Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MSE disabled, can't run MBAM

Started by trodat , Aug 07 2013 12:26 PM

  • Please log in to reply

#1
trodat
Posted 07 August 2013 - 12:26 PM

trodat

    Member

  • Member
  • PipPip
  • 24 posts
Hello,

Some weeks ago my computer suddenly died and would not boot. After a lot of tries I was able to install another copy of windows and I now have two in my computer, both of them work. However MSE can't be turned on and MBAM doesn't work either. I also cant load Microsoft Outlook.

That seems to be it. I don't remember having any other problems, but obviously something's not right, is it?

Thank you!

Edit: Remembered another thing. IE acts as if it is offline. I do have access to the internet with Firefox and Chrome.

Edited by trodat, 07 August 2013 - 12:31 PM.

  • 0

Advertisements

#2
Buddierdl
Posted 08 August 2013 - 07:30 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Can you run the scan below twice, once for each OS on your computer. Also, are both OS's installed on the same hard drive?


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • 0

#3
trodat
Posted 08 August 2013 - 09:14 AM

trodat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hello Buddierdl, thank you very much for your help.

Both OSs are installed on the same hard drive.

This post is about OS1. File Addition OS1 is attached.

Here's the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-08-2013
Ran by User (administrator) on 08-08-2013 14:54:02
Running from C:\Documents and Settings\User\Os meus documentos\Downloads
Microsoft Windows XP Home Edition Service Pack 2 (X86) OS Language: Portuguese Standard
Internet Explorer Version 6
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Programas\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\Programas\CDBurnerXP\NMSAccessU.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Microsoft Corporation) C:\Programas\Microsoft Security Client\msseces.exe
(Polenter - Software Solutions) C:\Programas\Desktop-Reminder 2\DesktopReminder2.exe
(Stoic Joker's Network) E:\Comet\Vários\T-Clock 2010 (build 95)\T-Clock 2010 (build X - Release to DC)\Win32\Clock.exe
(Igor Nys) E:\Comet\Comet\Vários\trayit_4_6_5_5\TrayIt!.exe
(Microsoft Corporation) C:\Programas\MSN Messenger\msnmsgr.exe
() C:\Documents and Settings\User\Ambiente de trabalho\pyload\dist\pyLoadGui.exe
() C:\Documents and Settings\User\Ambiente de trabalho\pyload\dist\pyLoadGui.exe
(Mozilla Corporation) C:\Programas\Mozilla Thunderbird\thunderbird.exe
(SUPERAntiSpyware.com) C:\Programas\SUPERAntiSpyware\SASCORE.EXE
(SUPERAntiSpyware.com) C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Mozilla Corporation) C:\Programas\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Programas\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\WINDOWS\system32\ntvdm.exe
(BitTorrent, Inc.) C:\Programas\uTorrent\uTorrent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Cmaudio] - RunDll32 cmicnfg.cpl,CMICtrlWnd [x]
HKLM\...\Run: [MSC] - C:\Programas\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Programas\QuickTime\qttask.exe [417792 2009-12-16] (Apple Inc.)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] - C:\Programas\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [DesktopReminder2ByPolenter] - C:\Programas\Desktop-Reminder 2\DesktopReminder2.exe [2743344 2013-01-06] (Polenter - Software Solutions)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe [4760816 2013-05-15] (SUPERAntiSpyware.com)
MountPoints2: {10d90476-dcad-11dd-a490-000b6ade1288} - G:\AutoRun.exe
MountPoints2: {20c63fb0-e132-11dc-a3f0-000b6ade1288} - H:\LaunchU3.exe
MountPoints2: {5d9e18a8-4e55-11e0-93ed-adefcbcf1a35} - H:\AutoRun.exe
MountPoints2: {af55f23e-ec32-11dc-a3f6-000b6ade1288} - G:\AutoRun.exe
HKU\Administrador\...\RunOnce: [NeroHomeFirstStart] - C:\Programas\Ficheiros comuns\Ahead\Lib\NMFirstStart.exe [ 2005-09-08] (Nero AG)
HKU\Default User\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [ 2006-03-02] (Microsoft Corporation)
Startup: C:\Documents and Settings\User\Menu Iniciar\Programas\Arranque\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\User\Menu Iniciar\Programas\Arranque\Stoic Joker's T-Clock 2010.lnk
ShortcutTarget: Stoic Joker's T-Clock 2010.lnk -> E:\Comet\Vários\T-Clock 2010 (build 95)\T-Clock 2010 (build X - Release to DC)\Win32\Clock.exe (Stoic Joker's Network)
Startup: C:\Documents and Settings\User\Menu Iniciar\Programas\Arranque\TrayIt!.lnk
ShortcutTarget: TrayIt!.lnk -> E:\Comet\Comet\Vários\trayit_4_6_5_5\TrayIt!.exe (Igor Nys)
BootExecute: autocheck autochk /r \??\J:autocheck autochk *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn...st/srchasst.htm
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKCU - DefaultScope {A32CBC16-0B81-4A77-B7F8-7FBCECA4BB68} URL = http://www.google.pt...1I7GGLJ_enPT259
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {A32CBC16-0B81-4A77-B7F8-7FBCECA4BB68} URL = http://www.google.pt...1I7GGLJ_enPT259
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU -&Endereço - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU -&Hiperligações - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://mehamn.axisca...activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: ipp - No CLSID Value -
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.dll (Microsoft Corporation)
ShellExecuteHooks: Rotina de controlo exec de URL - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll [8424960 2006-03-02] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programas\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\..\Interfaces\{06D9C5E2-E0FB-422E-962E-D68E3DA1A208}: [NameServer]10.0.0.138

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wba6db1d.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programas\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Programas\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Programas\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programas\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programas\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 - C:\Programas\Veetle\VLCBroadcast\npvbp.dll No File
FF SearchPlugin: C:\Programas\mozilla firefox\searchplugins\fcmdSrch.xml
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wba6db1d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wba6db1d.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wba6db1d.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wba6db1d.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wba6db1d.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Default - C:\Programas\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [[email protected]] C:\Programas\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Programas\Java\jre6\lib\deploy\jqs\ff

Chrome:
=======
CHR HomePage: about:home
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Programas\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Programas\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Programas\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Programas\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Programas\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Programas\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Programas\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Programas\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Programas\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Programas\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Programas\Google\Update\1.3.21.129\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Extension: (Google Docs) - C:\DOCUME~1\User\DEFINI~1\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\DOCUME~1\User\DEFINI~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOCUME~1\User\DEFINI~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\User\DEFINI~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Wes Craven) - C:\DOCUME~1\User\DEFINI~1\Application Data\Google\Chrome\User Data\Default\Extensions\nahooofggegjbnodalhoibemeabkapop\3_0
CHR Extension: (Gmail) - C:\DOCUME~1\User\DEFINI~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR StartMenuInternet: Google Chrome - C:\Programas\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Programas\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-08-13] (Adobe Systems)
S3 eBVServ; C:\Programas\TOSHIBA\TOSHIBA e-STUDIO Client\TOSHIBA e-BRIDGE Viewer\eBVServ.exe [69632 2006-05-03] ()
S2 gupdate; C:\Programas\Google\Update\GoogleUpdate.exe [135664 2010-02-01] (Google Inc.)
S3 gupdatem; C:\Programas\Google\Update\GoogleUpdate.exe [135664 2010-02-01] (Google Inc.)
S3 LightScribeService; C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe [79136 2007-07-25] (Hewlett-Packard Company)
R2 MDM; C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Programas\Mozilla Maintenance Service\maintenanceservice.exe [117144 2013-07-03] (Mozilla Foundation)
R2 MsMpSvc; C:\Programas\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R2 NMSAccess; C:\Programas\CDBurnerXP\NMSAccessU.exe [71096 2012-06-03] ()
S3 odserv; C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S3 ose; C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S3 ServiceLayer; C:\Programas\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.)
S3 WMPNetworkSvc; C:\Programas\Windows Media Player\WMPNetwk.exe [915968 2007-01-05] (Microsoft Corporation)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S4 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [x]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S3 JavaQuickStarterService; "C:\Programas\Java\jre6\bin\jqs.exe" -service -config "C:\Programas\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
S3 NMIndexingService; "C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 cmuda; C:\Windows\System32\drivers\cmuda.sys [1368000 2005-12-15] (C-Media Inc)
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-05-18] ()
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51120 2004-12-16] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-12-16] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-12-16] (HP)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-08-07] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R1 SASDIFSV; C:\Programas\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Programas\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2006-03-02] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2010-04-29] (Duplex Secure Ltd.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
R2 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2012-06-03] ()
R1 vcdrom; C:\WINDOWS\system32\drivers\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation)
S3 viagfx; C:\Windows\System32\DRIVERS\vtmini.sys [172416 2006-05-23] (Copyright © VIA/S3 Graphics Co, Ltd.)
R0 viamraid; C:\Windows\System32\DRIVERS\viamraid.sys [73600 2008-01-20] (VIA Technologies inc,.ltd)
S3 WinRing0_1_2_0; C:\Programas\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org)
S3 cpuz134; \??\C:\Programas\CPUID\PC Wizard 2010\pcwiz_x32.sys [x]
S4 InCDFs; system32\drivers\InCDFs.sys [x]
S1 InCDPass; system32\drivers\InCDPass.sys [x]
S1 InCDRm; system32\drivers\InCDRm.sys [x]
S4 IntelIde; No ImagePath
S3 mcdbus; system32\DRIVERS\mcdbus.sys [x]
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [x]
U2 V2iMount;
S0 viaagp1; system32\DRIVERS\viaagp1.sys [x]
U1 WS2IFSL;
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-08 14:53 - 2013-08-08 14:53 - 00000000 ____D C:\FRST
2013-08-07 18:36 - 2013-08-08 10:36 - 00000496 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 56769479-ab02-4eb7-aea7-26824c90f949.job
2013-08-07 18:36 - 2013-08-08 02:00 - 00000496 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 3a1b7b8a-5833-4dad-bb47-189f1f0efbec.job
2013-08-07 18:36 - 2013-08-07 18:36 - 00000000 ____D C:\Programas\SUPERAntiSpyware
2013-08-07 18:36 - 2013-08-07 18:36 - 00000000 ____D C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2013-08-07 18:22 - 2013-08-07 18:23 - 00000000 ____D C:\Programas\Malwarebytes' Anti-Malware
2013-08-07 18:22 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-08-07 17:29 - 2013-08-07 17:30 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho\pyload
2013-08-07 17:29 - 2013-08-07 17:26 - 17366025 ____R C:\Documents and Settings\User\Ambiente de trabalho\pyload-v0.4.9-win.zip
2013-08-07 16:47 - 2013-08-07 16:47 - 00000000 ____D C:\Programas\DivX H.264 decoder
2013-08-07 16:39 - 2013-08-07 16:39 - 00000000 ____D C:\Programas\ffdshow
2013-08-07 16:36 - 2013-08-07 16:36 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho\gspot
2013-08-07 15:51 - 2013-08-07 15:51 - 00000218 _____ C:\Documents and Settings\User\.recently-used.xbel
2013-08-07 15:46 - 2013-08-07 15:52 - 00000000 ____D C:\Documents and Settings\User\.tucan
2013-08-07 15:45 - 2013-08-07 16:17 - 00000000 ____D C:\Tucan
2013-08-07 11:35 - 2013-08-07 17:46 - 00000000 ____D C:\Programas\Mozilla Thunderbird
2013-08-02 16:03 - 2013-08-02 16:03 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho\Codec
2013-08-01 15:54 - 2013-08-02 12:26 - 00033618 _____ C:\Documents and Settings\User\Ambiente de trabalho\P3 2013 AA.zip
2013-08-01 15:33 - 2013-08-02 12:25 - 00159232 _____ C:\Documents and Settings\User\Ambiente de trabalho\P3 2013 AA.xls
2013-07-31 17:24 - 2013-07-31 17:24 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho\Mrcds
2013-07-31 12:29 - 2006-01-09 15:01 - 00086016 _____ (Giganology Inc.) C:\WINDOWS\system32\gigagetbho_v10.dll
2013-07-31 12:28 - 2013-07-31 12:28 - 00000000 ____D C:\Programas\Giganology
2013-07-24 18:45 - 2013-07-24 18:46 - 00000000 ____D C:\Documents and Settings\User\2plan_workspace
2013-07-09 16:38 - 2013-07-09 16:38 - 00000000 ____D C:\Documents and Settings\User\Application Data\DesktopReminder
2013-07-09 11:53 - 2013-08-07 16:34 - 00000000 ____D C:\Documents and Settings\User\Os meus documentos\DesktopReminder
2013-07-09 11:52 - 2013-08-08 00:00 - 00000000 ____D C:\Programas\Desktop-Reminder 2
2013-07-09 11:52 - 2013-07-09 11:52 - 00000000 __HDC C:\Documents and Settings\All Users\Application Data\{D3B667B0-55AE-40A2-BA13-F0CE5CD1242F}

==================== One Month Modified Files and Folders =======

2013-08-08 14:54 - 2011-08-12 17:24 - 00000000 ____D C:\Documents and Settings\User\Application Data\uTorrent
2013-08-08 14:53 - 2013-08-08 14:53 - 00000000 ____D C:\FRST
2013-08-08 14:51 - 2010-02-01 14:19 - 00000992 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-08 14:24 - 2012-05-30 11:32 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-08-08 12:41 - 2008-01-20 12:30 - 00447361 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-08 12:32 - 2012-05-30 15:50 - 00000245 _____ C:\WINDOWS\civ.ini
2013-08-08 11:51 - 2010-02-01 14:19 - 00000988 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-08 10:36 - 2013-08-07 18:36 - 00000496 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 56769479-ab02-4eb7-aea7-26824c90f949.job
2013-08-08 05:51 - 2012-01-19 18:02 - 00032344 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-08 02:00 - 2013-08-07 18:36 - 00000496 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 3a1b7b8a-5833-4dad-bb47-189f1f0efbec.job
2013-08-08 00:00 - 2013-07-09 11:52 - 00000000 ____D C:\Programas\Desktop-Reminder 2
2013-08-07 19:01 - 2008-01-20 12:38 - 00000000 ____D C:\Documents and Settings\User
2013-08-07 18:36 - 2013-08-07 18:36 - 00000000 ____D C:\Programas\SUPERAntiSpyware
2013-08-07 18:36 - 2013-08-07 18:36 - 00000000 ____D C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2013-08-07 18:36 - 2008-01-20 12:16 - 00000000 ___RD C:\Programas
2013-08-07 18:36 - 2008-01-20 12:15 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Iniciar
2013-08-07 18:36 - 2008-01-20 12:15 - 00000000 ____D C:\Documents and Settings\All Users\Ambiente de trabalho
2013-08-07 18:34 - 2013-07-02 12:20 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-08-07 18:23 - 2013-08-07 18:22 - 00000000 ____D C:\Programas\Malwarebytes' Anti-Malware
2013-08-07 17:46 - 2013-08-07 11:35 - 00000000 ____D C:\Programas\Mozilla Thunderbird
2013-08-07 17:46 - 2012-05-03 11:22 - 00000000 ____D C:\Programas\Mozilla Maintenance Service
2013-08-07 17:30 - 2013-08-07 17:29 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho\pyload
2013-08-07 17:29 - 2008-01-20 12:38 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho
2013-08-07 17:26 - 2013-08-07 17:29 - 17366025 ____R C:\Documents and Settings\User\Ambiente de trabalho\pyload-v0.4.9-win.zip
2013-08-07 16:47 - 2013-08-07 16:47 - 00000000 ____D C:\Programas\DivX H.264 decoder
2013-08-07 16:47 - 2009-11-19 13:16 - 00000000 ____D C:\Documents and Settings\User\Application Data\vlc
2013-08-07 16:47 - 2008-01-20 21:56 - 00000116 _____ C:\WINDOWS\NeroDigital.ini
2013-08-07 16:44 - 2013-03-06 07:46 - 00000376 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-08-07 16:39 - 2013-08-07 16:39 - 00000000 ____D C:\Programas\ffdshow
2013-08-07 16:36 - 2013-08-07 16:36 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho\gspot
2013-08-07 16:34 - 2013-07-09 11:53 - 00000000 ____D C:\Documents and Settings\User\Os meus documentos\DesktopReminder
2013-08-07 16:34 - 2012-09-06 14:47 - 00000270 _____ C:\WINDOWS\Tasks\Game_Booster_AutoUpdate.job
2013-08-07 16:34 - 2012-01-19 18:03 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-08-07 16:34 - 2012-01-19 18:03 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-08-07 16:34 - 2008-01-20 12:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-07 16:32 - 2008-01-20 12:38 - 00000188 ___SH C:\Documents and Settings\User\ntuser.ini
2013-08-07 16:19 - 2008-01-20 12:38 - 00000000 ___RD C:\Documents and Settings\User\Menu Iniciar\Programas\Arranque
2013-08-07 16:19 - 2008-01-20 12:38 - 00000000 ___RD C:\Documents and Settings\User\Menu Iniciar\Programas
2013-08-07 16:17 - 2013-08-07 15:45 - 00000000 ____D C:\Tucan
2013-08-07 16:17 - 2010-02-15 16:11 - 00000000 ____D C:\Programas\Total Video Converter
2013-08-07 16:16 - 2008-01-22 13:04 - 00000000 ____D C:\Programas\K-Lite Codec Pack
2013-08-07 16:14 - 2012-10-09 12:12 - 00000000 ____D C:\Documents and Settings\User\Application Data\Dropbox
2013-08-07 16:13 - 2008-01-20 12:43 - 00000000 ___HD C:\Programas\InstallShield Installation Information
2013-08-07 15:52 - 2013-08-07 15:46 - 00000000 ____D C:\Documents and Settings\User\.tucan
2013-08-07 15:51 - 2013-08-07 15:51 - 00000218 _____ C:\Documents and Settings\User\.recently-used.xbel
2013-08-07 15:49 - 2009-01-09 13:42 - 00000000 ____D C:\Documents and Settings\User\Application Data\gtk-2.0
2013-08-07 12:07 - 2013-05-31 12:06 - 00057450 _____ C:\WINDOWS\setupapi.log
2013-08-07 10:39 - 2006-03-02 13:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-02 17:21 - 2008-01-20 18:12 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho\Atalhos
2013-08-02 16:03 - 2013-08-02 16:03 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho\Codec
2013-08-02 12:26 - 2013-08-01 15:54 - 00033618 _____ C:\Documents and Settings\User\Ambiente de trabalho\P3 2013 AA.zip
2013-08-02 12:25 - 2013-08-01 15:33 - 00159232 _____ C:\Documents and Settings\User\Ambiente de trabalho\P3 2013 AA.xls
2013-08-01 17:45 - 2011-04-13 13:08 - 00000000 ____D C:\Programas\Jubler
2013-08-01 17:45 - 2011-04-13 13:08 - 00000000 ____D C:\Documents and Settings\User\Application Data\Jubler
2013-07-31 17:24 - 2013-07-31 17:24 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho\MrcdsNvgtnCmnd_MSNM
2013-07-31 15:58 - 2009-01-26 13:39 - 00000000 ____D C:\BP
2013-07-31 12:28 - 2013-07-31 12:28 - 00000000 ____D C:\Programas\Giganology
2013-07-29 18:52 - 2008-01-20 18:14 - 00000000 ___RD C:\Documents and Settings\User\Os meus documentos\User
2013-07-24 18:46 - 2013-07-24 18:45 - 00000000 ____D C:\Documents and Settings\User\2plan_workspace
2013-07-18 15:05 - 2012-05-30 16:08 - 00000000 ____D C:\WINDOWS\A3W_DATA
2013-07-17 11:48 - 2012-10-09 12:26 - 00000000 ___RD C:\Documents and Settings\User\Os meus documentos\Dropbox
2013-07-09 16:38 - 2013-07-09 16:38 - 00000000 ____D C:\Documents and Settings\User\Application Data\DesktopReminder
2013-07-09 11:53 - 2008-01-20 12:38 - 00000000 ___RD C:\Documents and Settings\User\Os meus documentos
2013-07-09 11:52 - 2013-07-09 11:52 - 00000000 __HDC C:\Documents and Settings\All Users\Application Data\{D3B667B0-55AE-40A2-BA13-F0CE5CD1242F}

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2006-03-02 13:00] - [2006-03-02 13:00] - 1034240 ____A (Microsoft Corporation) 7a28f6b962dcdbfd94280338b4a8e6fb

C:\Windows\System32\winlogon.exe
[2006-03-02 13:00] - [2006-03-02 13:00] - 0505344 ____A (Microsoft Corporation) 42d8303e00cd0545182bbd202900194b

C:\Windows\System32\svchost.exe
[2006-03-02 13:00] - [2006-03-02 13:00] - 0014336 ____A (Microsoft Corporation) b62fc77d3cfc8b1c74763742d3214d3e

C:\Windows\System32\services.exe
[2006-03-02 13:00] - [2006-03-02 13:00] - 0108544 ____A (Microsoft Corporation) 8186da2b57774e6cd516a014827272ef

C:\Windows\System32\User32.dll
[2006-03-02 13:00] - [2006-03-02 13:00] - 0578048 ____A (Microsoft Corporation) ac6c73998a38ede5d2fa2aca19ffdc7d

C:\Windows\System32\userinit.exe
[2006-03-02 13:00] - [2006-03-02 13:00] - 0025088 ____A (Microsoft Corporation) 68e7c26452f13e43b101da596ff9dd31

C:\Windows\System32\Drivers\volsnap.sys
[2006-03-02 13:00] - [2006-03-02 13:00] - 0052992 ____A (Microsoft Corporation) 0c75717937b930a3be7b81bee1ed78a0


==================== End Of Log ============================

Attached Files


  • 0

#4
trodat
Posted 08 August 2013 - 09:21 AM

trodat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
This is the FRST log for OS2. I did install FRST again in OS2, but it did not produce a second Addition.txt file.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-08-2013
Ran by User (administrator) on 08-08-2013 15:52:21
Running from C:\Documents and Settings\User\Os meus documentos\Downloads
Microsoft Windows XP Home Edition Service Pack 2 (X86) OS Language: Portuguese Standard
Internet Explorer Version 6
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Programas\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Programas\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\Programas\CDBurnerXP\NMSAccessU.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Malwarebytes Corporation) C:\Programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Programas\Microsoft Security Client\msseces.exe
(Polenter - Software Solutions) C:\Programas\Desktop-Reminder 2\DesktopReminder2.exe
(SUPERAntiSpyware.com) C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Stoic Joker's Network) E:\Comet\Vários\T-Clock 2010 (build 95)\T-Clock 2010 (build X - Release to DC)\Win32\Clock.exe
(Igor Nys) E:\Comet\Comet\Vários\trayit_4_6_5_5\TrayIt!.exe
(Malwarebytes Corporation) C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Programas\Mozilla Firefox\firefox.exe
(Farbar) C:\Documents and Settings\User\Os meus documentos\Downloads\FRST(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Cmaudio] - RunDll32 cmicnfg.cpl,CMICtrlWnd [x]
HKLM\...\Run: [MSC] - C:\Programas\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Programas\QuickTime\qttask.exe [417792 2009-12-16] (Apple Inc.)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] - C:\Programas\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [DesktopReminder2ByPolenter] - C:\Programas\Desktop-Reminder 2\DesktopReminder2.exe [2743344 2013-01-06] (Polenter - Software Solutions)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe [4760816 2013-05-15] (SUPERAntiSpyware.com)
MountPoints2: {10d90476-dcad-11dd-a490-000b6ade1288} - G:\AutoRun.exe
MountPoints2: {20c63fb0-e132-11dc-a3f0-000b6ade1288} - H:\LaunchU3.exe
MountPoints2: {5d9e18a8-4e55-11e0-93ed-adefcbcf1a35} - H:\AutoRun.exe
MountPoints2: {af55f23e-ec32-11dc-a3f6-000b6ade1288} - G:\AutoRun.exe
HKU\Administrador\...\RunOnce: [NeroHomeFirstStart] - C:\Programas\Ficheiros comuns\Ahead\Lib\NMFirstStart.exe [ 2005-09-08] (Nero AG)
HKU\Default User\...\RunOnce: [] - [x]
HKU\Default User\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [ 2006-03-02] (Microsoft Corporation)
Startup: C:\Documents and Settings\User\Menu Iniciar\Programas\Arranque\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Programas\Ficheiros comuns\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Documents and Settings\User\Menu Iniciar\Programas\Arranque\Stoic Joker's T-Clock 2010.lnk
ShortcutTarget: Stoic Joker's T-Clock 2010.lnk -> E:\Comet\Vários\T-Clock 2010 (build 95)\T-Clock 2010 (build X - Release to DC)\Win32\Clock.exe (Stoic Joker's Network)
Startup: C:\Documents and Settings\User\Menu Iniciar\Programas\Arranque\TrayIt!.lnk
ShortcutTarget: TrayIt!.lnk -> E:\Comet\Comet\Vários\trayit_4_6_5_5\TrayIt!.exe (Igor Nys)
BootExecute: autocheck autochk /r \??\J:autocheck autochk *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn...st/srchasst.htm
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.c...ferrer:source?}
SearchScopes: HKCU - DefaultScope {A32CBC16-0B81-4A77-B7F8-7FBCECA4BB68} URL = http://www.google.pt...1I7GGLJ_enPT259
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {A32CBC16-0B81-4A77-B7F8-7FBCECA4BB68} URL = http://www.google.pt...1I7GGLJ_enPT259
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU -&Endereço - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU -&Hiperligações - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://mehamn.axisca...activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: ipp - No CLSID Value -
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\msgrapp.dll (Microsoft Corporation)
ShellExecuteHooks: Rotina de controlo exec de URL - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll [8424960 2006-03-02] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programas\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\..\Interfaces\{06D9C5E2-E0FB-422E-962E-D68E3DA1A208}: [NameServer]10.0.0.138

FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wba6db1d.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Programas\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Programas\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Programas\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Programas\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Programas\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 - C:\Programas\Veetle\VLCBroadcast\npvbp.dll No File
FF SearchPlugin: C:\Programas\mozilla firefox\searchplugins\fcmdSrch.xml
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wba6db1d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wba6db1d.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wba6db1d.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wba6db1d.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: No Name - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wba6db1d.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Default - C:\Programas\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [[email protected]] C:\Programas\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Programas\Java\jre6\lib\deploy\jqs\ff

Chrome:
=======
CHR HomePage: about:home
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Programas\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Programas\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Programas\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Programas\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Programas\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U30) - C:\Programas\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Programas\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Programas\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Programas\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Programas\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Programas\Google\Update\1.3.21.129\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Extension: (Google Docs) - C:\DOCUME~1\User\DEFINI~1\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\DOCUME~1\User\DEFINI~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOCUME~1\User\DEFINI~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\User\DEFINI~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Wes Craven) - C:\DOCUME~1\User\DEFINI~1\Application Data\Google\Chrome\User Data\Default\Extensions\nahooofggegjbnodalhoibemeabkapop\3_0
CHR Extension: (Gmail) - C:\DOCUME~1\User\DEFINI~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR StartMenuInternet: Google Chrome - C:\Programas\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Programas\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-08-13] (Adobe Systems)
S3 eBVServ; C:\Programas\TOSHIBA\TOSHIBA e-STUDIO Client\TOSHIBA e-BRIDGE Viewer\eBVServ.exe [69632 2006-05-03] ()
S2 gupdate; C:\Programas\Google\Update\GoogleUpdate.exe [135664 2010-02-01] (Google Inc.)
S3 gupdatem; C:\Programas\Google\Update\GoogleUpdate.exe [135664 2010-02-01] (Google Inc.)
S3 LightScribeService; C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe [79136 2007-07-25] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Programas\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MDM; C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Programas\Mozilla Maintenance Service\maintenanceservice.exe [117144 2013-07-03] (Mozilla Foundation)
R2 MsMpSvc; C:\Programas\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R2 NMSAccess; C:\Programas\CDBurnerXP\NMSAccessU.exe [71096 2012-06-03] ()
S3 odserv; C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation)
S3 ose; C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S3 ServiceLayer; C:\Programas\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.)
S3 WMPNetworkSvc; C:\Programas\Windows Media Player\WMPNetwk.exe [915968 2007-01-05] (Microsoft Corporation)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S4 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [x]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S3 JavaQuickStarterService; "C:\Programas\Java\jre6\bin\jqs.exe" -service -config "C:\Programas\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
S3 NMIndexingService; "C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 cmuda; C:\Windows\System32\drivers\cmuda.sys [1368000 2005-12-15] (C-Media Inc)
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
S3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-05-18] ()
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51120 2004-12-16] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-12-16] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-12-16] (HP)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-08-08] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R1 SASDIFSV; C:\Programas\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Programas\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2006-03-02] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2010-04-29] (Duplex Secure Ltd.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
R2 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2012-06-03] ()
R1 vcdrom; C:\WINDOWS\system32\drivers\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation)
S3 viagfx; C:\Windows\System32\DRIVERS\vtmini.sys [172416 2006-05-23] (Copyright © VIA/S3 Graphics Co, Ltd.)
R0 viamraid; C:\Windows\System32\DRIVERS\viamraid.sys [73600 2008-01-20] (VIA Technologies inc,.ltd)
S3 WinRing0_1_2_0; C:\Programas\IObit\Game Booster 3\Driver\WinRing0.sys [14416 2010-11-01] (OpenLibSys.org)
S3 cpuz134; \??\C:\Programas\CPUID\PC Wizard 2010\pcwiz_x32.sys [x]
S4 InCDFs; system32\drivers\InCDFs.sys [x]
S1 InCDPass; system32\drivers\InCDPass.sys [x]
S1 InCDRm; system32\drivers\InCDRm.sys [x]
S4 IntelIde; No ImagePath
S3 mcdbus; system32\DRIVERS\mcdbus.sys [x]
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [x]
U2 V2iMount;
S0 viaagp1; system32\DRIVERS\viaagp1.sys [x]
U1 WS2IFSL;
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-08 14:53 - 2013-08-08 14:53 - 00000000 ____D C:\FRST
2013-08-07 18:36 - 2013-08-08 10:36 - 00000496 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 56769479-ab02-4eb7-aea7-26824c90f949.job
2013-08-07 18:36 - 2013-08-08 02:00 - 00000496 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 3a1b7b8a-5833-4dad-bb47-189f1f0efbec.job
2013-08-07 18:36 - 2013-08-07 18:36 - 00000000 ____D C:\Programas\SUPERAntiSpyware
2013-08-07 18:36 - 2013-08-07 18:36 - 00000000 ____D C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2013-08-07 18:22 - 2013-08-07 18:23 - 00000000 ____D C:\Programas\Malwarebytes' Anti-Malware
2013-08-07 18:22 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-08-07 17:29 - 2013-08-07 17:30 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho\pyload
2013-08-07 17:29 - 2013-08-07 17:26 - 17366025 ____R C:\Documents and Settings\User\Ambiente de trabalho\pyload-v0.4.9-win.zip
2013-08-07 16:47 - 2013-08-07 16:47 - 00000000 ____D C:\Programas\DivX H.264 decoder
2013-08-07 16:39 - 2013-08-07 16:39 - 00000000 ____D C:\Programas\ffdshow
2013-08-07 16:36 - 2013-08-07 16:36 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho\gspot
2013-08-07 15:51 - 2013-08-07 15:51 - 00000218 _____ C:\Documents and Settings\User\.recently-used.xbel
2013-08-07 15:46 - 2013-08-07 15:52 - 00000000 ____D C:\Documents and Settings\User\.tucan
2013-08-07 15:45 - 2013-08-07 16:17 - 00000000 ____D C:\Tucan
2013-08-07 11:35 - 2013-08-07 17:46 - 00000000 ____D C:\Programas\Mozilla Thunderbird
2013-08-02 16:03 - 2013-08-02 16:03 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho\Codec
2013-08-01 15:54 - 2013-08-02 12:26 - 00033618 _____ C:\Documents and Settings\User\Ambiente de trabalho\P3 2013 AA.zip
2013-08-01 15:33 - 2013-08-02 12:25 - 00159232 _____ C:\Documents and Settings\User\Ambiente de trabalho\P3 2013 AA.xls
2013-07-31 17:24 - 2013-07-31 17:24 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho\Mrcds
2013-07-31 12:29 - 2006-01-09 15:01 - 00086016 _____ (Giganology Inc.) C:\WINDOWS\system32\gigagetbho_v10.dll
2013-07-31 12:28 - 2013-07-31 12:28 - 00000000 ____D C:\Programas\Giganology
2013-07-24 18:45 - 2013-07-24 18:46 - 00000000 ____D C:\Documents and Settings\User\2plan_workspace
2013-07-09 16:38 - 2013-07-09 16:38 - 00000000 ____D C:\Documents and Settings\User\Application Data\DesktopReminder
2013-07-09 11:53 - 2013-08-08 15:48 - 00000000 ____D C:\Documents and Settings\User\Os meus documentos\DesktopReminder
2013-07-09 11:52 - 2013-08-08 15:47 - 00000000 ____D C:\Programas\Desktop-Reminder 2
2013-07-09 11:52 - 2013-07-09 11:52 - 00000000 __HDC C:\Documents and Settings\All Users\Application Data\{D3B667B0-55AE-40A2-BA13-F0CE5CD1242F}

==================== One Month Modified Files and Folders =======

2013-08-08 15:53 - 2008-01-20 12:30 - 00450988 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-08 15:51 - 2010-02-01 14:19 - 00000992 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-08 15:48 - 2013-07-09 11:53 - 00000000 ____D C:\Documents and Settings\User\Os meus documentos\DesktopReminder
2013-08-08 15:47 - 2013-07-09 11:52 - 00000000 ____D C:\Programas\Desktop-Reminder 2
2013-08-08 15:47 - 2013-07-02 12:20 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-08-08 15:47 - 2012-09-06 14:47 - 00000270 _____ C:\WINDOWS\Tasks\Game_Booster_AutoUpdate.job
2013-08-08 15:47 - 2012-01-19 18:03 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-08-08 15:47 - 2012-01-19 18:03 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-08-08 15:47 - 2010-02-01 14:19 - 00000988 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-08 15:47 - 2008-01-20 12:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-08 15:46 - 2012-05-03 11:22 - 00000000 ____D C:\Programas\Mozilla Maintenance Service
2013-08-08 15:45 - 2012-01-19 18:02 - 00032344 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-08 15:45 - 2011-08-12 17:24 - 00000000 ____D C:\Documents and Settings\User\Application Data\uTorrent
2013-08-08 15:45 - 2008-01-20 12:38 - 00000188 ___SH C:\Documents and Settings\User\ntuser.ini
2013-08-08 15:44 - 2008-01-20 12:38 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho
2013-08-08 14:53 - 2013-08-08 14:53 - 00000000 ____D C:\FRST
2013-08-08 14:24 - 2012-05-30 11:32 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-08-08 12:32 - 2012-05-30 16:08 - 00000000 ____D C:\WINDOWS\A3W_DATA
2013-08-08 12:32 - 2012-05-30 15:50 - 00000245 _____ C:\WINDOWS\civ.ini
2013-08-08 10:36 - 2013-08-07 18:36 - 00000496 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 56769479-ab02-4eb7-aea7-26824c90f949.job
2013-08-08 02:00 - 2013-08-07 18:36 - 00000496 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 3a1b7b8a-5833-4dad-bb47-189f1f0efbec.job
2013-08-07 19:01 - 2008-01-20 12:38 - 00000000 ____D C:\Documents and Settings\User
2013-08-07 18:36 - 2013-08-07 18:36 - 00000000 ____D C:\Programas\SUPERAntiSpyware
2013-08-07 18:36 - 2013-08-07 18:36 - 00000000 ____D C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
2013-08-07 18:36 - 2008-01-20 12:16 - 00000000 ___RD C:\Programas
2013-08-07 18:36 - 2008-01-20 12:15 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Iniciar
2013-08-07 18:36 - 2008-01-20 12:15 - 00000000 ____D C:\Documents and Settings\All Users\Ambiente de trabalho
2013-08-07 18:23 - 2013-08-07 18:22 - 00000000 ____D C:\Programas\Malwarebytes' Anti-Malware
2013-08-07 17:46 - 2013-08-07 11:35 - 00000000 ____D C:\Programas\Mozilla Thunderbird
2013-08-07 17:30 - 2013-08-07 17:29 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho\pyload
2013-08-07 17:26 - 2013-08-07 17:29 - 17366025 ____R C:\Documents and Settings\User\Ambiente de trabalho\pyload-v0.4.9-win.zip
2013-08-07 16:47 - 2013-08-07 16:47 - 00000000 ____D C:\Programas\DivX H.264 decoder
2013-08-07 16:47 - 2009-11-19 13:16 - 00000000 ____D C:\Documents and Settings\User\Application Data\vlc
2013-08-07 16:47 - 2008-01-20 21:56 - 00000116 _____ C:\WINDOWS\NeroDigital.ini
2013-08-07 16:44 - 2013-03-06 07:46 - 00000376 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-08-07 16:39 - 2013-08-07 16:39 - 00000000 ____D C:\Programas\ffdshow
2013-08-07 16:36 - 2013-08-07 16:36 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho\gspot
2013-08-07 16:19 - 2008-01-20 12:38 - 00000000 ___RD C:\Documents and Settings\User\Menu Iniciar\Programas\Arranque
2013-08-07 16:19 - 2008-01-20 12:38 - 00000000 ___RD C:\Documents and Settings\User\Menu Iniciar\Programas
2013-08-07 16:17 - 2013-08-07 15:45 - 00000000 ____D C:\Tucan
2013-08-07 16:17 - 2010-02-15 16:11 - 00000000 ____D C:\Programas\Total Video Converter
2013-08-07 16:16 - 2008-01-22 13:04 - 00000000 ____D C:\Programas\K-Lite Codec Pack
2013-08-07 16:14 - 2012-10-09 12:12 - 00000000 ____D C:\Documents and Settings\User\Application Data\Dropbox
2013-08-07 16:13 - 2008-01-20 12:43 - 00000000 ___HD C:\Programas\InstallShield Installation Information
2013-08-07 15:52 - 2013-08-07 15:46 - 00000000 ____D C:\Documents and Settings\User\.tucan
2013-08-07 15:51 - 2013-08-07 15:51 - 00000218 _____ C:\Documents and Settings\User\.recently-used.xbel
2013-08-07 15:49 - 2009-01-09 13:42 - 00000000 ____D C:\Documents and Settings\User\Application Data\gtk-2.0
2013-08-07 12:07 - 2013-05-31 12:06 - 00057450 _____ C:\WINDOWS\setupapi.log
2013-08-07 10:39 - 2006-03-02 13:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-02 17:21 - 2008-01-20 18:12 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho\Atalhos
2013-08-02 16:03 - 2013-08-02 16:03 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho\Codec
2013-08-02 12:26 - 2013-08-01 15:54 - 00033618 _____ C:\Documents and Settings\User\Ambiente de trabalho\P3 2013 AA.zip
2013-08-02 12:25 - 2013-08-01 15:33 - 00159232 _____ C:\Documents and Settings\User\Ambiente de trabalho\P3 2013 AA.xls
2013-08-01 17:45 - 2011-04-13 13:08 - 00000000 ____D C:\Programas\Jubler
2013-08-01 17:45 - 2011-04-13 13:08 - 00000000 ____D C:\Documents and Settings\User\Application Data\Jubler
2013-07-31 17:24 - 2013-07-31 17:24 - 00000000 ____D C:\Documents and Settings\User\Ambiente de trabalho\Mrcds
2013-07-31 15:58 - 2009-01-26 13:39 - 00000000 ____D C:\BP
2013-07-31 12:28 - 2013-07-31 12:28 - 00000000 ____D C:\Programas\Giganology
2013-07-29 18:52 - 2008-01-20 18:14 - 00000000 ___RD C:\Documents and Settings\User\Os meus documentos\User
2013-07-24 18:46 - 2013-07-24 18:45 - 00000000 ____D C:\Documents and Settings\User\2plan_workspace
2013-07-17 11:48 - 2012-10-09 12:26 - 00000000 ___RD C:\Documents and Settings\User\Os meus documentos\Dropbox
2013-07-09 16:38 - 2013-07-09 16:38 - 00000000 ____D C:\Documents and Settings\User\Application Data\DesktopReminder
2013-07-09 11:53 - 2008-01-20 12:38 - 00000000 ___RD C:\Documents and Settings\User\Os meus documentos
2013-07-09 11:52 - 2013-07-09 11:52 - 00000000 __HDC C:\Documents and Settings\All Users\Application Data\{D3B667B0-55AE-40A2-BA13-F0CE5CD1242F}

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2006-03-02 13:00] - [2006-03-02 13:00] - 1034240 ____A (Microsoft Corporation) 7a28f6b962dcdbfd94280338b4a8e6fb

C:\Windows\System32\winlogon.exe
[2006-03-02 13:00] - [2006-03-02 13:00] - 0505344 ____A (Microsoft Corporation) 42d8303e00cd0545182bbd202900194b

C:\Windows\System32\svchost.exe
[2006-03-02 13:00] - [2006-03-02 13:00] - 0014336 ____A (Microsoft Corporation) b62fc77d3cfc8b1c74763742d3214d3e

C:\Windows\System32\services.exe
[2006-03-02 13:00] - [2006-03-02 13:00] - 0108544 ____A (Microsoft Corporation) 8186da2b57774e6cd516a014827272ef

C:\Windows\System32\User32.dll
[2006-03-02 13:00] - [2006-03-02 13:00] - 0578048 ____A (Microsoft Corporation) ac6c73998a38ede5d2fa2aca19ffdc7d

C:\Windows\System32\userinit.exe
[2006-03-02 13:00] - [2006-03-02 13:00] - 0025088 ____A (Microsoft Corporation) 68e7c26452f13e43b101da596ff9dd31

C:\Windows\System32\Drivers\volsnap.sys
[2006-03-02 13:00] - [2006-03-02 13:00] - 0052992 ____A (Microsoft Corporation) 0c75717937b930a3be7b81bee1ed78a0


==================== End Of Log ============================
  • 0

#5
Buddierdl
Posted 08 August 2013 - 09:29 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Ok, while I look at the logs, I have a question for you.

You are now dual-booting, correct? To change from one OS to the other, you must shut down and reboot? Is there any difference in behavior/symptoms between the two OS's? Do you want to go back to one OS?

Also, do you get an error when attempting to start MSE?
  • 0

#6
trodat
Posted 08 August 2013 - 09:49 AM

trodat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Yes, I need to reboot to change OS.

I notice no difference between them.

Yes, I want to go back to one OS.

MSE loads at startup and is disabled from the start. I just tried turning it on, it froze and ended up with a time out error. The code is 0x800705b4. However it was not always like this, I used to get another error message which I can't remember.
  • 0

#7
Buddierdl
Posted 08 August 2013 - 09:57 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
I am a little confused. You have two hard drives in your computer, C: and E:

You said you installed both OS's on one hard drive (that would be C:). However, the C: drive is only showing as having 1 partition. How did you get two OS's on one partition? Can you tell me what you did when you reinstalled the OS?

When you boot up and choose an OS, what does the selection screen say?
  • 0

#8
trodat
Posted 08 August 2013 - 10:11 AM

trodat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
E:\ is an external drive used just for storage (movies, pictures, music). It does not have any OS installed, if I turn it off nothing changes. However, because that's the drive I use to download stuff to, it's also the drive more prone to infection.

I have no idea how I got two OS's in one partition. I wasn't aware of that until now, nor was I aware such a thing would be uncommon.

I installed the second OS when trying to repair the original one. I inserted the Windows CD and kept choosing the repair options. This was not a clean process, I had to try multiple times. When I finally got the computer to boot, I had two OS's. I have no idea what I did differently for the computer to finally boot.

Edit: Will now shut down and reboot to answer your last question.

Edited by trodat, 08 August 2013 - 10:19 AM.

  • 0

#9
trodat
Posted 08 August 2013 - 10:19 AM

trodat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
It's just a black screen telling me to use the arrows to choose an OS and giving me a few seconds to do so.
  • 0

#10
Buddierdl
Posted 08 August 2013 - 10:28 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
This is really strange. Could you please do the following:

  • Click Start, click Control Panel, and then double-click System.
  • On the Advanced tab, under Startup and Recovery, click Settings.
  • Under System startup tab, click Edit and copy and paste the contents of the file that opens. Please be sure not to change anything in the file.


  • 0

Advertisements

#11
trodat
Posted 08 August 2013 - 10:32 AM

trodat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home" /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
  • 0

#12
Buddierdl
Posted 08 August 2013 - 10:49 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Okay, it seems that you don't actually have two installs, the computer just thinks it does. To fix that, reopen the boot.ini file in the same way as before and delete this line:

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect


Make sure that you only delete that line and do not change anything else. Then save the file and exit. That should take care of the dual OS's.


Now, let's move on and check your computer a little closer for malware. Nothing really jumps out at me in your log.


Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image


Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that
  • 0

#13
trodat
Posted 08 August 2013 - 11:51 AM

trodat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I deleted the line on the boot.ini file.

File Adwcleaner.txt is attached.

Here's the aswmbr log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-08 18:34:24
-----------------------------
18:34:24.500 OS Version: Windows 5.1.2600 Service Pack 2
18:34:24.500 Number of processors: 1 586 0x103
18:34:24.500 ComputerName: PC-7 UserName:
18:34:26.609 Initialize success
18:34:51.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:34:51.593 Disk 0 Vendor: HDS728080PLAT20 PF2OA21B Size: 78533MB BusType: 3
18:34:51.765 Disk 0 MBR read successfully
18:34:51.781 Disk 0 MBR scan
18:34:51.812 Disk 0 Windows XP default MBR code
18:34:51.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78520 MB offset 63
18:34:51.859 Disk 0 scanning sectors +160810650
18:34:52.062 Disk 0 scanning C:\WINDOWS\system32\drivers
18:35:01.843 Service scanning
18:35:25.390 Modules scanning
18:35:53.703 Disk 0 trace - called modules:
18:35:53.765 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
18:35:53.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b68030]
18:35:53.812 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\0000005f[0x89b6cf18]
18:35:53.875 5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89b4d940]
18:35:53.937 Scan finished successfully
18:36:13.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Ambiente de trabalho\MBR.dat"
18:36:13.734 The log file has been saved successfully to "C:\Documents and Settings\User\Ambiente de trabalho\aswMBR.txt"

Attached Files


  • 0

#14
Buddierdl
Posted 08 August 2013 - 12:05 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Okay. I think what happened was that when you reinstalled the OS, you overwrote the registry and that is why your programs are failing. Our best bet now would be to try a system restore. Please try restoring your computer to a date before you had to reinstall. You can find instructions here. Let me know how it goes and we will continue after that.
  • 0

#15
trodat
Posted 09 August 2013 - 04:44 AM

trodat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Do I risk loosing any docs if I do that? My whole life is in this PC...
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP