 (Version: 20090308.140743)

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin (Version: 1.0.0.8)

Windows PowerShell 1.0 (Version: 2)

WinRAR archiver

Xilisoft Video Converter Ultimate (Version: 7.4.0.20120712)

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

==================== Restore Points =========================

==================== Hosts content: ==========================

127.0.0.1 localhost

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (06/03/2013 01:04:23 PM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/03/2013 10:16:00 AM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/03/2013 08:36:47 AM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.2.223.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/03/2013 08:36:46 AM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.2.223.0, P3 passthrough, P4 1.1.9506.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/03/2013 08:36:45 AM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.2.223.0, P3 timeout, P4 1.1.9506.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/03/2013 08:36:44 AM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.2.223.0, P3 timeout, P4 1.1.9506.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/03/2013 08:36:44 AM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.2.223.0, P3 timeout, P4 1.1.9506.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/03/2013 08:36:39 AM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.2.223.0, P3 timeout, P4 1.1.9506.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/03/2013 08:36:34 AM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.2.223.0, P3 timeout, P4 1.1.9506.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/03/2013 08:36:06 AM) (Source: MPSampleSubmission) (User: )

Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.2.223.0, P3 timeout, P4 1.1.9506.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

System errors:

=============

Error: (06/03/2013 01:57:50 PM) (Source: Service Control Manager) (User: )

Description: The MRESP50 NDIS Protocol Driver service failed to start due to the following error:

%%2

Error: (06/03/2013 01:57:50 PM) (Source: Service Control Manager) (User: )

Description: The MRESP50 NDIS Protocol Driver service failed to start due to the following error:

%%2

Error: (06/03/2013 01:57:37 PM) (Source: Service Control Manager) (User: )

Description: The MRESP50 NDIS Protocol Driver service failed to start due to the following error:

%%2

Error: (06/03/2013 01:57:37 PM) (Source: Service Control Manager) (User: )

Description: The MRESP50 NDIS Protocol Driver service failed to start due to the following error:

%%2

Error: (06/03/2013 01:57:30 PM) (Source: Service Control Manager) (User: )

Description: The MRESP50 NDIS Protocol Driver service failed to start due to the following error:

%%2

Error: (06/03/2013 01:57:30 PM) (Source: Service Control Manager) (User: )

Description: The MRESP50 NDIS Protocol Driver service failed to start due to the following error:

%%2

Error: (06/03/2013 01:57:29 PM) (Source: Service Control Manager) (User: )

Description: The MRESP50 NDIS Protocol Driver service failed to start due to the following error:

%%2

Error: (06/03/2013 01:57:29 PM) (Source: Service Control Manager) (User: )

Description: The MRESP50 NDIS Protocol Driver service failed to start due to the following error:

%%2

Error: (06/03/2013 01:57:29 PM) (Source: Service Control Manager) (User: )

Description: The MRESP50 NDIS Protocol Driver service failed to start due to the following error:

%%2

Error: (06/03/2013 01:57:29 PM) (Source: Service Control Manager) (User: )

Description: The MRESP50 NDIS Protocol Driver service failed to start due to the following error:

%%2

Microsoft Office Sessions:

=========================

Error: (05/16/2012 03:44:36 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 24 seconds with 0 seconds of active time. This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 54%

Total physical RAM: 2036.89 MB

Available physical RAM: 924.89 MB

Total Pagefile: 3929.78 MB

Available Pagefile: 2883.11 MB

Total Virtual: 2047.88 MB

Available Virtual: 1935.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.93 GB) (Free:111.21 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive d: (PDR5+PP4.0_R2) (CDROM) (Total:0.24 GB) (Free:0 GB) CDFS

Drive e: (FreeAgent Drive) (Fixed) (Total:596.17 GB) (Free:399.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: A42D04A3)

Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)

Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 596 GB) (Disk ID: CF72BE11)

Partition 1: (Not Active) - (Size=596 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Share this post


Link to post
Share on other sites

Fix with FRST

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
    C:\Program Files\SoftwareUpdater
    C:\Windows\2437DF07D3CB4D858397ED8AE9ED26D5.TMP
    C:\Documents and Settings\User\My Documents\iLividSetup.exe
    C:\Documents and Settings\User\My Documents\VCDCutterSetup.exe
    C:\Documents and Settings\User\My Documents\Programs\VideoCutterSetup.exe
    C:\WINDOWS\Temp\Optimizer_Pro.exe


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Share this post


Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-06-2013 03

Ran by User at 2013-06-03 16:04:18 Run:1

Running from C:\Documents and Settings\User\Desktop

Boot Mode: Normal

==============================================

C:\Program Files\SoftwareUpdater => Moved successfully.

C:\Windows\2437DF07D3CB4D858397ED8AE9ED26D5.TMP => Moved successfully.

C:\Documents and Settings\User\My Documents\iLividSetup.exe => Moved successfully.

C:\Documents and Settings\User\My Documents\VCDCutterSetup.exe => Moved successfully.

C:\Documents and Settings\User\My Documents\Programs\VideoCutterSetup.exe => Moved successfully.

C:\WINDOWS\Temp\Optimizer_Pro.exe => Moved successfully.

==== End of Fixlog ====

Share this post


Link to post
Share on other sites

That´s a line you can ignore - i missed it while translating the instructions, sorry for that! ;)

That´s it, your system is all clean now!

Uninstall our tools.

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

  • If there is still something left please delete it manualy.

Recommendations

Below are some recommendations to lower your chances of (re)infection.

  1. Install and maintain an outbound firewall
  2. Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  3. Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  4. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
    If you are using Windows Vista/7

    1. Click the "Start Menu" (or Windows Orb)
    2. Click "All Programs"
    3. Click "Windows Update"
    4. On the left, choose "Change Settings"
    5. Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    6. Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    7. Click "Check for Updates" in the upper left corner.
    8. Follow the instructions to install the latest updates.
    9. Reboot and repeat the "Check for Updates" until there are no more critical updates to install
    10. Keep your other software up to date as well
      Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
    11. Stay up to date!
      The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.