Jump to content

Recommended Posts

Good afternoon,

 

I hope you can help me. Both google chrome and IE keep loading the www.adf.ly website. Malwarebytes found a PUP "pricegong" but doesn`t seem to remove it completely.

 

I found your instructions here: https://forums.malwarebytes.org/index.php?showtopic=130750 (logs arttached) but the problem is still there.

 

Thank you.

JRT.txt

dds.txt

MBAM-log-2013-11-13 (12-48-01).txt

AdwCleanerS0.txt

attach.txt

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
Sieh an - ein Eidgenosse! :)
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!

Es sollte nie auf eigene Initiative hin ausgeführt werden!
Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.



Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop

  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.


Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
    Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die End Nutzer Lizenz.
    Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls was schief geht.
    Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.


Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.


Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Link to post
Share on other sites

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

Link to post
Share on other sites

[scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2013

Ran by vad (administrator) on TRIVADIS-DBA786 on 13-11-2013 18:55:01
Running from C:\Documents and Settings\vad\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(PixArt Imaging Incorporation) C:\WINDOWS\PixArt\PAC7302\Monitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Nero AG) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
(T2 API, LLC) C:\Program Files\QuoteTracker\stocks.exe
(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Anatoly Zaytsev) C:\ZET 9\zet.exe
() C:\Books\Market\New\calc2\DegreesCalc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1657376 2009-08-05] ()
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33628160 2009-06-17] (VIA Technologies, Inc.)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [570664 2008-07-09] (Nero AG)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [PAC7302_Monitor] - C:\WINDOWS\PixArt\Pac7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Documents and Settings\vad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-07-07] (Google Inc.)
HKCU\...\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-06-24] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe [ 2008-06-24] (Nero AG)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {9BE31822-FDAD-461B-AD51-BE1D1C159921} http://iptv.kartina.tv/files/bin/VLC%20TV%20Player.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.2.24.158 62.2.17.60 62.2.24.162 62.2.17.61
 
Chrome: 
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\vad\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\DOCUME~1\vad\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\vad\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\DOCUME~1\vad\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\DOCUME~1\vad\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
 
==================== Drivers (Whitelisted) ====================
 
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 monfilt; C:\Windows\System32\drivers\monfilt.sys [1389056 2008-02-14] (Creative Technology Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R1 MpKsla546ac45; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0188115E-92AA-4185-9C2E-2E17823E54D9}\MpKsla546ac45.sys [40392 2013-11-13] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [56992 2009-08-11] (NVIDIA Corporation)
R3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1374464 2009-06-02] (VIA Technologies, Inc.)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; 
U3 fgxyrfod; \??\C:\DOCUME~1\vad\LOCALS~1\Temp\fgxyrfod.sys [x]
U3 mbr; \??\C:\DOCUME~1\vad\LOCALS~1\Temp\mbr.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-13 18:54 - 2013-11-13 18:54 - 00000000 ____D C:\FRST
2013-11-13 17:20 - 2013-11-13 17:20 - 00000000 _____ C:\Documents and Settings\vad\Desktop\ark.txt
2013-11-13 16:20 - 2013-11-13 16:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-11-13 14:38 - 2013-11-13 14:38 - 00023508 _____ C:\Documents and Settings\vad\Desktop\attach.txt
2013-11-13 14:38 - 2013-11-13 14:38 - 00008046 _____ C:\Documents and Settings\vad\Desktop\dds.txt
2013-11-13 13:58 - 2013-11-13 13:58 - 00001219 _____ C:\Documents and Settings\vad\Desktop\AdwCleaner[s0].txt
2013-11-13 13:50 - 2013-11-13 13:51 - 00001731 _____ C:\Documents and Settings\vad\Desktop\JRT.txt
2013-11-13 13:41 - 2013-11-13 13:41 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-13 13:40 - 2013-11-13 13:56 - 00000000 ____D C:\AdwCleaner
2013-11-06 11:53 - 2013-11-06 11:54 - 00000000 ____D C:\Documents and Settings\vad\Application Data\ICQ-Profile
2013-11-06 11:53 - 2013-11-06 11:53 - 00001681 _____ C:\Documents and Settings\vad\Start Menu\ICQ.lnk
2013-11-06 11:53 - 2013-11-06 11:53 - 00001681 _____ C:\Documents and Settings\vad\Desktop\ICQ.lnk
2013-11-06 11:53 - 2013-11-06 11:53 - 00000000 ____D C:\Program Files\ICQM
2013-11-06 11:53 - 2013-11-06 11:53 - 00000000 ____D C:\Documents and Settings\vad\Start Menu\Programs\ICQ
2013-11-06 11:53 - 2013-11-06 11:53 - 00000000 ____D C:\Documents and Settings\vad\Application Data\ICQM
 
==================== One Month Modified Files and Folders =======
 
2013-11-13 18:55 - 2012-07-10 14:17 - 00000000 ____D C:\Program Files\QuoteTracker
2013-11-13 18:54 - 2013-11-13 18:54 - 00000000 ____D C:\FRST
2013-11-13 18:53 - 2012-07-10 11:57 - 00000000 ____D C:\Documents and Settings\vad\Application Data\Skype
2013-11-13 18:51 - 2013-03-18 17:33 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-13 18:51 - 2012-07-07 22:49 - 00001182 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1957994488-839522115-1003UA.job
2013-11-13 18:30 - 2012-07-08 09:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-13 18:18 - 2012-07-07 21:08 - 02085976 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-13 17:31 - 2012-07-10 15:00 - 00000000 ____D C:\ZET 9
2013-11-13 17:20 - 2013-11-13 17:20 - 00000000 _____ C:\Documents and Settings\vad\Desktop\ark.txt
2013-11-13 16:30 - 2013-11-13 16:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-11-13 16:11 - 2013-02-13 22:58 - 00000000 ____D C:\Documents and Settings\vad\Application Data\vlc
2013-11-13 14:54 - 2013-02-14 13:21 - 00002305 _____ C:\Documents and Settings\All Users\Desktop\Betting Assistant.lnk
2013-11-13 14:38 - 2013-11-13 14:38 - 00023508 _____ C:\Documents and Settings\vad\Desktop\attach.txt
2013-11-13 14:38 - 2013-11-13 14:38 - 00008046 _____ C:\Documents and Settings\vad\Desktop\dds.txt
2013-11-13 14:10 - 2013-03-18 17:33 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-13 14:10 - 2012-08-01 16:27 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-13 14:10 - 2012-08-01 16:27 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-13 14:10 - 2012-07-08 10:22 - 00079824 _____ C:\Documents and Settings\vad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-11-13 14:10 - 2012-07-07 23:00 - 00326704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-11-13 14:10 - 2012-07-07 21:12 - 00000000 ____D C:\Documents and Settings\vad
2013-11-13 14:10 - 2012-07-07 21:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-13 14:10 - 2009-08-06 08:44 - 00248739 _____ C:\WINDOWS\system32\NvApps.xml
2013-11-13 14:10 - 2002-12-31 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-13 14:09 - 2012-07-07 21:12 - 00000178 ___SH C:\Documents and Settings\vad\ntuser.ini
2013-11-13 14:09 - 2012-07-07 21:11 - 00032550 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-13 13:58 - 2013-11-13 13:58 - 00001219 _____ C:\Documents and Settings\vad\Desktop\AdwCleaner[s0].txt
2013-11-13 13:56 - 2013-11-13 13:40 - 00000000 ____D C:\AdwCleaner
2013-11-13 13:51 - 2013-11-13 13:50 - 00001731 _____ C:\Documents and Settings\vad\Desktop\JRT.txt
2013-11-13 13:41 - 2013-11-13 13:41 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-13 13:40 - 2012-07-19 15:02 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2013-11-13 13:28 - 2012-12-25 00:44 - 00000418 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{5ACD7206-10B5-47D5-B980-C4304F10859E}.job
2013-11-13 02:35 - 2012-07-08 09:30 - 00000130 _____ C:\WINDOWS\ChssBase.ini
2013-11-13 01:51 - 2012-07-07 22:49 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1957994488-839522115-1003Core.job
2013-11-13 01:09 - 2013-08-27 14:59 - 00000000 ____D C:\Documents and Settings\vad\.thinkorswim
2013-11-13 01:08 - 2012-10-24 15:22 - 00000000 ____D C:\Program Files\thinkTDA
2013-11-12 22:26 - 2012-07-08 10:25 - 00054784 _____ C:\Documents and Settings\vad\Desktop\stats.xls
2013-11-11 23:18 - 2012-07-08 10:25 - 00075264 _____ C:\Documents and Settings\vad\Desktop\My bets1.xls
2013-11-09 22:52 - 2012-07-10 10:25 - 00000000 ____D C:\Documents and Settings\vad\Application Data\Mozilla
2013-11-08 16:30 - 2012-07-10 11:57 - 00000000 ___RD C:\Program Files\Skype
2013-11-08 16:30 - 2012-07-10 11:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-11-06 11:54 - 2013-11-06 11:53 - 00000000 ____D C:\Documents and Settings\vad\Application Data\ICQ-Profile
2013-11-06 11:53 - 2013-11-06 11:53 - 00001681 _____ C:\Documents and Settings\vad\Start Menu\ICQ.lnk
2013-11-06 11:53 - 2013-11-06 11:53 - 00001681 _____ C:\Documents and Settings\vad\Desktop\ICQ.lnk
2013-11-06 11:53 - 2013-11-06 11:53 - 00000000 ____D C:\Program Files\ICQM
2013-11-06 11:53 - 2013-11-06 11:53 - 00000000 ____D C:\Documents and Settings\vad\Start Menu\Programs\ICQ
2013-11-06 11:53 - 2013-11-06 11:53 - 00000000 ____D C:\Documents and Settings\vad\Application Data\ICQM
2013-10-27 12:22 - 2012-07-07 23:01 - 00597242 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-16 02:01 - 2012-08-01 12:40 - 00001917 _____ C:\WINDOWS\epplauncher.mif
2013-10-16 02:01 - 2012-08-01 12:40 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-10-16 02:00 - 2012-08-01 12:40 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-14 11:32 - 2012-07-08 10:19 - 00000000 ____D C:\WINDOWS\Microsoft.NET
 
Some content of TEMP:
====================
C:\Documents and Settings\vad\Local Settings\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== End Of Log ============================]

 

[Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-11-2013

Ran by vad at 2013-11-13 18:55:35
Running from C:\Documents and Settings\vad\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 
==================== Installed Programs ======================
 
µTorrent (Version: 3.3.0.29625)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Betting Assistant (Version: 1.0.64)
BlitzIn 3.0
CCleaner (Version: 3.21)
ChessBase 7.0
ChessBase 8.0
ChessBase Reader (Version: 2)
CycleTimer (Version: 1.1.2)
Deep Rybka 4 (Version: 12.0.0)
Gannalyst Professional 5.0
Google Chrome (HKCU Version: 30.0.1599.101)
Google Talk Plugin (Version: 4.9.1.16010)
Google Update Helper (Version: 1.3.21.165)
ICQ 8.2 (build 6870) (HKCU Version: 8.2.6870.0)
Jagannatha Hora 7.64 (Version: 7.64)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.1 (Version: 2.1.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 8 Essentials (Version: 8.3.618)
neroxml (Version: 1.0.0)
NVIDIA Drivers (Version: 1.9)
NVIDIA nView Desktop Manager (Version: 125.18)
Platform (Version: 1.34)
PlayChess  (Version: )
QuoteTracker
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.23.0000)
Russian Phonetic YaZHert - RusWin.net - Custom (Version: 1.0.3.40)
Skype™ 6.10 (Version: 6.10.104)
thinkorswim from TD AMERITRADE
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VCRedistSetup (Version: 1.0.0)
VIA Plattform-Geräte-Manager (Version: 1.34)
VirtualCloneDrive
VLC TV Player (Version: 1.0.5.0)
WebFldrs XP (Version: 9.50.7523)
WinDjView 2.0.1 (Version: 2.0.1)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
ZET 9 Lite 1.69
 
==================== Restore Points  =========================
 
15-08-2013 01:00:26 Software Distribution Service 3.0
15-08-2013 09:17:34 Software Distribution Service 3.0
16-08-2013 11:53:56 Software Distribution Service 3.0
18-08-2013 10:03:04 Software Distribution Service 3.0
19-08-2013 10:44:53 Software Distribution Service 3.0
20-08-2013 11:24:12 Software Distribution Service 3.0
21-08-2013 12:21:30 Software Distribution Service 3.0
22-08-2013 16:54:16 Software Distribution Service 3.0
24-08-2013 10:58:39 Software Distribution Service 3.0
25-08-2013 12:37:19 Software Distribution Service 3.0
27-08-2013 11:23:16 Software Distribution Service 3.0
28-08-2013 12:38:37 Software Distribution Service 3.0
29-08-2013 01:00:15 Software Distribution Service 3.0
30-08-2013 09:56:03 Software Distribution Service 3.0
31-08-2013 12:45:07 Software Distribution Service 3.0
02-09-2013 10:53:01 Software Distribution Service 3.0
03-09-2013 12:18:55 Software Distribution Service 3.0
04-09-2013 19:29:49 System Checkpoint
05-09-2013 09:03:01 Software Distribution Service 3.0
06-09-2013 10:15:49 Software Distribution Service 3.0
07-09-2013 18:42:36 Software Distribution Service 3.0
08-09-2013 20:47:54 Software Distribution Service 3.0
10-09-2013 09:16:51 Software Distribution Service 3.0
11-09-2013 10:18:58 Software Distribution Service 3.0
12-09-2013 01:00:34 Software Distribution Service 3.0
12-09-2013 02:06:49 Software Distribution Service 3.0
12-09-2013 16:44:35 Software Distribution Service 3.0
13-09-2013 01:00:30 Software Distribution Service 3.0
13-09-2013 03:14:54 Software Distribution Service 3.0
14-09-2013 01:00:28 Software Distribution Service 3.0
14-09-2013 01:59:04 Software Distribution Service 3.0
14-09-2013 10:56:04 Software Distribution Service 3.0
15-09-2013 11:06:34 Software Distribution Service 3.0
16-09-2013 13:00:59 System Checkpoint
17-09-2013 09:58:40 Software Distribution Service 3.0
19-09-2013 09:58:11 Software Distribution Service 3.0
21-09-2013 08:29:54 Software Distribution Service 3.0
22-09-2013 11:43:10 Software Distribution Service 3.0
24-09-2013 10:55:08 Software Distribution Service 3.0
25-09-2013 11:04:39 Software Distribution Service 3.0
27-09-2013 09:22:40 Software Distribution Service 3.0
28-09-2013 13:04:14 Software Distribution Service 3.0
30-09-2013 09:48:36 Software Distribution Service 3.0
02-10-2013 07:43:54 Software Distribution Service 3.0
03-10-2013 09:37:15 System Checkpoint
04-10-2013 10:01:13 Software Distribution Service 3.0
05-10-2013 15:40:33 System Checkpoint
06-10-2013 09:07:38 Software Distribution Service 3.0
07-10-2013 09:11:42 Software Distribution Service 3.0
08-10-2013 09:53:57 Software Distribution Service 3.0
09-10-2013 12:53:12 System Checkpoint
10-10-2013 00:33:47 Software Distribution Service 3.0
10-10-2013 03:01:24 Software Distribution Service 3.0
11-10-2013 06:12:50 Software Distribution Service 3.0
13-10-2013 19:56:21 Software Distribution Service 3.0
14-10-2013 01:00:14 Software Distribution Service 3.0
15-10-2013 08:52:12 Software Distribution Service 3.0
16-10-2013 01:00:15 Software Distribution Service 3.0
17-10-2013 03:36:37 Software Distribution Service 3.0
18-10-2013 08:58:52 Software Distribution Service 3.0
19-10-2013 23:28:20 System Checkpoint
20-10-2013 11:09:13 Software Distribution Service 3.0
21-10-2013 12:46:03 System Checkpoint
22-10-2013 09:39:37 Software Distribution Service 3.0
23-10-2013 11:02:53 Software Distribution Service 3.0
25-10-2013 11:38:57 Software Distribution Service 3.0
26-10-2013 12:34:35 System Checkpoint
27-10-2013 11:32:38 Software Distribution Service 3.0
28-10-2013 19:54:07 System Checkpoint
29-10-2013 10:34:36 Software Distribution Service 3.0
30-10-2013 11:40:18 Software Distribution Service 3.0
01-11-2013 12:11:37 Software Distribution Service 3.0
02-11-2013 22:29:55 Software Distribution Service 3.0
04-11-2013 11:36:39 Software Distribution Service 3.0
06-11-2013 10:22:50 Software Distribution Service 3.0
07-11-2013 11:26:35 System Checkpoint
08-11-2013 11:14:14 Software Distribution Service 3.0
09-11-2013 11:15:37 Software Distribution Service 3.0
10-11-2013 12:28:16 Software Distribution Service 3.0
12-11-2013 00:01:33 Software Distribution Service 3.0
13-11-2013 13:20:51 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
2002-12-31 13:00 - 2002-12-31 13:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1957994488-839522115-1003Core.job => C:\Documents and Settings\vad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1957994488-839522115-1003UA.job => C:\Documents and Settings\vad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{5ACD7206-10B5-47D5-B980-C4304F10859E}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-11-06 11:53 - 2013-11-06 11:53 - 00307728 _____ () C:\Documents and Settings\vad\Application Data\ICQM\ICQ\dll\mramenu.dll
2012-07-10 14:17 - 2010-02-16 22:09 - 00106504 _____ () C:\Program Files\QuoteTracker\MYTRACKDLL.DLL
2002-12-31 13:00 - 2008-04-14 01:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2002-12-31 13:00 - 2008-04-14 01:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-10-16 00:54 - 2013-10-09 01:02 - 04055504 _____ () C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-16 00:54 - 2013-10-09 01:02 - 00415184 _____ () C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-16 00:54 - 2013-10-09 01:01 - 01604560 _____ () C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2011-02-02 15:51 - 2011-02-02 15:51 - 00491520 _____ () C:\ZET 9\swedll32.dll
2003-10-09 11:11 - 2003-10-09 11:11 - 00115712 _____ () C:\ZET 9\SAPI_DLL.DLL
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-10-16 00:54 - 2013-10-09 01:02 - 13584336 _____ () C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/11/2013 04:52:10 PM) (Source: Application Error) (User: )
Description: Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x01c3120b.
Processing media-specific event for [cb70.exe!ws!]
 
Error: (11/11/2013 07:48:17 AM) (Source: Application Error) (User: )
Description: Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x01336742.
Processing media-specific event for [cb70.exe!ws!]
 
Error: (11/10/2013 10:13:28 PM) (Source: Application Error) (User: )
Description: Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x0132074e.
Processing media-specific event for [cb70.exe!ws!]
 
Error: (11/08/2013 01:14:53 AM) (Source: Application Error) (User: )
Description: Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x01336732.
Processing media-specific event for [cb70.exe!ws!]
 
Error: (11/07/2013 07:53:07 AM) (Source: Application Error) (User: )
Description: Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x0132118e.
Processing media-specific event for [cb70.exe!ws!]
 
Error: (11/06/2013 07:22:22 PM) (Source: Application Error) (User: )
Description: Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x0132af5d.
Processing media-specific event for [cb70.exe!ws!]
 
Error: (11/04/2013 03:50:55 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.3.219.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.
 
Error: (11/04/2013 00:58:14 PM) (Source: Application Error) (User: )
Description: Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x0109afc8.
Processing media-specific event for [cb70.exe!ws!]
 
Error: (11/03/2013 06:33:49 PM) (Source: Application Error) (User: )
Description: Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x39334399.
Processing media-specific event for [cb70.exe!ws!]
 
Error: (11/03/2013 02:03:36 AM) (Source: Application Error) (User: )
Description: Faulting application cb70.exe, version 7.0.0.11, faulting module unknown, version 0.0.0.0, fault address 0x0133676a.
Processing media-specific event for [cb70.exe!ws!]
 
 
System errors:
=============
Error: (11/13/2013 06:51:19 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (11/13/2013 06:15:51 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (11/13/2013 05:18:25 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2
 
Error: (11/13/2013 05:18:25 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2
 
Error: (11/13/2013 05:13:14 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2
 
Error: (11/13/2013 05:10:34 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2
 
Error: (11/13/2013 05:09:03 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2
 
Error: (11/13/2013 05:03:19 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
Error: (11/13/2013 04:23:33 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2
 
Error: (11/13/2013 04:03:01 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D
 
 
Microsoft Office Sessions:
=========================
Error: (02/23/2013 00:06:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/14/2012 04:49:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (11/04/2012 03:28:28 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/26/2012 04:09:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/03/2012 03:51:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 53%
Total physical RAM: 2047.04 MB
Available physical RAM: 945.53 MB
Total Pagefile: 3939.98 MB
Available Pagefile: 2866.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.75 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.75 GB) (Free:413.33 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 0E8E0E8D)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================]
Link to post
Share on other sites

Nothing to see...

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

That would have been the next step...

 

 

Scan with OTL

  1. Download OTL by OldTimer and save it to your desktop.
  2. Double click on the OTL.exe icon on your desktop. If you are using Vista, please right-click and select run as administrator
  3. Click the "Scan All Users" checkbox.


    Note: If you are using a Windows 64bit machine, please make sure the checkbox next to Include 64Bit Scans is checked. It will be checked by default.

  4. Push the runscanbutton.png button.
  5. It will now begin to scan, please be paitent while it scans.
  6. Two reports will open once it's done.
  7. Please copy and paste them in your next reply:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


Link to post
Share on other sites

[OTL Extras logfile created on: 14.11.2013 10:18:34 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\vad\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.10% Memory free
3.85 Gb Paging File | 2.97 Gb Available in Paging File | 77.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 413.41 Gb Free Space | 88.76% Space Free | Partition Type: NTFS
 
Computer Name: TRIVADIS-DBA786 | User Name: vad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-343818398-1957994488-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft  Fax Console -- (Microsoft Corporation)
"C:\Documents and Settings\vad\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\vad\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\vad\Application Data\ICQM\icq.exe" = C:\Documents and Settings\vad\Application Data\ICQM\icq.exe:*:Enabled:ICQ -- (ICQ)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{30BDEFC3-6D77-4722-A8F1-9BA938BA69C8}" = ChessBase 8.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45B79548-7171-11D5-A1FD-F5EABC70E32B}" = CycleTimer
"{4937160D-9A3B-429C-A82E-645116A4EB17}" = VLC TV Player
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D24F198-A2CB-46B5-BB16-41B69C644B6C}" = Microsoft Security Client
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{5167B770-F0FF-4505-AA98-D4073C337E00}" = Russian Phonetic YaZHert - RusWin.net - Custom
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58692A10-4A02-403F-B5B5-9D1D076E07FA}" = Deep Rybka 4
"{6A79665E-2B6A-4BDF-BEC9-22BE4CA41B15}" = ChessBase Reader
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B70CDBAC-638A-4E67-916A-DB4C6F571031}" = Nero 8 Essentials
"{BC86ABDF-8148-44B3-8105-4AE9DDBFDCB6}" = Betting Assistant
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1CE1C52-06D4-46BF-8FE2-81401F533446}" = Deep Rybka 4
"{D6330700-4083-48DD-A03C-E209674E7836}" = ChessBase Reader
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BlitzIn 3.0" = BlitzIn 3.0
"CCleaner" = CCleaner
"ChessBase 7.0" = ChessBase 7.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gannalyst Professional 5.0_is1" = Gannalyst Professional 5.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Jagannatha Hora_is1" = Jagannatha Hora 7.64
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PlayChess" = PlayChess 
"QuoteTracker_is1" = QuoteTracker
"thinkorswim from TD AMERITRADE" = thinkorswim from TD AMERITRADE
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"WinDjView" = WinDjView 2.0.1
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"ZET 9 Lite 1.69" = ZET 9 Lite 1.69
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-343818398-1957994488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"ICQ" = ICQ 8.2 (build 6870)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.06.2013 17:29:20 | Computer Name = TRIVADIS-DBA786 | Source = Application Error | ID = 1000
Description = Faulting application cb70.exe, version 7.0.0.11, faulting module unknown,
 version 0.0.0.0, fault address 0x0133674a.
 
Error - 19.06.2013 11:01:53 | Computer Name = TRIVADIS-DBA786 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
 P4 4.2.223.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 20.06.2013 09:39:15 | Computer Name = TRIVADIS-DBA786 | Source = Application Error | ID = 1000
Description = Faulting application cb70.exe, version 7.0.0.11, faulting module unknown,
 version 0.0.0.0, fault address 0x0132afc9.
 
Error - 21.06.2013 15:43:29 | Computer Name = TRIVADIS-DBA786 | Source = Application Error | ID = 1000
Description = Faulting application cb70.exe, version 7.0.0.11, faulting module unknown,
 version 0.0.0.0, fault address 0x0132af98.
 
Error - 22.06.2013 17:09:12 | Computer Name = TRIVADIS-DBA786 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 22.06.2013 21:18:49 | Computer Name = TRIVADIS-DBA786 | Source = Application Error | ID = 1000
Description = Faulting application cb70.exe, version 7.0.0.11, faulting module unknown,
 version 0.0.0.0, fault address 0x01377c12.
 
Error - 23.07.2013 22:03:58 | Computer Name = TRIVADIS-DBA786 | Source = Application Error | ID = 1000
Description = Faulting application cb70.exe, version 7.0.0.11, faulting module unknown,
 version 0.0.0.0, fault address 0x3933e1bb.
 
Error - 24.07.2013 19:22:55 | Computer Name = TRIVADIS-DBA786 | Source = Application Error | ID = 1000
Description = Faulting application cb70.exe, version 7.0.0.11, faulting module unknown,
 version 0.0.0.0, fault address 0x0133c174.
 
Error - 24.07.2013 19:42:54 | Computer Name = TRIVADIS-DBA786 | Source = Application Error | ID = 1000
Description = Faulting application cb70.exe, version 7.0.0.11, faulting module unknown,
 version 0.0.0.0, fault address 0x01321236.
 
Error - 24.07.2013 20:40:15 | Computer Name = TRIVADIS-DBA786 | Source = Application Error | ID = 1000
Description = Faulting application cb70.exe, version 7.0.0.11, faulting module unknown,
 version 0.0.0.0, fault address 0x013b0d06.
 
[ OSession Events ]
Error - 03.10.2012 10:51:19 | Computer Name = TRIVADIS-DBA786 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.10.2012 11:09:50 | Computer Name = TRIVADIS-DBA786 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.11.2012 10:28:28 | Computer Name = TRIVADIS-DBA786 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.11.2012 11:49:54 | Computer Name = TRIVADIS-DBA786 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.02.2013 07:06:21 | Computer Name = TRIVADIS-DBA786 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 13.11.2013 12:18:25 | Computer Name = TRIVADIS-DBA786 | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort2.
 
Error - 13.11.2013 13:15:51 | Computer Name = TRIVADIS-DBA786 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 13.11.2013 13:51:19 | Computer Name = TRIVADIS-DBA786 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 13.11.2013 15:53:58 | Computer Name = TRIVADIS-DBA786 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 13.11.2013 16:30:20 | Computer Name = TRIVADIS-DBA786 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 14.11.2013 00:06:20 | Computer Name = TRIVADIS-DBA786 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 14.11.2013 00:06:54 | Computer Name = TRIVADIS-DBA786 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 14.11.2013 00:06:58 | Computer Name = TRIVADIS-DBA786 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 14.11.2013 00:07:03 | Computer Name = TRIVADIS-DBA786 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
Error - 14.11.2013 03:29:06 | Computer Name = TRIVADIS-DBA786 | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.
 
 
< End of report >
code]
 
[OTL logfile created on: 14.11.2013 10:18:34 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\vad\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.10% Memory free
3.85 Gb Paging File | 2.97 Gb Available in Paging File | 77.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 413.41 Gb Free Space | 88.76% Space Free | Partition Type: NTFS
 
Computer Name: TRIVADIS-DBA786 | User Name: vad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.11.14 10:18:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vad\My Documents\Downloads\OTL.exe
PRC - [2013.11.11 21:39:25 | 000,354,304 | ---- | M] () -- C:\Books\Market\New\fomalhaut\Fomalhaut.exe
PRC - [2013.10.09 01:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013.08.12 09:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013.08.12 09:11:20 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013.06.11 09:26:38 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013.04.04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.16 17:11:30 | 000,026,112 | ---- | M] () -- C:\Books\Market\New\calc2\DegreesCalc.exe
PRC - [2010.09.22 19:19:16 | 008,921,088 | ---- | M] (T2 API, LLC) -- C:\Program Files\QuoteTracker\stocks.exe
PRC - [2008.06.24 15:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.04.14 01:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.11.03 10:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\Pac7302\Monitor.exe
PRC - [2004.07.22 18:31:32 | 002,031,616 | ---- | M] (Stock Market Geometry) -- C:\Books\Market\Excels\cycletimer1.1.2.fixed.cracked-snd-.exe\CycleTimer.exe
PRC - [2001.03.27 04:08:00 | 000,434,176 | ---- | M] (Ringdale Ltd) -- C:\WINDOWS\system32\gsw32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.11.11 21:39:25 | 000,354,304 | ---- | M] () -- C:\Books\Market\New\fomalhaut\Fomalhaut.exe
MOD - [2013.11.06 11:53:15 | 000,307,728 | ---- | M] () -- C:\Documents and Settings\vad\Application Data\ICQM\ICQ\dll\mramenu.dll
MOD - [2013.10.10 01:39:06 | 011,004,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Design\a1a9cfd93cb99ccf8d74c0a972c25a6d\System.Design.ni.dll
MOD - [2013.10.10 01:37:19 | 006,813,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\46135dcca7a56a358d491b392356a3d6\System.Data.ni.dll
MOD - [2013.10.10 01:37:14 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\485a21406ce7d08fe6cf0b40b706f460\System.Windows.Forms.ni.dll
MOD - [2013.10.10 01:37:13 | 000,377,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Dynamic\b55c2bcdabf15134ac65076303ee1057\System.Dynamic.ni.dll
MOD - [2013.10.10 01:37:12 | 001,616,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\e286d1c2191d2336253f8b49c58c4ccc\Microsoft.CSharp.ni.dll
MOD - [2013.10.10 01:37:01 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\2f0f425579c47fb0aba720d838366b7f\System.Core.ni.dll
MOD - [2013.10.10 01:36:55 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\b21ef81fc4131bd1edd6d0bae9d58932\System.Configuration.ni.dll
MOD - [2013.10.10 01:36:54 | 000,751,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\8aa82f86d6290eb261dcfa5b14c3fb37\System.Security.ni.dll
MOD - [2013.10.09 01:02:43 | 000,415,184 | ---- | M] () -- C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013.10.09 01:02:42 | 013,584,336 | ---- | M] () -- C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013.10.09 01:02:41 | 004,055,504 | ---- | M] () -- C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013.10.09 01:01:47 | 001,604,560 | ---- | M] () -- C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013.08.15 02:07:45 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\0835155203a99b6a9bb540629920da0d\System.Xml.ni.dll
MOD - [2013.08.15 02:07:39 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\7e3570a0cc71998e14e7adb8e4ea0cbb\System.Drawing.ni.dll
MOD - [2013.08.15 02:07:36 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\fc16a5cafc433e6d942e9bd5b14fbeaf\System.ni.dll
MOD - [2013.07.25 12:20:47 | 000,044,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Accessibility\906825def698b2831547de1c5b8cbbe0\Accessibility.ni.dll
MOD - [2013.07.25 02:19:31 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\91bc7f6fd5295405b227cecc0e232ce8\System.Numerics.ni.dll
MOD - [2013.07.25 02:19:30 | 014,418,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll
MOD - [2013.07.14 12:20:46 | 000,495,616 | ---- | M] () -- C:\Books\Market\New\fomalhaut\swedll32.dll
MOD - [2013.07.10 17:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2012.12.16 17:11:30 | 000,026,112 | ---- | M] () -- C:\Books\Market\New\calc2\DegreesCalc.exe
MOD - [2012.10.31 12:41:26 | 000,495,616 | ---- | M] () -- C:\Books\Market\New\calc2\swedll32.dll
MOD - [2010.02.16 22:09:42 | 000,106,504 | ---- | M] () -- C:\Program Files\QuoteTracker\mytrackdll.dll
MOD - [2008.04.14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.04.14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2001.08.04 01:43:54 | 000,227,840 | ---- | M] () -- C:\WINDOWS\system32\SASE.OCX
MOD - [1999.08.16 13:39:20 | 000,348,160 | ---- | M] () -- C:\WINDOWS\system32\SWEDLL32.DLL
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013.10.08 19:30:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.09.05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.08.12 09:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.06.11 09:26:38 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.04.04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013.04.04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.08.11 08:19:20 | 000,056,992 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009.06.02 09:52:36 | 001,374,464 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.05.25 08:21:28 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.02.14 07:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007.06.14 14:29:08 | 000,457,856 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2004.08.13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-343818398-1957994488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
IE - HKU\S-1-5-21-343818398-1957994488-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-343818398-1957994488-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-343818398-1957994488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5.0: C:\Program Files\Kartina.TV\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\vad\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\vad\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\vad\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\vad\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\vad\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/thinkorswim: C:\Program Files\thinkTDA\npthinkorswim.dll (TD Ameritrade)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/tossc: C:\Program Files\thinkTDA\nptossc.dll (TD Ameritrade)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{79AB5E93-0AE2-4759-891A-3F1B322F9F9A}: C:\Program Files\Kartina.TV\VLC\npvlc.dll [2011.04.26 11:53:12 | 000,234,432 | ---- | M] (the VideoLAN Team)
 
[2012.07.10 10:26:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vad\Application Data\Mozilla\Extensions
[2012.12.20 22:23:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vad\Application Data\Mozilla\Firefox\extensions
[2012.12.20 22:23:58 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Documents and Settings\vad\Application Data\Mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.ch/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\Application\30.0.1599.101\gcswf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\vad\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\vad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2002.12.31 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKU\S-1-5-21-343818398-1957994488-839522115-1003..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-1957994488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341692739180 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343821156390 (MUWebControl Class)
O16 - DPF: {9BE31822-FDAD-461B-AD51-BE1D1C159921} http://iptv.kartina.tv/files/bin/VLC%20TV%20Player.cab (VideoLAN VLC ActiveX Plugin v2)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.24.158 62.2.17.60 62.2.24.162 62.2.17.61
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65903CD4-D3F0-4DE6-849E-DB52038BC848}: DhcpNameServer = 62.2.24.158 62.2.17.60 62.2.24.162 62.2.17.61
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.07.07 21:09:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.11.14 08:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.11.13 18:54:44 | 000,000,000 | ---D | C] -- C:\FRST
[2013.11.13 16:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013.11.13 14:37:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\vad\Start Menu\Programs\Administrative Tools
[2013.11.13 14:10:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\vad\Recent
[2013.11.13 13:41:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013.11.13 13:40:24 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.11.06 11:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vad\Start Menu\Programs\ICQ
[2013.11.06 11:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vad\Application Data\ICQ-Profile
[2013.11.06 11:53:00 | 000,000,000 | ---D | C] -- C:\Program Files\ICQM
[2013.11.06 11:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vad\Application Data\ICQM
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\vad\Desktop\*.tmp files -> C:\Documents and Settings\vad\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.11.14 10:19:57 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5ACD7206-10B5-47D5-B980-C4304F10859E}.job
[2013.11.14 09:51:04 | 000,001,182 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1957994488-839522115-1003UA.job
[2013.11.14 09:51:04 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.11.14 09:30:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.11.14 07:19:42 | 000,000,130 | ---- | M] () -- C:\WINDOWS\ChssBase.ini
[2013.11.14 05:06:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.11.14 05:06:15 | 000,248,739 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2013.11.14 05:06:09 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.11.14 05:06:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.11.14 02:39:51 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.11.14 01:51:00 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1957994488-839522115-1003Core.job
[2013.11.13 20:16:35 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Betting Assistant.lnk
[2013.11.13 14:10:20 | 000,326,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.11.13 13:40:35 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013.11.12 23:40:11 | 000,017,862 | ---- | M] () -- C:\Documents and Settings\vad\Desktop\pic.PNG
[2013.11.06 11:53:20 | 000,001,681 | ---- | M] () -- C:\Documents and Settings\vad\Desktop\ICQ.lnk
[2013.11.06 11:53:20 | 000,001,659 | ---- | M] () -- C:\Documents and Settings\vad\Application Data\Microsoft\Internet Explorer\Quick Launch\ICQ.lnk
[2013.10.27 12:22:17 | 000,498,282 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.10.27 12:22:17 | 000,086,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.10.16 02:01:02 | 000,001,917 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\vad\Desktop\*.tmp files -> C:\Documents and Settings\vad\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.11.14 02:39:15 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013.11.12 23:40:11 | 000,017,862 | ---- | C] () -- C:\Documents and Settings\vad\Desktop\pic.PNG
[2013.11.11 00:47:12 | 001,157,644 | ---- | C] () -- C:\Documents and Settings\vad\Desktop\Gann, W.D. - The Tunnel Thru the Air.pdf
[2013.11.06 11:53:20 | 000,001,681 | ---- | C] () -- C:\Documents and Settings\vad\Desktop\ICQ.lnk
[2013.11.06 11:53:20 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\vad\Application Data\Microsoft\Internet Explorer\Quick Launch\ICQ.lnk
[2013.03.19 22:55:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2013.03.19 22:27:54 | 000,000,321 | ---- | C] () -- C:\WINDOWS\R0Edit.ini
[2013.03.19 22:26:54 | 000,000,062 | ---- | C] () -- C:\WINDOWS\R0SYSTEM.INI
[2012.12.20 23:09:32 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\vad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.05 19:44:36 | 000,012,961 | ---- | C] () -- C:\Documents and Settings\vad\Application Data\Microsoft Excel 97-2003.CAL
[2012.11.05 19:43:50 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.09.28 21:51:50 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\vad\Application Data\default.pls
[2012.08.01 15:41:05 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2012.07.19 15:02:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012.07.08 09:30:00 | 000,000,130 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2012.07.08 09:08:33 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\vad\.rnd
[2012.07.07 23:57:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.07.07 23:01:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.07.07 23:00:20 | 000,326,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.07 21:24:35 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012.07.07 21:23:35 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2012.07.07 21:23:30 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2012.07.07 21:23:27 | 000,019,855 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2012.07.07 21:23:27 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2012.07.07 21:10:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.07 21:07:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
 
========== ZeroAccess Check ==========
 
[2012.07.08 10:19:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012.04.20 20:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2013.09.23 15:08:58 | 008,248,530 | R--- | C] ()(C:\Documents and Settings\vad\Desktop\????? ?.?. - ????? ????, 1990.djvu) -- C:\Documents and Settings\vad\Desktop\Оснос В.В. - Дебют Рети, 1990.djvu
[2013.09.21 20:50:21 | 000,209,526 | ---- | M] ()(C:\Documents and Settings\vad\Desktop\???????? ??? ??????.jpg) -- C:\Documents and Settings\vad\Desktop\картинка для Вадима.jpg
[2013.09.21 20:50:20 | 000,209,526 | ---- | C] ()(C:\Documents and Settings\vad\Desktop\???????? ??? ??????.jpg) -- C:\Documents and Settings\vad\Desktop\картинка для Вадима.jpg
[2013.09.19 11:36:26 | 008,248,530 | R--- | M] ()(C:\Documents and Settings\vad\Desktop\????? ?.?. - ????? ????, 1990.djvu) -- C:\Documents and Settings\vad\Desktop\Оснос В.В. - Дебют Рети, 1990.djvu
[2013.09.17 21:21:02 | 000,193,396 | ---- | M] ()(C:\Documents and Settings\vad\Desktop\???.69 ??????? ?????.jpg) -- C:\Documents and Settings\vad\Desktop\стр.69 Каббала чисел.jpg
[2013.09.17 21:21:02 | 000,190,982 | ---- | M] ()(C:\Documents and Settings\vad\Desktop\??? 70 ??????? ?????.jpg) -- C:\Documents and Settings\vad\Desktop\стр 70 Каббала Чисел.jpg
[2013.09.17 21:21:01 | 000,193,396 | ---- | C] ()(C:\Documents and Settings\vad\Desktop\???.69 ??????? ?????.jpg) -- C:\Documents and Settings\vad\Desktop\стр.69 Каббала чисел.jpg
[2013.09.17 21:21:01 | 000,190,982 | ---- | C] ()(C:\Documents and Settings\vad\Desktop\??? 70 ??????? ?????.jpg) -- C:\Documents and Settings\vad\Desktop\стр 70 Каббала Чисел.jpg
[2013.02.12 21:09:20 | 000,497,424 | ---- | M] ()(C:\Documents and Settings\vad\Desktop\???????.png) -- C:\Documents and Settings\vad\Desktop\ОБЛОЖКА.png
[2013.02.12 21:08:58 | 000,497,424 | ---- | C] ()(C:\Documents and Settings\vad\Desktop\???????.png) -- C:\Documents and Settings\vad\Desktop\ОБЛОЖКА.png
[2013.02.12 20:41:23 | 001,655,075 | ---- | M] ()(C:\Documents and Settings\vad\Desktop\???? ? ???????..docx) -- C:\Documents and Settings\vad\Desktop\Ганн и Планеты..docx
[2013.02.12 20:40:44 | 001,655,075 | ---- | C] ()(C:\Documents and Settings\vad\Desktop\???? ? ???????..docx) -- C:\Documents and Settings\vad\Desktop\Ганн и Планеты..docx
[2012.12.30 17:14:06 | 001,535,461 | ---- | M] ()(C:\Documents and Settings\vad\Desktop\????.png) -- C:\Documents and Settings\vad\Desktop\ЛУНА.png
[2012.12.30 17:13:27 | 001,535,461 | ---- | C] ()(C:\Documents and Settings\vad\Desktop\????.png) -- C:\Documents and Settings\vad\Desktop\ЛУНА.png
 
< End of report >
code]
Link to post
Share on other sites

Nothing to see...

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

you did, but the found thretas have to be removed so please rescan as explained.

You know a lot more than I do but do you really think I`m that stupid that can`t delete that file? :) I didn`t do anything because it was not the 1st time I made that scan and it keeps reappearing.

Link to post
Share on other sites

I don´t think you are stupid - I have to interprete the information within the log files you´ve posted.

If someone posts a log file with "no action taken" then we reply standardicious with "rescan and remove the found entries" - that is nothing personal.

 

As this entry within the MBAM log is the only point of interest we have a the moment, please run the ESET scan and post the log.

Link to post
Share on other sites

It`s incredible but malwarebytes didn`t find anything and I`m not being redirected anymore. Thank you very much for your help and sorry for being stubborn sometimes. Can you please explain shortly where that virus/worm could go if no program detected it?

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.11.12.16

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

vad :: TRIVADIS-DBA786 [administrator]

 

14.11.2013 19:43:13

mbam-log-2013-11-14 (19-43-13).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 457378

Time elapsed: 3 hour(s), 30 minute(s), 39 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

I know your looking to remove this malware but I want to make a suggestion that will help fight these type of infections.

 

I am an adf.ly member myself. I use the adf.ly links on my own personal websites to make a little money to help with the hosting cost.

 

If an adf.ly member has made a virus or some malware that forces you to see adf.ly ad's just for opening your browser then you should get there adf.ly ID number which will be in the top left hand of the screen. The adfly image itself which is a link back to there site will have a referral number. Copy it down, report it to adf.ly, even provide a link to this topic as proof. They don't put up with this kind of abuse from any of their members.  

Link to post
Share on other sites

PriceGong isn´t malware but an unwanted payload of some free tools - it is just some kind of adware.

One of the Malwarebytes runs that declared it removed lastly managed to get rid of it. That can happen when using new definitions.

 

On the other side, this was just a leftover of PricGeong which normally has way more files and registry entries.

 

Let´s see if anything else has to be done.

 

 

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

I know your looking to remove this malware but I want to make a suggestion that will help fight these type of infections.

 

I am an adf.ly member myself. I use the adf.ly links on my own personal websites to make a little money to help with the hosting cost.

 

If an adf.ly member has made a virus or some malware that forces you to see adf.ly ad's just for opening your browser then you should get there adf.ly ID number which will be in the top left hand of the screen. The adfly image itself which is a link back to there site will have a referral number. Copy it down, report it to adf.ly, even provide a link to this topic as proof. They don't put up with this kind of abuse from any of their members.  

Thank you, Elochai. I`ll follow your advice.

Link to post
Share on other sites

Can you please advice on safely removing adwarecleaner and FRST? Maybe I`m getting paranoid but it seems it`s taking the desktop much longer to load now. 

 

 

 

Results of screen317's Security Check version 0.99.77  

 Windows XP Service Pack 3 x86   

 Internet Explorer 8  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Please wait while WMIC compiles updated MOF files.d 











ECHO is off.










ECHO is off.









ECHO is off.










ECHO is off.

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 CCleaner     

 JavaFX 2.1.1    

 Java 7 Update 21  

 Java version out of Date! 

 Adobe Reader 10.1.8 Adobe Reader out of Date!  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Malwarebytes' Anti-Malware mbamscheduler.exe   

 Market New fomalhaut Fomalhaut.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log`````````````````````` 

 

Link to post
Share on other sites

That will be our last step now, of course! :)

 

Your system is clean now! :)

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.


After the reboot

  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

    [*] Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.