Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't Remove RCMP Ukash and Windows Security Center [Solved]


  • This topic is locked This topic is locked

#16
lillie_nemo

lillie_nemo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Okay, did all the tests! Ukash doesn't seem to be loading at the moment. The computer seems to be working fine but I have not attempted to connect to Internet yet.

Logs:

OTL:
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon32.exe deleted successfully.
c:\ProgramData\gwdb.dat moved successfully.
C:\ProgramData\rundll32.exe moved successfully.
File C:\ProgramData\gwdb.dat not found.
C:\ProgramData\bdwg.pad moved successfully.
C:\Users\saicoink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk moved successfully.
C:\Windows\System32\regmonstd.lnk moved successfully.
C:\ProgramData\bdwg.js moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 06262013_104000

--

FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-06-2013 02
Ran by saicoink (administrator) on 26-06-2013 10:47:53
Running from C:\Users\saicoink\Desktop
MicrosoftR Windows Vista? Home Premium (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
(Nalpeiron Ltd.) C:\Windows\system32\NLSSRV32.EXE
() C:\Windows\system32\PSIService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.exe
(Teruten Inc.) C:\Windows\system32\TsService.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Wacom Technology, Corp.) C:\Windows\system32\WTablet\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\MSC\McAPExe.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [151552 2006-11-15] (Intel Corporation)
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [90191 2007-03-12] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [7770112 2007-03-12] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-03-12] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [] [x]
HKLM\...\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2005-02-17] (Hewlett-Packard Co.)
HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [515888 2013-02-28] (McAfee, Inc.)
HKLM\...\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [515888 2013-02-28] (McAfee, Inc.)
HKLM\...\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide [1006264 2007-11-04] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [x]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [x]
MountPoints2: {64b8653f-b1e0-11df-85c8-001bfcf8e1f2} - "K:\WD SmartWare.exe" autoplay=true
MountPoints2: {bc6f828a-3bd6-11e2-bcf0-001bfcf8e1f2} - E:\RunClubSanDisk.exe
MountPoints2: {f081b9ca-1043-11e0-a9f1-b4a0aaf81b7e} - "J:\WD SmartWare.exe" autoplay=true
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-03-12] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-03-12] (Hewlett-Packard)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\saicoink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM SearchScopes: DefaultScope {76F3D4AC-5E11-4F6F-9F7F-F3FB98FC089E} URL = http://ca.search.yah...ing}&fr=hp-pvdt
SearchScopes: HKLM - {76F3D4AC-5E11-4F6F-9F7F-F3FB98FC089E} URL = http://ca.search.yah...ing}&fr=hp-pvdt
SearchScopes: HKLM - {8CBE3FF8-BC71-4515-AC21-4B5338A96073} URL = http://www.ask.com/w...}&l=dis&o=cahpd
SearchScopes: HKLM - {9227DF63-238D-48B7-AFFA-90916A8D4255} URL = http://search.live.c...#38;FORM=HVDCS7
HKCU SearchScopes: DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yah...p={searchTerms}
SearchScopes: HKCU - {76F3D4AC-5E11-4F6F-9F7F-F3FB98FC089E} URL = http://ca.search.yah...ing}&fr=hp-pvdt
SearchScopes: HKCU - {8CBE3FF8-BC71-4515-AC21-4B5338A96073} URL = http://www.ask.com/w...}&l=dis&o=cahpd
SearchScopes: HKCU - {9227DF63-238D-48B7-AFFA-90916A8D4255} URL = http://search.live.c...#38;FORM=HVDCS7
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yah...p={searchTerms}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 206.248.154.22 206.248.154.170

FireFox:
========
FF ProfilePath: C:\Users\saicoink\AppData\Roaming\Mozilla\Firefox\Profiles\vlxpr8g8.default-1366383230636
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll No File
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Extension: No Name - C:\Users\saicoink\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: brief - C:\Users\saicoink\AppData\Roaming\Mozilla\Firefox\Profiles\vlxpr8g8.default-1366383230636\Extensions\[email protected]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Chrome PDF Viewer) - C:\Users\saicoink\AppData\Local\Google\Chrome\Application\10.0.648.205\pdf.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\saicoink\AppData\Local\Google\Chrome\Application\10.0.648.205\gears.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\saicoink\AppData\Local\Google\Chrome\Application\10.0.648.205\gcswf32.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\saicoink\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.30.150.1_0\McChPlg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (BitTorrent) - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll No File
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll No File
CHR Plugin: (DNA Plug-in) - C:\Program Files\DNA\plugins\npbtdna.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\saicoink\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (TweetDeck) - C:\Users\saicoink\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.0.2_0

========================== Services (Whitelisted) =================

S3 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
S3 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [188416 2006-09-11] (Intel® Corporation)
S3 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-12] (Symantec Corporation)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2006-09-03] ()
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.)
S2 IntelDHSvcConf; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [29696 2006-05-10] (Intel® Corporation)
S3 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [75264 2006-09-11] (Intel® Corporation)
S3 LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2999664 2007-09-12] (Symantec Corporation)
S3 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll [537992 2008-04-10] (Symantec Corporation)
S3 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [26624 2006-09-01] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [167936 2006-09-11] (Intel® Corporation)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [287752 2013-03-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [638976 2013-02-28] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [172416 2013-04-03] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [184728 2013-03-05] (McAfee, Inc.)
R2 NitroDriverReadSpool2; C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe [184840 2012-07-08] (Nitro PDF Software)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
S2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S3 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [544256 2006-09-11] (Intel® Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [155344 2011-06-29] (Avanquest Software)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S3 SSScsiSV; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
R2 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [4463400 2009-10-06] (Wacom Technology, Corp.)
R2 TsService; C:\Windows\system32\TsService.exe [167936 2009-03-19] (Teruten Inc.)
S3 LiveUpdate Notice Ex; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
S2 w800bus; %systemroot%\system32\besclient.dll [x]

==================== Drivers (Whitelisted) ====================

R1 ASPI32; C:\Windows\System32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [81936 2011-06-06] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-04-03] (McAfee, Inc.)
S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfo.sys [15152 2007-09-25] ()
R3 hcw18bda; C:\Windows\System32\drivers\hcw18bda.sys [354432 2007-01-15] (Hauppauge Computer Works, Inc)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147472 2012-05-28] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133992 2013-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235520 2013-04-03] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363432 2013-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [566656 2013-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [257496 2013-02-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80592 2013-02-18] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [66888 2013-04-03] (McAfee, Inc.)
R1 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [91640 2013-04-03] (McAfee, Inc.)
S3 NETMDUSB; C:\Windows\System32\Drivers\NETMDUSB.sys [38951 2002-08-08] (Sony Corporation)
R1 RDPCDD; C:\Windows\System32\DRIVERS\[email protected] [6144 2006-11-02] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S1 cdrom; system32\DRIVERS\cdrom.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 portio; \??\C:\Program Files\Zinf\portio.sys [x]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: w800bus -> C:\Windows\system32\besclient.dll ==> No File.
NETSVC: P17xfi -> No Registry Path.

==================== One Month Created Files and Folders ========

2013-06-26 10:45 - 2013-06-26 10:45 - 00000000 ____D C:\FRST
2013-06-26 10:44 - 2013-06-26 10:36 - 04745728 ____A (AVAST Software) C:\Users\saicoink\Desktop\aswMBR.exe
2013-06-26 10:44 - 2013-06-26 10:32 - 00648201 ____A C:\Users\saicoink\Desktop\adwcleaner.exe
2013-06-26 10:44 - 2013-06-26 10:31 - 01370251 ____A (Farbar) C:\Users\saicoink\Desktop\FRST.exe
2013-06-25 22:38 - 2013-06-25 22:38 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-25 20:43 - 2013-06-25 20:43 - 00002715 ____A C:\Users\saicoink\Desktop\FSS.txt
2013-06-25 20:43 - 2013-06-25 20:24 - 00355927 ____A (Farbar) C:\Users\saicoink\Desktop\FSS.exe
2013-06-25 20:33 - 2013-06-25 20:24 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\saicoink\Desktop\tdsskiller.exe
2013-06-25 20:33 - 2013-06-25 20:23 - 00004576 ____A C:\Users\saicoink\Desktop\winmgmt.reg
2013-06-25 07:55 - 2013-06-25 07:59 - 00000000 ____D C:\Program Files\stinger
2013-06-25 07:55 - 2013-06-25 07:55 - 00000000 ____D C:\Stinger_Quarantine
2013-06-25 04:07 - 2013-06-25 04:08 - 14909286 ____A C:\Users\saicoink\Documents\safe130622.reg
2013-06-25 03:05 - 2012-10-24 18:38 - 00000819 ____A C:\Windows\System32\Drivers\etc\hosts.20130625-030510.backup
2013-06-25 02:31 - 2013-06-25 20:30 - 00000000 ____D C:\Windows\pss
2013-06-24 20:26 - 2013-06-25 20:30 - 00000840 ____A C:\ProgramData\sdaksda.txt
2013-06-24 20:25 - 2013-06-25 20:36 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-23 16:10 - 2013-06-23 16:28 - 02523136 ____A C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2013-06-23 16:10 - 2013-06-23 16:28 - 00081920 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2013-06-23 16:10 - 2013-06-23 16:28 - 00016384 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2013-06-23 15:44 - 2013-06-23 15:44 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-23 15:43 - 2013-06-23 15:44 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-23 15:43 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-23 13:44 - 2012-05-28 10:28 - 00147472 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys
2013-06-23 13:35 - 2013-04-03 13:47 - 00066888 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfenlfk.sys
2013-06-23 13:14 - 2013-06-23 13:14 - 00000000 ____D C:\ProgramData\Citrix
2013-06-23 13:11 - 2013-06-23 13:11 - 00000000 ____D C:\Program Files\Citrix
2013-06-23 12:54 - 2013-06-23 12:54 - 01034464 ____A (Solid State Networks) C:\Users\saicoink\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
2013-06-15 19:01 - 2013-06-25 22:00 - 00000340 ___AH C:\Windows\Tasks\{4538A45A-66C1-4743-98EC-EED8C1B8896C}.job

==================== One Month Modified Files and Folders ========

2013-06-26 10:45 - 2013-06-26 10:45 - 00000000 ____D C:\FRST
2013-06-26 10:45 - 2007-11-04 18:35 - 00000424 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{D3B927D7-35BB-44E3-85A4-77E8C7A308A2}.job
2013-06-26 10:43 - 2012-08-21 04:01 - 00000000 ____D C:\Users\saicoink\AppData\Roaming\WTablet
2013-06-26 10:43 - 2006-11-02 09:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-26 10:43 - 2006-11-02 08:47 - 00003856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-26 10:43 - 2006-11-02 08:47 - 00003856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-26 10:36 - 2013-06-26 10:44 - 04745728 ____A (AVAST Software) C:\Users\saicoink\Desktop\aswMBR.exe
2013-06-26 10:32 - 2013-06-26 10:44 - 00648201 ____A C:\Users\saicoink\Desktop\adwcleaner.exe
2013-06-26 10:31 - 2013-06-26 10:44 - 01370251 ____A (Farbar) C:\Users\saicoink\Desktop\FRST.exe
2013-06-25 22:38 - 2013-06-25 22:38 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-25 22:19 - 2007-08-24 13:09 - 01438527 ____A C:\Windows\WindowsUpdate.log
2013-06-25 22:19 - 2006-11-02 09:01 - 00032634 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-25 22:00 - 2013-06-15 19:01 - 00000340 ___AH C:\Windows\Tasks\{4538A45A-66C1-4743-98EC-EED8C1B8896C}.job
2013-06-25 21:52 - 2011-01-13 00:24 - 00000712 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-392368935-1018968332-2870084161-1001UA.job
2013-06-25 20:43 - 2013-06-25 20:43 - 00002715 ____A C:\Users\saicoink\Desktop\FSS.txt
2013-06-25 20:43 - 2006-11-02 06:33 - 00716774 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-25 20:36 - 2013-06-24 20:25 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-25 20:30 - 2013-06-25 02:31 - 00000000 ____D C:\Windows\pss
2013-06-25 20:30 - 2013-06-24 20:26 - 00000840 ____A C:\ProgramData\sdaksda.txt
2013-06-25 20:28 - 2007-06-04 16:30 - 00273452 ____A C:\Windows\PFRO.log
2013-06-25 20:24 - 2013-06-25 20:43 - 00355927 ____A (Farbar) C:\Users\saicoink\Desktop\FSS.exe
2013-06-25 20:24 - 2013-06-25 20:33 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\saicoink\Desktop\tdsskiller.exe
2013-06-25 20:23 - 2013-06-25 20:33 - 00004576 ____A C:\Users\saicoink\Desktop\winmgmt.reg
2013-06-25 20:09 - 2007-11-04 18:19 - 00000000 ____D C:\users\saicoink
2013-06-25 07:59 - 2013-06-25 07:55 - 00000000 ____D C:\Program Files\stinger
2013-06-25 07:55 - 2013-06-25 07:55 - 00000000 ____D C:\Stinger_Quarantine
2013-06-25 04:08 - 2013-06-25 04:07 - 14909286 ____A C:\Users\saicoink\Documents\safe130622.reg
2013-06-24 20:00 - 2007-11-04 18:31 - 00000552 ____A C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - saicoink.job
2013-06-23 16:37 - 2010-06-04 10:51 - 00000000 ____D C:\Program Files\Common Files\Mcafee
2013-06-23 16:37 - 2010-06-04 09:30 - 00000000 ____D C:\ProgramData\McAfee
2013-06-23 16:36 - 2006-11-02 08:37 - 00000000 ____D C:\Windows\ShellNew
2013-06-23 16:28 - 2013-06-23 16:10 - 02523136 ____A C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2013-06-23 16:28 - 2013-06-23 16:10 - 00081920 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2013-06-23 16:28 - 2013-06-23 16:10 - 00016384 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2013-06-23 16:03 - 2011-09-09 14:57 - 00001356 ____A C:\Users\saicoink\AppData\Local\d3d9caps.dat
2013-06-23 16:02 - 2013-01-13 16:11 - 00000000 ____D C:\Users\saicoink\AppData\Local\SETTEC
2013-06-23 15:44 - 2013-06-23 15:44 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-23 15:44 - 2013-06-23 15:43 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-23 15:05 - 2007-11-18 14:30 - 00000000 ____D C:\Program Files\WinPcap
2013-06-23 13:14 - 2013-06-23 13:14 - 00000000 ____D C:\ProgramData\Citrix
2013-06-23 13:11 - 2013-06-23 13:11 - 00000000 ____D C:\Program Files\Citrix
2013-06-23 12:54 - 2013-06-23 12:54 - 01034464 ____A (Solid State Networks) C:\Users\saicoink\Downloads\install_flashplayer11x32_mssd_aaa_aih.exe
2013-06-23 12:52 - 2007-11-05 23:18 - 00000000 ____D C:\Users\saicoink\AppData\Local\Adobe
2013-06-21 15:52 - 2011-01-13 00:24 - 00000660 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-392368935-1018968332-2870084161-1001Core.job
2013-06-21 02:52 - 2013-01-21 13:33 - 00000000 ____D C:\Users\saicoink\Documents\2013 0`
2013-06-18 11:28 - 2009-04-17 08:49 - 00006499 ____A C:\Users\saicoink\AppData\Roaming\PrimoPDFSet.xml
2013-06-18 03:03 - 2012-07-12 15:18 - 00000000 ____D C:\Users\saicoink\AppData\Roaming\Nitro PDF
2013-06-17 19:33 - 2011-01-18 11:09 - 00000000 ____D C:\Users\saicoink\Documents\2011 01 W
2013-06-03 17:43 - 2006-11-02 06:24 - 73393752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-02 23:02 - 2007-11-05 14:01 - 00191488 ____A C:\Users\saicoink\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\Windows\Tasks\{4538A45A-66C1-4743-98EC-EED8C1B8896C}.job

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-26 10:49

==================== End Of Log ============================

--

Addition:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-06-2013 02
Ran by saicoink at 2013-06-26 10:49:30
Running from C:\Users\saicoink\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

3ivx MPEG-4 5.0.2 (remove only) (Version: 5.0.2)
7-Zip 9.20
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Creative Suite 2
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Illustrator CS2 (Version: 12.000.000)
Adobe InDesign CS2 (Version: 004.000.000)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Photoshop Elements 6.0 (Version: 6.0)
Adobe Reader 8.1.4 (Version: 8.1.4)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Adobe SVG Viewer 3.0 (Version: 3.0)
AIM 7
AMD APP SDK Runtime (Version: 2.5.793.1)
AMD AVIVO Codecs (Version: 11.7.0.11025)
AoA Audio Extractor
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Applet
ATLAS.ti 5.2 Demo (Version: 05.02.17)
Audacity 1.3.6 (Unicode)
AutoUpdate (Version: 1.1)
Bink and Smacker
BitTorrent (HKCU Version: 6.0)
BitTorrent (Version: 7.6.1)
CanoScan Toolbox Ver4.1
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.1025.2231.38573)
Catalyst Control Center Graphics Previews Common (Version: 2011.1025.2231.38573)
Catalyst Control Center InstallProxy (Version: 2011.1025.2231.38573)
Catalyst Control Center Localization All (Version: 2011.1025.2231.38573)
CCC Help Chinese Standard (Version: 2011.1025.2230.38573)
CCC Help Chinese Traditional (Version: 2011.1025.2230.38573)
CCC Help Czech (Version: 2011.1025.2230.38573)
CCC Help Danish (Version: 2011.1025.2230.38573)
CCC Help Dutch (Version: 2011.1025.2230.38573)
CCC Help English (Version: 2011.1025.2230.38573)
CCC Help Finnish (Version: 2011.1025.2230.38573)
CCC Help French (Version: 2011.1025.2230.38573)
CCC Help German (Version: 2011.1025.2230.38573)
CCC Help Greek (Version: 2011.1025.2230.38573)
CCC Help Hungarian (Version: 2011.1025.2230.38573)
CCC Help Italian (Version: 2011.1025.2230.38573)
CCC Help Japanese (Version: 2011.1025.2230.38573)
CCC Help Korean (Version: 2011.1025.2230.38573)
CCC Help Norwegian (Version: 2011.1025.2230.38573)
CCC Help Polish (Version: 2011.1025.2230.38573)
CCC Help Portuguese (Version: 2011.1025.2230.38573)
CCC Help Russian (Version: 2011.1025.2230.38573)
CCC Help Spanish (Version: 2011.1025.2230.38573)
CCC Help Swedish (Version: 2011.1025.2230.38573)
CCC Help Thai (Version: 2011.1025.2230.38573)
CCC Help Turkish (Version: 2011.1025.2230.38573)
ccc-utility (Version: 2011.1025.2231.38573)
CDex extraction audio
Classic FTP
Diamond Multimedia 11.11 2400-6900 PCIe Win7Vista (Version: 3.0.851.0)
DirectVobSub (remove only)
DivX Codec (Version: 6.8.0)
DivX Converter (Version: 6.6.0)
DivX Player (Version: 6.7.0)
DivX Plus Web Player (Version: 2.0.0)
DNA (HKCU Version: 2.2.4 (16502))
Dropbox (HKCU Version: 1.2.52)
Enhanced Multimedia Keyboard Solution
FLAC 1.2.1b (remove only) (Version: 1.2.1b)
FLV Player (Version: 2.0 )
FLV Player 2.0, build 24 (Version: 2.0, build 24)
GEAR 32bit Driver Installer (Version: 2.005.1)
Genie Backup Assistant
Google Chrome (HKCU Version: 10.0.648.205)
Hardware Diagnostic Tools (Version: 5.00.4424.15)
HP Customer Experience Enhancements (Version: 5.1.0.2264)
HP Customer Feedback (Version: 1.0.0)
HP Easy Setup - Frontend (Version: 5.1.0.2269)
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Picasso Media Center Add-In (Version: 1.0.0)
HP Total Care Advisor (Version: 1.1.17)
HP Update (Version: 4.000.005.005)
HydraVision (Version: 4.2.218.0)
Intel® Matrix Storage Manager
IntelR Viiv? Software (Version: 1.6.361.6)
iSEEK AnswerWorks English Runtime (Version: 009.000.0002)
iTunes (Version: 10.5.2.11)
Japanese Fonts Support For Adobe Reader 8 (Version: 8.0)
Java 7 Update 11 (Version: 7.0.110)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 26 (Version: 6.0.260)
JTablet
LightScribe 1.4.142.1 (Version: 1.4.142.1)
Livestream Procaster (Version: 20.2.0)
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.68)
LiveUpdate Notice (Symantec Corporation) (Version: 1.4.5)
Magic ISO Maker v5.5 (build 0261)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Manga Studio EX 3.0
Manga Studio EX 4.0 (Version: 4.1.4)
McAfee Total Protection (Version: 12.1.338)
Media Go (Version: 2.0.317)
MediaCoder 0.6.2 (Version: 0.6.2)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 08.05.0818)
MixMeister Express Demo 7.0.9
MixMeister Studio Demo 7.4.4
Mozilla Firefox 21.0 (x86 ja) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 6.0 (Version: 6.00.050)
Nitro Pro 7 (Version: 7.5.0.15)
NVIDIA Drivers
oggcodecs 0.71.0946 (Version: 0.71.0946)
openCanvas4.5.11e Plus (Version: 4.51.1000)
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140)
OpenOffice.org Installer 1.0 (Version: 1.0.9221)
Opera 9.24 (Version: 9.24)
PrimoPDF (Version: 4.1.0.9)
Python 2.4.3 (Version: 2.4.3150)
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver (Version: 6.0.1.5377)
Replay Converter 2.8
Rhapsody Player Engine (Version: 1.0.604)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.4.0)
Roxio Creator Basic v9 (Version: 3.4.0)
Roxio Creator Copy (Version: 3.4.0)
Roxio Creator Data (Version: 3.4.0)
Roxio Creator EasyArchive (Version: 3.4.0)
Roxio Creator Tools (Version: 3.4.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio MyDVD Basic v9 (Version: 9.0.559)
Scribus 1.3.3.12 (Version: 1.3.3.12)
Shared C Run-time for x86 (Version: 10.0.0)
Skype? 3.6 (Version: 3.6.248)
Snapfish Media Detector (Version: 1.7.0.15)
Soft Data Fax Modem with SmartCP (Version: 7.74.00)
SonicStage 4.3 (Version: 4.3)
Sony Ericsson PC Companion 2.02.002 (Version: 2.02.002)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
Spybot - Search & Destroy 1.5.2.20
STDU Viewer version 1.5.491.0 (Version: 1.5.491.0)
StudioTax 2008 (Version: 4.0.3.3)
StudioTax 2009 (Version: 5.0.2.3)
StudioTax 2010 (Version: 6.0.5.1)
StudioTax 2011 (Version: 7.0.6.3)
StudioTax 2012 (Version: 8.0.5.2)
Suite Specific (Version: 2.0.0)
TurboTax 2009
TurboTax 2009 WinPerFedFormset (Version: 009.000.1617)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0298)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0222)
TurboTax 2009 wrapper (Version: 009.000.0145)
Unlocker 1.8.7 (Version: 1.8.7)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Virtual DJ - Atomix Productions
VLC media player 2.0.1 (Version: 2.0.1)
Vpskeys 4.3
Wacom Tablet
WebTablet IE Plugin (Version: 1.1.0.4)
WebTablet Netscape Plugin (Version: 1.1.0.3)
Winamp (Version: 5.531 )
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live OneCare safety scanner (Version: 1.0.0.0)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
XviD & MP3 Codec Pack (remove only)
XviD MPEG-4 Video Codec (Version: XviD-1.0.3-20122004)
Zinf 2.2.1
クローバーの国のアリス (Version: 1.00.0000)

==================== Restore Points =========================


==================== Hosts content: ==========================
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are more than 1000 lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0619D848-9C28-4F73-9FF0-E5D88CE85261} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {0BAB4B05-31A5-488C-BB0D-5A993A345F85} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-392368935-1018968332-2870084161-1001Core => C:\Users\saicoink\AppData\Local\Google\Update\GoogleUpdate.exe No File
Task: {10A57761-54EB-45EC-8CAA-E74F6855247B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-392368935-1018968332-2870084161-1001UA => C:\Users\saicoink\AppData\Local\Google\Update\GoogleUpdate.exe No File
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {345ECD42-3374-496D-936E-A795643908C2} - System32\Tasks\Norton Internet Security - Run Full System Scan - saicoink => c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe No File
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2006-11-02] (Microsoft Corporation)
Task: {4ABCBE16-EF8E-4F02-A68D-CDEABD5FC698} - System32\Tasks\{ACED7B9D-7A94-4DAA-A429-E55E0FB26DFA} => c:\users\saicoink\appdata\local\google\chrome\application\chrome.exe [2011-04-12] (Google Inc.)
Task: {5C111020-96A9-4440-B5F9-5D78B96E84A4} - System32\Tasks\{2C90D71E-D0F0-4092-B2A6-801F9C3F0A9A} => c:\users\saicoink\appdata\local\google\chrome\application\chrome.exe [2011-04-12] (Google Inc.)
Task: {64CEB2A9-F505-46EE-BC17-751C9EC930AD} - System32\Tasks\RunAsStdUser Task => C:\Program Files\Veoh Networks\Veoh\VeohClient.exe No File
Task: {71631D9F-3D37-46BA-BE3F-35E086524C1D} - System32\Tasks\User_Feed_Synchronization-{D3B927D7-35BB-44E3-85A4-77E8C7A308A2} => C:\Windows\system32\msfeedssync.exe [2006-11-02] (Microsoft Corporation)
Task: {8707671D-E384-4BE9-9A8F-E39F7A00E01F} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2006-11-02] (Microsoft Corp.)
Task: {88464EB3-5535-4C21-AAA1-6484145F3D10} - System32\Tasks\{4538A45A-66C1-4743-98EC-EED8C1B8896C} => C:\Users\saicoink\AppData\Local\6e526fb3-f185-47c6-afe5-140b57ec9c52ad\efbfcafebeccad.exe No File
Task: {915B6DFC-8160-4CD7-B361-B9BA51927852} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\System32\sdclt.exe [2006-11-02] (Microsoft Corporation)
Task: {9EB44560-63F6-4CA3-8294-048D3F7D340B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2006-11-02] (Microsoft Corporation)
Task: {BFCE4C26-2BAD-4B95-9B6A-DBC280CF6754} - System32\Tasks\Microsoft\Windows\WindowsBackup\CheckFull => C:\Windows\System32\sdclt.exe [2006-11-02] (Microsoft Corporation)
Task: {D688D8D9-DEFE-44D7-B431-ABEDDD3ABCC8} - System32\Tasks\GBM - Saicoink-Full => C:\Program Files\Genie-Soft\GBALite8LaCie\GBM8.exe [2008-08-26] (Genie-soft)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2006-11-02] ()
Task: {F5E21DA4-9810-43FE-A056-E904F5C6D7B3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FE871BA0-09B5-4EFA-9161-D109264ADA09} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2007-11-04] (Microsoft Corporation)
Task: C:\Windows\Tasks\GBM - Saicoink-Full.job => C:\Program Files\Genie-Soft\GBALite8LaCie\GBM8.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-392368935-1018968332-2870084161-1001Core.job => C:\Users\saicoink\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-392368935-1018968332-2870084161-1001UA.job => C:\Users\saicoink\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - saicoink.job => c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{D3B927D7-35BB-44E3-85A4-77E8C7A308A2}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\{4538A45A-66C1-4743-98EC-EED8C1B8896C}.job => C:\Users\saicoink\AppData\Local\6e526fb3-f185-47c6-afe5-140b57ec9c52ad\efbfcafebeccad.exe

==================== Faulty Device Manager Devices =============

Name: TSSTcorp CD/DVDW TS-H653L
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2013 10:41:59 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (06/25/2013 08:37:15 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 7.0.6000.16945, time stamp 0x4ae6e731, faulting module USER32.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000142, fault offset 0x00008fc7,
process id 0x734, application start time 0xiexplore.exe0.

Error: (06/25/2013 08:17:59 PM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549b0e1, faulting module USER32.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000142, fault offset 0x00008fc7,
process id 0x350, application start time 0xrundll32.exe0.

Error: (06/25/2013 04:15:23 AM) (Source: EventSystem) (User: )
Description: d:\vista_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/25/2013 04:02:51 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (06/25/2013 04:02:35 AM) (Source: EventSystem) (User: )
Description: d:\vista_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/25/2013 03:55:43 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 7.0.6000.16945, time stamp 0x4ae6e731, faulting module USER32.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000142, fault offset 0x00008fc7,
process id 0xdec, application start time 0xiexplore.exe0.

Error: (06/24/2013 10:00:20 PM) (Source: ESENT) (User: )
Description: Catalog Database (880) Catalog Database: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb (542 => 881, Catalog Database0).

Error: (06/24/2013 10:00:20 PM) (Source: ESENT) (User: )
Description: Catalog Database (880) Catalog Database: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb (562 => 1392, Catalog Database0).

Error: (06/24/2013 10:00:20 PM) (Source: ESENT) (User: )
Description: Catalog Database (880) Catalog Database: A bad page link (error -327) has been detected in a B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb (562 => 1392, Catalog Database0).


System errors:
=============
Error: (06/26/2013 10:40:00 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/26/2013 10:37:22 AM) (Source: DCOM) (User: )
Description: 1084McNaiAnn{C90134D2-4AE9-407A-919A-4A2EF09C6C51}

Error: (06/26/2013 10:37:22 AM) (Source: DCOM) (User: )
Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (06/26/2013 10:35:19 AM) (Source: DCOM) (User: )
Description: 1084TermService{F9A874B6-F8A8-4D73-B5A8-AB610816828B}

Error: (06/26/2013 10:35:19 AM) (Source: LSM) (User: )
Description: Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode
.

Error: (06/25/2013 10:32:12 PM) (Source: DCOM) (User: )
Description: 1084McNaiAnn{C90134D2-4AE9-407A-919A-4A2EF09C6C51}

Error: (06/25/2013 10:32:12 PM) (Source: DCOM) (User: )
Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (06/25/2013 10:30:09 PM) (Source: LSM) (User: )
Description: Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode
.

Error: (06/25/2013 10:30:09 PM) (Source: DCOM) (User: )
Description: 1084TermService{F9A874B6-F8A8-4D73-B5A8-AB610816828B}

Error: (06/25/2013 09:14:10 PM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-06-25 00:51:36.429
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-25 00:51:36.382
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-25 00:51:36.320
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-25 00:51:36.273
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-25 00:51:36.226
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-25 00:51:36.179
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-25 00:51:36.054
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-25 00:51:36.008
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-25 00:51:35.945
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-25 00:51:35.898
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 79%
Total physical RAM: 1021.88 MB
Available physical RAM: 204.49 MB
Total Pagefile: 2312.11 MB
Available Pagefile: 1219.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.18 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:363.68 GB) (Free:66.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:8.92 GB) (Free:0.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:3.73 GB) (Free:1.73 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 373 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=364 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 3927618B)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

--

ADWcleaner:

# AdwCleaner v2.303 - Logfile created 06/26/2013 at 12:21:34
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium (32 bits)
# User : saicoink - ENFLEUR
# Boot Mode : Normal
# Running from : C:\Users\saicoink\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\saicoink\AppData\Local\PackageAware

***** [Registry] *****

Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.16945

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (ja)

File : C:\Users\saicoink\AppData\Roaming\Mozilla\Firefox\Profiles\vlxpr8g8.default-1366383230636\prefs.js

[OK] File is clean.

-\\ Google Chrome v10.0.648.205

File : C:\Users\saicoink\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2705 octets] - [26/06/2013 12:21:34]

########## EOF - C:\AdwCleaner[S1].txt - [2765 octets] ##########

--

AswMBR

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-26 12:28:14
-----------------------------
12:28:14.526 OS Version: Windows 6.0.6000
12:28:14.526 Number of processors: 4 586 0xF0B
12:28:14.526 ComputerName: ENFLEUR UserName:
12:28:32.716 Initialize success
12:29:03.202 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:29:03.202 Disk 0 Vendor: SAMSUNG_ ZZ10 Size: 381554MB BusType: 3
12:29:03.607 Disk 0 MBR read successfully
12:29:03.607 Disk 0 MBR scan
12:29:03.607 Disk 0 unknown MBR code
12:29:03.607 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 372413 MB offset 63
12:29:03.638 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9138 MB offset 762701940
12:29:03.638 Disk 0 scanning sectors +781417665
12:29:03.826 Disk 0 scanning C:\Windows\system32\drivers
12:29:15.307 Service scanning
12:29:33.388 Modules scanning
12:29:59.970 Disk 0 trace - called modules:
12:29:59.986 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
12:29:59.986 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84dbf8e8]
12:30:00.001 3 ntkrnlpa.exe[828b07e2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84d8f030]
12:30:00.001 Scan finished successfully
12:46:55.206 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
12:46:55.830 The log file has been saved successfully to "E:\aswMBR01.txt"


--

Now waiting for your further instructions! Thank you!
  • 0

Advertisements


#17
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi,

Just wanted to let you know that I have been really busy. I should have some more instructions later today.
  • 0

#18
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Please download the attached file and put it on your desktop with FRST.exe. Then run FRST again and this time select the "Fix" button. It should produce a report for you to post for me.

Attached File  fixlist.txt   753bytes   50 downloads


After the fix, see if you can connect to the internet. If so, please upload the following two files for scanning to Virus Total. Send me a link to the results pages.

C:\ProgramData\ezsid.dat
E:\MBR.dat


Also, do you know what this program is:


クローバーの国のアリス (Version: 1.00.0000)


If not, please remove it from the Programs and Features menu of the Control Panel.



You have the following Peer-to-Peer program(s) installed:

BitTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.





  • 0

#19
lillie_nemo

lillie_nemo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Thanks for waiting, just ran the tests and I can connect to the Internet okay!

The program with the gibberish is a Japanese CD-ROM game. About Bitorrent, thanks for the advice. I haven't used it in a long time. I will delete it when all the fixes are done along with some other programs when I get to cleaning up the files on my computer.

FIXLIST:
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Task: {88464EB3-5535-4C21-AAA1-6484145F3D10} - System32\Tasks\{4538A45A-66C1-4743-98EC-EED8C1B8896C} => C:\Users\saicoink\AppData\Local\6e526fb3-f185-47c6-afe5-140b57ec9c52ad\efbfcafebeccad.exe No File

Task: C:\Windows\Tasks\{4538A45A-66C1-4743-98EC-EED8C1B8896C}.job => C:\Users\saicoink\AppData\Local\6e526fb3-f185-47c6-afe5-140b57ec9c52ad\efbfcafebeccad.exe

C:\Windows\Tasks\{4538A45A-66C1-4743-98EC-EED8C1B8896C}.job

cmd: netsh int ip reset c:\resetlog.txt

--

For ezsid.dat: https://www.virustot...sis/1372383077/

For mbr.dat: https://www.virustot...sis/1372383176/

Hope the links work!

Looking forward to hearing from you. I'm amazed that we managed to make it this far! Thanks for restoring my computer and Internet!!
  • 0

#20
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
You posted the fix instead of the result. There should be a file called fixlog.txt. Do you have it?
  • 0

#21
lillie_nemo

lillie_nemo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Oops! Here you go!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-06-2013 02
Ran by saicoink at 2013-06-27 21:22:37 Run:1
Running from C:\Users\saicoink\Desktop
Boot Mode: Normal

==============================================

Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000002\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88464EB3-5535-4C21-AAA1-6484145F3D10} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88464EB3-5535-4C21-AAA1-6484145F3D10} => Key deleted successfully.
C:\Windows\System32\Tasks\{4538A45A-66C1-4743-98EC-EED8C1B8896C} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4538A45A-66C1-4743-98EC-EED8C1B8896C} => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\{4538A45A-66C1-4743-98EC-EED8C1B8896C}.job => Moved successfully.

========= netsh int ip reset c:\resetlog.txt =========

Reseting Echo Request, OK!
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
A reboot is required to complete this action.


========= End of CMD: =========


==== End of Fixlog ====
  • 0

#22
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi lillie_nemo,

Almost done. Let's make sure nothing was left behind. Are there any further problems with the computer?

Step 1: Run SecurityCheck

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2: Run MBAM.

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3: Run online scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things I need in your next reply:
  • SecurityCheck log
  • MBAM log
  • ESET log
  • Any outstanding problems?

  • 0

#23
lillie_nemo

lillie_nemo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Security Check seems stuck on 'Performing System Health Check' for 20 minutes + now. Is this normal?

No further problems with the computer currently!

edit: I have McAfee and it just told me it quarantined Security Check as a trojan...?

Edited by lillie_nemo, 28 June 2013 - 08:38 AM.

  • 0

#24
lillie_nemo

lillie_nemo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Could not successfully complete run of Security Check. Moved on to run MBAM but twice the computer would reset about 10 minutes in. Not sure what the problem is. I'll try running it in safe mode before moving on to ESET.

Edited by lillie_nemo, 28 June 2013 - 08:53 AM.

  • 0

#25
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Try disabling McAfee while running the scans.
  • 0

Advertisements


#26
lillie_nemo

lillie_nemo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
I just finished running MBAM w/in safe mode with networking (writing from there now). No restarts in the middle. I'll try again in normal mode with McAfee turned off.

Security Check still hung up on 'Performing System Health Check'

On thing I noticed in this Safe Mode is the 'Windows Security Alerts' icon pop up on the right hand corner again and McAfee real time check is disabled.

Anyway, the MBAM log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.28.04

Windows Vista x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.6000.16945
saicoink :: ENFLEUR [administrator]

2013/06/28 10:57:50
mbam-log-2013-06-28 (10-57-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237932
Time elapsed: 6 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I wait 10 minutes and close Security Check if it seems to have no action.

Also- Before when I had the Windows Security Alert icon, I would run Malwarebytes (in normal or safe mode) and it appears to detect and get rid of the issue in a quick scan but this time it did not detect anything at all.

Edited by lillie_nemo, 28 June 2013 - 09:15 AM.

  • 0

#27
lillie_nemo

lillie_nemo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Finally Security Check finishes!

Results of screen317's Security Check version 0.99.68
Windows Vista x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Out of date Spybot installed!
MVPS Hosts File
Spybot - Search & Destroy 1.5.2.20
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 26
Java 7 Update 11
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox 21.0 Firefox out of Date!
Google Chrome 10.0.648.204
Google Chrome 10.0.648.205
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
Malwarebytes' Anti-Malware mbamscheduler.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 12 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Will get back to you with ESET log later...
  • 0

#28
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts

On thing I noticed in this Safe Mode is the 'Windows Security Alerts' icon pop up on the right hand corner again and McAfee real time check is disabled



Do you think the malware is back? Do you get this in Normal Mode?


Let's see what ESET says...
  • 0

#29
lillie_nemo

lillie_nemo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
I'm running eset on normal mode right now and the Windows security alert does not appear. Everything seems fine in normal mode.
  • 0

#30
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Let's take a look a Safe Mode after ESET is finished:


Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    safebootminimal
    safebootnetwork
  • Select the Scan All Users box in the middle on the top of the window
  • Click the Run Scan button. Post the log it produces in your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP